package com.appiancorp.connectedsystems.http.oauth;

import com.appiancorp.common.monitoring.ProductMetricsAggregatedDataCollector;
import com.appiancorp.connectedsystems.OAuthConstants;
import com.appiancorp.connectedsystems.monitoring.ConnectedSystemMetricsConstants;
import com.appiancorp.connectedsystems.monitoring.OAuthSamlAuthGrantPrometheusMetrics;
import com.appiancorp.core.crypto.InternalEncryptionStringService;
import com.appiancorp.security.auth.saml.oauth.OAuthSamlAuthGrantCsTokenRetrieveToggle;
import com.appiancorp.suiteapi.security.auth.AppianUserDetails;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:com/appiancorp/connectedsystems/http/oauth/OAuthSamlAuthGrantLoginSuccessListener.class */
public class OAuthSamlAuthGrantLoginSuccessListener implements ApplicationListener<InteractiveAuthenticationSuccessEvent> {
    private static final Logger LOG = LoggerFactory.getLogger(OAuthSamlAuthGrantLoginSuccessListener.class);
    private static final String ERROR_MSG = "Will not retrieve saml access/ refresh token(s).";
    private final InternalEncryptionStringService internalEncryptionStringService;
    private final OAuthSamlAuthGrantConnectedSystemRetriever oAuthSamlAuthGrantConnectedSystemRetriever;
    private final OAuthSamlTokenHandler oAuthSamlTokenHandler;
    private final OAuthSamlAuthGrantCsTokenRetrieveToggle oAuthSamlAuthGrantCsTokenRetrieveToggle;
    private final OAuthSamlMembershipCheck oAuthSamlMembershipCheck;

    public OAuthSamlAuthGrantLoginSuccessListener(InternalEncryptionStringService internalEncryptionStringService, OAuthSamlAuthGrantConnectedSystemRetriever oAuthSamlAuthGrantConnectedSystemRetriever, OAuthSamlTokenHandler oAuthSamlTokenHandler, OAuthSamlAuthGrantCsTokenRetrieveToggle oAuthSamlAuthGrantCsTokenRetrieveToggle, OAuthSamlMembershipCheck oAuthSamlMembershipCheck) {
        this.internalEncryptionStringService = internalEncryptionStringService;
        this.oAuthSamlTokenHandler = oAuthSamlTokenHandler;
        this.oAuthSamlAuthGrantConnectedSystemRetriever = oAuthSamlAuthGrantConnectedSystemRetriever;
        this.oAuthSamlAuthGrantCsTokenRetrieveToggle = oAuthSamlAuthGrantCsTokenRetrieveToggle;
        this.oAuthSamlMembershipCheck = oAuthSamlMembershipCheck;
    }

