package org.n52.security.service.sso;

import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.n52.security.common.subject.SubjectCredentialAnalyzer;
import org.n52.security.common.subject.SubjectPrincipalAnalyzer;
import org.n52.security.service.web.WebContext;
import org.n52.security.service.web.WebSecurityProcessingContext;
import org.n52.security.service.web.WebSecurityProcessor;
import org.n52.security.service.web.WebSecurityProcessorChain;

/* loaded from: input_file:org/n52/security/service/sso/SyncDomainCookieStateWebSecurityProcessor.class */
public class SyncDomainCookieStateWebSecurityProcessor implements WebSecurityProcessor {
    private CookieBuilder m_CookieBuilder;
    private SSOSessionService m_ssoSessionService;

    public void processSecure(WebSecurityProcessingContext webSecurityProcessingContext, WebContext webContext, WebSecurityProcessorChain webSecurityProcessorChain) {
        syncCookieState(webSecurityProcessingContext, webContext);
        try {
            webSecurityProcessorChain.performAccessControl(webContext);
            syncCookieState(webSecurityProcessingContext, webContext);
        } catch (Throwable th) {
            syncCookieState(webSecurityProcessingContext, webContext);
            throw th;
        }
    }

    private void syncCookieState(WebSecurityProcessingContext webSecurityProcessingContext, WebContext webContext) {
        HttpServletRequest request = webContext.getRequest();
        HttpServletResponse response = webContext.getResponse();
        Subject subject = webSecurityProcessingContext.getSubject();
        SubjectCredentialAnalyzer subjectCredentialAnalyzer = new SubjectCredentialAnalyzer(subject);
        DomainCookieCredential domainCookieCredential = (DomainCookieCredential) subjectCredentialAnalyzer.getPublicCredential(DomainCookieCredential.class);
        DomainCookie domainCookie = domainCookieCredential != null ? domainCookieCredential.getDomainCookie() : this.m_CookieBuilder.findValidDomainCookie(request.getServerName(), request.getCookies());
        if (!webSecurityProcessingContext.isAuthenticated()) {
            invalidateOldCookie(response, domainCookie);
            return;
        }
        if (isNewDomainCookieRequired(domainCookie, subject)) {
            invalidateOldCookie(response, domainCookie);
            subjectCredentialAnalyzer.removePublicCredentials(DomainCookieCredential.class);
            SSOSessionIdPrincipal sSOSessionIdPrincipal = (SSOSessionIdPrincipal) new SubjectPrincipalAnalyzer(subject).getPrincipal(SSOSessionIdPrincipal.class);
            if (sSOSessionIdPrincipal == null) {
                return;
            }
            subjectCredentialAnalyzer.replacePublicCredential(new DomainCookieCredential(writeNewCookie(request, response, sSOSessionIdPrincipal)));
        }
    }

    private DomainCookie writeNewCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SSOSessionIdPrincipal sSOSessionIdPrincipal) {
        SSOSession session = this.m_ssoSessionService.getSession(sSOSessionIdPrincipal.getName());
        DomainCookie build = this.m_CookieBuilder.build(httpServletRequest.getServerName(), session.getSessionId(), session.getSessionSecret(), httpServletRequest.getRemoteAddr());
        httpServletResponse.addCookie(build.getCookie());
        return build;
    }

    private boolean isNewDomainCookieRequired(DomainCookie domainCookie, Subject subject) {
        return domainCookie == null || !isAuthenticationDomainCookie(domainCookie, subject);
    }

    private boolean isAuthenticationDomainCookie(DomainCookie domainCookie, Subject subject) {
        return subject.getPublicCredentials(DomainCookieCredential.class).contains(new DomainCookieCredential(domainCookie));
    }

    private void invalidateOldCookie(HttpServletResponse httpServletResponse, DomainCookie domainCookie) {
        if (domainCookie != null) {
            httpServletResponse.addCookie(domainCookie.invalidate().getCookie());
        }
    }

    public CookieBuilder getDomainCookieBuilder() {
        return this.m_CookieBuilder;
    }

    public void setDomainCookieBuilder(CookieBuilder cookieBuilder) {
        this.m_CookieBuilder = cookieBuilder;
    }

    public SSOSessionService getSsoSessionService() {
        return this.m_ssoSessionService;
    }

    public void setSsoSessionService(SSOSessionService sSOSessionService) {
        this.m_ssoSessionService = sSOSessionService;
    }
}
