package com.atlassian.jira.security.xsrf;

import com.atlassian.jira.bc.license.JiraServerIdProvider;
import com.atlassian.jira.config.properties.JiraSystemProperties;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.security.random.DefaultSecureTokenGenerator;
import com.atlassian.security.utils.ConstantTimeComparison;
import java.util.Arrays;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/atlassian/jira/security/xsrf/XsrfTokenStrategy.class */
abstract class XsrfTokenStrategy {
    static final String LOGGED_IN = "lin";
    static final String LOGGED_OUT = "lout";
    static final String DELIM = JiraSystemProperties.getInstance().getProperty("jira.xsrf.cookie.delim", "_");
    private final JiraAuthenticationContext authContext;
    private final JiraServerIdProvider jiraServerIdProvider;

    /* loaded from: input_file:com/atlassian/jira/security/xsrf/XsrfTokenStrategy$CookieBasedStrategy.class */
    private static final class CookieBasedStrategy extends XsrfTokenStrategy {
        CookieBasedStrategy(JiraAuthenticationContext jiraAuthenticationContext, JiraServerIdProvider jiraServerIdProvider) {
            super(jiraAuthenticationContext, jiraServerIdProvider);
        }

        @Override // com.atlassian.jira.security.xsrf.XsrfTokenStrategy
        final Type getType() {
            return Type.COOKIE;
        }

        @Override // com.atlassian.jira.security.xsrf.XsrfTokenStrategy
        public String getToken(HttpServletRequest httpServletRequest, boolean z) {
            String str = XsrfTokenStore.cookie(httpServletRequest).get();
            return (!z || isValidServerSideToken(str)) ? str : createAndStore(XsrfTokenStore.cookie(httpServletRequest), XsrfTokenStore.request(httpServletRequest));
        }

        @Override // com.atlassian.jira.security.xsrf.XsrfTokenStrategy
        public boolean isValidToken(HttpServletRequest httpServletRequest, String str) {
            return tokensEqual(XsrfTokenStrategy.getCurrentCookieStoredToken(httpServletRequest), str);
        }
    }

    /* loaded from: input_file:com/atlassian/jira/security/xsrf/XsrfTokenStrategy$SessionBasedStrategy.class */
    private static final class SessionBasedStrategy extends XsrfTokenStrategy {
        SessionBasedStrategy(JiraAuthenticationContext jiraAuthenticationContext, JiraServerIdProvider jiraServerIdProvider) {
            super(jiraAuthenticationContext, jiraServerIdProvider);
        }

        @Override // com.atlassian.jira.security.xsrf.XsrfTokenStrategy
        final Type getType() {
            return Type.SESSION;
        }

        @Override // com.atlassian.jira.security.xsrf.XsrfTokenStrategy
        public String getToken(HttpServletRequest httpServletRequest, boolean z) {
            String str = XsrfTokenStore.cookie(httpServletRequest).get();
            return (!z || (tokensEqual(str, XsrfTokenStore.session(httpServletRequest).get()) && isValidServerSideToken(str))) ? str : createAndStore(XsrfTokenStore.cookie(httpServletRequest), XsrfTokenStore.request(httpServletRequest), XsrfTokenStore.session(httpServletRequest));
        }

        @Override // com.atlassian.jira.security.xsrf.XsrfTokenStrategy
        public boolean isValidToken(HttpServletRequest httpServletRequest, String str) {
            String str2 = XsrfTokenStore.session(httpServletRequest).get();
            if (str == null || str2 == null) {
                return false;
            }
            String currentCookieStoredToken = XsrfTokenStrategy.getCurrentCookieStoredToken(httpServletRequest);
            return ConstantTimeComparison.isEqual(str, currentCookieStoredToken) && ConstantTimeComparison.isEqual(currentCookieStoredToken, str2);
        }
    }

    /* loaded from: input_file:com/atlassian/jira/security/xsrf/XsrfTokenStrategy$Type.class */
    enum Type {
        COOKIE,
        SESSION
    }

    private XsrfTokenStrategy(JiraAuthenticationContext jiraAuthenticationContext, JiraServerIdProvider jiraServerIdProvider) {
        this.authContext = jiraAuthenticationContext;
        this.jiraServerIdProvider = jiraServerIdProvider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract String getToken(HttpServletRequest httpServletRequest, boolean z);

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract boolean isValidToken(HttpServletRequest httpServletRequest, String str);

    abstract Type getType();

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getPendingToken(HttpServletRequest httpServletRequest) {
        return XsrfTokenStore.request(httpServletRequest).get();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isGeneratedByAuthenticatedUser(String str) {
        return StringUtils.isNotBlank(str) && str.endsWith(new StringBuilder().append(DELIM).append(LOGGED_IN).toString());
    }

    static boolean tokensEqual(String str, String str2) {
        return (str == null || str2 == null || !ConstantTimeComparison.isEqual(str, str2)) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static XsrfTokenStrategy newInstance(Type type, JiraAuthenticationContext jiraAuthenticationContext, JiraServerIdProvider jiraServerIdProvider) {
        switch (type) {
            case COOKIE:
                return new CookieBasedStrategy(jiraAuthenticationContext, jiraServerIdProvider);
            case SESSION:
                return new SessionBasedStrategy(jiraAuthenticationContext, jiraServerIdProvider);
            default:
                throw new IllegalArgumentException("unknown xsrf token strategy type");
        }
    }

    private String createToken() {
        return this.jiraServerIdProvider.getServerId() + DELIM + DefaultSecureTokenGenerator.getInstance().generateToken() + DELIM + (this.authContext.getUser() != null ? LOGGED_IN : LOGGED_OUT);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String createAndStore(XsrfTokenStore... xsrfTokenStoreArr) {
        String createToken = createToken();
        Arrays.stream(xsrfTokenStoreArr).forEach(xsrfTokenStore -> {
            xsrfTokenStore.set(createToken);
        });
        return createToken;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isValidServerSideToken(String str) {
        boolean z = this.authContext.getUser() != null;
        if (str == null || !isOurServerId(str)) {
            return false;
        }
        return isGeneratedByAuthenticatedUser(str) ? z : !z;
    }

    private boolean isOurServerId(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, DELIM);
        return stringTokenizer.hasMoreElements() && StringUtils.defaultString(this.jiraServerIdProvider.getServerId()).equals(stringTokenizer.nextToken());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getCurrentCookieStoredToken(HttpServletRequest httpServletRequest) {
        String pendingToken = getPendingToken(httpServletRequest);
        return StringUtils.isNotBlank(pendingToken) ? pendingToken : XsrfTokenStore.cookie(httpServletRequest).get();
    }
}
