package org.sonatype.nexus.security;

import java.io.Serializable;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.SessionContext;
import org.apache.shiro.session.mgt.SimpleSession;
import org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator;
import org.apache.shiro.session.mgt.eis.SessionIdGenerator;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonatype.nexus.security.filter.authc.NexusHttpAuthenticationFilter;

@Deprecated
/* loaded from: input_file:org/sonatype/nexus/security/StatelessAndStatefulWebSessionManager.class */
public class StatelessAndStatefulWebSessionManager extends DefaultWebSessionManager {
    public static final String NO_SESSION_HEADER = "X-Nexus-Session";
    public static final String DO_NOT_STORE_SESSION_KEY = "NO_SESSION";
    private final Logger log = LoggerFactory.getLogger(getClass());
    private SessionIdGenerator fakeSessionIdGenerator = new JavaUuidSessionIdGenerator();

    public StatelessAndStatefulWebSessionManager() {
        this.log.info("@Deprecated replaced with 'noSessionCreation' filter in Shiro 1.2");
    }

    protected Session doCreateSession(SessionContext sessionContext) {
        SimpleSession doCreateSession;
        if (WebUtils.isHttp(sessionContext)) {
            doCreateSession = newSessionInstance(sessionContext);
            if (this.log.isTraceEnabled()) {
                this.log.trace("Creating session for host {}", doCreateSession.getHost());
            }
            HttpServletRequest httpRequest = WebUtils.getHttpRequest(sessionContext);
            if (isStatelessClient(httpRequest)) {
                doCreateSession.setId(this.fakeSessionIdGenerator.generateId(doCreateSession));
                this.log.debug("Stateless client session {} is not persisted.", doCreateSession.getId());
                doCreateSession.setAttribute(DO_NOT_STORE_SESSION_KEY, Boolean.TRUE);
            } else {
                create(doCreateSession);
            }
            if (this.log.isTraceEnabled()) {
                this.log.trace("Session {} was created for User-Agent {}", doCreateSession.getId(), getUserAgent(httpRequest));
            }
        } else {
            this.log.trace("Non http request, falling back to default implementation.");
            doCreateSession = super.doCreateSession(sessionContext);
        }
        return doCreateSession;
    }

    protected void onChange(Session session) {
        if (SimpleSession.class.isInstance(session) && Boolean.TRUE == session.getAttribute(DO_NOT_STORE_SESSION_KEY)) {
            return;
        }
        super.onChange(session);
    }

    protected Session createExposedSession(Session session, SessionContext sessionContext) {
        return (SimpleSession.class.isInstance(session) && Boolean.TRUE == session.getAttribute(DO_NOT_STORE_SESSION_KEY)) ? session : super.createExposedSession(session, sessionContext);
    }

    protected void onStart(Session session, SessionContext sessionContext) {
        if (!WebUtils.isHttp(sessionContext)) {
            this.log.debug("SessionContext argument is not HTTP compatible or does not have an HTTP request/response pair. No session ID cookie will be set.");
            return;
        }
        HttpServletRequest httpRequest = WebUtils.getHttpRequest(sessionContext);
        HttpServletResponse httpResponse = WebUtils.getHttpResponse(sessionContext);
        if (isSessionIdCookieEnabled(httpRequest, httpResponse)) {
            storeSessionId(session.getId(), httpRequest, httpResponse);
        } else {
            this.log.debug("Session ID cookie is disabled.  No cookie has been set for new session with id {}", session.getId());
        }
        httpRequest.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);
        httpRequest.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
    }

    public boolean isSessionIdCookieEnabled(ServletRequest servletRequest, ServletResponse servletResponse) {
        return isSessionIdCookieEnabled() && !isStatelessClient(servletRequest);
    }

    protected Serializable getSessionId(ServletRequest servletRequest, ServletResponse servletResponse) {
        return getReferencedSessionId(servletRequest, servletResponse);
    }

    private String getSessionIdCookieValue(ServletRequest servletRequest, ServletResponse servletResponse) {
        if (!isSessionIdCookieEnabled(servletRequest, servletResponse)) {
            this.log.debug("Session ID cookie is disabled - session id will not be acquired from a request cookie.");
            return null;
        }
        if (servletRequest instanceof HttpServletRequest) {
            return getSessionIdCookie().readValue((HttpServletRequest) servletRequest, WebUtils.toHttp(servletResponse));
        }
        this.log.debug("Current request is not an HttpServletRequest - cannot get session ID cookie.  Returning null.");
        return null;
    }

    private Serializable getReferencedSessionId(ServletRequest servletRequest, ServletResponse servletResponse) {
        String sessionIdCookieValue = getSessionIdCookieValue(servletRequest, servletResponse);
        if (sessionIdCookieValue != null) {
            servletRequest.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, "cookie");
        } else {
            sessionIdCookieValue = servletRequest.getParameter("JSESSIONID");
            if (sessionIdCookieValue == null) {
                sessionIdCookieValue = servletRequest.getParameter("JSESSIONID".toLowerCase());
            }
            if (sessionIdCookieValue != null) {
                servletRequest.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, "url");
            }
        }
        if (sessionIdCookieValue != null) {
            servletRequest.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, sessionIdCookieValue);
            servletRequest.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
        }
        return sessionIdCookieValue;
    }

    private void storeSessionId(Serializable serializable, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (serializable == null) {
            throw new IllegalArgumentException("sessionId cannot be null when persisting for subsequent requests.");
        }
        SimpleCookie simpleCookie = new SimpleCookie(getSessionIdCookie());
        String obj = serializable.toString();
        simpleCookie.setValue(obj);
        simpleCookie.saveTo(httpServletRequest, httpServletResponse);
        this.log.trace("Set session ID cookie for session with id {}", obj);
    }

    protected boolean isStatelessClient(ServletRequest servletRequest) {
        if (hasNoSessionHeader(servletRequest) || Boolean.TRUE.equals(servletRequest.getAttribute(NexusHttpAuthenticationFilter.ANONYMOUS_LOGIN))) {
            return true;
        }
        String userAgent = getUserAgent(servletRequest);
        this.log.trace("Found User-Agent: {} in request", userAgent);
        if (userAgent == null || userAgent.trim().length() <= 0) {
            return false;
        }
        return userAgent.startsWith("Apache-Maven") || userAgent.startsWith("Java/") || userAgent.startsWith("Apache Ivy/") || userAgent.startsWith("curl/") || userAgent.startsWith("Wget/") || userAgent.startsWith("Nexus/") || userAgent.startsWith("Artifactory/") || userAgent.startsWith("Apache Archiva/") || userAgent.startsWith("M2Eclipse/") || userAgent.startsWith("Aether/");
    }

    private boolean hasNoSessionHeader(ServletRequest servletRequest) {
        return "none".equals(getHeaderValue(NO_SESSION_HEADER, servletRequest));
    }

    private String getUserAgent(ServletRequest servletRequest) {
        return getHeaderValue("User-Agent", servletRequest);
    }

    private String getHeaderValue(String str, ServletRequest servletRequest) {
        if (servletRequest instanceof HttpServletRequest) {
            return ((HttpServletRequest) servletRequest).getHeader(str);
        }
        return null;
    }
}
