package org.pustefixframework.http;

import de.schlund.pfixxml.PfixServletRequest;
import de.schlund.pfixxml.PfixServletRequestImpl;
import de.schlund.pfixxml.serverutil.SessionAdmin;
import de.schlund.pfixxml.serverutil.SessionHelper;
import de.schlund.pfixxml.serverutil.SessionInfoStruct;
import de.schlund.pfixxml.util.CookieUtils;
import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.LinkedList;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.bsf.debug.util.DebugConstants;
import org.apache.log4j.Logger;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;

/* loaded from: input_file:WEB-INF/lib/pustefix-core-0.18.12.jar:org/pustefixframework/http/CookieSessionTrackingStrategy.class */
public class CookieSessionTrackingStrategy implements SessionTrackingStrategy {
    private Logger LOG = Logger.getLogger(CookieSessionTrackingStrategy.class);
    private Logger LOGGER_SESSION = Logger.getLogger("LOGGER_SESSION");
    private static final String CHECK_FOR_RUNNING_SSL_SESSION = "__CHECK_FOR_RUNNING_SSL_SESSION__";
    private static final String PARAM_FORCELOCAL = "__forcelocal";
    private static final String STORED_REQUEST = "__STORED_PFIXSERVLETREQUEST__";
    private static final String INITIAL_SESSION_CHECK = "__INITIAL_SESSION_CHECK__";
    private static final String COOKIE_SESSION_RESET = "__PFIX_RST_";
    private static final String COOKIE_SESSION_SSL = "__PFIX_SSL_";
    private SessionTrackingStrategyContext context;

    @Override // org.pustefixframework.http.SessionTrackingStrategy
    public void init(SessionTrackingStrategyContext sessionTrackingStrategyContext) {
        this.context = sessionTrackingStrategyContext;
    }

