package com.appiancorp.security.auth.activity;

import com.appiancorp.ap2.ServletScopesKeys;
import com.appiancorp.ap2.environment.EnvironmentUtils;
import com.appiancorp.security.auth.AuthenticationDetails;
import com.appiancorp.security.auth.LogoutAttemptMetadata;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.appiancorp.suite.cfg.FeatureToggleConfiguration;
import com.appiancorp.suiteapi.security.auth.AppianUserDetails;
import com.google.common.net.HostAndPort;
import java.io.IOException;
import java.sql.Timestamp;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener;
import org.springframework.context.event.ContextStoppedEvent;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.session.HttpSessionDestroyedEvent;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:com/appiancorp/security/auth/activity/UserActivityFilter.class */
public class UserActivityFilter extends GenericFilterBean implements ApplicationListener<ApplicationEvent> {
    private static final Logger LOG = Logger.getLogger(UserActivityFilter.class);
    public static final String LOGOUT_AUDIT_LOG_NAME = "com.appian.logout-audit";
    public static final Logger LOGOUT_AUDIT_LOG = Logger.getLogger(LOGOUT_AUDIT_LOG_NAME);
    private final UserActivityService uas;
    static HostAndPort THIS_SERVER_HOST_AND_PORT;

    public UserActivityFilter(UserActivityService userActivityService) {
        this.uas = userActivityService;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (isActiveUsersTrackingEnabled()) {
            recordUserActivity((HttpServletRequest) servletRequest);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void recordUserActivity(HttpServletRequest httpServletRequest) {
        SecurityContext context = SecurityContextHolder.getContext();
        if (context == null || context.getAuthentication() == null) {
            return;
        }
        Authentication authentication = context.getAuthentication();
        com.appiancorp.security.auth.SecurityContext securityContext = (com.appiancorp.security.auth.SecurityContext) authentication.getPrincipal();
        if (securityContext.getUserUuid() == null) {
            return;
        }
        AuthenticationDetails authDetails = getAuthDetails(authentication);
        try {
            this.uas.recordActivity(new UserActivityInfo(securityContext.getUserUuid(), securityContext.isSysAdmin(), authDetails, new Timestamp(System.currentTimeMillis()), getRequestPath(httpServletRequest), getEnvironment(httpServletRequest), getThisServerAddr(httpServletRequest), getSessionUuid(httpServletRequest)));
        } catch (Exception e) {
            logWarn("Could not record user activity: secCtx=" + securityContext + ", authDetails=" + authDetails, e);
        }
    }

    protected boolean isActiveUsersTrackingEnabled() {
        return ((FeatureToggleConfiguration) ConfigurationFactory.getConfiguration(FeatureToggleConfiguration.class)).isActiveUsersTrackingEnabled();
    }

    private AuthenticationDetails getAuthDetails(Authentication authentication) {
        Object details = authentication.getDetails();
        if (details instanceof AuthenticationDetails) {
            return (AuthenticationDetails) details;
        }
        LOG.warn(AuthenticationDetails.getLogMessageForMisconfiguredAuthDetails(details));
        return null;
    }

    private String getRequestPath(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI();
    }

    private String getEnvironment(HttpServletRequest httpServletRequest) {
        EnvironmentUtils.Environment environment = (EnvironmentUtils.Environment) httpServletRequest.getAttribute(EnvironmentUtils.Environment.ATTRIBUTE_KEY);
        if (environment == null) {
            return null;
        }
        return environment.getId();
    }

    private HostAndPort getThisServerAddr(HttpServletRequest httpServletRequest) {
        if (THIS_SERVER_HOST_AND_PORT == null) {
            THIS_SERVER_HOST_AND_PORT = HostAndPort.fromParts(httpServletRequest.getLocalAddr(), httpServletRequest.getLocalPort());
        }
        return THIS_SERVER_HOST_AND_PORT;
    }

    private String getSessionUuid(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        return (String) session.getAttribute(ServletScopesKeys.KEY_SESSION_UUID);
    }

    public void onApplicationEvent(ApplicationEvent applicationEvent) {
        if (applicationEvent instanceof HttpSessionDestroyedEvent) {
            onApplicationEvent((HttpSessionDestroyedEvent) applicationEvent);
        } else if (applicationEvent instanceof ContextStoppedEvent) {
            onApplicationEvent((ContextStoppedEvent) applicationEvent);
        }
    }

    private void onApplicationEvent(HttpSessionDestroyedEvent httpSessionDestroyedEvent) {
        List securityContexts;
        if (isActiveUsersTrackingEnabled()) {
            HttpSession session = httpSessionDestroyedEvent.getSession();
            String str = (String) session.getAttribute(ServletScopesKeys.KEY_SESSION_UUID);
            if (str == null || (securityContexts = httpSessionDestroyedEvent.getSecurityContexts()) == null || securityContexts.isEmpty() || ((SecurityContext) securityContexts.get(0)).getAuthentication() == null) {
                return;
            }
            Authentication authentication = ((SecurityContext) securityContexts.get(0)).getAuthentication();
            com.appiancorp.security.auth.SecurityContext securityContext = (com.appiancorp.security.auth.SecurityContext) authentication.getPrincipal();
            AuthenticationDetails authDetails = getAuthDetails(authentication);
            try {
                this.uas.recordSessionDestroyed(new UserSessionDestroyedInfo(((AppianUserDetails) authentication.getPrincipal()).getUserProfile().getUuid(), authDetails, str));
                LOGOUT_AUDIT_LOG.info(new LogoutAttemptMetadata(session, ((AppianUserDetails) authentication.getPrincipal()).getUserProfile()));
            } catch (Exception e) {
                logWarn("Could not record session destroyed: secCtx=" + securityContext + ", authDetails=" + authDetails + ", sessionUuid=" + str, e);
            }
        }
    }

    private void onApplicationEvent(ContextStoppedEvent contextStoppedEvent) {
        if (THIS_SERVER_HOST_AND_PORT != null) {
            deleteStatefulSessionsForServer(THIS_SERVER_HOST_AND_PORT);
        }
    }

    private void deleteStatefulSessionsForServer(HostAndPort hostAndPort) {
        try {
            this.uas.deleteStatefulSessionsForServer(hostAndPort);
        } catch (Exception e) {
            logWarn("Could not clear recorded stateful sessions for server: " + hostAndPort, e);
        }
    }

    private static void logWarn(String str, Throwable th) {
        if (LOG.isInfoEnabled()) {
            LOG.warn(str, th);
        } else {
            LOG.warn(str + " -- " + th.toString());
        }
    }
}