    public void onApplicationEvent(InteractiveAuthenticationSuccessEvent interactiveAuthenticationSuccessEvent) {
        AppianUserDetails appianUserDetails = null;
        long currentTimeMillis = System.currentTimeMillis();
        try {
            try {
                if (!this.oAuthSamlAuthGrantCsTokenRetrieveToggle.isEnabled()) {
                    LOG.trace("Skipping fetching of access token and refresh token");
                    if (0 == 0 || !appianUserDetails.isLoggedInThroughSaml()) {
                        return;
                    }
                    appianUserDetails.clearEncryptedSamlAssertion();
                    LOG.trace("Cleared cache saml assertion from appian user details.");
                    return;
                }
                Authentication authentication = interactiveAuthenticationSuccessEvent.getAuthentication();
                if (authentication == null) {
                    LOG.error("Authentication is not set. Will not retrieve saml access/ refresh token(s).");
                    if (0 == 0 || !appianUserDetails.isLoggedInThroughSaml()) {
                        return;
                    }
                    appianUserDetails.clearEncryptedSamlAssertion();
                    LOG.trace("Cleared cache saml assertion from appian user details.");
                    return;
                }
                if (!(authentication.getPrincipal() instanceof AppianUserDetails)) {
                    LOG.error("Authentication principal is not an instance of AppianUserDetails. Will not retrieve saml access/ refresh token(s).");
                    if (0 == 0 || !appianUserDetails.isLoggedInThroughSaml()) {
                        return;
                    }
                    appianUserDetails.clearEncryptedSamlAssertion();
                    LOG.trace("Cleared cache saml assertion from appian user details.");
                    return;
                }
                AppianUserDetails appianUserDetails2 = (AppianUserDetails) authentication.getPrincipal();
                if (!appianUserDetails2.isLoggedInThroughSaml()) {
                    LOG.trace("User did not login via saml. Will not retrieve saml access/ refresh token(s).");
                    if (appianUserDetails2 == null || !appianUserDetails2.isLoggedInThroughSaml()) {
                        return;
                    }
                    appianUserDetails2.clearEncryptedSamlAssertion();
                    LOG.trace("Cleared cache saml assertion from appian user details.");
                    return;
                }
                if (this.oAuthSamlAuthGrantCsTokenRetrieveToggle.shouldCheckSBAFGroupMembership() && !this.oAuthSamlMembershipCheck.isMemberOfSBAFGroup(appianUserDetails2.getUsername())) {
                    LOG.trace("User is not a member of the SBAF Users group. Will not retrieve saml access/ refresh token(s).");
                    if (appianUserDetails2 == null || !appianUserDetails2.isLoggedInThroughSaml()) {
                        return;
                    }
                    appianUserDetails2.clearEncryptedSamlAssertion();
                    LOG.trace("Cleared cache saml assertion from appian user details.");
                    return;
                }
                if (retrieveAndPersistTokensForOAuthSamlConnectedSystems(appianUserDetails2.getEncryptedSamlAssertion())) {
                    OAuthSamlAuthGrantPrometheusMetrics.logSuccessTimeToReqAndProcTokensForMultipleCsAtLogin(System.currentTimeMillis() - currentTimeMillis);
                } else {
                    OAuthSamlAuthGrantPrometheusMetrics.logFailureTimeToReqAndProcTokensForMultipleCsAtLogin(System.currentTimeMillis() - currentTimeMillis);
                }
                if (appianUserDetails2 == null || !appianUserDetails2.isLoggedInThroughSaml()) {
                    return;
                }
                appianUserDetails2.clearEncryptedSamlAssertion();
                LOG.trace("Cleared cache saml assertion from appian user details.");
            } catch (Exception e) {
                LOG.error("Unexpected error during oauth saml bearer assertion token request", e);
                OAuthSamlAuthGrantPrometheusMetrics.logFailureTimeToReqAndProcTokensForMultipleCsAtLogin(System.currentTimeMillis() - currentTimeMillis);
                if (0 == 0 || !appianUserDetails.isLoggedInThroughSaml()) {
                    return;
                }
                appianUserDetails.clearEncryptedSamlAssertion();
                LOG.trace("Cleared cache saml assertion from appian user details.");
            }
        } catch (Throwable th) {
            if (0 != 0 && appianUserDetails.isLoggedInThroughSaml()) {
                appianUserDetails.clearEncryptedSamlAssertion();
                LOG.trace("Cleared cache saml assertion from appian user details.");
            }
            throw th;
        }
    }