    @Override // org.pustefixframework.http.SessionTrackingStrategy
    public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Cookie cookie;
        HttpSession httpSession = null;
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        boolean z6 = false;
        Cookie[] cookies = CookieUtils.getCookies(httpServletRequest);
        boolean z7 = getCookie(cookies, COOKIE_SESSION_SSL) != null;
        if (httpServletRequest.isRequestedSessionIdValid()) {
            httpSession = httpServletRequest.getSession(false);
            z = true;
            this.LOG.debug("*** Found valid session with ID " + httpSession.getId());
            if (httpSession.getAttribute(INITIAL_SESSION_CHECK) != null && httpServletRequest.isRequestedSessionIdFromCookie()) {
                httpSession.removeAttribute(INITIAL_SESSION_CHECK);
                httpSession.setAttribute(AbstractPustefixRequestHandler.SESSION_ATTR_COOKIE_SESSION, true);
                AbstractPustefixRequestHandler.relocate(httpServletResponse, DebugConstants.DM_PLACE_BREAKPOINT_AT_LINE, SessionHelper.getClearedURL(httpServletRequest.getScheme(), AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties()));
                return;
            }
            Boolean bool = (Boolean) httpSession.getAttribute(SessionAdmin.SESSION_IS_SECURE);
            if (1 != 0) {
                if (httpServletRequest.isSecure()) {
                    this.LOG.debug("*** Found running under SSL");
                    if (bool == null || !bool.booleanValue()) {
                        this.LOG.debug("    ... but session is insecure!");
                        z2 = true;
                    } else {
                        z3 = true;
                    }
                } else if (bool != null && bool.booleanValue()) {
                    this.LOG.debug("*** Found secure session but NOT running under SSL => Destroying session.");
                    this.LOGGER_SESSION.info("Invalidate session I: " + httpSession.getId());
                    if (this.LOGGER_SESSION.isDebugEnabled()) {
                        this.LOGGER_SESSION.debug(dumpRequest(httpServletRequest));
                    }
                    httpSession.invalidate();
                    z = false;
                }
            }
        } else if (httpServletRequest.getRequestedSessionId() != null && this.context.wantsCheckSessionIdValid()) {
            this.LOG.debug("*** Found old and invalid session in request");
            if (httpServletRequest.isSecure() || !this.context.getSessionAdmin().idWasParentSession(httpServletRequest.getRequestedSessionId())) {
                String parameter = httpServletRequest.getParameter(PARAM_FORCELOCAL);
                if (parameter == null || !(parameter.equals("1") || parameter.equals("true") || parameter.equals(CustomBooleanEditor.VALUE_YES))) {
                    boolean z8 = false;
                    if (cookies != null && (cookie = getCookie(cookies, COOKIE_SESSION_RESET)) != null && cookie.getValue().equals(httpServletRequest.getRequestedSessionId())) {
                        z8 = true;
                    }
                    if (!z8) {
                        this.LOG.debug("    ... and __forcelocal is NOT set.");
                        redirectToClearedRequest(httpServletRequest, httpServletResponse);
                        return;
                    }
                } else {
                    this.LOG.debug("    ... but found __forcelocal parameter to be set.");
                }
            } else {
                this.LOG.debug("    ... but this session was the parent of a currently running secure session.");
                if (this.context.getSessionAdmin().getChildSessionForParentId(httpServletRequest.getRequestedSessionId()) != null) {
                    z6 = cookies != null;
                }
                if (z6) {
                    this.LOG.debug("    ... client handles cookies, so we'll check if we can reuse the parent session.");
                    z4 = true;
                } else {
                    this.LOG.debug("    ... but can't reuse the secure session because the client doesn't handle cookies.");
                    z5 = true;
                }
            }
        }
        PfixServletRequest pfixServletRequest = null;
        if (z) {
            pfixServletRequest = (PfixServletRequest) httpSession.getAttribute(STORED_REQUEST);
            if (pfixServletRequest != null) {
                this.LOG.debug("*** Found old PfixServletRequest object in session");
                httpSession.removeAttribute(STORED_REQUEST);
                pfixServletRequest.updateRequest(httpServletRequest);
            }
        }
        if (pfixServletRequest == null) {
            this.LOG.debug("*** Creating PfixServletRequest object.");
            pfixServletRequest = new PfixServletRequestImpl(httpServletRequest, this.context.getServletManagerConfig().getProperties(), this.context);
        }
        if (z4 && this.context.allowSessionCreate()) {
            this.LOG.debug("=> I");
            forceRedirectBackToInsecureSSL(pfixServletRequest, httpServletRequest, httpServletResponse);
            return;
        }
        if (z5 && this.context.allowSessionCreate()) {
            this.LOG.debug("=> II");
            forceNewSessionSameVisit(pfixServletRequest, httpServletRequest, httpServletResponse);
            return;
        }
        if (z2) {
            this.LOG.debug("=> III");
            redirectToSecureSSLSession(pfixServletRequest, httpServletRequest, httpServletResponse);
            return;
        }
        if (!z && z7 && !httpServletRequest.isSecure()) {
            this.LOG.debug("=> VII");
            redirectToSSL(httpServletRequest, httpServletResponse);
            return;
        }
        if (this.context.needsSession() && this.context.allowSessionCreate() && this.context.needsSSL(pfixServletRequest) && !z3) {
            if (httpServletRequest.isSecure()) {
                this.LOG.debug("=> IVa");
                redirectToSSLSession(pfixServletRequest, httpServletRequest, httpServletResponse);
                return;
            } else {
                this.LOG.debug("=> IVb");
                redirectToInsecureSSLSession(pfixServletRequest, httpServletRequest, httpServletResponse);
                return;
            }
        }
        if (!z && this.context.needsSession() && this.context.allowSessionCreate() && !this.context.needsSSL(pfixServletRequest)) {
            this.LOG.debug("=> V");
            redirectToSession(pfixServletRequest, httpServletRequest, httpServletResponse);
            return;
        }
        if (!z && !this.context.needsSession() && this.context.needsSSL(pfixServletRequest) && !httpServletRequest.isSecure()) {
            this.LOG.debug("=> VI");
            redirectToSSL(httpServletRequest, httpServletResponse);
            return;
        }
        this.LOG.debug("*** >>> End of redirection management, handling request now.... <<< ***\n");
        if (httpSession == null || httpSession.getAttribute(AbstractPustefixRequestHandler.VISIT_ID) != null) {
            this.context.callProcess(pfixServletRequest, httpServletRequest, httpServletResponse);
            return;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Found session without visit_id: ");
        sb.append(httpServletRequest.getRemoteAddr()).append("|");
        sb.append(httpServletRequest.getRequestURI()).append("|");
        sb.append(httpSession.getId()).append("|");
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss,SSS");
        sb.append(simpleDateFormat.format(new Date(httpSession.getCreationTime()))).append("|");
        sb.append(simpleDateFormat.format(new Date(httpSession.getLastAccessedTime()))).append("|");
        Enumeration attributeNames = httpSession.getAttributeNames();
        while (attributeNames.hasMoreElements()) {
            sb.append(attributeNames.nextElement()).append("|");
        }
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            Enumeration headers = httpServletRequest.getHeaders(str);
            while (headers.hasMoreElements()) {
                sb.append(str).append(":").append((String) headers.nextElement()).append("|");
            }
        }
        this.LOG.warn(sb.toString());
        this.LOGGER_SESSION.info("Invalidate session II: " + httpSession.getId());
        if (this.LOGGER_SESSION.isDebugEnabled()) {
            this.LOGGER_SESSION.debug(dumpRequest(httpServletRequest));
        }
        httpSession.invalidate();
        redirectToClearedRequest(httpServletRequest, httpServletResponse);
    }

