package org.pustefixframework.http;

import com.sun.mail.imap.IMAPStore;
import de.schlund.pfixxml.PfixServletRequest;
import de.schlund.pfixxml.PfixServletRequestImpl;
import de.schlund.pfixxml.serverutil.SessionAdmin;
import de.schlund.pfixxml.serverutil.SessionHelper;
import de.schlund.pfixxml.serverutil.SessionInfoStruct;
import de.schlund.pfixxml.util.CookieUtils;
import de.schlund.pfixxml.util.MD5Utils;
import java.io.IOException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.TreeSet;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;
import org.springframework.http.HttpHeaders;

/* loaded from: input_file:WEB-INF/lib/pustefix-core-0.20.3.jar:org/pustefixframework/http/URLRewriteSessionTrackingStrategy.class */
public class URLRewriteSessionTrackingStrategy implements SessionTrackingStrategy {
    private static Logger LOG;
    private static Logger LOGGER_SESSION;
    private static final String CHECK_FOR_RUNNING_SSL_SESSION = "__CHECK_FOR_RUNNING_SSL_SESSION__";
    private static final String COOKIE_VALUE_SEPARATOR = "_";
    private static final String COOKIE_VALUE_SEPARATOR_OLD = ":";
    private static final int MAX_PARALLEL_SEC_SESSIONS = 10;
    private static final String PARAM_FORCELOCAL = "__forcelocal";
    private static final String RAND_SESS_COOKIE_VALUE = "__RAND_SESS_COOKIE_VALUE__";
    private static final String SECURE_SESS_COOKIE = "__PFIX_SSC_";
    private static final String SECURE_SESS_COOKIE_OLD = "__PFIX_SEC_";
    private static final String SESSION_COOKIES_MARKER = "__COOKIES_USED_DURING_SESSION__";
    private static final String STORED_REQUEST = "__STORED_PFIXSERVLETREQUEST__";
    private static final String TEST_COOKIE = "__PFIX_TST_";
    private SessionTrackingStrategyContext context;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/pustefix-core-0.20.3.jar:org/pustefixframework/http/URLRewriteSessionTrackingStrategy$SortableCookie.class */
    public class SortableCookie implements Comparable<SortableCookie> {
        public final Cookie cookie;
        public final long lasttouch;
        static final /* synthetic */ boolean $assertionsDisabled;

        @Override // java.lang.Comparable
        public final int compareTo(SortableCookie sortableCookie) {
            if (sortableCookie.lasttouch > this.lasttouch) {
                return -1;
            }
            return sortableCookie.lasttouch < this.lasttouch ? 1 : 0;
        }

        public SortableCookie(Cookie cookie, long j) {
            this.cookie = cookie;
            this.lasttouch = j;
            if (!$assertionsDisabled && cookie == null) {
                throw new AssertionError("cookie argument must not be null");
            }
            if (!$assertionsDisabled && j <= 0) {
                throw new AssertionError("lasttouch argument must be > 0");
            }
        }

        static {
            $assertionsDisabled = !URLRewriteSessionTrackingStrategy.class.desiredAssertionStatus();
        }
    }

    @Override // org.pustefixframework.http.SessionTrackingStrategy
    public void init(SessionTrackingStrategyContext sessionTrackingStrategyContext) {
        this.context = sessionTrackingStrategyContext;
    }

