package com.appiancorp.rpa.filter;

import com.appiancorp.apikey.exceptions.ApiKeyExistingSessionException;
import com.appiancorp.features.FeatureToggleClient;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:com/appiancorp/rpa/filter/RpaTokenFilter.class */
public class RpaTokenFilter extends AbstractAuthenticationProcessingFilter {
    static final String DISALLOW_EXISTING_SESSION_WITH_API_KEYS = "ae.keep-customers-happy.disallow-existing-session-with-api-keys";
    private final FeatureToggleClient featureToggleClient;

    public RpaTokenFilter(AuthenticationManager authenticationManager, RequestMatcher requestMatcher, AuthenticationFailureHandler authenticationFailureHandler, FeatureToggleClient featureToggleClient) {
        super(requestMatcher);
        this.featureToggleClient = featureToggleClient;
        setAuthenticationManager(authenticationManager);
        setAuthenticationFailureHandler(authenticationFailureHandler);
    }

    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        SecurityContextHolder.getContext().setAuthentication(authentication);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            if (this.featureToggleClient.isFeatureEnabled(DISALLOW_EXISTING_SESSION_WITH_API_KEYS)) {
                throw new ApiKeyExistingSessionException("Request is already authenticated. Cannot authenticate again");
            }
            session.invalidate();
        }
        return getAuthenticationManager().authenticate(new RpaBearerToken(httpServletRequest.getHeader("Authorization"), httpServletRequest.getHeader("User-UUID")));
    }
}