    private void redirectToClearedRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.LOG.debug("===> Redirecting to cleared Request URL");
        String clearedURL = SessionHelper.getClearedURL(httpServletRequest.getScheme(), AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties());
        if (httpServletRequest.isRequestedSessionIdFromCookie()) {
            Cookie cookie = new Cookie("JSESSIONID", "");
            cookie.setMaxAge(0);
            cookie.setPath(httpServletRequest.getContextPath().equals("") ? "/" : httpServletRequest.getContextPath());
            httpServletResponse.addCookie(cookie);
            Cookie cookie2 = new Cookie(COOKIE_SESSION_RESET, httpServletRequest.getRequestedSessionId());
            cookie2.setMaxAge(60);
            cookie2.setPath(httpServletRequest.getContextPath().equals("") ? "/" : httpServletRequest.getContextPath());
            httpServletResponse.addCookie(cookie2);
        }
        AbstractPustefixRequestHandler.relocate(httpServletResponse, DebugConstants.DM_IS_LANGUAGE_REGISTERED, clearedURL);
    }

    private void redirectToSSL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.LOG.debug("===> Redirecting to session-less request URL under SSL");
        AbstractPustefixRequestHandler.relocate(httpServletResponse, SessionHelper.getClearedURL("https", AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties()));
    }

    private void redirectToInsecureSSLSession(PfixServletRequest pfixServletRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean z = false;
        if (httpServletRequest.isRequestedSessionIdValid()) {
            z = true;
            this.LOG.debug("*** reusing existing session for jump http=>https");
        }
        HttpSession session = httpServletRequest.getSession(true);
        this.LOGGER_SESSION.info("Get session I: " + session.getId());
        if (!z) {
            this.context.registerSession(httpServletRequest, session);
        }
        this.LOG.debug("*** Setting INSECURE flag in session (Id: " + session.getId() + ")");
        session.setAttribute(SessionAdmin.SESSION_IS_SECURE, Boolean.FALSE);
        session.setAttribute(STORED_REQUEST, pfixServletRequest);
        this.LOG.debug("===> Redirecting to insecure SSL URL with session (Id: " + session.getId() + ")");
        AbstractPustefixRequestHandler.relocate(httpServletResponse, SessionHelper.encodeURL("https", AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties()));
    }

    private void redirectToSession(PfixServletRequest pfixServletRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession(true);
        this.LOGGER_SESSION.info("Get session II: " + session.getId());
        this.context.registerSession(httpServletRequest, session);
        this.LOG.debug("===> Redirecting to URL with session (Id: " + session.getId() + ")");
        session.setAttribute(STORED_REQUEST, pfixServletRequest);
        session.setAttribute(INITIAL_SESSION_CHECK, session.getId());
        AbstractPustefixRequestHandler.relocate(httpServletResponse, SessionHelper.encodeURL(httpServletRequest.getScheme(), AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties()));
    }

    private void redirectToSSLSession(PfixServletRequest pfixServletRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession(true);
        this.LOGGER_SESSION.info("Get session III: " + session.getId());
        this.context.registerSession(httpServletRequest, session);
        this.LOG.debug("===> Redirecting to URL with session (Id: " + session.getId() + ")");
        session.setAttribute(STORED_REQUEST, pfixServletRequest);
        session.setAttribute(INITIAL_SESSION_CHECK, session.getId());
        session.setAttribute(SessionAdmin.SESSION_IS_SECURE, Boolean.TRUE);
        addSSLCookie(httpServletRequest, httpServletResponse);
        AbstractPustefixRequestHandler.relocate(httpServletResponse, SessionHelper.encodeURL("https", AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties()));
    }