    @Override // org.pustefixframework.http.SessionTrackingStrategy
    public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HttpSession httpSession = null;
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        Cookie[] cookies = CookieUtils.getCookies(httpServletRequest);
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (cookie.getName().equalsIgnoreCase(AbstractPustefixRequestHandler.getSessionCookieName(httpServletRequest))) {
                    cookie.setMaxAge(0);
                    cookie.setPath("/");
                    httpServletResponse.addCookie(cookie);
                    String str = httpServletRequest.getContextPath() + httpServletRequest.getServletPath();
                    if (httpServletRequest.getPathInfo() != null) {
                        str = str + httpServletRequest.getPathInfo();
                    }
                    int i = 0;
                    while (true) {
                        int indexOf = str.indexOf(47, i + 1);
                        i = indexOf;
                        if (indexOf <= -1) {
                            break;
                        }
                        cookie = (Cookie) cookie.clone();
                        cookie.setPath(str.substring(0, i));
                        httpServletResponse.addCookie(cookie);
                    }
                    if (str.length() > 0) {
                        Cookie cookie2 = (Cookie) cookie.clone();
                        cookie2.setPath(str);
                        httpServletResponse.addCookie(cookie2);
                    }
                }
            }
        } else {
            createTestCookie(httpServletRequest, httpServletResponse);
        }
        if (httpServletRequest.isRequestedSessionIdValid()) {
            httpSession = httpServletRequest.getSession(false);
            z = true;
            LOG.debug("*** Found valid session with ID " + httpSession.getId());
            boolean doCookieTest = doCookieTest(httpServletRequest, httpServletResponse, httpSession);
            Boolean bool = (Boolean) httpSession.getAttribute(SessionAdmin.SESSION_IS_SECURE);
            if (doCookieTest) {
                LOG.debug("*** Client uses cookies.");
            } else {
                LOG.debug("*** Client doesn't use cookies...");
                Boolean bool2 = (Boolean) httpSession.getAttribute(SESSION_COOKIES_MARKER);
                if (bool2 == null || !bool2.booleanValue()) {
                    LOG.debug("    ... and during the session cookies were DISABLED, too: Let's hope everything is OK...");
                } else {
                    LOG.debug("    ... but during the session cookies were already ENABLED: Will invalidate the session " + httpSession.getId());
                    LOGGER_SESSION.info("Invalidate session I: " + httpSession.getId() + dumpRequest(httpServletRequest));
                    SessionUtils.invalidate(httpSession);
                    z = false;
                }
            }
            if (z) {
                if (httpServletRequest.isSecure()) {
                    LOG.debug("*** Found running under SSL");
                    if (bool == null || !bool.booleanValue()) {
                        LOG.debug("    ... but session is insecure!");
                        z2 = true;
                    } else {
                        LOG.debug("    ... and session is secure.");
                        if (doCookieTest) {
                            LOG.debug("*** Client does cookies: Double checking SSL cookie for session ID");
                            String str2 = (String) httpSession.getAttribute(SECURE_SESS_COOKIE + MD5Utils.hex_md5(httpSession.getId()));
                            LOG.debug("*** Session expects to see the cookie value " + str2);
                            Cookie secureSessionCookie = getSecureSessionCookie(httpServletRequest, httpSession.getId());
                            cleanupCookies(httpServletRequest, httpServletResponse, secureSessionCookie);
                            if (secureSessionCookie != null) {
                                LOG.debug("*** Found a matching cookie ...");
                                String value = secureSessionCookie.getValue();
                                String substring = value.substring(value.indexOf("_") + 1);
                                if (substring.equals(str2)) {
                                    LOG.debug("   ... and the value is correct! (" + substring + ")");
                                    z3 = true;
                                    Cookie cookie3 = new Cookie(secureSessionCookie.getName(), System.currentTimeMillis() + "_" + substring);
                                    setCookiePath(httpServletRequest, cookie3);
                                    cookie3.setMaxAge(-1);
                                    cookie3.setSecure(true);
                                    httpServletResponse.addCookie(cookie3);
                                } else {
                                    LOG.debug("   ... but the value is WRONG!");
                                    LOG.error("*** Wrong Session-ID for running secure session from cookie. IP:" + httpServletRequest.getRemoteAddr() + " Cookie: " + secureSessionCookie.getValue() + " SessID: " + httpSession.getId());
                                    LOGGER_SESSION.info("Invalidate session II: " + httpSession.getId() + dumpRequest(httpServletRequest));
                                    SessionUtils.invalidate(httpSession);
                                    z = false;
                                }
                            } else {
                                LOG.debug("*** Found NO matching cookie at all, but client does cookies: ***");
                                LOG.error("*** NOSECSESSIDFROMCOOKIE: " + httpServletRequest.getRemoteAddr() + "|" + httpSession.getId() + "|" + httpServletRequest.getHeader(HttpHeaders.USER_AGENT) + "|" + httpServletRequest.getHeader(HttpHeaders.COOKIE));
                                LOGGER_SESSION.info("Invalidate session III: " + httpSession.getId() + dumpRequest(httpServletRequest));
                                SessionUtils.invalidate(httpSession);
                                z = false;
                            }
                        } else if (AbstractPustefixRequestHandler.checkClientIdentity(httpServletRequest)) {
                            z3 = true;
                        } else {
                            LOG.warn("Invalidate session " + httpSession.getId() + " because client identity changed!");
                            LOGGER_SESSION.info("Invalidate session IV: " + httpSession.getId() + dumpRequest(httpServletRequest));
                            SessionUtils.invalidate(httpSession);
                            z = false;
                        }
                    }
                } else if (bool != null && bool.booleanValue()) {
                    LOG.debug("*** Found secure session but NOT running under SSL => Destroying session.");
                    LOGGER_SESSION.info("Invalidate session V: " + httpSession.getId() + dumpRequest(httpServletRequest));
                    SessionUtils.invalidate(httpSession);
                    z = false;
                }
            }
        } else if (httpServletRequest.getRequestedSessionId() != null && this.context.wantsCheckSessionIdValid()) {
            LOG.debug("*** Found old and invalid session in request");
            if (httpServletRequest.isSecure() || !this.context.getSessionAdmin().idWasParentSession(httpServletRequest.getRequestedSessionId())) {
                String parameter = httpServletRequest.getParameter(PARAM_FORCELOCAL);
                if (parameter == null || !(parameter.equals("1") || parameter.equals("true") || parameter.equals(CustomBooleanEditor.VALUE_YES))) {
                    LOG.debug("    ... and __forcelocal is NOT set.");
                    redirectToClearedRequest(httpServletRequest, httpServletResponse);
                    return;
                }
                LOG.debug("    ... but found __forcelocal parameter to be set.");
            } else {
                LOG.debug("    ... but this session was the parent of a currently running secure session.");
                HttpSession childSessionForParentId = this.context.getSessionAdmin().getChildSessionForParentId(httpServletRequest.getRequestedSessionId());
                if (childSessionForParentId != null ? doCookieTest(httpServletRequest, httpServletResponse, childSessionForParentId) : false) {
                    LOG.debug("    ... client handles cookies, so we'll check if we can reuse the parent session.");
                    z4 = true;
                } else {
                    LOG.debug("    ... but can't reuse the secure session because the client doesn't handle cookies.");
                    z5 = true;
                }
            }
        }
        PfixServletRequest pfixServletRequest = null;
        if (z) {
            try {
                pfixServletRequest = (PfixServletRequest) httpSession.getAttribute(STORED_REQUEST);
                if (pfixServletRequest != null) {
                    LOG.debug("*** Found old PfixServletRequest object in session");
                    httpSession.removeAttribute(STORED_REQUEST);
                    pfixServletRequest.updateRequest(httpServletRequest);
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    pfixServletRequest.resetRequest();
                }
                throw th;
            }
        }
        if (pfixServletRequest == null) {
            LOG.debug("*** Creating PfixServletRequest object.");
            pfixServletRequest = new PfixServletRequestImpl(httpServletRequest, this.context.getServletManagerConfig().getProperties(), this.context);
        }
        if (z4 && this.context.allowSessionCreate()) {
            LOG.debug("=> I");
            forceRedirectBackToInsecureSSL(pfixServletRequest, httpServletRequest, httpServletResponse);
            if (pfixServletRequest != null) {
                pfixServletRequest.resetRequest();
                return;
            }
            return;
        }
        if (z5 && this.context.allowSessionCreate()) {
            LOG.debug("=> II");
            forceNewSessionSameVisit(pfixServletRequest, httpServletRequest, httpServletResponse);
            if (pfixServletRequest != null) {
                pfixServletRequest.resetRequest();
                return;
            }
            return;
        }
        if (z2) {
            LOG.debug("=> III");
            redirectToSecureSSLSession(pfixServletRequest, httpServletRequest, httpServletResponse);
            if (pfixServletRequest != null) {
                pfixServletRequest.resetRequest();
                return;
            }
            return;
        }
        if (this.context.needsSession() && this.context.allowSessionCreate() && this.context.needsSSL(pfixServletRequest) && !z3) {
            LOG.debug("=> IV");
            redirectToInsecureSSLSession(pfixServletRequest, httpServletRequest, httpServletResponse);
            if (pfixServletRequest != null) {
                pfixServletRequest.resetRequest();
                return;
            }
            return;
        }
        if (!z && this.context.needsSession() && this.context.allowSessionCreate() && !this.context.needsSSL(pfixServletRequest)) {
            LOG.debug("=> V");
            redirectToSession(pfixServletRequest, httpServletRequest, httpServletResponse);
            if (pfixServletRequest != null) {
                pfixServletRequest.resetRequest();
                return;
            }
            return;
        }
        if (!z && !this.context.needsSession() && this.context.needsSSL(pfixServletRequest) && !httpServletRequest.isSecure()) {
            LOG.debug("=> VI");
            redirectToSSL(httpServletRequest, httpServletResponse);
            if (pfixServletRequest != null) {
                pfixServletRequest.resetRequest();
                return;
            }
            return;
        }
        LOG.debug("*** >>> End of redirection management, handling request now.... <<< ***\n");
        createTestCookie(httpServletRequest, httpServletResponse);
        this.context.callProcess(pfixServletRequest, httpServletRequest, httpServletResponse);
        if (pfixServletRequest != null) {
            pfixServletRequest.resetRequest();
        }
    }

