package com.appiancorp.security.auth.mobile;

import com.appiancorp.common.net.URI;
import com.appiancorp.security.auth.saml.SamlConstants;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.appiancorp.suite.cfg.FeatureToggleConfiguration;
import com.google.common.base.Strings;
import java.io.IOException;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/appiancorp/security/auth/mobile/MobileAuthContextFilter.class */
public class MobileAuthContextFilter implements Filter {
    private FeatureToggleConfiguration ftc = (FeatureToggleConfiguration) ConfigurationFactory.getConfiguration(FeatureToggleConfiguration.class);
    private static final Pattern VALID_SCHEME_PATTERN = Pattern.compile("^[A-Za-z0-9_\\-\\.]+$");
    private static final Pattern IPV4_PATTERN = Pattern.compile("^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$");
    private static final Pattern HTTP_PATTERN = Pattern.compile("^(?:http|https)$");

    /* loaded from: input_file:com/appiancorp/security/auth/mobile/MobileAuthContextFilter$URLParameters.class */
    private static class URLParameters {
        String codeChallenge;
        String username;
        String signin;
        boolean forceAuthentication;
        String scheme;

        public URLParameters(HttpServletRequest httpServletRequest) {
            Map<String, String[]> queryParameters = getQueryParameters(httpServletRequest);
            this.username = getFirstValue(queryParameters.get("username"));
            this.codeChallenge = getFirstValue(queryParameters.get(MobileAuthConstants.CODE_CHALLENGE_PARAM));
            this.signin = getFirstValue(queryParameters.get(SamlConstants.AUTH_PROVIDER_QUERY_PARAM));
            this.forceAuthentication = Boolean.parseBoolean(getFirstValue(queryParameters.get(SamlConstants.FORCE_AUTH_QUERY_PARAM)));
            this.scheme = getFirstValue(queryParameters.get("scheme"));
        }

        private Map<String, String[]> getQueryParameters(HttpServletRequest httpServletRequest) {
            URI uri = new URI();
            uri.setQuery(httpServletRequest.getQueryString());
            return uri.getQueryParameters();
        }

        private String getFirstValue(String[] strArr) {
            if (strArr == null || strArr.length <= 0) {
                return null;
            }
            return strArr[0];
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!this.ftc.isInAppBrowserAuthEnabled() || !(servletRequest instanceof HttpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        URLParameters uRLParameters = new URLParameters(httpServletRequest);
        HttpSession session = httpServletRequest.getSession(false);
        MobileAuthContext mobileAuthContext = MobileAuthContextUtils.getMobileAuthContext(session);
        if (Strings.isNullOrEmpty(uRLParameters.codeChallenge)) {
            if (mobileAuthContext == null) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            if (containsNewSigninParameter(uRLParameters.signin, mobileAuthContext).booleanValue()) {
                mobileAuthContext.setSigninParameter(uRLParameters.signin);
            }
            filterChain.doFilter(new MobileAuthRequestWrapper(httpServletRequest), servletResponse);
            return;
        }
        if (mobileAuthContext != null && mobileAuthContext.getCodeChallenge().equals(uRLParameters.codeChallenge)) {
            if (containsNewSigninParameter(uRLParameters.signin, mobileAuthContext).booleanValue()) {
                mobileAuthContext.setSigninParameter(uRLParameters.signin);
            }
            filterChain.doFilter(new MobileAuthRequestWrapper(httpServletRequest), servletResponse);
        } else {
            if (session != null) {
                session.invalidate();
            }
            httpServletRequest.getSession(true).setAttribute(MobileAuthContext.MOBILE_AUTH_CONTEXT_KEY, new MobileAuthContext(uRLParameters.username, uRLParameters.codeChallenge, httpServletRequest.getRequestURL().toString(), uRLParameters.signin, validatedScheme(uRLParameters.scheme), uRLParameters.forceAuthentication));
            filterChain.doFilter(new MobileAuthRequestWrapper(httpServletRequest), servletResponse);
        }
    }

    public void destroy() {
    }

    private Boolean containsNewSigninParameter(String str, MobileAuthContext mobileAuthContext) {
        return Boolean.valueOf((Strings.isNullOrEmpty(str) || str.equals(mobileAuthContext.getSigninParameter())) ? false : true);
    }

    private static String validatedScheme(String str) {
        return (Strings.isNullOrEmpty(str) || !VALID_SCHEME_PATTERN.matcher(str).matches() || HTTP_PATTERN.matcher(str).matches() || IPV4_PATTERN.matcher(str).matches()) ? MobileAuthConstants.DEFAULT_AUTH_TOKEN_SCHEME : str;
    }
}
