package org.carewebframework.security.spring;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.carewebframework.ui.LifecycleEventDispatcher;
import org.carewebframework.ui.LifecycleEventListener;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.context.HttpRequestResponseHolder;
import org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper;
import org.springframework.security.web.context.SecurityContextRepository;
import org.zkoss.zk.ui.Desktop;

/* loaded from: input_file:WEB-INF/lib/org.carewebframework.security.spring.core-4.0.1.jar:org/carewebframework/security/spring/DesktopSecurityContextRepository.class */
public class DesktopSecurityContextRepository implements SecurityContextRepository, LifecycleEventListener.ILifecycleCallback<Desktop> {
    private static final String CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
    private boolean disableUrlRewriting;
    protected final Log log = LogFactory.getLog(getClass());
    private final Object contextObject = SecurityContextHolder.createEmptyContext();
    private boolean allowSessionCreation = true;
    private final AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();

    /* loaded from: input_file:WEB-INF/lib/org.carewebframework.security.spring.core-4.0.1.jar:org/carewebframework/security/spring/DesktopSecurityContextRepository$SaveToSessionResponseWrapper.class */
    final class SaveToSessionResponseWrapper extends SaveContextOnUpdateOrErrorResponseWrapper {
        private final HttpServletRequest request;
        private final boolean httpSessionExistedAtStartOfRequest;
        private final SecurityContext contextBeforeExecution;
        private final Authentication authBeforeExecution;

        SaveToSessionResponseWrapper(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, boolean z, SecurityContext securityContext) {
            super(httpServletResponse, DesktopSecurityContextRepository.this.disableUrlRewriting);
            this.request = httpServletRequest;
            this.httpSessionExistedAtStartOfRequest = z;
            this.contextBeforeExecution = securityContext;
            this.authBeforeExecution = securityContext.getAuthentication();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
        public void saveContext(SecurityContext securityContext) {
            Authentication authentication = securityContext.getAuthentication();
            HttpSession session = this.request.getSession(false);
            if (authentication == null || DesktopSecurityContextRepository.this.authenticationTrustResolver.isAnonymous(authentication)) {
                if (DesktopSecurityContextRepository.this.log.isDebugEnabled()) {
                    DesktopSecurityContextRepository.this.log.debug("SecurityContext contents are anonymous - context will not be stored in HttpSession. ");
                }
                if (session == null || DesktopSecurityContextRepository.this.contextObject.equals(this.contextBeforeExecution)) {
                    return;
                }
                session.removeAttribute(DesktopSecurityContextRepository.getDesktopContextKey(this.request));
                return;
            }
            if (session == null) {
                session = createNewSessionIfAllowed(securityContext);
            }
            if (session == null || !contextChanged(securityContext)) {
                return;
            }
            session.setAttribute(DesktopSecurityContextRepository.getDesktopContextKey(this.request), securityContext);
            if (DesktopSecurityContextRepository.this.log.isDebugEnabled()) {
                DesktopSecurityContextRepository.this.log.debug("SecurityContext stored to HttpSession: '" + securityContext + "'");
            }
        }

        private boolean contextChanged(SecurityContext securityContext) {
            return (securityContext == this.contextBeforeExecution && securityContext.getAuthentication() == this.authBeforeExecution) ? false : true;
        }

        private HttpSession createNewSessionIfAllowed(SecurityContext securityContext) {
            if (this.httpSessionExistedAtStartOfRequest) {
                if (!DesktopSecurityContextRepository.this.log.isDebugEnabled()) {
                    return null;
                }
                DesktopSecurityContextRepository.this.log.debug("HttpSession is now null, but was not null at start of request; session was invalidated, so do not create a new session");
                return null;
            }
            if (!DesktopSecurityContextRepository.this.allowSessionCreation) {
                if (!DesktopSecurityContextRepository.this.log.isDebugEnabled()) {
                    return null;
                }
                DesktopSecurityContextRepository.this.log.debug("The HttpSession is currently null, and the HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession (because the allowSessionCreation property is false) - SecurityContext thus not stored for next request");
                return null;
            }
            if (DesktopSecurityContextRepository.this.contextObject.equals(securityContext)) {
                if (!DesktopSecurityContextRepository.this.log.isDebugEnabled()) {
                    return null;
                }
                DesktopSecurityContextRepository.this.log.debug("HttpSession is null, but SecurityContext has not changed from default empty context: ' " + securityContext + "'; not creating HttpSession or storing SecurityContext");
                return null;
            }
            if (DesktopSecurityContextRepository.this.log.isDebugEnabled()) {
                DesktopSecurityContextRepository.this.log.debug("HttpSession being created as SecurityContext is non-default");
            }
            try {
                return this.request.getSession(true);
            } catch (IllegalStateException e) {
                DesktopSecurityContextRepository.this.log.warn("Failed to create a session, as response has been committed. Unable to store SecurityContext.");
                return null;
            }
        }
    }