    private boolean doCookieTest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) {
        if (httpSession == null) {
            httpSession = httpServletRequest.getSession(false);
        }
        if (httpSession == null) {
            return false;
        }
        LOG.debug("*** Testing for marked session...");
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            cookies = CookieUtils.getCookies(httpServletRequest);
            if (cookies != null) {
                String id = httpSession.getId();
                String header = httpServletRequest.getHeader(HttpHeaders.USER_AGENT);
                if (header == null) {
                    header = "-";
                }
                LOG.warn("COOKIE_LOSS_WORKAROUND|" + id + "|" + header + "|" + httpServletRequest.getHeader(HttpHeaders.COOKIE));
            }
        }
        boolean z = false;
        Boolean bool = (Boolean) httpSession.getAttribute(SESSION_COOKIES_MARKER);
        if (bool == null || !bool.booleanValue()) {
            LOG.debug("    ...session is NOT already marked as using cookies!");
        } else {
            z = true;
            LOG.debug("    ...session is already marked as using cookies, looking for ANY test cookie...");
        }
        String str = (String) httpSession.getAttribute(RAND_SESS_COOKIE_VALUE);
        if (str == null) {
            return false;
        }
        LOG.debug("*** Testing for cookie __PFIX_TST_...");
        if (cookies == null) {
            return false;
        }
        int i = 0;
        while (true) {
            if (i >= cookies.length) {
                break;
            }
            Cookie cookie = cookies[i];
            if (!cookie.getName().equals(TEST_COOKIE)) {
                i++;
            } else {
                if (z) {
                    LOG.debug("    ... found it, no need to check the value (because session is marked).");
                    return true;
                }
                LOG.debug("    ... found it, checking value " + str);
                if (cookie.getValue().equals(str)) {
                    LOG.debug("    ... value matches! Marking session...");
                    httpSession.setAttribute(SESSION_COOKIES_MARKER, Boolean.TRUE);
                    return true;
                }
                LOG.debug("    ... value is WRONG.");
            }
        }
        LOG.debug("*** Client sends cookies, but not our test cookie! ***");
        return false;
    }

