package com.appiancorp.security.auth.mobile;

import com.appiancorp.features.FeatureToggleClient;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.google.common.base.Strings;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;

/* loaded from: input_file:com/appiancorp/security/auth/mobile/AllowedMobileClientStrategy.class */
public class AllowedMobileClientStrategy implements SessionAuthenticationStrategy {
    public static final String MOBILE_APP_ID_HEADER_NAME = "X-Appian-Mobile-App-Id";
    private FeatureToggleClient featureToggleClient;
    private MobilePropertiesConfig mobileConfig = (MobilePropertiesConfig) ConfigurationFactory.getConfiguration(MobilePropertiesConfig.class);

    public AllowedMobileClientStrategy(FeatureToggleClient featureToggleClient) {
        this.featureToggleClient = featureToggleClient;
    }

    public void onAuthentication(Authentication authentication, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SessionAuthenticationException {
        List<String> allowedMobileClients;
        if (this.featureToggleClient.isFeatureEnabled(MobileAuthSpringConfig.RESTRICTED_SERVER_ACCESS_TOGGLE_ID)) {
            String header = httpServletRequest.getHeader(MOBILE_APP_ID_HEADER_NAME);
            if (!Strings.isNullOrEmpty(header) && (allowedMobileClients = this.mobileConfig.getAllowedMobileClients()) != null && !allowedMobileClients.contains(header)) {
                throw new BlockedMobileClientException("Mobile app with id '" + StringEscapeUtils.escapeJava(header) + "' is not allowed.");
            }
        }
    }
}
