package org.apereo.cas.web.support;

import com.google.common.base.Splitter;
import java.io.Serializable;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.configuration.model.support.cookie.CookieProperties;
import org.apereo.cas.util.HttpRequestUtils;
import org.apereo.inspektr.common.web.ClientInfo;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-cookie-api-5.3.9.jar:org/apereo/cas/web/support/DefaultCasCookieValueManager.class */
public class DefaultCasCookieValueManager extends EncryptedCookieValueManager {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultCasCookieValueManager.class);
    private static final char COOKIE_FIELD_SEPARATOR = '@';
    private static final int COOKIE_FIELDS_LENGTH = 3;
    private final CookieProperties cookieProperties;

    public DefaultCasCookieValueManager(CipherExecutor<Serializable, Serializable> cipherExecutor, CookieProperties cookieProperties) {
        super(cipherExecutor);
        this.cookieProperties = cookieProperties;
    }

    @Override // org.apereo.cas.web.support.EncryptedCookieValueManager
    protected String buildCompoundCookieValue(String str, HttpServletRequest httpServletRequest) {
        ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
        StringBuilder sb = new StringBuilder(str);
        if (this.cookieProperties.isPinToSession()) {
            sb.append('@').append(clientInfo.getClientIpAddress());
            String httpServletRequestUserAgent = HttpRequestUtils.getHttpServletRequestUserAgent(httpServletRequest);
            if (StringUtils.isBlank(httpServletRequestUserAgent)) {
                throw new IllegalStateException("Request does not specify a user-agent");
            }
            sb.append('@').append(httpServletRequestUserAgent);
        } else {
            LOGGER.debug("Cookie session-pinning is disabled");
        }
        return sb.toString();
    }

    @Override // org.apereo.cas.web.support.EncryptedCookieValueManager
    protected String obtainValueFromCompoundCookie(String str, HttpServletRequest httpServletRequest) {
        List<String> splitToList = Splitter.on(String.valueOf('@')).splitToList(str);
        if (splitToList.isEmpty()) {
            throw new IllegalStateException("Invalid empty cookie");
        }
        String str2 = splitToList.get(0);
        if (!this.cookieProperties.isPinToSession()) {
            LOGGER.debug("Cookie session-pinning is disabled. Returning cookie value as it was provided");
            return str2;
        }
        if (splitToList.size() != 3) {
            throw new IllegalStateException("Invalid cookie. Required fields are missing");
        }
        String str3 = splitToList.get(1);
        String str4 = splitToList.get(2);
        if (StringUtils.isBlank(str2) || StringUtils.isBlank(str3) || StringUtils.isBlank(str4)) {
            throw new IllegalStateException("Invalid cookie. Required fields are empty");
        }
        ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
        if (!str3.equals(clientInfo.getClientIpAddress())) {
            throw new IllegalStateException("Invalid cookie. Required remote address " + str3 + " does not match " + clientInfo.getClientIpAddress());
        }
        String httpServletRequestUserAgent = HttpRequestUtils.getHttpServletRequestUserAgent(httpServletRequest);
        if (str4.equals(httpServletRequestUserAgent)) {
            return str2;
        }
        throw new IllegalStateException("Invalid cookie. Required user-agent " + str4 + " does not match " + httpServletRequestUserAgent);
    }
}
