package com.atlassian.refapp.auth.internal;

import com.atlassian.refapp.auth.external.WebSudoSessionManager;
import com.google.common.annotations.VisibleForTesting;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-auth-plugin-5.1.2.jar:com/atlassian/refapp/auth/internal/DefaultWebSudoSessionManager.class */
public class DefaultWebSudoSessionManager implements WebSudoSessionManager {
    private static final long DEFAULT_EXPIRY_MILLIS = TimeUnit.SECONDS.toMillis(600);
    private static final String WEBSUDO_SESSION_KEY = DefaultWebSudoSessionManager.class.getName() + "-session";

    @VisibleForTesting
    protected static final String WEB_SUDO_CHECKING_DISABLED_PROPERTY = "atlassian.refapp.websudo.disabled";

    @Override // com.atlassian.refapp.auth.external.WebSudoSessionManager
    public boolean isWebSudoSession(HttpServletRequest httpServletRequest) {
        Long l;
        if (Boolean.getBoolean(WEB_SUDO_CHECKING_DISABLED_PROPERTY)) {
            return true;
        }
        HttpSession session = httpServletRequest.getSession(false);
        return (null == session || null == (l = (Long) session.getAttribute(WEBSUDO_SESSION_KEY)) || l.longValue() < currentTimeMillis() - DEFAULT_EXPIRY_MILLIS) ? false : true;
    }

    @Override // com.atlassian.refapp.auth.external.WebSudoSessionManager
    public void createWebSudoSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(true);
        if (null == session) {
            throw new SecurityException("Unable to create a WebSudo session.");
        }
        session.setAttribute(WEBSUDO_SESSION_KEY, Long.valueOf(currentTimeMillis()));
    }

    @Override // com.atlassian.refapp.auth.external.WebSudoSessionManager
    public void removeWebSudoSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (null == session) {
            return;
        }
        session.removeAttribute(WEBSUDO_SESSION_KEY);
    }

    long currentTimeMillis() {
        return System.currentTimeMillis();
    }
}
