package com.appiancorp.sailapp.urlrewrite;

import com.appian.css.theme.ConfigurableStyle;
import com.appiancorp.common.config.ApplicationContextHolder;
import com.appiancorp.embedded.backend.ReactThemeService;
import com.appiancorp.features.FeatureToggleClient;
import com.appiancorp.react.urlrewrite.ReactFilterForwarder;
import com.appiancorp.security.auth.SecurityContext;
import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.security.authz.SystemRole;
import com.appiancorp.services.ServiceContext;
import com.appiancorp.sites.ButtonShape;
import com.appiancorp.sites.InputShape;
import com.appiancorp.uritemplates.UriTemplateScanner;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.util.HashMap;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.json.JSONObject;
import org.tuckey.web.filters.urlrewrite.extend.RewriteMatch;

/* loaded from: input_file:com/appiancorp/sailapp/urlrewrite/ProcessHQFilterForwarder.class */
public class ProcessHQFilterForwarder extends ReactFilterForwarder {
    private static final String DATA_URL_KEY = "data-url";
    public static final String ENTRY_POINT_URL = "/sail-client/data-fabric-index.jsp";
    static final String ANALYSIS_URL_KEY = "analysis";
    static final String SCOPE_OVERVIEW_URL_KEY = "view";
    static final String SCOPE_OVERVIEW_REDIRECT_URL = "/view";
    private static final String FULL_PHQ_FT = "ae.insights-experience.full-process-hq";

    @VisibleForTesting
    static final String PHQ_ACCENT_COLOR = "#8fabdc";
    private static final Logger LOG = Logger.getLogger(ProcessHQFilterForwarder.class);
    public static final String URL_STUB = "data-fabric";
    public static final String PROCESS_HQ_URL = "/" + SUITE_CONFIGURATION.getContextPath() + "/" + URL_STUB;
    private static final String DATA_URL = "/" + SUITE_CONFIGURATION.getContextPath() + "/rest/a/applications/latest/app/" + URL_STUB;
    private static final String html5Pattern = "^" + PROCESS_HQ_URL + "(/?|/.*)";
    private static final Pattern HTML5_URI_PATTERN = Pattern.compile(html5Pattern);
    private static final String NEW_ANALYSIS_REGEX = "^.+(/analysis).*$";
    private static final Pattern NEW_ANALYSIS_PATTERN = Pattern.compile(NEW_ANALYSIS_REGEX);

    /* loaded from: input_file:com/appiancorp/sailapp/urlrewrite/ProcessHQFilterForwarder$ProcessHqFilterForwarderThemeService.class */
    private static class ProcessHqFilterForwarderThemeService implements ReactThemeService {
        private ProcessHqFilterForwarderThemeService() {
        }

        @Override // com.appiancorp.embedded.backend.ReactThemeService
        public JSONObject getJson(String str) {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(ConfigurableStyle.BUTTON_SHAPE.getKey(), ButtonShape.SEMI_ROUNDED.getText());
            jSONObject.put(ConfigurableStyle.INPUT_SHAPE.getKey(), InputShape.SEMI_ROUNDED.getText());
            return jSONObject;
        }
    }

    @Override // com.appiancorp.common.urlrewrite.AbstractFilterForwarder
    protected boolean isValidUri(String str) {
        return HTML5_URI_PATTERN.matcher(str).matches();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.appiancorp.common.urlrewrite.AbstractFilterForwarder
    public String getForwardUrl() {
        return ENTRY_POINT_URL;
    }

    @Override // com.appiancorp.common.urlrewrite.AbstractFilterForwarder
    protected String getBaseUrl() {
        return PROCESS_HQ_URL;
    }

    @Override // com.appiancorp.common.urlrewrite.AbstractFilterForwarder
    protected Pattern getHtml5Pattern() {
        return HTML5_URI_PATTERN;
    }

    @Override // com.appiancorp.react.urlrewrite.ReactFilterForwarder
    protected String getSasaName() {
        return URL_STUB;
    }

