package org.springframework.security.web.context;

import java.util.function.Supplier;
import javax.servlet.AsyncContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.core.log.LogMessage;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.Transient;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.Assert;
import org.springframework.web.util.WebUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-web-5.4.7.jar:org/springframework/security/web/context/HttpSessionSecurityContextRepository.class */
public class HttpSessionSecurityContextRepository implements SecurityContextRepository {
    public static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
    protected final Log logger = LogFactory.getLog(getClass());
    private final Object contextObject = SecurityContextHolder.createEmptyContext();
    private boolean allowSessionCreation = true;
    private boolean disableUrlRewriting = false;
    private String springSecurityContextKey = "SPRING_SECURITY_CONTEXT";
    private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();

    /* loaded from: input_file:BOOT-INF/lib/spring-security-web-5.4.7.jar:org/springframework/security/web/context/HttpSessionSecurityContextRepository$SaveToSessionRequestWrapper.class */
    private static class SaveToSessionRequestWrapper extends HttpServletRequestWrapper {
        private final SaveContextOnUpdateOrErrorResponseWrapper response;

        SaveToSessionRequestWrapper(HttpServletRequest httpServletRequest, SaveContextOnUpdateOrErrorResponseWrapper saveContextOnUpdateOrErrorResponseWrapper) {
            super(httpServletRequest);
            this.response = saveContextOnUpdateOrErrorResponseWrapper;
        }

        @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
        public AsyncContext startAsync() {
            this.response.disableSaveOnResponseCommitted();
            return super.startAsync();
        }

        @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
        public AsyncContext startAsync(ServletRequest servletRequest, ServletResponse servletResponse) throws IllegalStateException {
            this.response.disableSaveOnResponseCommitted();
            return super.startAsync(servletRequest, servletResponse);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-web-5.4.7.jar:org/springframework/security/web/context/HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper.class */
    final class SaveToSessionResponseWrapper extends SaveContextOnUpdateOrErrorResponseWrapper {
        private final Log logger;
        private final HttpServletRequest request;
        private final boolean httpSessionExistedAtStartOfRequest;
        private final SecurityContext contextBeforeExecution;
        private final Authentication authBeforeExecution;
        private boolean isSaveContextInvoked;

        SaveToSessionResponseWrapper(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, boolean z, SecurityContext securityContext) {
            super(httpServletResponse, HttpSessionSecurityContextRepository.this.disableUrlRewriting);
            this.logger = HttpSessionSecurityContextRepository.this.logger;
            this.request = httpServletRequest;
            this.httpSessionExistedAtStartOfRequest = z;
            this.contextBeforeExecution = securityContext;
            this.authBeforeExecution = securityContext.getAuthentication();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
        public void saveContext(SecurityContext securityContext) {
            Authentication authentication = securityContext.getAuthentication();
            HttpSession session = this.request.getSession(false);
            String str = HttpSessionSecurityContextRepository.this.springSecurityContextKey;
            if (authentication == null || HttpSessionSecurityContextRepository.this.trustResolver.isAnonymous(authentication)) {
                if (session != null && this.authBeforeExecution != null) {
                    session.removeAttribute(str);
                    this.isSaveContextInvoked = true;
                }
                if (this.logger.isDebugEnabled()) {
                    if (authentication == null) {
                        this.logger.debug("Did not store empty SecurityContext");
                        return;
                    } else {
                        this.logger.debug("Did not store anonymous SecurityContext");
                        return;
                    }
                }
                return;
            }
            HttpSession createNewSessionIfAllowed = session != null ? session : createNewSessionIfAllowed(securityContext, authentication);
            if (createNewSessionIfAllowed != null) {
                if (contextChanged(securityContext) || createNewSessionIfAllowed.getAttribute(str) == null) {
                    createNewSessionIfAllowed.setAttribute(str, securityContext);
                    this.isSaveContextInvoked = true;
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug(LogMessage.format("Stored %s to HttpSession [%s]", securityContext, createNewSessionIfAllowed));
                    }
                }
            }
        }

        private boolean contextChanged(SecurityContext securityContext) {
            return (!this.isSaveContextInvoked && securityContext == this.contextBeforeExecution && securityContext.getAuthentication() == this.authBeforeExecution) ? false : true;
        }

