package com.appiancorp.apikey.runtime;

import com.appiancorp.apikey.exceptions.ApiKeyExistingSessionException;
import com.appiancorp.common.monitoring.ProductMetricsAggregatedDataCollector;
import com.appiancorp.features.FeatureToggleClient;
import com.appiancorp.security.auth.AppianApiKeyFilterPathMatcher;
import com.appiancorp.security.auth.AuthenticationDetails;
import com.appiancorp.security.auth.HttpBasicAuthenticationEntryPoint;
import com.appiancorp.security.auth.InternalWebApiPathMatcher;
import com.appiancorp.security.auth.LoginEntryPoint;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.util.Arrays;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;

/* loaded from: input_file:com/appiancorp/apikey/runtime/ApiKeyFilter.class */
public class ApiKeyFilter extends AbstractAuthenticationProcessingFilter {
    private static final String BASE_PRODUCT_METRICS_KEY = "webApi.authentication.apikey.";
    private static final Map<Class<? extends ApiKeyResolver>, String> LOGGING_PREFIXES = ImmutableMap.of(ApiKeyTokenHeaderResolver.class, "inApiKeyHeader.", ApiKeyBasicAuthHeaderResolver.class, "inBasicAuthHeader.", ApiKeyBearerAuthHeaderResolver.class, "inBearerAuthHeader.");
    private static final String SUCCESS = "success";
    private static final String FAILURE = "failure";
    private final AuthenticationEntryPoint authenticationEntryPoint;
    private final ApiKeyResolver[] resolvers;
    private final FeatureToggleClient featureToggleClient;

    public ApiKeyFilter(AuthenticationManager authenticationManager, HttpBasicAuthenticationEntryPoint httpBasicAuthenticationEntryPoint, FeatureToggleClient featureToggleClient) {
        super("/j_spring_security_filter");
        this.authenticationEntryPoint = httpBasicAuthenticationEntryPoint;
        this.resolvers = new ApiKeyResolver[]{new ApiKeyTokenHeaderResolver(), new ApiKeyBasicAuthHeaderResolver(), new ApiKeyBearerAuthHeaderResolver(featureToggleClient)};
        this.featureToggleClient = featureToggleClient;
        setAuthenticationManager(authenticationManager);
    }

    protected boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String servletPath = httpServletRequest.getServletPath();
        if (InternalWebApiPathMatcher.isInternalWebApiPath(servletPath)) {
            servletPath = servletPath + httpServletRequest.getPathInfo();
        }
        return AppianApiKeyFilterPathMatcher.isAuthenticatedPath(servletPath) && foundKey(httpServletRequest);
    }

    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        SecurityContextHolder.getContext().setAuthentication(new ApiKeyAuthToken(authentication));
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException {
        String str = "";
        StringBuilder sb = new StringBuilder(BASE_PRODUCT_METRICS_KEY);
        Resolution empty = Resolution.empty();
        ApiKeyResolver[] apiKeyResolverArr = this.resolvers;
        int length = apiKeyResolverArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            empty = apiKeyResolverArr[i].resolve(httpServletRequest);
            if (empty.isPresent()) {
                str = empty.getToken();
                sb.append(LOGGING_PREFIXES.get(empty.resolvedBy()));
                break;
            }
            i++;
        }
        if (!empty.isPresent()) {
            throw new IOException("API key not found in request");
        }
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            if (this.featureToggleClient.isFeatureEnabled("ae.keep-customers-happy.disallow-existing-session-with-api-keys")) {
                throw new ApiKeyExistingSessionException("Request is already authenticated. Cannot authenticate again");
            }
            session.invalidate();
        }
        ApiKeyAuthToken apiKeyAuthToken = new ApiKeyAuthToken(str);
        apiKeyAuthToken.setDetails(new AuthenticationDetails(httpServletRequest, LoginEntryPoint.WEB_API));
        try {
            Authentication authenticate = getAuthenticationManager().authenticate(apiKeyAuthToken);
            ProductMetricsAggregatedDataCollector.recordData(sb.append("success").toString());
            return authenticate;
        } catch (AuthenticationException e) {
            ProductMetricsAggregatedDataCollector.recordData(sb.append(FAILURE).toString());
            throw e;
        }
    }

    protected void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, authenticationException);
    }

    public boolean foundKey(HttpServletRequest httpServletRequest) {
        return Arrays.stream(this.resolvers).anyMatch(apiKeyResolver -> {
            return apiKeyResolver.resolve(httpServletRequest).isPresent();
        });
    }
}