    @Override // com.appiancorp.react.urlrewrite.ReactFilterForwarder
    protected String getThemeId(String str) {
        return URL_STUB;
    }

    @Override // com.appiancorp.react.urlrewrite.ReactFilterForwarder
    protected ReactThemeService getThemeService() {
        return new ProcessHqFilterForwarderThemeService();
    }

    @Override // com.appiancorp.react.urlrewrite.ReactFilterForwarder
    protected String environmentSpecificAccentColor() {
        return ((FeatureToggleClient) ApplicationContextHolder.getBean(FeatureToggleClient.class)).isFeatureEnabled(FULL_PHQ_FT) ? PHQ_ACCENT_COLOR : ReactFilterForwarder.DESIGN_ACCENT_COLOR;
    }

    @Override // com.appiancorp.common.urlrewrite.AbstractFilterForwarder
    protected boolean requiresAuthorization(HttpServletRequest httpServletRequest) {
        return true;
    }

    @Override // com.appiancorp.common.urlrewrite.AbstractFilterForwarder
    protected String getAuthorizationActionName(HttpServletRequest httpServletRequest) {
        return ProcessHQFilterForwarder.class.getName() + "." + URL_STUB;
    }

    @Override // com.appiancorp.react.urlrewrite.ReactFilterForwarder
    protected JSONObject calculateDataUrls(HttpServletRequest httpServletRequest, UriTemplateScanner uriTemplateScanner) {
        HashMap hashMap = new HashMap();
        hashMap.put(DATA_URL_KEY, DATA_URL + httpServletRequest.getRequestURI().substring(SUITE_CONFIGURATION.getContextPath().length() + 1 + URL_STUB.length() + 1));
        return new JSONObject(hashMap);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.appiancorp.react.urlrewrite.ReactFilterForwarder, com.appiancorp.common.urlrewrite.AbstractFilterForwarder
    public RewriteMatch doCustomRedirect(final String str, final String str2) {
        return new RewriteMatch() { // from class: com.appiancorp.sailapp.urlrewrite.ProcessHQFilterForwarder.1
            public boolean execute(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
                if (!ProcessHQFilterForwarder.this.canAccessProcessHq(SpringSecurityContextHelper.getCurrentSecurityContext())) {
                    ProcessHQFilterForwarder.LOG.error("Unauthorized user, " + ProcessHQFilterForwarder.this.getUserName(ProcessHQFilterForwarder.this.getServiceContext(httpServletRequest)) + ", attempted to access " + str + ".  User-Agent: " + str2);
                    httpServletResponse.sendError(403);
                    return true;
                }
                Matcher matcher = ProcessHQFilterForwarder.NEW_ANALYSIS_PATTERN.matcher(str);
                if (matcher.matches()) {
                    ProcessHQFilterForwarder.sendCustomRedirect(httpServletResponse, str.substring(0, matcher.start(1)) + ProcessHQFilterForwarder.SCOPE_OVERVIEW_REDIRECT_URL);
                    return true;
                }
                ProcessHQFilterForwarder.this.executeStandardRedirect(httpServletRequest, httpServletResponse);
                return true;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void sendCustomRedirect(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.sendRedirect(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean canAccessProcessHq(SecurityContext securityContext) {
        if (((FeatureToggleClient) ApplicationContextHolder.getBean(FeatureToggleClient.class)).isFeatureEnabled("ae.insights-experience.process-hq")) {
            if (!securityContext.isSysAdmin()) {
                Stream of = Stream.of((Object[]) new String[]{SystemRole.REPORT_CREATORS.getGroupUuid(), SystemRole.BUSINESS_ANALYSTS.getGroupUuid()});
                Set memberGroupUuids = securityContext.getMemberGroupUuids();
                memberGroupUuids.getClass();
                if (of.anyMatch((v1) -> {
                    return r1.contains(v1);
                })) {
                }
            }
            return true;
        }
        return false;
    }

    protected String getUserName(ServiceContext serviceContext) {
        return serviceContext.getIdentity().getIdentity();
    }
}
