package com.atlassian.jira.security.xsrf;

import com.atlassian.jira.bc.license.JiraServerIdProvider;
import com.atlassian.jira.bc.whitelist.DefaultWhitelistManager;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.util.velocity.VelocityRequestContext;
import com.atlassian.jira.web.ExecutingHttpRequest;
import com.atlassian.security.random.DefaultSecureTokenGenerator;
import java.util.StringTokenizer;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/atlassian/jira/security/xsrf/SimpleXsrfTokenGenerator.class */
public class SimpleXsrfTokenGenerator implements XsrfTokenGenerator {
    private static final String SET_COOKIE_PENDING = "jira.xsrf.set.cookie.pending";
    private static final String LOGGED_IN = "lin";
    private static final String LOGGED_OUT = "lout";
    private final JiraAuthenticationContext authenticationContext;
    private final JiraServerIdProvider jiraServerIdProvider;

    public SimpleXsrfTokenGenerator(JiraAuthenticationContext jiraAuthenticationContext, JiraServerIdProvider jiraServerIdProvider) {
        this.authenticationContext = jiraAuthenticationContext;
        this.jiraServerIdProvider = jiraServerIdProvider;
    }

    @Override // com.atlassian.jira.security.xsrf.XsrfTokenGenerator
    public String generateToken(HttpServletRequest httpServletRequest) {
        return generateTokenImpl(httpServletRequest);
    }

    @Override // com.atlassian.jira.security.xsrf.XsrfTokenGenerator
    public String generateToken(VelocityRequestContext velocityRequestContext) {
        return generateTokenImpl(null);
    }

    @Override // com.atlassian.jira.security.xsrf.XsrfTokenGenerator
    public String generateToken() {
        return generateTokenImpl(null);
    }

    @Override // com.atlassian.jira.security.xsrf.XsrfTokenGenerator
    public String getXsrfTokenName() {
        return XsrfTokenGenerator.TOKEN_HTTP_SESSION_KEY;
    }

    @Override // com.atlassian.jira.security.xsrf.XsrfTokenGenerator
    public boolean validateToken(HttpServletRequest httpServletRequest, String str) {
        if (str == null || httpServletRequest == null) {
            return false;
        }
        return str.equals(getXsrfCookie(httpServletRequest, getPendingToken(httpServletRequest)));
    }

    @Override // com.atlassian.jira.security.xsrf.XsrfTokenGenerator
    public boolean generatedByAuthenticatedUser(String str) {
        return StringUtils.isNotBlank(str) && str.endsWith("|lin");
    }

    private String generateTokenImpl(HttpServletRequest httpServletRequest) {
        String str = null;
        HttpServletRequest safeAccess = safeAccess(httpServletRequest);
        if (safeAccess != null) {
            boolean z = this.authenticationContext.getLoggedInUser() != null;
            String pendingToken = getPendingToken(safeAccess);
            str = getXsrfCookie(safeAccess, pendingToken);
            if (StringUtils.isBlank(pendingToken) && !isValidServerSideToken(str, z)) {
                return setXsrfCookie(safeAccess, createToken(z));
            }
        }
        return str;
    }

    private boolean isValidServerSideToken(String str, boolean z) {
        if (str == null || !isOurServerId(str)) {
            return false;
        }
        return generatedByAuthenticatedUser(str) ? z : !z;
    }

    @Override // com.atlassian.jira.security.xsrf.XsrfTokenGenerator
    public String getToken(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (XsrfTokenGenerator.TOKEN_HTTP_SESSION_KEY.equalsIgnoreCase(cookie.getName())) {
                return cookie.getValue();
            }
        }
        return null;
    }

    private String getXsrfCookie(HttpServletRequest httpServletRequest, String str) {
        return StringUtils.isNotBlank(str) ? str : getToken(httpServletRequest);
    }

    private String setXsrfCookie(HttpServletRequest httpServletRequest, String str) {
        HttpServletResponse response = ExecutingHttpRequest.getResponse();
        if (response != null) {
            addNewCookie(httpServletRequest, str, response);
        }
        return str;
    }

    private void addNewCookie(HttpServletRequest httpServletRequest, String str, HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(XsrfTokenGenerator.TOKEN_HTTP_SESSION_KEY, str);
        cookie.setPath(getRequestContext(httpServletRequest));
        cookie.setMaxAge(-1);
        httpServletResponse.addCookie(cookie);
        httpServletRequest.setAttribute(SET_COOKIE_PENDING, str);
    }

    private String getRequestContext(HttpServletRequest httpServletRequest) {
        String contextPath = httpServletRequest.getContextPath();
        return StringUtils.isBlank(contextPath) ? DefaultWhitelistManager.REGEX_PREFIX : contextPath;
    }

    private String getPendingToken(HttpServletRequest httpServletRequest) {
        return (String) httpServletRequest.getAttribute(SET_COOKIE_PENDING);
    }

    private boolean isOurServerId(String str) {
        return StringUtils.defaultString(this.jiraServerIdProvider.getServerId()).equals(new StringTokenizer(str, "|").nextToken());
    }

    private String createToken(boolean z) {
        return this.jiraServerIdProvider.getServerId() + "|" + DefaultSecureTokenGenerator.getInstance().generateToken() + "|" + (z ? LOGGED_IN : LOGGED_OUT);
    }

    private HttpServletRequest safeAccess(HttpServletRequest httpServletRequest) {
        return httpServletRequest != null ? httpServletRequest : ExecutingHttpRequest.get();
    }
}
