package com.atlassian.bamboo.filter;

import com.atlassian.bamboo.Bamboo;
import com.atlassian.bamboo.util.Narrow;
import com.atlassian.bamboo.utils.Pair;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/atlassian/bamboo/filter/SessionExpiryFilter.class */
public class SessionExpiryFilter implements Filter {
    public static final String USER_ACTION_HEADER = "Bamboo-User-Action";
    private static final String LAST_ACCESS_TIME_ATTRIBUTE = "Bamboo-Last-Access-Time";
    private static final Logger log = Logger.getLogger(SessionExpiryFilter.class);
    private static List<Pair<String, String>> BLACKLISTED = new ArrayList();

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Narrow.downTo(servletRequest, HttpServletRequest.class);
        if (httpServletRequest != null) {
            HttpSession session = httpServletRequest.getSession(true);
            if (shouldInvalidateSession(httpServletRequest, session)) {
                logout(servletRequest, session);
            } else if (shouldUpdateLastAccessTime(httpServletRequest)) {
                session.setAttribute(LAST_ACCESS_TIME_ATTRIBUTE, new Date());
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void logout(ServletRequest servletRequest, HttpSession httpSession) {
        Bamboo bamboo = (Bamboo) Narrow.downTo(servletRequest.getServletContext().getAttribute("com.atlassian.bamboo.Bamboo"), Bamboo.class);
        if (bamboo != null) {
            bamboo.getSessionManager().logout(httpSession.getId());
        }
        httpSession.invalidate();
    }

    private boolean shouldUpdateLastAccessTime(@NotNull HttpServletRequest httpServletRequest) {
        boolean z = true;
        String header = httpServletRequest.getHeader(USER_ACTION_HEADER);
        if (StringUtils.isEmpty(header)) {
            if (isBlackListed(httpServletRequest.getServletPath(), httpServletRequest.getMethod())) {
                z = false;
            }
        } else if ("false".equalsIgnoreCase(header)) {
            z = false;
        }
        return z;
    }

    private boolean isBlackListed(String str, String str2) {
        for (Pair<String, String> pair : BLACKLISTED) {
            if (str.startsWith((String) pair.first) && ((String) pair.second).equals(str2)) {
                return true;
            }
        }
        return false;
    }

    private boolean shouldInvalidateSession(HttpServletRequest httpServletRequest, HttpSession httpSession) {
        Date date;
        Object attribute = httpSession.getAttribute(LAST_ACCESS_TIME_ATTRIBUTE);
        if (attribute == null || (date = (Date) Narrow.downTo(attribute, Date.class)) == null || !isSessionExpired(httpSession, date)) {
            return false;
        }
        log.info("Session is invalidated for user " + httpServletRequest.getUserPrincipal() + " as last access time was " + date);
        return true;
    }

    private boolean isSessionExpired(@NotNull HttpSession httpSession, @NotNull Date date) {
        return date.getTime() + TimeUnit.SECONDS.toMillis((long) httpSession.getMaxInactiveInterval()) < new Date().getTime();
    }

    public void destroy() {
    }

    static {
        BLACKLISTED.add(Pair.make("/rest/", "GET"));
        BLACKLISTED.add(Pair.make("/rest/analytics", "POST"));
        BLACKLISTED.add(Pair.make("/ajax/", "GET"));
        BLACKLISTED.add(Pair.make("/chain/admin/ajax", "GET"));
    }
}
