package com.appiancorp.security.auth.oidc;

import com.appiancorp.features.FeatureToggleClient;
import com.appiancorp.security.auth.OidcSSOsManager;
import java.nio.charset.Charset;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URLEncodedUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:com/appiancorp/security/auth/oidc/OidcFilterPredicate.class */
public class OidcFilterPredicate {
    public static final String AUTH_PROVIDER_QUERY_PARAM = "signin";
    private static final Logger LOG = LoggerFactory.getLogger(OidcFilterPredicate.class);
    private final OidcSuiteConfiguration oidcSuiteConfiguration;
    private final FeatureToggleClient featureToggleClient;
    private final OidcConfiguration oidcConfiguration;
    private final OidcSSOsManager oidcSSOsManager;

    public OidcFilterPredicate(OidcSuiteConfiguration oidcSuiteConfiguration, FeatureToggleClient featureToggleClient, OidcConfiguration oidcConfiguration, OidcSSOsManager oidcSSOsManager) {
        this.oidcSuiteConfiguration = oidcSuiteConfiguration;
        this.featureToggleClient = featureToggleClient;
        this.oidcConfiguration = oidcConfiguration;
        this.oidcSSOsManager = oidcSSOsManager;
    }

    public boolean shouldUseFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean isAuthenticated = isAuthenticated();
        if (!this.featureToggleClient.isFeatureEnabled("ae.data-integrations.oidc-auth-code") || !this.oidcConfiguration.isEnabled() || isAuthenticated) {
            LOG.debug("NOT Using OIDC Filter, since OIDC FT enabled: {}, oidcConfiguration enabled: {}, isAuthenticated: {}", new Object[]{Boolean.valueOf(this.featureToggleClient.isFeatureEnabled("ae.data-integrations.oidc-auth-code")), Boolean.valueOf(this.oidcConfiguration.isEnabled()), Boolean.valueOf(isAuthenticated)});
            return false;
        }
        if (isOidcCallbackUri(httpServletRequest)) {
            LOG.debug("Using OIDC filter since incoming request is Oidc Callback Uri");
            return true;
        }
        String queryParamStringValue = getQueryParamStringValue(AUTH_PROVIDER_QUERY_PARAM, httpServletRequest);
        if (queryParamStringValue != null) {
            return queryParamStringValue.equals("oidc");
        }
        if (!this.oidcSSOsManager.isDefaultSignInIdpNotSet() || this.oidcSSOsManager.isOidcDefaultSignInIdp()) {
            return true;
        }
        LOG.info("OIDC is enabled but is not the default sign-in. Skip to next Filter.");
        return false;
    }

    private boolean isAuthenticated() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return authentication != null && authentication.isAuthenticated();
    }

    public boolean isOidcCallbackUri(HttpServletRequest httpServletRequest) {
        return OidcCommon.isOidcCallbackUri(this.oidcSuiteConfiguration.getBaseUri(), httpServletRequest.getRequestURI());
    }

    public String getRegistrationId(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return "oidc";
    }

    private static String getQueryParamStringValue(String str, HttpServletRequest httpServletRequest) {
        for (NameValuePair nameValuePair : URLEncodedUtils.parse(httpServletRequest.getQueryString(), Charset.forName("UTF-8"))) {
            if (nameValuePair.getName().equalsIgnoreCase(str)) {
                return nameValuePair.getValue();
            }
        }
        return null;
    }
}
