package com.atlassian.jira.security.xsrf;

import com.atlassian.jira.JiraFeatureFlagRegistrar;
import com.atlassian.jira.bc.license.JiraServerIdProvider;
import com.atlassian.jira.config.FeatureManager;
import com.atlassian.jira.plugin.webfragment.conditions.IsBrowserCondition;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.security.xsrf.XsrfTokenStrategy;
import com.atlassian.jira.util.UserAgentUtil;
import com.atlassian.jira.util.UserAgentUtilImpl;
import com.atlassian.jira.web.ExecutingHttpRequest;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/atlassian/jira/security/xsrf/SimpleXsrfTokenGenerator.class */
public class SimpleXsrfTokenGenerator implements XsrfTokenGenerator {
    private final FeatureManager featureManager;
    private final UserAgentUtil userAgentUtil = new UserAgentUtilImpl();
    private final XsrfTokenStrategy cookieStrategy;
    private final XsrfTokenStrategy sessionStrategy;
    private WebworkRequestPredicate webworkReqPredicate;

    public SimpleXsrfTokenGenerator(JiraAuthenticationContext jiraAuthenticationContext, JiraServerIdProvider jiraServerIdProvider, FeatureManager featureManager) {
        this.featureManager = featureManager;
        this.cookieStrategy = XsrfTokenStrategy.newInstance(XsrfTokenStrategy.Type.COOKIE, jiraAuthenticationContext, jiraServerIdProvider);
        this.sessionStrategy = XsrfTokenStrategy.newInstance(XsrfTokenStrategy.Type.SESSION, jiraAuthenticationContext, jiraServerIdProvider);
    }

    public String generateToken(HttpServletRequest httpServletRequest) {
        return generateTokenImpl(httpServletRequest, true);
    }

    public String generateToken(HttpServletRequest httpServletRequest, boolean z) {
        return generateTokenImpl(httpServletRequest, z);
    }

    public String generateToken() {
        return generateTokenImpl(null, true);
    }

    public String generateToken(boolean z) {
        return generateTokenImpl(null, z);
    }

    public String getXsrfTokenName() {
        return "atlassian.xsrf.token";
    }

    public boolean validateToken(HttpServletRequest httpServletRequest, String str) {
        return resolveTokenStrategy(httpServletRequest).isValidToken(httpServletRequest, str);
    }

    public boolean generatedByAuthenticatedUser(String str) {
        return XsrfTokenStrategy.isGeneratedByAuthenticatedUser(str);
    }

    public String getToken(HttpServletRequest httpServletRequest) {
        return XsrfTokenStore.cookie(httpServletRequest).get();
    }

    UserAgentUtil getUserAgentUtil() {
        return this.userAgentUtil;
    }

    private String generateTokenImpl(HttpServletRequest httpServletRequest, boolean z) {
        HttpServletRequest safeAccess = safeAccess(httpServletRequest);
        if (null == safeAccess) {
            return null;
        }
        String pendingToken = XsrfTokenStrategy.getPendingToken(safeAccess);
        return StringUtils.isNotBlank(pendingToken) ? pendingToken : resolveTokenStrategy(safeAccess).getToken(safeAccess, z);
    }

    private XsrfTokenStrategy resolveTokenStrategy(HttpServletRequest httpServletRequest) {
        return canUseSessionTokenStrategy(httpServletRequest) ? this.sessionStrategy : this.cookieStrategy;
    }

    private boolean canUseSessionTokenStrategy(HttpServletRequest httpServletRequest) {
        return isSessionTokenStrategyEnabled() && (hasSession(httpServletRequest) || (isKnownUserAgent(httpServletRequest) && isWebWorkCall(httpServletRequest)));
    }

    private boolean isSessionTokenStrategyEnabled() {
        return this.featureManager.isEnabled(JiraFeatureFlagRegistrar.SECURITY_XSRF_SESSION_TOKEN);
    }

    private boolean isWebWorkCall(HttpServletRequest httpServletRequest) {
        if (this.webworkReqPredicate == null) {
            this.webworkReqPredicate = WebworkRequestPredicate.create(httpServletRequest.getServletContext());
        }
        return this.webworkReqPredicate.test(httpServletRequest);
    }

    private boolean isKnownUserAgent(HttpServletRequest httpServletRequest) {
        return !UserAgentUtil.BrowserFamily.UKNOWN.equals(getUserAgentUtil().getUserAgentInfo(httpServletRequest.getHeader(IsBrowserCondition.USER_AGENT_HEADER)).getBrowser().getBrowserFamily());
    }

    private boolean hasSession(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getSession(false) != null;
    }

    private HttpServletRequest safeAccess(HttpServletRequest httpServletRequest) {
        return httpServletRequest != null ? httpServletRequest : ExecutingHttpRequest.get();
    }
}