    private void redirectToClearedRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        LOG.debug("===> Redirecting to cleared Request URL");
        AbstractPustefixRequestHandler.relocate(httpServletResponse, 301, SessionHelper.getClearedURL(httpServletRequest.getScheme(), AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties()));
    }

    private void redirectToSSL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        LOG.debug("===> Redirecting to session-less request URL under SSL");
        AbstractPustefixRequestHandler.relocate(httpServletResponse, SessionHelper.getClearedURL("https", AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties()));
    }

    private void redirectToInsecureSSLSession(PfixServletRequest pfixServletRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession(true);
        AbstractPustefixRequestHandler.storeClientIdentity(httpServletRequest);
        this.context.registerSession(httpServletRequest, session);
        LOG.debug("*** Setting INSECURE flag in session (Id: " + session.getId() + ")");
        session.setAttribute(SessionAdmin.SESSION_IS_SECURE, Boolean.FALSE);
        session.setAttribute(STORED_REQUEST, pfixServletRequest);
        createTestCookie(httpServletRequest, httpServletResponse);
        LOG.debug("===> Redirecting to insecure SSL URL with session (Id: " + session.getId() + ")");
        AbstractPustefixRequestHandler.relocate(httpServletResponse, SessionHelper.encodeURL("https", AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties()));
    }

    private void redirectToSession(PfixServletRequest pfixServletRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession(true);
        AbstractPustefixRequestHandler.storeClientIdentity(httpServletRequest);
        this.context.registerSession(httpServletRequest, session);
        createTestCookie(httpServletRequest, httpServletResponse);
        LOG.debug("===> Redirecting to URL with session (Id: " + session.getId() + ")");
        session.setAttribute(STORED_REQUEST, pfixServletRequest);
        AbstractPustefixRequestHandler.relocate(httpServletResponse, SessionHelper.encodeURL(httpServletRequest.getScheme(), AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties()));
    }

