package org.webswing.server.services.security;

import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.session.InvalidSessionException;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.SessionKey;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.session.mgt.WebSessionKey;
import org.webswing.server.util.ServerUtil;

/* loaded from: input_file:org/webswing/server/services/security/WebswingWebSessionManager.class */
public class WebswingWebSessionManager extends DefaultWebSessionManager {
    private static final String WEBSWING_SESSION_ID = "WebswingSessionId";

    public WebswingWebSessionManager() {
        SimpleCookie simpleCookie = new SimpleCookie(WEBSWING_SESSION_ID + System.getProperty("webswing.proxyContextPath", "").replaceAll("[^A-Za-z0-9]", "_"));
        simpleCookie.setHttpOnly(true);
        simpleCookie.setSecure(Boolean.getBoolean("webswing.httpsOnly"));
        setSessionIdCookie(simpleCookie);
    }

    protected void validate(Session session, SessionKey sessionKey) throws InvalidSessionException {
        super.validate(session, sessionKey);
        if (Boolean.getBoolean("webswing.linkCookieToIpAddress") && (sessionKey instanceof WebSessionKey)) {
            WebSessionKey webSessionKey = (WebSessionKey) sessionKey;
            if (!(webSessionKey.getServletRequest() instanceof HttpServletRequest) || StringUtils.equals(ServerUtil.getClientIp(webSessionKey.getServletRequest()), session.getHost())) {
                return;
            }
            InvalidSessionException invalidSessionException = new InvalidSessionException("IP address does not match Session host.");
            onInvalidation(session, invalidSessionException, sessionKey);
            throw invalidSessionException;
        }
    }
}
