package org.eaglei.ui.gwt.security.server;

import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.eaglei.ui.gwt.rpc.InvalidSessionIdException;

/* loaded from: input_file:WEB-INF/lib/eagle-i-ui-gwt-1.2-MS2.00.jar:org/eaglei/ui/gwt/security/server/SessionManager.class */
public class SessionManager {
    private static final HashMap<String, Long> mapSessionIdToLastUse = new HashMap<>();
    private static final Log logger = LogFactory.getLog(SessionManager.class.getName());
    private static final String SYSTEM_USERNAME = System.getProperty("org.eaglei.search.username");
    private static final String SYSTEM_PASSWORD = System.getProperty("org.eaglei.search.password");
    public static final long EXPIRE_TIME = 1800000;

    private static boolean allowHttpLogin() {
        String property = System.getProperty("allow.http.login");
        return property != null && Boolean.parseBoolean(property);
    }

    public static void checkHttps(HttpServletRequest httpServletRequest) throws InvalidSessionIdException {
        if (!"https".equals(httpServletRequest.getScheme()) && !allowHttpLogin()) {
            throw new InvalidSessionIdException("https required");
        }
    }

    public static void authenticate(String str, String str2) throws InvalidSessionIdException {
        if (SYSTEM_USERNAME != null && !SYSTEM_USERNAME.equals(str)) {
            throw new InvalidSessionIdException("Invalid username/password.");
        }
        if (SYSTEM_PASSWORD != null && !SYSTEM_PASSWORD.equals(str2)) {
            throw new InvalidSessionIdException("Invalid username/password.");
        }
    }

    public static String addSession(HttpServletResponse httpServletResponse) {
        removeExpiredSessions();
        byte[] bArr = new byte[20];
        new SecureRandom().nextBytes(bArr);
        String valueOf = String.valueOf(bArr);
        synchronized (SessionManager.class) {
            mapSessionIdToLastUse.put(valueOf, Long.valueOf(System.currentTimeMillis()));
        }
        logger.info("addSession: " + valueOf);
        Cookie cookie = new Cookie("SearchLogSID", valueOf);
        if (!allowHttpLogin()) {
            cookie.setSecure(true);
        }
        httpServletResponse.addCookie(cookie);
        return valueOf;
    }

    public static void removeSession(HttpServletRequest httpServletRequest) {
        try {
            removeSession(getSessionIdFromCookie(httpServletRequest));
        } catch (InvalidSessionIdException e) {
        }
    }

    public static synchronized void removeSession(String str) {
        if (str != null) {
            mapSessionIdToLastUse.remove(str);
            logger.info("removed session: " + str);
        }
    }

    public static synchronized List<String> removeExpiredSessions() {
        ArrayList arrayList = new ArrayList();
        for (String str : mapSessionIdToLastUse.keySet()) {
            if (mapSessionIdToLastUse.get(str).longValue() + EXPIRE_TIME < System.currentTimeMillis()) {
                arrayList.add(str);
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            removeSession((String) it.next());
        }
        return arrayList;
    }

    public static void validate(HttpServletRequest httpServletRequest) throws InvalidSessionIdException {
        checkHttps(httpServletRequest);
        validate(getSessionIdFromCookie(httpServletRequest));
    }

    public static synchronized void validate(String str) throws InvalidSessionIdException {
        if (str == null) {
            if (SYSTEM_USERNAME != null || SYSTEM_PASSWORD != null) {
                throw new InvalidSessionIdException("Session id is required");
            }
        } else {
            if (mapSessionIdToLastUse.get(str) == null) {
                throw new InvalidSessionIdException("Session expired");
            }
            mapSessionIdToLastUse.put(str, Long.valueOf(System.currentTimeMillis()));
        }
    }

    private static String getSessionIdFromCookie(HttpServletRequest httpServletRequest) throws InvalidSessionIdException {
        for (Cookie cookie : httpServletRequest.getCookies()) {
            if ("SearchLogSID".equals(cookie.getName())) {
                return cookie.getValue();
            }
        }
        throw new InvalidSessionIdException("Could not authenticate");
    }
}
