package com.almis.awe.session;

import com.almis.awe.model.component.AweSession;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.session.Session;
import org.springframework.session.web.http.CookieSerializer;
import org.springframework.session.web.http.HttpSessionStrategy;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/awe-controller-4.1.4.jar:com/almis/awe/session/AweHttpSessionStrategy.class */
public class AweHttpSessionStrategy implements HttpSessionStrategy {
    private static final String DEFAULT_DELIMITER = "|";
    private static final String SESSION_IDS_WRITTEN_ATTR = AweHttpSessionStrategy.class.getName().concat(".SESSIONS_WRITTEN_ATTR");
    private CookieSerializer cookieSerializer;
    private String deserializationDelimiter = DEFAULT_DELIMITER;
    private String serializationDelimiter = DEFAULT_DELIMITER;

    @Autowired
    public AweHttpSessionStrategy(CookieSerializer cookieSerializer) {
        this.cookieSerializer = cookieSerializer;
    }

    public String getRequestedSessionId(HttpServletRequest httpServletRequest) {
        return getCurrentSessionAlias(httpServletRequest, null);
    }

    public String getCurrentSessionAlias(HttpServletRequest httpServletRequest, AweSession aweSession) {
        return getConnectionId(httpServletRequest, aweSession);
    }

    public String getNewSessionAlias(HttpServletRequest httpServletRequest) {
        return getConnectionId(httpServletRequest, null);
    }

    public void onNewSession(Session session, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (httpServletRequest.isRequestedSessionIdValid()) {
            onInvalidateSession(httpServletRequest, httpServletResponse);
            return;
        }
        AweSession aweSession = (AweSession) session.getAttribute("scopedTarget.aweSession");
        Set<String> sessionIdsWritten = getSessionIdsWritten(httpServletRequest);
        String currentSessionAlias = getCurrentSessionAlias(httpServletRequest, aweSession);
        String authorizationHeader = getAuthorizationHeader(httpServletRequest);
        if (currentSessionAlias == null || sessionIdsWritten.contains(session.getId())) {
            return;
        }
        Set<String> sessionIds = getSessionIds(httpServletRequest);
        if (authorizationHeader.equalsIgnoreCase(currentSessionAlias) && sessionIds.contains(currentSessionAlias)) {
            return;
        }
        sessionIdsWritten.remove(authorizationHeader);
        sessionIds.remove(authorizationHeader);
        if (aweSession.isAuthenticated()) {
            sessionIdsWritten.add(currentSessionAlias);
            sessionIds.add(currentSessionAlias);
            this.cookieSerializer.writeCookieValue(new CookieSerializer.CookieValue(httpServletRequest, httpServletResponse, createSessionCookieValue(sessionIds)));
        }
    }

    private Set<String> getSessionIdsWritten(HttpServletRequest httpServletRequest) {
        Set<String> set = (Set) httpServletRequest.getAttribute(SESSION_IDS_WRITTEN_ATTR);
        if (set == null) {
            set = new HashSet();
            httpServletRequest.setAttribute(SESSION_IDS_WRITTEN_ATTR, set);
        }
        return set;
    }

    private String createSessionCookieValue(Set<String> set) {
        return StringUtils.join(set, this.serializationDelimiter);
    }

    public void onInvalidateSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Set<String> sessionIds = getSessionIds(httpServletRequest);
        sessionIds.remove(getCurrentSessionAlias(httpServletRequest, null));
        this.cookieSerializer.writeCookieValue(new CookieSerializer.CookieValue(httpServletRequest, httpServletResponse, createSessionCookieValue(sessionIds)));
    }

    public void setCookieSerializer(CookieSerializer cookieSerializer) {
        Assert.notNull(cookieSerializer, "cookieSerializer cannot be null");
        this.cookieSerializer = cookieSerializer;
    }

    public void setDeserializationDelimiter(String str) {
        this.deserializationDelimiter = str;
    }

    public void setSerializationDelimiter(String str) {
        this.serializationDelimiter = str;
    }

    public Set<String> getSessionIds(HttpServletRequest httpServletRequest) {
        List readCookieValues = this.cookieSerializer.readCookieValues(httpServletRequest);
        String str = readCookieValues.isEmpty() ? "" : (String) readCookieValues.iterator().next();
        HashSet hashSet = new HashSet();
        StringTokenizer stringTokenizer = new StringTokenizer(str, this.deserializationDelimiter);
        while (stringTokenizer.hasMoreTokens()) {
            hashSet.add(stringTokenizer.nextToken());
        }
        return hashSet;
    }

    public String getConnectionId(HttpServletRequest httpServletRequest, AweSession aweSession) {
        return (aweSession == null || !aweSession.isAuthenticated()) ? getAuthorizationHeader(httpServletRequest) : httpServletRequest.getSession().getId();
    }

    public String getAuthorizationHeader(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader("Authorization");
    }
}