    public static SecurityContext getSecurityContext(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        return ("rmDesktop".equals(httpServletRequest.getParameter("cmd_0")) || session == null) ? SecurityContextHolder.createEmptyContext() : getSecurityContext(session, httpServletRequest.getParameter("dtid"));
    }

    public static SecurityContext getSecurityContext(Desktop desktop) {
        return (SecurityContext) ((HttpSession) desktop.getSession().getNativeSession()).getAttribute(getDesktopContextKey(desktop.getId()));
    }

    private static SecurityContext getSecurityContext(HttpSession httpSession, String str) {
        String desktopContextKey = getDesktopContextKey(str);
        if (desktopContextKey == null) {
            return getSecurityContext(httpSession, false);
        }
        SecurityContext securityContext = (SecurityContext) httpSession.getAttribute(desktopContextKey);
        if (securityContext == null) {
            securityContext = getSecurityContext(httpSession, true);
            if (securityContext != null) {
                httpSession.setAttribute(desktopContextKey, securityContext);
            }
        }
        return securityContext;
    }

    private static SecurityContext getSecurityContext(HttpSession httpSession, boolean z) {
        SecurityContext securityContext = (SecurityContext) httpSession.getAttribute("SPRING_SECURITY_CONTEXT");
        if (securityContext != null && z) {
            httpSession.removeAttribute("SPRING_SECURITY_CONTEXT");
        }
        return securityContext;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getDesktopContextKey(HttpServletRequest httpServletRequest) {
        String desktopContextKey = getDesktopContextKey(httpServletRequest.getParameter("dtid"));
        return desktopContextKey == null ? "SPRING_SECURITY_CONTEXT" : desktopContextKey;
    }

    private static String getDesktopContextKey(String str) {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        return "SPRING_SECURITY_CONTEXT-" + str;
    }

    public DesktopSecurityContextRepository() {
        LifecycleEventDispatcher.addDesktopCallback(this);
    }

    @Override // org.springframework.security.web.context.SecurityContextRepository
    public SecurityContext loadContext(HttpRequestResponseHolder httpRequestResponseHolder) {
        HttpServletRequest request = httpRequestResponseHolder.getRequest();
        HttpServletResponse response = httpRequestResponseHolder.getResponse();
        HttpSession session = request.getSession(false);
        SecurityContext readSecurityContextFromRequest = readSecurityContextFromRequest(request);
        if (readSecurityContextFromRequest == null) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("No SecurityContext was available from the HttpSession: " + session + ". A new one will be created.");
            }
            readSecurityContextFromRequest = generateNewContext();
        }
        httpRequestResponseHolder.setResponse(new SaveToSessionResponseWrapper(response, request, session != null, readSecurityContextFromRequest));
        return readSecurityContextFromRequest;
    }

    @Override // org.springframework.security.web.context.SecurityContextRepository
    public void saveContext(SecurityContext securityContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        SaveToSessionResponseWrapper saveToSessionResponseWrapper = (SaveToSessionResponseWrapper) httpServletResponse;
        if (saveToSessionResponseWrapper.isContextSaved()) {
            return;
        }
        saveToSessionResponseWrapper.saveContext(securityContext);
    }

    @Override // org.springframework.security.web.context.SecurityContextRepository
    public boolean containsContext(HttpServletRequest httpServletRequest) {
        return getSecurityContext(httpServletRequest) != null;
    }

    private SecurityContext readSecurityContextFromRequest(HttpServletRequest httpServletRequest) {
        SecurityContext securityContext = getSecurityContext(httpServletRequest);
        if (securityContext != null) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: '" + securityContext + "'");
            }
            return securityContext;
        }
        if (!this.log.isDebugEnabled()) {
            return null;
        }
        this.log.debug("HttpSession returned null object for SPRING_SECURITY_CONTEXT");
        return null;
    }

    private SecurityContext generateNewContext() {
        return SecurityContextHolder.createEmptyContext();
    }

    public void setAllowSessionCreation(boolean z) {
        this.allowSessionCreation = z;
    }

    public void setDisableUrlRewriting(boolean z) {
        this.disableUrlRewriting = z;
    }

    @Override // org.carewebframework.ui.LifecycleEventListener.ILifecycleCallback
    public void onInit(Desktop desktop) {
        getSecurityContext((HttpSession) desktop.getSession().getNativeSession(), desktop.getId());
    }

    @Override // org.carewebframework.ui.LifecycleEventListener.ILifecycleCallback
    public void onCleanup(Desktop desktop) {
        ((HttpSession) desktop.getSession().getNativeSession()).removeAttribute(getDesktopContextKey(desktop.getId()));
    }

    @Override // org.carewebframework.ui.LifecycleEventListener.ILifecycleCallback
    public int getPriority() {
        return Integer.MIN_VALUE;
    }
}
