package com.appiancorp.security.auth;

import com.appiancorp.apikey.exceptions.ApiKeyExistingSessionException;
import com.appiancorp.common.I18nUtils;
import com.appiancorp.common.LocaleUtils;
import com.appiancorp.common.webapi.WebApiErrorBuilder;
import com.appiancorp.common.webapi.WebApiErrorJsonFormatter;
import com.appiancorp.exceptions.ErrorCodeHolder;
import com.appiancorp.process.rdbms.ActivitySqlFactory;
import com.appiancorp.security.auth.mobile.InAppBrowserAuth401ResponseGenerator;
import com.appiancorp.security.auth.mobile.InAppBrowserClientRequestMatcher;
import com.appiancorp.suite.cfg.CustomBrandingConfiguration;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import com.appiancorp.suiteapi.common.spring.security.TemporaryCredentialsExpiredException;
import com.appiancorp.suiteapi.common.spring.security.TemporaryPasswordException;
import java.io.IOException;
import java.util.Locale;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;

/* loaded from: input_file:com/appiancorp/security/auth/HttpBasicAuthenticationEntryPoint.class */
public class HttpBasicAuthenticationEntryPoint implements AuthenticationEntryPoint {
    private static final Logger LOG = Logger.getLogger(HttpBasicAuthenticationEntryPoint.class);
    protected static final String HDR_WWW_AUTHENTICATE = "WWW-Authenticate";
    protected static final String BASIC_REALM_FORMAT = "Basic realm=\"%s\"";
    private final InAppBrowserClientRequestMatcher inAppBrowserClientRequestMatcher;
    private String realmName;

    public HttpBasicAuthenticationEntryPoint(CustomBrandingConfiguration customBrandingConfiguration, InAppBrowserClientRequestMatcher inAppBrowserClientRequestMatcher) {
        customBrandingConfiguration.getClass();
        this.realmName = (String) SpringSecurityContextHelper.runAsAdmin(customBrandingConfiguration::getSitename);
        this.inAppBrowserClientRequestMatcher = inAppBrowserClientRequestMatcher;
    }

    public HttpBasicAuthenticationEntryPoint(String str, InAppBrowserClientRequestMatcher inAppBrowserClientRequestMatcher) {
        this.realmName = str;
        this.inAppBrowserClientRequestMatcher = inAppBrowserClientRequestMatcher;
    }

    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
        WebApiErrorBuilder webApiErrorBuilder;
        String requestURI = httpServletRequest.getRequestURI();
        String queryString = httpServletRequest.getQueryString();
        UserAgent userAgent = new UserAgent(httpServletRequest.getHeader("user-agent"));
        if (queryString != null) {
            requestURI = requestURI + ActivitySqlFactory.AC_SUBSTITUTE_CONST + queryString;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Request not authenticated successfully. requestUri=" + requestURI, authenticationException);
        }
        Locale locale = getLocale(httpServletRequest);
        int i = 401;
        if (authenticationException instanceof ErrorCodeHolder) {
            i = 409;
            ErrorCodeHolder errorCodeHolder = (ErrorCodeHolder) authenticationException;
            webApiErrorBuilder = new WebApiErrorBuilder(errorCodeHolder.getErrorCode(), locale, errorCodeHolder.getErrorCodeArguments(locale));
        } else if (authenticationException instanceof LockedException) {
            webApiErrorBuilder = new WebApiErrorBuilder(ErrorCode.WEB_API_LOCKED_ACCOUNT_ERROR, locale, new Object[0]);
        } else if (authenticationException instanceof TemporaryCredentialsExpiredException) {
            webApiErrorBuilder = new WebApiErrorBuilder(ErrorCode.WEB_API_TEMPORARY_PASSWORD_EXPIRED_ERROR, locale, new Object[0]);
        } else if (authenticationException instanceof BadCredentialsException) {
            if (this.inAppBrowserClientRequestMatcher.matches(httpServletRequest)) {
                InAppBrowserAuth401ResponseGenerator.generateResponse(httpServletResponse);
                return;
            }
            webApiErrorBuilder = new WebApiErrorBuilder(ErrorCode.WEB_API_AUTHENTICATION_ERROR, locale, new Object[0]);
        } else if (authenticationException instanceof TemporaryPasswordException) {
            webApiErrorBuilder = new WebApiErrorBuilder(ErrorCode.WEB_API_TEMPORARY_PASSWORD_ERROR, locale, new Object[0]);
        } else if (authenticationException instanceof CredentialsExpiredException) {
            webApiErrorBuilder = new WebApiErrorBuilder(ErrorCode.WEB_API_CREDENTIALS_EXPIRED_ERROR, locale, new Object[0]);
        } else if (authenticationException instanceof ApiKeyExistingSessionException) {
            webApiErrorBuilder = new WebApiErrorBuilder(ErrorCode.WEB_API_EXISTING_SESSION_ERROR, locale, new Object[0]);
        } else {
            if (this.inAppBrowserClientRequestMatcher.matches(httpServletRequest)) {
                InAppBrowserAuth401ResponseGenerator.generateResponse(httpServletResponse);
                return;
            }
            webApiErrorBuilder = new WebApiErrorBuilder(ErrorCode.WEB_API_AUTHENTICATION_ERROR, locale, new Object[0]);
        }
        WebApiErrorJsonFormatter webApiErrorJsonFormatter = new WebApiErrorJsonFormatter();
        webApiErrorBuilder.setResource(requestURI).setWebApiErrorFormatter(webApiErrorJsonFormatter);
        httpServletResponse.setStatus(i);
        httpServletResponse.getWriter().write(webApiErrorBuilder.build());
        httpServletResponse.setContentType(webApiErrorJsonFormatter.getContentType());
        if (isSuppressWwwAuthenticate(httpServletRequest) || userAgent.isBrowser()) {
            return;
        }
        httpServletResponse.addHeader(HDR_WWW_AUTHENTICATE, String.format(BASIC_REALM_FORMAT, this.realmName));
    }

    protected boolean isSuppressWwwAuthenticate(HttpServletRequest httpServletRequest) {
        return Boolean.parseBoolean(httpServletRequest.getHeader("x-appian-suppress-www-authenticate"));
    }

    public String getRealmName() {
        return this.realmName;
    }

    public void setRealmName(String str) {
        this.realmName = str;
    }

    private Locale getLocale(HttpServletRequest httpServletRequest) {
        return I18nUtils.getPrimaryIfInvalid(LocaleUtils.getLocaleFromHeader(httpServletRequest));
    }
}
