package com.gwt.ss;

import java.lang.reflect.Field;
import javax.servlet.FilterChain;
import javax.servlet.ServletContext;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.security.web.session.ConcurrentSessionFilter;
import org.springframework.security.web.session.SessionManagementFilter;
import org.springframework.web.context.ServletContextAware;

@Aspect
/* loaded from: input_file:com/gwt/ss/GwtSessionManagement.class */
public class GwtSessionManagement implements ServletContextAware {
    static final String FILTER_APPLIED = "__spring_security_session_mgmt_filter_applied";
    private static final Logger LOG = LoggerFactory.getLogger(GwtSessionManagement.class);
    private ServletContext servletContext;
    private SessionRegistry sessionRegistry;
    private ConcurrentSessionFilter csTarget = null;
    private Object invalidSessionStrategy = null;
    private String invalidSessionUrl = null;
    private LogoutHandler[] logoutHandlers = null;
    private SecurityContextRepository securityContextRepository = null;
    private SessionAuthenticationStrategy sessionStrategy = new SessionFixationProtectionStrategy();
    private SessionManagementFilter smTarget = null;

    @Around("execution(* org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(..))")
    public Object doCSFilter(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        HttpHolder httpHolder = HttpHolder.getInstance(proceedingJoinPoint);
        SessionInformation sessionInformation = (httpHolder.getRequest().getSession(false) == null || !GwtResponseUtil.isGwt(httpHolder.getRequest())) ? null : getSessionRegistry(getCSTarget(proceedingJoinPoint)).getSessionInformation(httpHolder.getRequest().getSession(false).getId());
        if (sessionInformation == null) {
            return proceedingJoinPoint.proceed();
        }
        if (!sessionInformation.isExpired()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Session is not expired.");
            }
            sessionInformation.refreshLastRequest();
            getFilterChain(proceedingJoinPoint).doFilter(httpHolder.getRequest(), httpHolder.getResponse());
            return null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Session is expired (Possibly do to multiple concurrent logins being attempted as the same user).");
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        for (LogoutHandler logoutHandler : getLogoutHandlers(getCSTarget(proceedingJoinPoint))) {
            logoutHandler.logout(httpHolder.getRequest(), httpHolder.getResponse(), authentication);
        }
        GwtResponseUtil.processGwtException(this.servletContext, httpHolder.getRequest(), httpHolder.getResponse(), new SessionAuthenticationException("Session is expired (Possibly do to multiple concurrent logins being attempted as the same user)."));
        return null;
    }

    @Around("execution(* org.springframework.security.web.session.SessionManagementFilter.doFilter(..))")
    public Object doSMFilter(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        HttpHolder httpHolder = HttpHolder.getInstance(proceedingJoinPoint);
        if (!httpHolder.isGwt()) {
            return proceedingJoinPoint.proceed();
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("GwtSessionManagementFilter instead of SessionManagementFilter");
        }
        if (httpHolder.getRequest().getAttribute(FILTER_APPLIED) != null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("SessionManagementFilter already applied.");
            }
            getFilterChain(proceedingJoinPoint).doFilter(httpHolder.getRequest(), httpHolder.getResponse());
            return null;
        }
        httpHolder.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
        if (!getSecurityContextRepository(getSMTarget(proceedingJoinPoint)).containsContext(httpHolder.getRequest())) {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication != null && !GwtResponseUtil.isAnonymous(authentication)) {
                try {
                    this.sessionStrategy.onAuthentication(authentication, httpHolder.getRequest(), httpHolder.getResponse());
                    getSecurityContextRepository(getSMTarget(proceedingJoinPoint)).saveContext(SecurityContextHolder.getContext(), httpHolder.getRequest(), httpHolder.getResponse());
                } catch (SessionAuthenticationException e) {
                    if (LOG.isErrorEnabled()) {
                        LOG.error("SessionAuthenticationStrategy rejected the authentication object", e);
                    }
                    SecurityContextHolder.clearContext();
                    GwtResponseUtil.processGwtException(this.servletContext, httpHolder.getRequest(), httpHolder.getResponse(), e);
                    return null;
                }
            } else if (httpHolder.getRequest().getRequestedSessionId() != null && !httpHolder.getRequest().isRequestedSessionIdValid()) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Requested session id {} is invalid", httpHolder.getRequest().getRequestedSessionId());
                }
                if (getInvalidSessionUrl(getSMTarget(proceedingJoinPoint)) != null || getInvalidSessionStrategy(getSMTarget(proceedingJoinPoint)) != null) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Starting new session (if required) and notify front-end user");
                    }
                    httpHolder.getRequest().getSession();
                    GwtResponseUtil.processGwtException(this.servletContext, httpHolder.getRequest(), httpHolder.getResponse(), new SessionAuthenticationException("Session is invalid"));
                    return null;
                }
            }
        }
        getFilterChain(proceedingJoinPoint).doFilter(httpHolder.getRequest(), httpHolder.getResponse());
        return null;
    }

