package org.apache.shiro.web.session.mgt;

import java.io.Serializable;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.metrics2.sink.ganglia.AbstractGangliaSink;
import org.apache.shiro.session.ExpiredSessionException;
import org.apache.shiro.session.InvalidSessionException;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.DefaultSessionManager;
import org.apache.shiro.session.mgt.DelegatingSession;
import org.apache.shiro.session.mgt.SessionContext;
import org.apache.shiro.session.mgt.SessionKey;
import org.apache.shiro.web.servlet.Cookie;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/shiro/web/session/mgt/DefaultWebSessionManager.class */
public class DefaultWebSessionManager extends DefaultSessionManager implements WebSessionManager {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultWebSessionManager.class);
    private Cookie sessionIdCookie;
    private boolean sessionIdCookieEnabled;

    public DefaultWebSessionManager() {
        SimpleCookie simpleCookie = new SimpleCookie("JSESSIONID");
        simpleCookie.setHttpOnly(true);
        this.sessionIdCookie = simpleCookie;
        this.sessionIdCookieEnabled = true;
    }

    public Cookie getSessionIdCookie() {
        return this.sessionIdCookie;
    }

    public void setSessionIdCookie(Cookie cookie) {
        this.sessionIdCookie = cookie;
    }

    public boolean isSessionIdCookieEnabled() {
        return this.sessionIdCookieEnabled;
    }

    public void setSessionIdCookieEnabled(boolean z) {
        this.sessionIdCookieEnabled = z;
    }

    private void storeSessionId(Serializable serializable, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (serializable == null) {
            throw new IllegalArgumentException("sessionId cannot be null when persisting for subsequent requests.");
        }
        SimpleCookie simpleCookie = new SimpleCookie(getSessionIdCookie());
        String obj = serializable.toString();
        simpleCookie.setValue(obj);
        simpleCookie.saveTo(httpServletRequest, httpServletResponse);
        log.trace("Set session ID cookie for session with id {}", obj);
    }

    private void removeSessionIdCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        getSessionIdCookie().removeFrom(httpServletRequest, httpServletResponse);
    }

    private String getSessionIdCookieValue(ServletRequest servletRequest, ServletResponse servletResponse) {
        if (!isSessionIdCookieEnabled()) {
            log.debug("Session ID cookie is disabled - session id will not be acquired from a request cookie.");
            return null;
        }
        if (servletRequest instanceof HttpServletRequest) {
            return getSessionIdCookie().readValue((HttpServletRequest) servletRequest, WebUtils.toHttp(servletResponse));
        }
        log.debug("Current request is not an HttpServletRequest - cannot get session ID cookie.  Returning null.");
        return null;
    }

    private Serializable getReferencedSessionId(ServletRequest servletRequest, ServletResponse servletResponse) {
        String sessionIdCookieValue = getSessionIdCookieValue(servletRequest, servletResponse);
        if (sessionIdCookieValue != null) {
            servletRequest.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE);
        } else {
            sessionIdCookieValue = getUriPathSegmentParamValue(servletRequest, "JSESSIONID");
            if (sessionIdCookieValue == null) {
                String sessionIdName = getSessionIdName();
                sessionIdCookieValue = servletRequest.getParameter(sessionIdName);
                if (sessionIdCookieValue == null) {
                    sessionIdCookieValue = servletRequest.getParameter(sessionIdName.toLowerCase());
                }
            }
            if (sessionIdCookieValue != null) {
                servletRequest.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, "url");
            }
        }
        if (sessionIdCookieValue != null) {
            servletRequest.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, sessionIdCookieValue);
            servletRequest.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
        }
        return sessionIdCookieValue;
    }

    private String getUriPathSegmentParamValue(ServletRequest servletRequest, String str) {
        String str2;
        String substring;
        int lastIndexOf;
        if (!(servletRequest instanceof HttpServletRequest)) {
            return null;
        }
        String requestURI = ((HttpServletRequest) servletRequest).getRequestURI();
        if (requestURI == null) {
            return null;
        }
        int indexOf = requestURI.indexOf(63);
        if (indexOf >= 0) {
            requestURI = requestURI.substring(0, indexOf);
        }
        int indexOf2 = requestURI.indexOf(59);
        if (indexOf2 < 0 || (lastIndexOf = (substring = requestURI.substring(indexOf2 + 1)).lastIndexOf((str2 = str + AbstractGangliaSink.EQUAL))) < 0) {
            return null;
        }
        String substring2 = substring.substring(lastIndexOf + str2.length());
        int indexOf3 = substring2.indexOf(59);
        if (indexOf3 >= 0) {
            substring2 = substring2.substring(0, indexOf3);
        }
        return substring2;
    }

