package org.onetwo.ext.security.redis;

import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.servlet.AsyncContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.onetwo.common.web.utils.RequestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.PropertyAccessorFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.BoundValueOperations;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.context.HttpRequestResponseHolder;
import org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.util.ClassUtils;
import org.springframework.web.util.WebUtils;

/* loaded from: input_file:org/onetwo/ext/security/redis/RedisSecurityContextRepository.class */
public class RedisSecurityContextRepository implements SecurityContextRepository {
    public static final String BEAN_NAME = "redisSecurityContextRepository";
    public static final String SID_REQUEST_KEY = "__sid__";
    public static final String SPRING_SECURITY_KEY = "spring:security:session:";

    @Autowired
    private RedisTemplate<String, SecurityContext> redisTemplate;
    private String cookiePath;
    private String cookieDomain;
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private final Object contextObject = SecurityContextHolder.createEmptyContext();
    private boolean allowSessionCreation = true;
    private boolean disableUrlRewriting = false;
    private boolean isServlet3 = ClassUtils.hasMethod(ServletRequest.class, "startAsync", new Class[0]);
    private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
    private String cookieName = "sid";

    /* loaded from: input_file:org/onetwo/ext/security/redis/RedisSecurityContextRepository$SaveToSessionResponseWrapper.class */
    public class SaveToSessionResponseWrapper extends SaveContextOnUpdateOrErrorResponseWrapper {
        private final HttpServletRequest request;
        private final HttpServletResponse response;
        private final boolean httpSessionExistedAtStartOfRequest;
        private final SecurityContext contextBeforeExecution;
        private final Authentication authBeforeExecution;
        private final String sid;

        SaveToSessionResponseWrapper(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, boolean z, SecurityContext securityContext, String str) {
            super(httpServletResponse, RedisSecurityContextRepository.this.disableUrlRewriting);
            this.request = httpServletRequest;
            this.response = httpServletResponse;
            this.httpSessionExistedAtStartOfRequest = z;
            this.contextBeforeExecution = securityContext;
            this.authBeforeExecution = securityContext.getAuthentication();
            this.sid = str;
        }

        public String getSid() {
            return this.sid;
        }

        protected void saveContext(SecurityContext securityContext) {
            Authentication authentication = securityContext.getAuthentication();
            HttpSession session = this.request.getSession(false);
            if (authentication == null || RedisSecurityContextRepository.this.trustResolver.isAnonymous(authentication)) {
                if (RedisSecurityContextRepository.this.logger.isDebugEnabled()) {
                }
                if (session == null || this.authBeforeExecution == null) {
                    return;
                }
                RedisSecurityContextRepository.this.removeSecurityContext(this.request, this.response);
                return;
            }
            if (session == null) {
                session = createNewSessionIfAllowed(securityContext);
            }
            if (session != null) {
                if (!contextChanged(securityContext) && RedisSecurityContextRepository.this.isRedisContainsContext(this.request)) {
                    RedisSecurityContextRepository.this.setSecurityContextExpireTime(this.request);
                    return;
                }
                RedisSecurityContextRepository.this.saveSecurityContext(this.request, this, securityContext);
                if (RedisSecurityContextRepository.this.logger.isDebugEnabled()) {
                    RedisSecurityContextRepository.this.logger.debug("SecurityContext '" + securityContext + "' stored to HttpSession: '" + session);
                }
            }
        }

        private boolean contextChanged(SecurityContext securityContext) {
            return (securityContext == this.contextBeforeExecution && securityContext.getAuthentication() == this.authBeforeExecution) ? false : true;
        }

        private HttpSession createNewSessionIfAllowed(SecurityContext securityContext) {
            if (this.httpSessionExistedAtStartOfRequest || !RedisSecurityContextRepository.this.allowSessionCreation) {
                return null;
            }
            if (!RedisSecurityContextRepository.this.contextObject.equals(securityContext)) {
                try {
                    return this.request.getSession(true);
                } catch (IllegalStateException e) {
                    RedisSecurityContextRepository.this.logger.warn("Failed to create a session, as response has been committed. Unable to store SecurityContext.");
                    return null;
                }
            }
            if (!RedisSecurityContextRepository.this.logger.isDebugEnabled()) {
                return null;
            }
            RedisSecurityContextRepository.this.logger.debug("HttpSession is null, but SecurityContext has not changed from default empty context: ' " + securityContext + "'; not creating HttpSession or storing SecurityContext");
            return null;
        }
    }

    /* loaded from: input_file:org/onetwo/ext/security/redis/RedisSecurityContextRepository$Servlet3SaveToSessionRequestWrapper.class */
    private static class Servlet3SaveToSessionRequestWrapper extends HttpServletRequestWrapper {
        private final SaveContextOnUpdateOrErrorResponseWrapper response;

        public Servlet3SaveToSessionRequestWrapper(HttpServletRequest httpServletRequest, SaveContextOnUpdateOrErrorResponseWrapper saveContextOnUpdateOrErrorResponseWrapper) {
            super(httpServletRequest);
            this.response = saveContextOnUpdateOrErrorResponseWrapper;
        }

        public AsyncContext startAsync() {
            this.response.disableSaveOnResponseCommitted();
            return super.startAsync();
        }

        public AsyncContext startAsync(ServletRequest servletRequest, ServletResponse servletResponse) throws IllegalStateException {
            this.response.disableSaveOnResponseCommitted();
            return super.startAsync(servletRequest, servletResponse);
        }
    }

    static String getSecuritySessionKey(String str) {
        return SPRING_SECURITY_KEY + str;
    }