    private boolean retrieveAndPersistTokensForOAuthSamlConnectedSystems(String str) throws OAuthSamlException {
        boolean z = true;
        OAuthSamlAuthGrantPrometheusMetrics.logStartOfTokenReqAndProcForMultipleCsAtLogin();
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        try {
            if (StringUtils.isBlank(str)) {
                LOG.error("Saml assertion was not set in appian user details. Will not retrieve saml access/ refresh token(s).");
                OAuthSamlAuthGrantPrometheusMetrics.logEndOfTokenReqAndProcForMultipleCsAtLogin();
                shutdownExecutor(newSingleThreadExecutor);
                return false;
            }
            String decryptFromString = this.internalEncryptionStringService.decryptFromString(str);
            Set allOAuthSamlConnectedSystemsUuids = this.oAuthSamlAuthGrantConnectedSystemRetriever.getAllOAuthSamlConnectedSystemsUuids();
            if (!allOAuthSamlConnectedSystemsUuids.isEmpty()) {
                Callable callable = () -> {
                    boolean z2 = true;
                    Iterator it = allOAuthSamlConnectedSystemsUuids.iterator();
                    while (it.hasNext()) {
                        String str2 = (String) it.next();
                        try {
                            this.oAuthSamlTokenHandler.retrieveAndPersistToken(str2, decryptFromString);
                            LOG.trace("Successful access/ refresh token(s) request for cs uuid '{}'", str2);
                            ProductMetricsAggregatedDataCollector.recordData(ConnectedSystemMetricsConstants.SBAF_LOGIN_TOKEN_REQUEST_SUCCESS);
                        } catch (Exception e) {
                            LOG.error("Unable to retrieve token for oauth saml assertion authz grant for connected system uuid '{}'", str2, e);
                            ProductMetricsAggregatedDataCollector.recordData(ConnectedSystemMetricsConstants.SBAF_LOGIN_TOKEN_REQUEST_FAILURE);
                            z2 = false;
                        }
                    }
                    return Boolean.valueOf(z2);
                };
                long currentTimeMillis = System.currentTimeMillis();
                try {
                    z = ((Boolean) newSingleThreadExecutor.submit(callable).get(10L, TimeUnit.SECONDS)).booleanValue();
                    LOG.trace("Finished retrieveAndPersistToken in {} ms", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                } catch (InterruptedException e) {
                    LOG.error("Received an InterruptedException for retrieveAndPersistToken in {} ms. The exception was: ", Long.valueOf(System.currentTimeMillis() - currentTimeMillis), e);
                    ProductMetricsAggregatedDataCollector.recordData(ConnectedSystemMetricsConstants.SBAF_LOGIN_TOKEN_REQUEST_FAILURE);
                    z = false;
                    Thread.currentThread().interrupt();
                } catch (ExecutionException e2) {
                    LOG.error("Received an ExecutionException for retrieveAndPersistToken in {} ms. The exception was: ", Long.valueOf(System.currentTimeMillis() - currentTimeMillis), e2);
                    ProductMetricsAggregatedDataCollector.recordData(ConnectedSystemMetricsConstants.SBAF_LOGIN_TOKEN_REQUEST_FAILURE);
                    z = false;
                } catch (TimeoutException e3) {
                    LOG.error("Received timeoutexception for retrieveAndPersistToken in {} ms. The exception was: ", Long.valueOf(System.currentTimeMillis() - currentTimeMillis), e3);
                    ProductMetricsAggregatedDataCollector.recordData(ConnectedSystemMetricsConstants.SBAF_LOGIN_TOKEN_REQUEST_FAILURE);
                    z = false;
                }
            }
            LOG.trace("Completed request access/ refresh token(s) for all '{}' oauth saml grant connected systems.", Integer.valueOf(allOAuthSamlConnectedSystemsUuids.size()));
            boolean z2 = z;
            OAuthSamlAuthGrantPrometheusMetrics.logEndOfTokenReqAndProcForMultipleCsAtLogin();
            shutdownExecutor(newSingleThreadExecutor);
            return z2;
        } catch (Throwable th) {
            OAuthSamlAuthGrantPrometheusMetrics.logEndOfTokenReqAndProcForMultipleCsAtLogin();
            shutdownExecutor(newSingleThreadExecutor);
            throw th;
        }
    }

    private void shutdownExecutor(ExecutorService executorService) {
        executorService.shutdown();
        try {
            if (!executorService.awaitTermination(1000L, TimeUnit.MILLISECONDS)) {
                LOG.warn("Taking longer than {} ms to shutdown retrieveAndPersistToken executor. Forcefully closing this out.", Integer.valueOf(OAuthConstants.EXECUTOR_SHUTDOWN_TIMEOUT_MILLISECONDS));
                executorService.shutdownNow();
            }
        } catch (InterruptedException e) {
            LOG.error("Received an exception while forcefully closing retrieveAndPersistToken executor.");
            executorService.shutdownNow();
            Thread.currentThread().interrupt();
        }
    }
}
