package com.atlassian.jira.security.xsrf;

import com.atlassian.jira.JiraFeatureFlagRegistrar;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.config.FeatureManager;
import com.atlassian.jira.plugin.webresource.CachingResourceDownloadRewriteRule;
import com.atlassian.jira.web.ExecutingHttpRequest;
import com.atlassian.jira.web.action.admin.translation.TranslationManagerImpl;
import com.opensymphony.util.TextUtils;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.ResponseCookie;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/atlassian/jira/security/xsrf/XsrfTokenStore.class */
public abstract class XsrfTokenStore {

    /* loaded from: input_file:com/atlassian/jira/security/xsrf/XsrfTokenStore$CookieStore.class */
    static final class CookieStore extends XsrfTokenStore {
        static final String KEY = "atlassian.xsrf.token";
        private final HttpServletRequest request;
        private final HttpServletResponse response;

        private CookieStore(HttpServletRequest httpServletRequest) {
            this.request = httpServletRequest;
            this.response = ExecutingHttpRequest.getResponse();
        }

        @Override // com.atlassian.jira.security.xsrf.XsrfTokenStore
        public void set(String str) {
            if (((Boolean) ComponentAccessor.getComponentSafely(FeatureManager.class).map(featureManager -> {
                return Boolean.valueOf(featureManager.isEnabled(JiraFeatureFlagRegistrar.USE_SAME_SITE_FOR_XSRF_TOKEN_COOKIE));
            }).orElse(false)).booleanValue()) {
                ResponseCookie.ResponseCookieBuilder maxAge = ResponseCookie.from(KEY, str).secure(this.request.isSecure()).path(getRequestContext(this.request)).maxAge(-1L);
                if (this.request.isSecure()) {
                    maxAge.sameSite(TranslationManagerImpl.NONE);
                }
                this.response.addHeader("Set-Cookie", maxAge.build().toString());
                return;
            }
            Cookie cookie = new Cookie(KEY, str);
            cookie.setPath(getRequestContext(this.request));
            cookie.setMaxAge(-1);
            cookie.setSecure(this.request.isSecure());
            this.response.addCookie(cookie);
        }

        @Override // com.atlassian.jira.security.xsrf.XsrfTokenStore
        public String get() {
            Cookie[] cookies = this.request.getCookies();
            if (cookies == null) {
                return null;
            }
            for (Cookie cookie : cookies) {
                if (KEY.equalsIgnoreCase(cookie.getName())) {
                    return TextUtils.htmlEncode(cookie.getValue());
                }
            }
            return null;
        }

        private String getRequestContext(HttpServletRequest httpServletRequest) {
            String contextPath = httpServletRequest.getContextPath();
            return StringUtils.isBlank(contextPath) ? CachingResourceDownloadRewriteRule.PATH_SEPARATOR : contextPath;
        }
    }

    /* loaded from: input_file:com/atlassian/jira/security/xsrf/XsrfTokenStore$RequestStore.class */
    static final class RequestStore extends XsrfTokenStore {
        static final String KEY = "jira.xsrf.set.cookie.pending";
        private final HttpServletRequest request;

        private RequestStore(HttpServletRequest httpServletRequest) {
            this.request = httpServletRequest;
        }

        @Override // com.atlassian.jira.security.xsrf.XsrfTokenStore
        public void set(String str) {
            this.request.setAttribute(KEY, str);
        }

        @Override // com.atlassian.jira.security.xsrf.XsrfTokenStore
        public String get() {
            return (String) this.request.getAttribute(KEY);
        }
    }

    /* loaded from: input_file:com/atlassian/jira/security/xsrf/XsrfTokenStore$SessionStore.class */
    static final class SessionStore extends XsrfTokenStore {
        static final String KEY = "atlassian.xsrf.token";
        private final HttpServletRequest request;

        private SessionStore(HttpServletRequest httpServletRequest) {
            this.request = httpServletRequest;
        }

        @Override // com.atlassian.jira.security.xsrf.XsrfTokenStore
        public void set(String str) {
            this.request.getSession(true).setAttribute(KEY, str);
        }

        @Override // com.atlassian.jira.security.xsrf.XsrfTokenStore
        public String get() {
            HttpSession session = this.request.getSession(false);
            if (session == null) {
                return null;
            }
            return (String) session.getAttribute(KEY);
        }
    }

    XsrfTokenStore() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract void set(String str);

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract String get();

    /* JADX INFO: Access modifiers changed from: package-private */
    public static XsrfTokenStore session(HttpServletRequest httpServletRequest) {
        return new SessionStore(httpServletRequest);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static XsrfTokenStore cookie(HttpServletRequest httpServletRequest) {
        return new CookieStore(httpServletRequest);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static XsrfTokenStore request(HttpServletRequest httpServletRequest) {
        return new RequestStore(httpServletRequest);
    }
}
