package com.stormpath.sdk.servlet.filter.account;

import com.stormpath.sdk.authc.AuthenticationResult;
import com.stormpath.sdk.lang.Assert;
import com.stormpath.sdk.lang.Strings;
import com.stormpath.sdk.oauth.AccessTokenResult;
import com.stormpath.sdk.servlet.config.CookieConfig;
import com.stormpath.sdk.servlet.http.CookieSaver;
import com.stormpath.sdk.servlet.http.Resolver;
import com.stormpath.sdk.servlet.http.Saver;
import com.stormpath.sdk.servlet.util.AntPathMatcher;
import com.stormpath.sdk.servlet.util.SecureRequiredExceptForLocalhostResolver;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/stormpath/sdk/servlet/filter/account/CookieAuthenticationResultSaver.class */
public class CookieAuthenticationResultSaver extends AccountCookieHandler implements Saver<AuthenticationResult> {
    private static final Logger log = LoggerFactory.getLogger(CookieAuthenticationResultSaver.class);
    private AuthenticationJwtFactory authenticationJwtFactory;
    private Resolver<Boolean> secureCookieRequired;
    private boolean secureWarned;

    public CookieAuthenticationResultSaver(CookieConfig cookieConfig, Resolver<Boolean> resolver, AuthenticationJwtFactory authenticationJwtFactory) {
        super(cookieConfig);
        this.secureWarned = false;
        Assert.notNull(resolver, "secureCookieRequired Resolver cannot be null.");
        Assert.notNull(authenticationJwtFactory, "AuthenticationJwtFactory cannot be null.");
        this.secureCookieRequired = resolver;
        this.authenticationJwtFactory = authenticationJwtFactory;
    }

    public Resolver<Boolean> getSecureCookieRequired() {
        return this.secureCookieRequired;
    }

    public AuthenticationJwtFactory getAuthenticationJwtFactory() {
        return this.authenticationJwtFactory;
    }

    @Override // com.stormpath.sdk.servlet.http.Saver
    public void set(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationResult authenticationResult) {
        if (authenticationResult == null) {
            remove(httpServletRequest, httpServletResponse);
        } else {
            getCookieSaver(httpServletRequest).set(httpServletRequest, httpServletResponse, authenticationResult instanceof AccessTokenResult ? ((AccessTokenResult) authenticationResult).getTokenResponse().getAccessToken() : getAuthenticationJwtFactory().createAccountJwt(httpServletRequest, httpServletResponse, authenticationResult));
        }
    }

    protected void remove(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        getCookieSaver(httpServletRequest).set(httpServletRequest, httpServletResponse, null);
    }

    protected Saver<String> getCookieSaver(HttpServletRequest httpServletRequest) {
        return new CookieSaver(getAccountCookieConfig(httpServletRequest));
    }

    protected boolean isCookieSecure(HttpServletRequest httpServletRequest, CookieConfig cookieConfig) {
        boolean isSecure = cookieConfig.isSecure();
        Resolver<Boolean> secureCookieRequired = getSecureCookieRequired();
        boolean booleanValue = secureCookieRequired.get(httpServletRequest, null).booleanValue();
        boolean z = (isSecure && (booleanValue || (secureCookieRequired instanceof SecureRequiredExceptForLocalhostResolver))) ? false : true;
        if (!this.secureWarned && z) {
            this.secureWarned = true;
            log.warn("INSECURE IDENTITY COOKIE CONFIGURATION: Your current Stormpath SDK account cookie configuration allows insecure identity cookies (transmission over non-HTTPS connections)!  This should typically never occur otherwise your users will be susceptible to man-in-the-middle attacks.  For more information in Servlet-only environments, please see the Security Notice here: https://docs.stormpath.com/java/servlet-plugin/login.html#https-required and the documentation on authentication state here: https://docs.stormpath.com/java/servlet-plugin/login.html#authentication-state and here: https://docs.stormpath.com/java/servlet-plugin/login.html#cookie-config (the callout entitled 'Secure Cookies').  If you are using Spring Boot, Spring Boot-specific documentation for these concepts are here: https://docs.stormpath.com/java/spring-boot-web/login.html#security-notice https://docs.stormpath.com/java/spring-boot-web/login.html#authentication-state and https://docs.stormpath.com/java/spring-boot-web/login.html#cookie-storage");
        }
        return isSecure && booleanValue;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.stormpath.sdk.servlet.filter.account.AccountCookieHandler
    public CookieConfig getAccountCookieConfig(HttpServletRequest httpServletRequest) {
        final CookieConfig accountCookieConfig = super.getAccountCookieConfig(httpServletRequest);
        final boolean isCookieSecure = isCookieSecure(httpServletRequest, accountCookieConfig);
        String clean = Strings.clean(accountCookieConfig.getPath());
        if (!Strings.hasText(clean)) {
            clean = Strings.clean(httpServletRequest.getContextPath());
        }
        if (!Strings.hasText(clean)) {
            clean = AntPathMatcher.DEFAULT_PATH_SEPARATOR;
        }
        final String str = clean;
        return new CookieConfig() { // from class: com.stormpath.sdk.servlet.filter.account.CookieAuthenticationResultSaver.1
            @Override // com.stormpath.sdk.servlet.config.CookieConfig
            public String getName() {
                return accountCookieConfig.getName();
            }

            @Override // com.stormpath.sdk.servlet.config.CookieConfig
            public String getComment() {
                return accountCookieConfig.getComment();
            }

            @Override // com.stormpath.sdk.servlet.config.CookieConfig
            public String getDomain() {
                return accountCookieConfig.getDomain();
            }

            @Override // com.stormpath.sdk.servlet.config.CookieConfig
            public int getMaxAge() {
                return accountCookieConfig.getMaxAge();
            }

            @Override // com.stormpath.sdk.servlet.config.CookieConfig
            public String getPath() {
                return str;
            }

            @Override // com.stormpath.sdk.servlet.config.CookieConfig
            public boolean isSecure() {
                return isCookieSecure;
            }

            @Override // com.stormpath.sdk.servlet.config.CookieConfig
            public boolean isHttpOnly() {
                return accountCookieConfig.isHttpOnly();
            }
        };
    }
}
