package com.atlassian.jira.security.websudo;

import com.atlassian.jira.config.properties.APKeys;
import com.atlassian.jira.config.properties.ApplicationProperties;
import com.atlassian.jira.config.properties.JiraSystemProperties;
import com.atlassian.jira.web.SessionKeys;
import com.atlassian.jira.web.filters.accesslog.AtlassianSessionIdUtil;
import com.atlassian.sal.api.websudo.WebSudoRequired;
import com.atlassian.seraph.auth.SessionInvalidator;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import java.util.List;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import webwork.action.Action;
import webwork.action.ActionContext;
import webwork.action.factory.SessionMap;

/* loaded from: input_file:WEB-INF/classes/com/atlassian/jira/security/websudo/InternalWebSudoManagerImpl.class */
public class InternalWebSudoManagerImpl implements InternalWebSudoManager {
    private static final String REQUEST_ATTRIBUTE = "jira.websudo.request";
    private static final String REQUIRE_AUTHENTICATION = "Require-Authentication";
    private static final String HAS_AUTHENTICATION = "Has-Authentication";
    public static final String WEBSUDO = "X-Atlassian-WebSudo";
    private static final List<String> EXCLUDE = ImmutableList.of(AtlassianSessionIdUtil.ASESSIONID_NAME);
    private final ApplicationProperties applicationProperties;

    public InternalWebSudoManagerImpl(ApplicationProperties applicationProperties) {
        this.applicationProperties = applicationProperties;
    }

    @Override // com.atlassian.jira.security.websudo.InternalWebSudoManager
    public boolean isEnabled() {
        return (JiraSystemProperties.isWebSudoDisabled() || this.applicationProperties.getOption("jira.websudo.is.disabled") || InbuiltAuthenticatorCheck.hasCustomAuthenticator()) ? false : true;
    }

    @Override // com.atlassian.jira.security.websudo.InternalWebSudoManager
    public boolean matches(Class<? extends Action> cls) {
        return cls.getAnnotation(WebSudoRequired.class) != null;
    }

    @Override // com.atlassian.jira.security.websudo.InternalWebSudoManager
    public boolean hasValidSession(@Nullable HttpSession httpSession) {
        if (null == httpSession) {
            return false;
        }
        String defaultBackedString = this.applicationProperties.getDefaultBackedString(APKeys.WebSudo.TIMEOUT);
        int intValue = StringUtils.isNotBlank(defaultBackedString) ? Integer.valueOf(defaultBackedString).intValue() : 10;
        Long l = (Long) httpSession.getAttribute(SessionKeys.WEBSUDO_TIMESTAMP);
        return l != null && l.longValue() >= currentTimeMillis() - ((long) ((intValue * 60) * 1000));
    }

    @Override // com.atlassian.jira.security.websudo.InternalWebSudoManager
    public boolean isWebSudoRequest(@Nullable HttpServletRequest httpServletRequest) {
        return null != httpServletRequest && Boolean.TRUE.equals(httpServletRequest.getAttribute(REQUEST_ATTRIBUTE));
    }

    @Override // com.atlassian.jira.security.websudo.InternalWebSudoManager
    public void startSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Preconditions.checkNotNull(httpServletRequest);
        Preconditions.checkNotNull(httpServletResponse);
        invalidateHttpSession(httpServletRequest);
        markWebSudoRequest(httpServletRequest);
        httpServletResponse.setHeader(WEBSUDO, HAS_AUTHENTICATION);
    }

    private void invalidateHttpSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || session.isNew() || ((String) session.getAttribute(AtlassianSessionIdUtil.ASESSIONID_NAME)) == null) {
            return;
        }
        new SessionInvalidator(EXCLUDE).invalidateSession(httpServletRequest);
        ActionContext.setSession(new SessionMap(httpServletRequest.getSession(true)));
    }

    @Override // com.atlassian.jira.security.websudo.InternalWebSudoManager
    public void markWebSudoRequest(@Nullable HttpServletRequest httpServletRequest) {
        if (null == httpServletRequest) {
            return;
        }
        httpServletRequest.getSession(true).setAttribute(SessionKeys.WEBSUDO_TIMESTAMP, Long.valueOf(currentTimeMillis()));
        httpServletRequest.setAttribute(REQUEST_ATTRIBUTE, Boolean.TRUE);
    }

    @Override // com.atlassian.jira.security.websudo.InternalWebSudoManager
    public void invalidateSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = null != httpServletRequest ? httpServletRequest.getSession(false) : null;
        if (null != session) {
            session.removeAttribute(SessionKeys.WEBSUDO_TIMESTAMP);
        }
        httpServletResponse.setHeader(WEBSUDO, REQUIRE_AUTHENTICATION);
    }

    long currentTimeMillis() {
        return System.currentTimeMillis();
    }
}