    private void redirectToSecureSSLSession(PfixServletRequest pfixServletRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession(false);
        String str = (String) session.getAttribute(AbstractPustefixRequestHandler.VISIT_ID);
        String str2 = (String) session.getAttribute(CHECK_FOR_RUNNING_SSL_SESSION);
        if (str2 != null && !str2.equals("")) {
            LOG.debug("*** The current insecure SSL session says to check for a already running SSL session for reuse");
            HttpSession childSessionForParentId = this.context.getSessionAdmin().getChildSessionForParentId(str2);
            if (childSessionForParentId != null) {
                String id = childSessionForParentId.getId();
                String str3 = (String) childSessionForParentId.getAttribute(SECURE_SESS_COOKIE + MD5Utils.hex_md5(id));
                LOG.debug("*** We have found a candidate: SessionId=" + id + " now search for cookie...");
                LOG.debug("*** Session expects to see the cookie value " + str3);
                Cookie secureSessionCookie = getSecureSessionCookie(httpServletRequest, id);
                if (secureSessionCookie != null) {
                    LOG.debug("*** Found a matching cookie ...");
                    String value = secureSessionCookie.getValue();
                    String substring = value.substring(value.indexOf("_") + 1);
                    if (substring.equals(str3)) {
                        LOG.debug("   ... and the value is correct! (" + substring + ")");
                        LOG.debug("==> Redirecting to the secure SSL URL with the already running secure session " + id);
                        AbstractPustefixRequestHandler.relocate(httpServletResponse, SessionHelper.encodeURL("https", AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, id, this.context.getServletManagerConfig().getProperties()));
                        return;
                    }
                    LOG.debug("   ... but the value is WRONG!");
                    LOG.error("Wrong Session-ID for running secure session from cookie.");
                } else {
                    LOG.debug("*** NO matching SecureSessionCookie (not even a wrong one...)");
                }
            }
        }
        LOG.debug("*** Saving session data...");
        HashMap hashMap = new HashMap();
        SessionHelper.saveSessionData(hashMap, session);
        SessionInfoStruct info = this.context.getSessionAdmin().getInfo(session);
        LinkedList<SessionInfoStruct.TrailElement> linkedList = new LinkedList<>();
        String id2 = session.getId();
        if (info != null) {
            linkedList = this.context.getSessionAdmin().getInfo(session).getTraillog();
        } else {
            LOG.warn("*** Infostruct == NULL ***");
        }
        LOG.debug("*** Invalidation old session (Id: " + id2 + ")");
        LOGGER_SESSION.info("Invalidate session VI: " + session.getId() + dumpRequest(httpServletRequest));
        SessionUtils.invalidate(session);
        HttpSession session2 = httpServletRequest.getSession(true);
        AbstractPustefixRequestHandler.storeClientIdentity(httpServletRequest);
        session2.setAttribute(SessionAdmin.PARENT_SESS_ID, id2);
        if (str != null) {
            this.context.getSessionAdmin().registerSession(session2, linkedList, info.getData().getServerName(), info.getData().getRemoteAddr());
        } else {
            this.context.registerSession(httpServletRequest, session2);
        }
        LOG.debug("*** Got new Session (Id: " + session2.getId() + ")");
        LOG.debug("*** Copying data back to new session");
        SessionHelper.copySessionData(hashMap, session2);
        LOG.debug("*** Setting SECURE flag");
        session2.setAttribute(SessionAdmin.SESSION_IS_SECURE, Boolean.TRUE);
        session2.setAttribute(STORED_REQUEST, pfixServletRequest);
        Cookie secureSessionCookie2 = getSecureSessionCookie(httpServletRequest, session2.getId());
        if (secureSessionCookie2 != null) {
            setCookiePath(httpServletRequest, secureSessionCookie2);
            secureSessionCookie2.setMaxAge(0);
            secureSessionCookie2.setSecure(true);
            httpServletResponse.addCookie(secureSessionCookie2);
        }
        String hexString = Long.toHexString((long) (Math.random() * 9.223372036854776E18d));
        LOG.debug("*** Secure Test-ID used in session and cookie: " + hexString);
        String hex_md5 = MD5Utils.hex_md5(session2.getId());
        session2.setAttribute(SECURE_SESS_COOKIE + hex_md5, hexString);
        Cookie cookie = new Cookie(SECURE_SESS_COOKIE + hex_md5, System.currentTimeMillis() + "_" + hexString);
        setCookiePath(httpServletRequest, cookie);
        cookie.setMaxAge(-1);
        cookie.setSecure(true);
        httpServletResponse.addCookie(cookie);
        createTestCookie(httpServletRequest, httpServletResponse);
        LOG.debug("===> Redirecting to secure SSL URL with session (Id: " + session2.getId() + ")");
        AbstractPustefixRequestHandler.relocate(httpServletResponse, SessionHelper.encodeURL("https", AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties()));
    }