    private void redirectToSecureSSLSession(PfixServletRequest pfixServletRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession(false);
        String str = (String) session.getAttribute(AbstractPustefixRequestHandler.VISIT_ID);
        this.LOG.debug("*** Saving session data...");
        HashMap hashMap = new HashMap();
        SessionHelper.saveSessionData(hashMap, session);
        SessionInfoStruct info = this.context.getSessionAdmin().getInfo(session);
        LinkedList<SessionInfoStruct.TrailElement> linkedList = new LinkedList<>();
        String id = session.getId();
        if (info != null) {
            linkedList = this.context.getSessionAdmin().getInfo(session).getTraillog();
        } else {
            this.LOG.warn("*** Infostruct == NULL ***");
        }
        this.LOG.debug("*** Invalidation old session (Id: " + id + ")");
        this.LOGGER_SESSION.info("Invalidate session III: " + session.getId());
        if (this.LOGGER_SESSION.isDebugEnabled()) {
            this.LOGGER_SESSION.debug(dumpRequest(httpServletRequest));
        }
        session.invalidate();
        HttpSession session2 = httpServletRequest.getSession(true);
        this.LOGGER_SESSION.info("Get session IV: " + session2.getId());
        session2.setAttribute(SessionAdmin.PARENT_SESS_ID, id);
        if (str != null) {
            this.context.getSessionAdmin().registerSession(session2, linkedList, info.getData().getServerName(), info.getData().getRemoteAddr());
        } else {
            this.context.registerSession(httpServletRequest, session2);
        }
        this.LOG.debug("*** Got new Session (Id: " + session2.getId() + ")");
        this.LOG.debug("*** Copying data back to new session");
        SessionHelper.copySessionData(hashMap, session2);
        this.LOG.debug("*** Setting SECURE flag");
        session2.setAttribute(SessionAdmin.SESSION_IS_SECURE, Boolean.TRUE);
        addSSLCookie(httpServletRequest, httpServletResponse);
        session2.setAttribute(STORED_REQUEST, pfixServletRequest);
        session2.setAttribute(INITIAL_SESSION_CHECK, session2.getId());
        this.LOG.debug("===> Redirecting to secure SSL URL with session (Id: " + session2.getId() + ")");
        AbstractPustefixRequestHandler.relocate(httpServletResponse, SessionHelper.encodeURL("https", AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties()));
    }

    private void forceRedirectBackToInsecureSSL(PfixServletRequest pfixServletRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String requestedSessionId = httpServletRequest.getRequestedSessionId();
        HttpSession session = httpServletRequest.getSession(true);
        this.LOGGER_SESSION.info("Get session V: " + session.getId());
        session.setAttribute(CHECK_FOR_RUNNING_SSL_SESSION, requestedSessionId);
        this.LOG.debug("*** Setting INSECURE flag in session (Id: " + session.getId() + ")");
        session.setAttribute(SessionAdmin.SESSION_IS_SECURE, Boolean.FALSE);
        session.setAttribute(STORED_REQUEST, pfixServletRequest);
        this.LOG.debug("===> Redirecting to SSL URL with session (Id: " + session.getId() + ")");
        AbstractPustefixRequestHandler.relocate(httpServletResponse, SessionHelper.encodeURL("https", AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties()));
    }

    private void forceNewSessionSameVisit(PfixServletRequest pfixServletRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession childSessionForParentId = this.context.getSessionAdmin().getChildSessionForParentId(httpServletRequest.getRequestedSessionId());
        String str = (String) childSessionForParentId.getAttribute(AbstractPustefixRequestHandler.VISIT_ID);
        HttpSession session = httpServletRequest.getSession(true);
        this.LOGGER_SESSION.info("Get session VI: " + session.getId());
        LinkedList<SessionInfoStruct.TrailElement> traillog = this.context.getSessionAdmin().getInfo(childSessionForParentId).getTraillog();
        session.setAttribute(AbstractPustefixRequestHandler.VISIT_ID, str);
        this.context.getSessionAdmin().registerSession(session, traillog, AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest.getRemoteAddr());
        this.LOG.debug("===> Redirecting with session (Id: " + session.getId() + ") using OLD VISIT_ID: " + str);
        session.setAttribute(STORED_REQUEST, pfixServletRequest);
        AbstractPustefixRequestHandler.relocate(httpServletResponse, SessionHelper.encodeURL(httpServletRequest.getScheme(), AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties()));
    }

    private static void addSSLCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(COOKIE_SESSION_SSL, "true");
        cookie.setMaxAge(-1);
        cookie.setPath(httpServletRequest.getContextPath().equals("") ? "/" : httpServletRequest.getContextPath());
        httpServletResponse.addCookie(cookie);
    }

    private static Cookie getCookie(Cookie[] cookieArr, String str) {
        if (cookieArr == null) {
            return null;
        }
        for (Cookie cookie : cookieArr) {
            if (cookie.getName().equals(str)) {
                return cookie;
            }
        }
        return null;
    }

    private static String dumpRequest(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        sb.append("\n");
        sb.append(httpServletRequest.getMethod()).append("|").append(httpServletRequest.getRequestURI()).append("|");
        sb.append(httpServletRequest.getQueryString() == null ? "-" : httpServletRequest.getQueryString()).append("|");
        sb.append(httpServletRequest.getRequestedSessionId()).append("|").append(httpServletRequest.getProtocol()).append("|");
        sb.append(httpServletRequest.getScheme()).append("|").append(httpServletRequest.getRemoteAddr()).append("|");
        sb.append(httpServletRequest.getServerName()).append("\n");
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            Enumeration headers = httpServletRequest.getHeaders(str);
            while (headers.hasMoreElements()) {
                sb.append(str).append(": ").append((String) headers.nextElement()).append("\n");
            }
        }
        return sb.toString();
    }
}