        private HttpSession createNewSessionIfAllowed(SecurityContext securityContext, Authentication authentication) {
            if (HttpSessionSecurityContextRepository.this.isTransientAuthentication(authentication)) {
                return null;
            }
            if (this.httpSessionExistedAtStartOfRequest) {
                this.logger.debug("HttpSession is now null, but was not null at start of request; session was invalidated, so do not create a new session");
                return null;
            }
            if (!HttpSessionSecurityContextRepository.this.allowSessionCreation) {
                this.logger.debug("The HttpSession is currently null, and the " + HttpSessionSecurityContextRepository.class.getSimpleName() + " is prohibited from creating an HttpSession (because the allowSessionCreation property is false) - SecurityContext thus not stored for next request");
                return null;
            }
            if (HttpSessionSecurityContextRepository.this.contextObject.equals(securityContext)) {
                this.logger.debug(LogMessage.format("HttpSession is null, but SecurityContext has not changed from default empty context %s so not creating HttpSession or storing SecurityContext", securityContext));
                return null;
            }
            try {
                HttpSession session = this.request.getSession(true);
                this.logger.debug("Created HttpSession as SecurityContext is non-default");
                return session;
            } catch (IllegalStateException e) {
                this.logger.warn("Failed to create a session, as response has been committed. Unable to store SecurityContext.");
                return null;
            }
        }
    }

    @Override // org.springframework.security.web.context.SecurityContextRepository
    public SecurityContext loadContext(HttpRequestResponseHolder httpRequestResponseHolder) {
        HttpServletRequest request = httpRequestResponseHolder.getRequest();
        HttpServletResponse response = httpRequestResponseHolder.getResponse();
        HttpSession session = request.getSession(false);
        SecurityContext readSecurityContextFromSession = readSecurityContextFromSession(session);
        if (readSecurityContextFromSession == null) {
            readSecurityContextFromSession = generateNewContext();
            if (this.logger.isTraceEnabled()) {
                this.logger.trace(LogMessage.format("Created %s", readSecurityContextFromSession));
            }
        }
        SaveToSessionResponseWrapper saveToSessionResponseWrapper = new SaveToSessionResponseWrapper(response, request, session != null, readSecurityContextFromSession);
        httpRequestResponseHolder.setResponse(saveToSessionResponseWrapper);
        httpRequestResponseHolder.setRequest(new SaveToSessionRequestWrapper(request, saveToSessionResponseWrapper));
        return readSecurityContextFromSession;
    }

    @Override // org.springframework.security.web.context.SecurityContextRepository
    public void saveContext(SecurityContext securityContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        SaveContextOnUpdateOrErrorResponseWrapper saveContextOnUpdateOrErrorResponseWrapper = (SaveContextOnUpdateOrErrorResponseWrapper) WebUtils.getNativeResponse(httpServletResponse, SaveContextOnUpdateOrErrorResponseWrapper.class);
        Assert.state(saveContextOnUpdateOrErrorResponseWrapper != null, (Supplier<String>) () -> {
            return "Cannot invoke saveContext on response " + httpServletResponse + ". You must use the HttpRequestResponseHolder.response after invoking loadContext";
        });
        saveContextOnUpdateOrErrorResponseWrapper.saveContext(securityContext);
    }

    @Override // org.springframework.security.web.context.SecurityContextRepository
    public boolean containsContext(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        return (session == null || session.getAttribute(this.springSecurityContextKey) == null) ? false : true;
    }

    private SecurityContext readSecurityContextFromSession(HttpSession httpSession) {
        if (httpSession == null) {
            this.logger.trace("No HttpSession currently exists");
            return null;
        }
        Object attribute = httpSession.getAttribute(this.springSecurityContextKey);
        if (attribute == null) {
            if (!this.logger.isTraceEnabled()) {
                return null;
            }
            this.logger.trace(LogMessage.format("Did not find SecurityContext in HttpSession %s using the SPRING_SECURITY_CONTEXT session attribute", httpSession.getId()));
            return null;
        }
        if (!(attribute instanceof SecurityContext)) {
            this.logger.warn(LogMessage.format("%s did not contain a SecurityContext but contained: '%s'; are you improperly modifying the HttpSession directly (you should always use SecurityContextHolder) or using the HttpSession attribute reserved for this class?", this.springSecurityContextKey, attribute));
            return null;
        }
        if (this.logger.isTraceEnabled()) {
            this.logger.trace(LogMessage.format("Retrieved %s from %s", attribute, this.springSecurityContextKey));
        } else if (this.logger.isDebugEnabled()) {
            this.logger.debug(LogMessage.format("Retrieved %s", attribute));
        }
        return (SecurityContext) attribute;
    }

    protected SecurityContext generateNewContext() {
        return SecurityContextHolder.createEmptyContext();
    }

    public void setAllowSessionCreation(boolean z) {
        this.allowSessionCreation = z;
    }

    public void setDisableUrlRewriting(boolean z) {
        this.disableUrlRewriting = z;
    }

    public void setSpringSecurityContextKey(String str) {
        Assert.hasText(str, "springSecurityContextKey cannot be empty");
        this.springSecurityContextKey = str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isTransientAuthentication(Authentication authentication) {
        return AnnotationUtils.getAnnotation(authentication.getClass(), Transient.class) != null;
    }

    public void setTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
        Assert.notNull(authenticationTrustResolver, "trustResolver cannot be null");
        this.trustResolver = authenticationTrustResolver;
    }
}
