package com.atlassian.multitenant.servlet;

import com.atlassian.multitenant.MultiTenantContext;
import com.atlassian.multitenant.Tenant;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;

/* loaded from: input_file:WEB-INF/lib/multitenant-core-1.0-m14.jar:com/atlassian/multitenant/servlet/MultiTenantServletFilter.class */
public class MultiTenantServletFilter implements Filter {
    private static final Logger log = Logger.getLogger(MultiTenantServletFilter.class);
    public static final String TENANT_SESSION_KEY = "multitenant.tenant";

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public static String getTenantName(HttpSession httpSession) throws IllegalStateException {
        Object attribute = httpSession.getAttribute(TENANT_SESSION_KEY);
        if (attribute == null) {
            throw new IllegalStateException("No tenant found in session.");
        }
        return (String) attribute;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Tenant systemTenant = MultiTenantContext.getManager().isSingleTenantMode() ? MultiTenantContext.getSystemTenant() : MultiTenantContext.getMatcher().getTenantForRequest((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse);
        if (systemTenant == null) {
            httpServletResponse.sendError(404, "No tenant found to handle request, please check your hostname");
            return;
        }
        HttpSession session = ((HttpServletRequest) servletRequest).getSession(false);
        if (session != null) {
            String str = (String) session.getAttribute(TENANT_SESSION_KEY);
            if (str == null) {
                log.warn("Session found without a tenant, is the MultiTenantSessionListener configured? If not, this instance is vulnerable to session fixation.");
                session.setAttribute(TENANT_SESSION_KEY, systemTenant.getName());
            } else if (!str.equals(systemTenant.getName())) {
                session.invalidate();
                httpServletResponse.sendError(403, "This session was already associated with another tenant");
                return;
            }
        }
        MultiTenantContext.getTenantReference().set(systemTenant, false);
        try {
            filterChain.doFilter(servletRequest, servletResponse);
            MultiTenantContext.getTenantReference().remove();
        } catch (Throwable th) {
            MultiTenantContext.getTenantReference().remove();
            throw th;
        }
    }

    public void destroy() {
    }
}
