package org.acegisecurity.context;

import java.io.IOException;
import java.lang.reflect.Method;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
import org.springframework.util.ReflectionUtils;

/* loaded from: classes.dex */
public class HttpSessionContextIntegrationFilter implements InitializingBean, Filter {
    public static final String ACEGI_SECURITY_CONTEXT_KEY = "ACEGI_SECURITY_CONTEXT";
    static final String FILTER_APPLIED = "__acegi_session_integration_filter_applied";
    static /* synthetic */ Class class$java$lang$Cloneable;
    static /* synthetic */ Class class$org$acegisecurity$context$HttpSessionContextIntegrationFilter;
    static /* synthetic */ Class class$org$acegisecurity$context$SecurityContext;
    static /* synthetic */ Class class$org$acegisecurity$context$SecurityContextImpl;
    protected static final Log logger;
    private boolean allowSessionCreation;
    private boolean cloneFromHttpSession;
    private Class context;
    private Object contextObject;
    private boolean forceEagerSessionCreation;

    static {
        Class cls;
        if (class$org$acegisecurity$context$HttpSessionContextIntegrationFilter == null) {
            cls = class$("org.acegisecurity.context.HttpSessionContextIntegrationFilter");
            class$org$acegisecurity$context$HttpSessionContextIntegrationFilter = cls;
        } else {
            cls = class$org$acegisecurity$context$HttpSessionContextIntegrationFilter;
        }
        logger = LogFactory.getLog(cls);
    }

    public HttpSessionContextIntegrationFilter() throws ServletException {
        Class cls;
        if (class$org$acegisecurity$context$SecurityContextImpl == null) {
            cls = class$("org.acegisecurity.context.SecurityContextImpl");
            class$org$acegisecurity$context$SecurityContextImpl = cls;
        } else {
            cls = class$org$acegisecurity$context$SecurityContextImpl;
        }
        this.context = cls;
        this.allowSessionCreation = true;
        this.forceEagerSessionCreation = false;
        this.cloneFromHttpSession = false;
        this.contextObject = generateNewContext();
    }