    private void cleanupCookies(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Cookie cookie) {
        int indexOf;
        HttpSession session = httpServletRequest.getSession(false);
        if (!$assertionsDisabled && session == null) {
            throw new AssertionError("session can't be null here...");
        }
        Long valueOf = Long.valueOf(System.currentTimeMillis() - (IMAPStore.RESPONSE * session.getMaxInactiveInterval()));
        if (!$assertionsDisabled && valueOf.longValue() <= 0) {
            throw new AssertionError("timeout can't be negative...");
        }
        Cookie[] cookies = CookieUtils.getCookies(httpServletRequest);
        if (cookies == null || cookies.length <= 0) {
            return;
        }
        TreeSet treeSet = new TreeSet();
        for (Cookie cookie2 : cookies) {
            boolean startsWith = cookie2.getName().startsWith(SECURE_SESS_COOKIE);
            boolean startsWith2 = startsWith ? false : cookie2.getName().startsWith(SECURE_SESS_COOKIE_OLD);
            if ((startsWith || startsWith2) && (cookie == null || !cookie2.getName().equals(cookie.getName()))) {
                String value = cookie2.getValue();
                if (startsWith) {
                    indexOf = value.indexOf("_");
                } else {
                    indexOf = value.indexOf(":");
                    if (indexOf == -1) {
                        indexOf = value.length();
                    }
                }
                try {
                    long parseLong = Long.parseLong(value.substring(0, indexOf));
                    treeSet.add(new SortableCookie(cookie2, parseLong));
                    LOG.debug("~~~ Adding cookie " + parseLong + "->" + cookie2.getName());
                } catch (NumberFormatException e) {
                    setCookiePath(httpServletRequest, cookie2);
                    cookie2.setMaxAge(0);
                    cookie2.setSecure(true);
                    httpServletResponse.addCookie(cookie2);
                }
            }
        }
        int i = 0;
        int size = treeSet.size();
        Iterator it = treeSet.iterator();
        while (it.hasNext()) {
            SortableCookie sortableCookie = (SortableCookie) it.next();
            Cookie cookie3 = sortableCookie.cookie;
            long j = sortableCookie.lasttouch;
            LOG.debug("--- Checking cookie " + i + "->" + j + "->" + cookie3.getName());
            if (i <= size - 10) {
                LOG.debug("   -> removing cookie because number of secure session cookies too high");
                cookie3.setMaxAge(0);
                cookie3.setSecure(true);
                setCookiePath(httpServletRequest, cookie3);
                httpServletResponse.addCookie(cookie3);
            } else {
                if (j >= valueOf.longValue()) {
                    return;
                }
                LOG.debug("   -> removing cookie because timestamp too old");
                cookie3.setMaxAge(0);
                cookie3.setSecure(true);
                setCookiePath(httpServletRequest, cookie3);
                httpServletResponse.addCookie(cookie3);
            }
            i++;
        }
    }

    private void forceRedirectBackToInsecureSSL(PfixServletRequest pfixServletRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String requestedSessionId = httpServletRequest.getRequestedSessionId();
        HttpSession session = httpServletRequest.getSession(true);
        AbstractPustefixRequestHandler.storeClientIdentity(httpServletRequest);
        session.setAttribute(CHECK_FOR_RUNNING_SSL_SESSION, requestedSessionId);
        LOG.debug("*** Setting INSECURE flag in session (Id: " + session.getId() + ")");
        session.setAttribute(SessionAdmin.SESSION_IS_SECURE, Boolean.FALSE);
        session.setAttribute(STORED_REQUEST, pfixServletRequest);
        String str = (String) this.context.getSessionAdmin().getChildSessionForParentId(requestedSessionId).getAttribute(RAND_SESS_COOKIE_VALUE);
        if (str == null || str.equals("")) {
            createTestCookie(httpServletRequest, httpServletResponse);
        } else {
            session.setAttribute(RAND_SESS_COOKIE_VALUE, str);
        }
        LOG.debug("===> Redirecting to SSL URL with session (Id: " + session.getId() + ")");
        AbstractPustefixRequestHandler.relocate(httpServletResponse, SessionHelper.encodeURL("https", AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties()));
    }

