package com.appiancorp.security.auth.rememberme;

import com.appiancorp.common.net.URI;
import com.appiancorp.process.rdbms.ActivitySqlFactory;
import com.appiancorp.security.auth.AuthProviderFilter;
import com.appiancorp.security.auth.UserAgent;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.utils.URLEncodedUtils;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:com/appiancorp/security/auth/rememberme/CookieTheftRedirectFilter.class */
public class CookieTheftRedirectFilter extends GenericFilterBean {
    protected final Log logger = LogFactory.getLog(getClass());
    private static final long REDIRECT_DELAY_IN_MILLIS = 500;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Object attribute = httpServletRequest.getAttribute("cookieTheftAttribute");
        if (attribute == null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if ("retry".equals(attribute)) {
            try {
                Thread.sleep(REDIRECT_DELAY_IN_MILLIS);
            } catch (InterruptedException e) {
            }
        } else if ("cookieTheft".equals(attribute)) {
            this.logger.info("Invalid remember-me token (Series/token) mismatch from a " + new UserAgent(httpServletRequest.getHeader("User-Agent")).getClient() + " client. Implies previous cookie theft attack.");
        }
        httpServletResponse.sendRedirect(getFullRequestUrl(httpServletRequest));
    }

    static String getFullRequestUrl(HttpServletRequest httpServletRequest) {
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        List parse = URLEncodedUtils.parse(httpServletRequest.getQueryString(), Charset.forName("UTF-8"));
        return requestURL.append(parse.isEmpty() ? "" : ActivitySqlFactory.AC_SUBSTITUTE_CONST + ((String) parse.stream().map(nameValuePair -> {
            return URI.encode(nameValuePair.getName()) + "=" + ((String) Arrays.stream(nameValuePair.getValue().split(",")).map(str -> {
                return URI.encode(str);
            }).collect(Collectors.joining(",")));
        }).collect(Collectors.joining(AuthProviderFilter.QUERY_STRING_SEPARATOR)))).toString();
    }
}
