package com.google.gerrit.httpd;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.common.PageLinks;
import com.google.gerrit.entities.Account;
import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.httpd.WebSessionManager;
import com.google.gerrit.httpd.restapi.ParameterParser;
import com.google.gerrit.server.AccessPath;
import com.google.gerrit.server.AnonymousUser;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.AccountCache;
import com.google.gerrit.server.account.AuthResult;
import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.gerrit.server.config.AuthConfig;
import com.google.inject.Provider;
import com.google.inject.servlet.RequestScoped;
import java.util.EnumSet;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jgit.http.server.GitSmartHttpTools;

@RequestScoped
/* loaded from: input_file:com/google/gerrit/httpd/CacheBasedWebSession.class */
public abstract class CacheBasedWebSession implements WebSession {

    @VisibleForTesting
    public static final String ACCOUNT_COOKIE = "GerritAccount";
    protected static final long MAX_AGE_MINUTES = TimeUnit.HOURS.toMinutes(12);
    private final HttpServletRequest request;
    private final HttpServletResponse response;
    private final WebSessionManager manager;
    private final AuthConfig authConfig;
    private final Provider<AnonymousUser> anonymousProvider;
    private final IdentifiedUser.RequestFactory identified;
    private final EnumSet<AccessPath> okPaths = EnumSet.of(AccessPath.UNKNOWN);
    private final AccountCache byIdCache;
    private Cookie outCookie;
    private WebSessionManager.Key key;
    private WebSessionManager.Val val;
    private CurrentUser user;

    /* JADX INFO: Access modifiers changed from: protected */
    public CacheBasedWebSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WebSessionManager webSessionManager, AuthConfig authConfig, Provider<AnonymousUser> provider, IdentifiedUser.RequestFactory requestFactory, AccountCache accountCache) {
        String str;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.manager = webSessionManager;
        this.authConfig = authConfig;
        this.anonymousProvider = provider;
        this.identified = requestFactory;
        this.byIdCache = accountCache;
        if (httpServletRequest.getRequestURI() == null || !GitSmartHttpTools.isGitClient(httpServletRequest)) {
            String readCookie = readCookie(httpServletRequest);
            if (readCookie != null) {
                authFromCookie(readCookie);
            } else {
                try {
                    str = ParameterParser.getQueryParams(httpServletRequest).accessToken();
                } catch (BadRequestException e) {
                    str = null;
                }
                if (str != null) {
                    authFromQueryParameter(str);
                }
            }
            if (this.val != null && !checkAccountStatus(this.val.getAccountId())) {
                this.val = null;
                this.okPaths.clear();
            }
            if (this.val == null || !this.val.needsCookieRefresh()) {
                return;
            }
            this.val = webSessionManager.createVal(this.key, this.val);
        }
    }

    private void authFromCookie(String str) {
        this.key = new WebSessionManager.Key(str);
        this.val = this.manager.get(this.key);
        String header = this.request.getHeader(XsrfConstants.XSRF_HEADER_NAME);
        if (this.val == null || header == null || !header.equals(this.val.getAuth())) {
            return;
        }
        this.okPaths.add(AccessPath.REST_API);
    }

    private void authFromQueryParameter(String str) {
        this.key = new WebSessionManager.Key(str);
        this.val = this.manager.get(this.key);
        if (this.val != null) {
            this.okPaths.add(AccessPath.REST_API);
        }
    }

    private static String readCookie(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (ACCOUNT_COOKIE.equals(cookie.getName())) {
                return Strings.emptyToNull(cookie.getValue());
            }
        }
        return null;
    }

    @Override // com.google.gerrit.httpd.WebSession
    public boolean isSignedIn() {
        return this.val != null;
    }

    @Override // com.google.gerrit.httpd.WebSession
    @Nullable
    public String getXGerritAuth() {
        if (isSignedIn()) {
            return this.val.getAuth();
        }
        return null;
    }

    @Override // com.google.gerrit.httpd.WebSession
    public boolean isValidXGerritAuth(String str) {
        return str.equals(getXGerritAuth());
    }