    private void forceNewSessionSameVisit(PfixServletRequest pfixServletRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession childSessionForParentId = this.context.getSessionAdmin().getChildSessionForParentId(httpServletRequest.getRequestedSessionId());
        String str = (String) childSessionForParentId.getAttribute(AbstractPustefixRequestHandler.VISIT_ID);
        HttpSession session = httpServletRequest.getSession(true);
        AbstractPustefixRequestHandler.storeClientIdentity(httpServletRequest);
        String str2 = (String) childSessionForParentId.getAttribute(RAND_SESS_COOKIE_VALUE);
        if (str2 == null || str2.equals("")) {
            createTestCookie(httpServletRequest, httpServletResponse);
        } else {
            session.setAttribute(RAND_SESS_COOKIE_VALUE, str2);
        }
        LinkedList<SessionInfoStruct.TrailElement> traillog = this.context.getSessionAdmin().getInfo(childSessionForParentId).getTraillog();
        session.setAttribute(AbstractPustefixRequestHandler.VISIT_ID, str);
        this.context.getSessionAdmin().registerSession(session, traillog, AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest.getRemoteAddr());
        LOG.debug("===> Redirecting with session (Id: " + session.getId() + ") using OLD VISIT_ID: " + str);
        session.setAttribute(STORED_REQUEST, pfixServletRequest);
        AbstractPustefixRequestHandler.relocate(httpServletResponse, SessionHelper.encodeURL(httpServletRequest.getScheme(), AbstractPustefixRequestHandler.getServerName(httpServletRequest), httpServletRequest, this.context.getServletManagerConfig().getProperties()));
    }

    private boolean createTestCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return false;
        }
        String str = (String) session.getAttribute(RAND_SESS_COOKIE_VALUE);
        if (str != null) {
            LOG.debug("*** Already found a test cookie value in session: " + str);
        } else {
            str = Long.toHexString((long) (Math.random() * 9.223372036854776E18d));
            LOG.debug("*** Creating a random test cookie value: " + str);
        }
        Cookie cookie = new Cookie(TEST_COOKIE, str);
        setCookiePath(httpServletRequest, cookie);
        httpServletResponse.addCookie(cookie);
        session.setAttribute(RAND_SESS_COOKIE_VALUE, str);
        return true;
    }

    private Cookie getSecureSessionCookie(HttpServletRequest httpServletRequest, String str) {
        Cookie[] cookies = CookieUtils.getCookies(httpServletRequest);
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(SECURE_SESS_COOKIE + MD5Utils.hex_md5(str))) {
                return cookie;
            }
        }
        return null;
    }

    private static String dumpRequest(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        sb.append("\n");
        sb.append(httpServletRequest.getMethod()).append("|").append(httpServletRequest.getRequestURI()).append("|");
        sb.append(httpServletRequest.getQueryString() == null ? "-" : httpServletRequest.getQueryString()).append("|");
        sb.append(httpServletRequest.getRequestedSessionId()).append("|").append(httpServletRequest.getProtocol()).append("|");
        sb.append(httpServletRequest.getScheme()).append("|").append(httpServletRequest.getRemoteAddr()).append("|");
        sb.append(httpServletRequest.getServerName()).append("\n");
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            Enumeration headers = httpServletRequest.getHeaders(str);
            while (headers.hasMoreElements()) {
                sb.append(str).append(": ").append((String) headers.nextElement()).append("\n");
            }
        }
        return sb.toString();
    }

    private void setCookiePath(HttpServletRequest httpServletRequest, Cookie cookie) {
        if (httpServletRequest.getContextPath().length() > 0) {
            cookie.setPath(httpServletRequest.getContextPath());
        } else {
            cookie.setPath("/");
        }
    }

    static {
        $assertionsDisabled = !URLRewriteSessionTrackingStrategy.class.desiredAssertionStatus();
        LOG = Logger.getLogger(URLRewriteSessionTrackingStrategy.class);
        LOGGER_SESSION = Logger.getLogger("LOGGER_SESSION");
    }
}