    private ConcurrentSessionFilter getCSTarget(ProceedingJoinPoint proceedingJoinPoint) {
        if (this.csTarget == null) {
            this.csTarget = (ConcurrentSessionFilter) proceedingJoinPoint.getTarget();
        }
        return this.csTarget;
    }

    private FilterChain getFilterChain(JoinPoint joinPoint) {
        if (joinPoint == null) {
            return null;
        }
        for (Object obj : joinPoint.getArgs()) {
            if (obj instanceof FilterChain) {
                return (FilterChain) obj;
            }
        }
        return null;
    }

    private Object getInvalidSessionStrategy(SessionManagementFilter sessionManagementFilter) throws IllegalArgumentException, IllegalAccessException {
        if (this.invalidSessionStrategy == null) {
            try {
                Field declaredField = SessionManagementFilter.class.getDeclaredField("invalidSessionStrategy");
                declaredField.setAccessible(true);
                this.invalidSessionStrategy = declaredField.get(sessionManagementFilter);
            } catch (NoSuchFieldException e) {
            }
        }
        return this.invalidSessionStrategy;
    }

    private String getInvalidSessionUrl(SessionManagementFilter sessionManagementFilter) throws IllegalArgumentException, IllegalAccessException {
        if (this.invalidSessionUrl == null) {
            try {
                Field declaredField = SessionManagementFilter.class.getDeclaredField("invalidSessionUrl");
                declaredField.setAccessible(true);
                this.invalidSessionUrl = (String) declaredField.get(sessionManagementFilter);
            } catch (NoSuchFieldException e) {
            }
        }
        if (this.invalidSessionUrl == null || this.invalidSessionUrl.isEmpty()) {
            return null;
        }
        return this.invalidSessionUrl;
    }

    private LogoutHandler[] getLogoutHandlers(ConcurrentSessionFilter concurrentSessionFilter) throws NoSuchFieldException, IllegalArgumentException, IllegalAccessException {
        if (this.logoutHandlers == null) {
            Field declaredField = ConcurrentSessionFilter.class.getDeclaredField("handlers");
            declaredField.setAccessible(true);
            this.logoutHandlers = (LogoutHandler[]) declaredField.get(concurrentSessionFilter);
        }
        return this.logoutHandlers;
    }

    private SecurityContextRepository getSecurityContextRepository(SessionManagementFilter sessionManagementFilter) throws NoSuchFieldException, IllegalArgumentException, IllegalAccessException {
        if (this.securityContextRepository == null) {
            Field declaredField = SessionManagementFilter.class.getDeclaredField("securityContextRepository");
            declaredField.setAccessible(true);
            this.securityContextRepository = (SecurityContextRepository) declaredField.get(sessionManagementFilter);
        }
        return this.securityContextRepository;
    }

    private SessionRegistry getSessionRegistry(ConcurrentSessionFilter concurrentSessionFilter) throws NoSuchFieldException, IllegalArgumentException, IllegalAccessException {
        if (this.sessionRegistry == null) {
            Field declaredField = ConcurrentSessionFilter.class.getDeclaredField("sessionRegistry");
            declaredField.setAccessible(true);
            this.sessionRegistry = (SessionRegistry) declaredField.get(concurrentSessionFilter);
        }
        return this.sessionRegistry;
    }

    private SessionManagementFilter getSMTarget(ProceedingJoinPoint proceedingJoinPoint) {
        if (this.smTarget == null) {
            this.smTarget = (SessionManagementFilter) proceedingJoinPoint.getTarget();
        }
        return this.smTarget;
    }

    public void setServletContext(ServletContext servletContext) {
        this.servletContext = servletContext;
    }
}
