package org.n52.security.service.sso;

import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.Cookie;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/n52/security/service/sso/DomainCookieBuilder.class */
public class DomainCookieBuilder extends AbstractCookieBuilder {
    private static final Logger LOG = LoggerFactory.getLogger(DomainCookieBuilder.class);
    private boolean m_supportNonMatchingHosts = true;
    private boolean m_useHighestDomainFromNonMatchingHost = true;
    private static final Pattern HIGHEST_DOMAIN_MATCH;
    private static final Pattern LOWEST_DOMAIN_MATCH;

    @Override // org.n52.security.service.sso.CookieBuilder
    public DomainCookie build(String str, String str2, byte[] bArr, String str3) {
        return build(str, new Cookie(getCookieName(), SecureCookieValue.createWithSecret(buildRemoteAddressValuePart(str3), str2, bArr).getCookieValue()));
    }

    @Override // org.n52.security.service.sso.AbstractCookieBuilder
    String buildCookieDomain(String str) {
        String cookieDomain = getCookieDomain();
        if (!cookieDomain.isEmpty() && (str.equals(cookieDomain) || str.endsWith("." + cookieDomain))) {
            return cookieDomain;
        }
        if (isSupportNonMatchingHosts() && !serverNameIsIp(str)) {
            Matcher matcher = isUseHighestDomainFromNonMatchingHost() ? HIGHEST_DOMAIN_MATCH.matcher(str) : LOWEST_DOMAIN_MATCH.matcher(str);
            if (matcher.matches()) {
                String group = matcher.group(1);
                if (LOG.isInfoEnabled()) {
                    LOG.info("hostname '{}' doesn't belong to domain '{}' cookie is bound to calculated domain {}", new Object[]{str, cookieDomain, group});
                }
                return group;
            }
        }
        LOG.info("hostname '{}' doesn't belong to domain '{}' cookie is directly bound to host", str, cookieDomain);
        return null;
    }

    private String buildRemoteAddressValuePart(String str) {
        return isBindCookieToRemoteIP() ? str : "*";
    }

    public boolean isSupportNonMatchingHosts() {
        return this.m_supportNonMatchingHosts;
    }

    public void setSupportNonMatchingHosts(boolean z) {
        this.m_supportNonMatchingHosts = z;
    }

    public boolean isUseHighestDomainFromNonMatchingHost() {
        return this.m_useHighestDomainFromNonMatchingHost;
    }

    public void setUseHighestDomainFromNonMatchingHost(boolean z) {
        this.m_useHighestDomainFromNonMatchingHost = z;
    }

    static {
        String str = "\\.[\\w%-]+";
        HIGHEST_DOMAIN_MATCH = Pattern.compile("[\\w%-]+\\.([\\w%-]+(?:" + str + ")+)");
        LOWEST_DOMAIN_MATCH = Pattern.compile(("(?:\\.?[\\w%-]+)+") + ("\\.([\\w%-]+" + str + ")"));
    }
}
