package com.appiancorp.security.auth.rememberme;

import com.appiancorp.common.monitoring.ProductMetricsAggregatedDataCollector;
import com.appiancorp.security.auth.UserAgent;
import java.sql.Timestamp;
import javax.servlet.http.HttpServletRequest;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException;

/* loaded from: input_file:com/appiancorp/security/auth/rememberme/RememberMeTokenValidator.class */
public class RememberMeTokenValidator {
    private RememberMeSettings rememberMeSettings;

    public RememberMeTokenValidator(RememberMeSettings rememberMeSettings) {
        this.rememberMeSettings = rememberMeSettings;
    }

    public void validate(HttpServletRequest httpServletRequest, String str, String str2, AppianPersistentRememberMeToken appianPersistentRememberMeToken, MessageSourceAccessor messageSourceAccessor) {
        if (appianPersistentRememberMeToken == null) {
            ProductMetricsAggregatedDataCollector.recordData("rememberMe.invalid.noSeries");
            throw new RememberMeAuthenticationException("No persistent token found for series id: " + str);
        }
        if (!str2.equals(appianPersistentRememberMeToken.getTokenValue())) {
            processCookieTheft(httpServletRequest, appianPersistentRememberMeToken.getUpdated().getTime(), messageSourceAccessor);
        }
        String username = appianPersistentRememberMeToken.getUsername();
        if (!this.rememberMeSettings.isEnabled(httpServletRequest, username)) {
            ProductMetricsAggregatedDataCollector.recordData("rememberMe.invalid.disabled");
            throw new RememberMeAuthenticationException("Remember Me is disabled for this user");
        }
        if (appianPersistentRememberMeToken.getDate().getTime() + this.rememberMeSettings.getTokenLifespanMs(httpServletRequest, username) < System.currentTimeMillis()) {
            ProductMetricsAggregatedDataCollector.recordData("rememberMe.invalid.expired");
            throw new RememberMeAuthenticationException("Remember-me login has expired");
        }
        ProductMetricsAggregatedDataCollector.recordData("rememberMe.valid");
    }

    public void processCookieTheft(HttpServletRequest httpServletRequest, long j, MessageSourceAccessor messageSourceAccessor) {
        if (new Timestamp(System.currentTimeMillis()).before(new Timestamp(AppianPersistentTokenBasedRememberMeServices.REDIRECT_WINDOW_IN_MILLIS + j))) {
            ProductMetricsAggregatedDataCollector.recordData("rememberMe.retry");
            httpServletRequest.setAttribute("cookieTheftAttribute", "retry");
        } else {
            ProductMetricsAggregatedDataCollector.recordData("rememberMe.invalid.cookieTheft");
            httpServletRequest.setAttribute("cookieTheftAttribute", "cookieTheft");
        }
        throw new RememberMeAuthenticationException("Cookie Theft Exception: Invalid remember-me token (Series/token) mismatch from a " + new UserAgent(httpServletRequest.getHeader("User-Agent")).getClient() + " client. Implies previous cookie theft attack.");
    }
}