    public void setCookieName(String str) {
        this.cookieName = str;
    }

    public void setCookiePath(String str) {
        this.cookiePath = str;
    }

    public void setCookieDomain(String str) {
        this.cookieDomain = str;
    }

    protected String getSessionId(HttpServletRequest httpServletRequest) {
        return getSessionId(httpServletRequest, false);
    }

    protected String getSessionId(HttpServletRequest httpServletRequest, boolean z) {
        String cookieValue = RequestUtils.getCookieValue(httpServletRequest, this.cookieName);
        if (StringUtils.isBlank(cookieValue) && z) {
            cookieValue = UUID.randomUUID().toString();
            httpServletRequest.setAttribute(SID_REQUEST_KEY, cookieValue);
        }
        return cookieValue;
    }

    private void saveSessionCookies(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        Cookie cookie = new Cookie(this.cookieName, str);
        configCookie(httpServletRequest, cookie);
        httpServletResponse.addCookie(cookie);
    }

    protected void clearSessionCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(this.cookieName, (String) null);
        configCookie(httpServletRequest, cookie);
        cookie.setMaxAge(0);
        httpServletResponse.addCookie(cookie);
    }

    private BoundValueOperations<String, SecurityContext> getSessionBoundOps(String str) {
        return this.redisTemplate.boundValueOps(getSecuritySessionKey(str));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void saveSecurityContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityContext securityContext) {
        String sessionId = getSessionId(httpServletRequest);
        if (StringUtils.isBlank(sessionId)) {
            sessionId = ((SaveToSessionResponseWrapper) WebUtils.getNativeResponse(httpServletResponse, SaveToSessionResponseWrapper.class)).getSid();
            saveSessionCookies(httpServletRequest, httpServletResponse, sessionId);
        }
        getSessionBoundOps(sessionId).set(securityContext);
        setSecurityContextExpireTime(httpServletRequest);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setSecurityContextExpireTime(HttpServletRequest httpServletRequest) {
        String sessionId = getSessionId(httpServletRequest);
        if (StringUtils.isBlank(sessionId)) {
            return;
        }
        getSessionBoundOps(sessionId).expire(httpServletRequest.getSession().getMaxInactiveInterval(), TimeUnit.SECONDS);
    }

    public void removeSecurityContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String sessionId = getSessionId(httpServletRequest);
        if (StringUtils.isBlank(sessionId)) {
            return;
        }
        clearSessionCookie(httpServletRequest, httpServletResponse);
        this.redisTemplate.delete(getSecuritySessionKey(sessionId));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isRedisContainsContext(HttpServletRequest httpServletRequest) {
        return this.redisTemplate.hasKey(getSecuritySessionKey(getSessionId(httpServletRequest))).booleanValue();
    }

    private SecurityContext readSecurityContextFromSession(HttpServletRequest httpServletRequest) {
        String sessionId = getSessionId(httpServletRequest);
        if (StringUtils.isBlank(sessionId)) {
            return null;
        }
        return (SecurityContext) getSessionBoundOps(sessionId).get();
    }

    public SecurityContext loadContext(HttpRequestResponseHolder httpRequestResponseHolder) {
        HttpServletRequest request = httpRequestResponseHolder.getRequest();
        HttpServletResponse response = httpRequestResponseHolder.getResponse();
        HttpSession session = request.getSession(false);
        String sessionId = getSessionId(request, true);
        SecurityContext readSecurityContextFromSession = readSecurityContextFromSession(request);
        if (readSecurityContextFromSession == null) {
            readSecurityContextFromSession = SecurityContextHolder.createEmptyContext();
        }
        SaveToSessionResponseWrapper saveToSessionResponseWrapper = new SaveToSessionResponseWrapper(response, request, session != null, readSecurityContextFromSession, sessionId);
        httpRequestResponseHolder.setResponse(saveToSessionResponseWrapper);
        if (this.isServlet3) {
            httpRequestResponseHolder.setRequest(new Servlet3SaveToSessionRequestWrapper(request, saveToSessionResponseWrapper));
        }
        return readSecurityContextFromSession;
    }

    public void saveContext(SecurityContext securityContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        SaveToSessionResponseWrapper saveToSessionResponseWrapper = (SaveToSessionResponseWrapper) WebUtils.getNativeResponse(httpServletResponse, SaveToSessionResponseWrapper.class);
        if (saveToSessionResponseWrapper == null) {
            throw new IllegalStateException("Cannot invoke saveContext on response " + httpServletResponse + ". You must use the HttpRequestResponseHolder.response after invoking loadContext");
        }
        if (saveToSessionResponseWrapper.isContextSaved()) {
            return;
        }
        saveToSessionResponseWrapper.saveContext(securityContext);
    }

    public boolean containsContext(HttpServletRequest httpServletRequest) {
        return isRedisContainsContext(httpServletRequest);
    }

    private void configCookie(HttpServletRequest httpServletRequest, Cookie cookie) {
        if (this.isServlet3) {
            PropertyAccessorFactory.forBeanPropertyAccess(cookie).setPropertyValue("httpOnly", true);
        }
        cookie.setSecure(httpServletRequest.isSecure());
        cookie.setPath(cookiePath(httpServletRequest));
        String cookieDomain = cookieDomain(httpServletRequest);
        if (StringUtils.isNotBlank(cookieDomain)) {
            cookie.setDomain(cookieDomain);
        }
    }

    private String cookiePath(HttpServletRequest httpServletRequest) {
        return StringUtils.isNotBlank(this.cookiePath) ? this.cookiePath : httpServletRequest.getContextPath() + "/";
    }

    private String cookieDomain(HttpServletRequest httpServletRequest) {
        if (StringUtils.isNotBlank(this.cookieDomain)) {
            return this.cookieDomain;
        }
        return null;
    }
}