    @Override // com.google.gerrit.httpd.WebSession
    public boolean isAccessPathOk(AccessPath accessPath) {
        return this.okPaths.contains(accessPath);
    }

    @Override // com.google.gerrit.httpd.WebSession
    public void setAccessPathOk(AccessPath accessPath, boolean z) {
        if (z) {
            this.okPaths.add(accessPath);
        } else {
            this.okPaths.remove(accessPath);
        }
    }

    @Override // com.google.gerrit.httpd.WebSession
    public ExternalId.Key getLastLoginExternalId() {
        if (this.val != null) {
            return this.val.getExternalId();
        }
        return null;
    }

    @Override // com.google.gerrit.httpd.WebSession
    public CurrentUser getUser() {
        if (this.user == null) {
            if (isSignedIn()) {
                this.user = this.identified.create(this.val.getAccountId());
            } else {
                this.user = this.anonymousProvider.get();
            }
        }
        return this.user;
    }

    @Override // com.google.gerrit.httpd.WebSession
    public void login(AuthResult authResult, boolean z) {
        Account.Id accountId = authResult.getAccountId();
        ExternalId.Key externalId = authResult.getExternalId();
        if (this.val != null) {
            this.manager.destroy(this.key);
        }
        if (!checkAccountStatus(accountId)) {
            this.val = null;
            return;
        }
        this.key = this.manager.createKey(accountId);
        this.val = this.manager.createVal(this.key, accountId, z, externalId, null, null);
        saveCookie();
        this.user = this.identified.create(this.val.getAccountId());
    }

    @Override // com.google.gerrit.httpd.WebSession
    public void setUserAccountId(Account.Id id) {
        this.key = new WebSessionManager.Key("id:" + id);
        this.val = new WebSessionManager.Val(id, 0L, false, null, 0L, null, null);
        this.user = this.identified.runAs(id, this.user);
    }

    @Override // com.google.gerrit.httpd.WebSession
    public void logout() {
        if (this.val != null) {
            this.manager.destroy(this.key);
            this.key = null;
            this.val = null;
            saveCookie();
            this.user = this.anonymousProvider.get();
        }
    }

    @Override // com.google.gerrit.httpd.WebSession
    public String getSessionId() {
        if (this.val != null) {
            return this.val.getSessionId();
        }
        return null;
    }

    private boolean checkAccountStatus(Account.Id id) {
        return this.byIdCache.get(id).filter(accountState -> {
            return accountState.account().isActive();
        }).isPresent();
    }

    private void saveCookie() {
        String token;
        int cookieAge;
        if (this.response == null) {
            return;
        }
        if (this.key == null) {
            token = "";
            cookieAge = 0;
        } else {
            token = this.key.getToken();
            cookieAge = this.manager.getCookieAge(this.val);
        }
        String cookiePath = this.authConfig.getCookiePath();
        if (Strings.isNullOrEmpty(cookiePath)) {
            cookiePath = this.request.getContextPath();
            if (Strings.isNullOrEmpty(cookiePath)) {
                cookiePath = PageLinks.MINE;
            }
        }
        if (this.outCookie != null) {
            throw new IllegalStateException("Cookie GerritAccount was set");
        }
        this.outCookie = new Cookie(ACCOUNT_COOKIE, token);
        String cookieDomain = this.authConfig.getCookieDomain();
        if (!Strings.isNullOrEmpty(cookieDomain)) {
            this.outCookie.setDomain(cookieDomain);
        }
        this.outCookie.setSecure(isSecure(this.request));
        this.outCookie.setPath(cookiePath);
        this.outCookie.setMaxAge(cookieAge);
        this.outCookie.setSecure(this.authConfig.getCookieSecure());
        this.response.addCookie(this.outCookie);
    }

    private static boolean isSecure(HttpServletRequest httpServletRequest) {
        return httpServletRequest.isSecure() || "https".equals(httpServletRequest.getScheme());
    }
}