    private String getSessionIdName() {
        String name = this.sessionIdCookie != null ? this.sessionIdCookie.getName() : null;
        if (name == null) {
            name = "JSESSIONID";
        }
        return name;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.session.mgt.AbstractNativeSessionManager
    public Session createExposedSession(Session session, SessionContext sessionContext) {
        if (!WebUtils.isWeb(sessionContext)) {
            return super.createExposedSession(session, sessionContext);
        }
        return new DelegatingSession(this, new WebSessionKey(session.getId(), WebUtils.getRequest(sessionContext), WebUtils.getResponse(sessionContext)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.session.mgt.AbstractNativeSessionManager
    public Session createExposedSession(Session session, SessionKey sessionKey) {
        if (!WebUtils.isWeb(sessionKey)) {
            return super.createExposedSession(session, sessionKey);
        }
        return new DelegatingSession(this, new WebSessionKey(session.getId(), WebUtils.getRequest(sessionKey), WebUtils.getResponse(sessionKey)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.session.mgt.AbstractNativeSessionManager
    public void onStart(Session session, SessionContext sessionContext) {
        super.onStart(session, sessionContext);
        if (!WebUtils.isHttp(sessionContext)) {
            log.debug("SessionContext argument is not HTTP compatible or does not have an HTTP request/response pair. No session ID cookie will be set.");
            return;
        }
        HttpServletRequest httpRequest = WebUtils.getHttpRequest(sessionContext);
        HttpServletResponse httpResponse = WebUtils.getHttpResponse(sessionContext);
        if (isSessionIdCookieEnabled()) {
            storeSessionId(session.getId(), httpRequest, httpResponse);
        } else {
            log.debug("Session ID cookie is disabled.  No cookie has been set for new session with id {}", session.getId());
        }
        httpRequest.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);
        httpRequest.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
    }

    @Override // org.apache.shiro.session.mgt.DefaultSessionManager
    public Serializable getSessionId(SessionKey sessionKey) {
        Serializable sessionId = super.getSessionId(sessionKey);
        if (sessionId == null && WebUtils.isWeb(sessionKey)) {
            sessionId = getSessionId(WebUtils.getRequest(sessionKey), WebUtils.getResponse(sessionKey));
        }
        return sessionId;
    }

    protected Serializable getSessionId(ServletRequest servletRequest, ServletResponse servletResponse) {
        return getReferencedSessionId(servletRequest, servletResponse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.session.mgt.AbstractValidatingSessionManager
    public void onExpiration(Session session, ExpiredSessionException expiredSessionException, SessionKey sessionKey) {
        super.onExpiration(session, expiredSessionException, sessionKey);
        onInvalidation(sessionKey);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.session.mgt.AbstractValidatingSessionManager
    public void onInvalidation(Session session, InvalidSessionException invalidSessionException, SessionKey sessionKey) {
        super.onInvalidation(session, invalidSessionException, sessionKey);
        onInvalidation(sessionKey);
    }

    private void onInvalidation(SessionKey sessionKey) {
        ServletRequest request = WebUtils.getRequest(sessionKey);
        if (request != null) {
            request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID);
        }
        if (!WebUtils.isHttp(sessionKey)) {
            log.debug("SessionKey argument is not HTTP compatible or does not have an HTTP request/response pair. Session ID cookie will not be removed due to invalidated session.");
        } else {
            log.debug("Referenced session was invalid.  Removing session ID cookie.");
            removeSessionIdCookie(WebUtils.getHttpRequest(sessionKey), WebUtils.getHttpResponse(sessionKey));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.session.mgt.AbstractNativeSessionManager
    public void onStop(Session session, SessionKey sessionKey) {
        super.onStop(session, sessionKey);
        if (!WebUtils.isHttp(sessionKey)) {
            log.debug("SessionKey argument is not HTTP compatible or does not have an HTTP request/response pair. Session ID cookie will not be removed due to stopped session.");
            return;
        }
        HttpServletRequest httpRequest = WebUtils.getHttpRequest(sessionKey);
        HttpServletResponse httpResponse = WebUtils.getHttpResponse(sessionKey);
        log.debug("Session has been stopped (subject logout or explicit stop).  Removing session ID cookie.");
        removeSessionIdCookie(httpRequest, httpResponse);
    }

    @Override // org.apache.shiro.web.session.mgt.WebSessionManager
    public boolean isServletContainerSessions() {
        return false;
    }
}