    static /* synthetic */ Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    public void afterPropertiesSet() throws Exception {
        Class cls;
        if (this.context != null) {
            if (class$org$acegisecurity$context$SecurityContext == null) {
                cls = class$("org.acegisecurity.context.SecurityContext");
                class$org$acegisecurity$context$SecurityContext = cls;
            } else {
                cls = class$org$acegisecurity$context$SecurityContext;
            }
            if (cls.isAssignableFrom(this.context)) {
                if (this.forceEagerSessionCreation && !this.allowSessionCreation) {
                    throw new IllegalArgumentException("If using forceEagerSessionCreation, you must set allowSessionCreation to also be true");
                }
                return;
            }
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("context must be defined and implement SecurityContext (typically use org.acegisecurity.context.SecurityContextImpl; existing class is ");
        stringBuffer.append(this.context);
        stringBuffer.append(")");
        throw new IllegalArgumentException(stringBuffer.toString());
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        boolean z;
        HttpSession httpSession;
        boolean z2;
        HttpSession httpSession2;
        HttpSession httpSession3;
        Class cls;
        if (servletRequest != null && servletRequest.getAttribute(FILTER_APPLIED) != null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (servletRequest != null) {
            servletRequest.setAttribute(FILTER_APPLIED, Boolean.TRUE);
            z = true;
        } else {
            z = false;
        }
        try {
            httpSession = ((HttpServletRequest) servletRequest).getSession(this.forceEagerSessionCreation);
        } catch (IllegalStateException unused) {
            httpSession = null;
        }
        if (httpSession != null) {
            Object attribute = httpSession.getAttribute(ACEGI_SECURITY_CONTEXT_KEY);
            if (attribute != null) {
                if (this.cloneFromHttpSession) {
                    if (class$java$lang$Cloneable == null) {
                        cls = class$("java.lang.Cloneable");
                        class$java$lang$Cloneable = cls;
                    } else {
                        cls = class$java$lang$Cloneable;
                    }
                    Assert.isInstanceOf(cls, attribute, "Context must implement Clonable and provide a Object.clone() method");
                    try {
                        Method method = attribute.getClass().getMethod("clone", new Class[0]);
                        if (!method.isAccessible()) {
                            method.setAccessible(true);
                        }
                        attribute = method.invoke(attribute, new Object[0]);
                    } catch (Exception e) {
                        ReflectionUtils.handleReflectionException(e);
                    }
                }
                if (attribute instanceof SecurityContext) {
                    if (logger.isDebugEnabled()) {
                        Log log = logger;
                        StringBuffer stringBuffer = new StringBuffer();
                        stringBuffer.append("Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: '");
                        stringBuffer.append(attribute);
                        stringBuffer.append("'");
                        log.debug(stringBuffer.toString());
                    }
                    SecurityContextHolder.setContext((SecurityContext) attribute);
                } else {
                    if (logger.isWarnEnabled()) {
                        Log log2 = logger;
                        StringBuffer stringBuffer2 = new StringBuffer();
                        stringBuffer2.append("ACEGI_SECURITY_CONTEXT did not contain a SecurityContext but contained: '");
                        stringBuffer2.append(attribute);
                        stringBuffer2.append("'; are you improperly modifying the HttpSession directly ");
                        stringBuffer2.append("(you should always use SecurityContextHolder) or using the HttpSession attribute ");
                        stringBuffer2.append("reserved for this class? - new SecurityContext instance associated with ");
                        stringBuffer2.append("SecurityContextHolder");
                        log2.warn(stringBuffer2.toString());
                    }
                    SecurityContextHolder.setContext(generateNewContext());
                }
            } else {
                if (logger.isDebugEnabled()) {
                    logger.debug("HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new SecurityContext instance associated with SecurityContextHolder");
                }
                SecurityContextHolder.setContext(generateNewContext());
            }
            z2 = true;
        } else {
            if (logger.isDebugEnabled()) {
                logger.debug("No HttpSession currently exists - new SecurityContext instance associated with SecurityContextHolder");
            }
            SecurityContextHolder.setContext(generateNewContext());
            z2 = false;
        }
        int hashCode = SecurityContextHolder.getContext().hashCode();
        try {
            try {
                try {
                    filterChain.doFilter(servletRequest, servletResponse);
                    try {
                        httpSession3 = ((HttpServletRequest) servletRequest).getSession(false);
                    } catch (IllegalStateException unused2) {
                        httpSession3 = null;
                    }
                    if (httpSession3 == null && z2 && logger.isDebugEnabled()) {
                        logger.debug("HttpSession is now null, but was not null at start of request; session was invalidated, so do not create a new session");
                    }
                    if (httpSession3 == null && !z2) {
                        if (this.allowSessionCreation) {
                            if (!this.contextObject.equals(SecurityContextHolder.getContext())) {
                                if (logger.isDebugEnabled()) {
                                    logger.debug("HttpSession being created as SecurityContextHolder contents are non-default");
                                }
                                try {
                                    httpSession3 = ((HttpServletRequest) servletRequest).getSession(true);
                                } catch (IllegalStateException unused3) {
                                }
                            } else if (logger.isDebugEnabled()) {
                                Log log3 = logger;
                                StringBuffer stringBuffer3 = new StringBuffer();
                                stringBuffer3.append("HttpSession is null, but SecurityContextHolder has not changed from default: ' ");
                                stringBuffer3.append(SecurityContextHolder.getContext());
                                stringBuffer3.append("'; not creating HttpSession or storing SecurityContextHolder contents");
                                log3.debug(stringBuffer3.toString());
                            }
                        } else if (logger.isDebugEnabled()) {
                            logger.debug("The HttpSession is currently null, and the HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession (because the allowSessionCreation property is false) - SecurityContext thus not stored for next request");
                        }
                    }
                    if (httpSession3 != null && SecurityContextHolder.getContext().hashCode() != hashCode) {
                        httpSession3.setAttribute(ACEGI_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
                        if (logger.isDebugEnabled()) {
                            Log log4 = logger;
                            StringBuffer stringBuffer4 = new StringBuffer();
                            stringBuffer4.append("SecurityContext stored to HttpSession: '");
                            stringBuffer4.append(SecurityContextHolder.getContext());
                            stringBuffer4.append("'");
                            log4.debug(stringBuffer4.toString());
                        }
                    }
                    if (z) {
                        servletRequest.removeAttribute(FILTER_APPLIED);
                    }
                    SecurityContextHolder.clearContext();
                    if (logger.isDebugEnabled()) {
                        logger.debug("SecurityContextHolder set to new context, as request processing completed");
                    }
                } catch (IOException e2) {
                    throw e2;
                }
            } catch (Throwable th) {
                try {
                    httpSession2 = ((HttpServletRequest) servletRequest).getSession(false);
                } catch (IllegalStateException unused4) {
                    httpSession2 = null;
                }
                if (httpSession2 == null && z2 && logger.isDebugEnabled()) {
                    logger.debug("HttpSession is now null, but was not null at start of request; session was invalidated, so do not create a new session");
                }
                if (httpSession2 == null && !z2) {
                    if (this.allowSessionCreation) {
                        if (!this.contextObject.equals(SecurityContextHolder.getContext())) {
                            if (logger.isDebugEnabled()) {
                                logger.debug("HttpSession being created as SecurityContextHolder contents are non-default");
                            }
                            try {
                                httpSession2 = ((HttpServletRequest) servletRequest).getSession(true);
                            } catch (IllegalStateException unused5) {
                            }
                        } else if (logger.isDebugEnabled()) {
                            Log log5 = logger;
                            StringBuffer stringBuffer5 = new StringBuffer();
                            stringBuffer5.append("HttpSession is null, but SecurityContextHolder has not changed from default: ' ");
                            stringBuffer5.append(SecurityContextHolder.getContext());
                            stringBuffer5.append("'; not creating HttpSession or storing SecurityContextHolder contents");
                            log5.debug(stringBuffer5.toString());
                        }
                    } else if (logger.isDebugEnabled()) {
                        logger.debug("The HttpSession is currently null, and the HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession (because the allowSessionCreation property is false) - SecurityContext thus not stored for next request");
                    }
                }
                if (httpSession2 != null && SecurityContextHolder.getContext().hashCode() != hashCode) {
                    httpSession2.setAttribute(ACEGI_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
                    if (logger.isDebugEnabled()) {
                        Log log6 = logger;
                        StringBuffer stringBuffer6 = new StringBuffer();
                        stringBuffer6.append("SecurityContext stored to HttpSession: '");
                        stringBuffer6.append(SecurityContextHolder.getContext());
                        stringBuffer6.append("'");
                        log6.debug(stringBuffer6.toString());
                    }
                }
                if (z) {
                    servletRequest.removeAttribute(FILTER_APPLIED);
                }
                SecurityContextHolder.clearContext();
                if (!logger.isDebugEnabled()) {
                    throw th;
                }
                logger.debug("SecurityContextHolder set to new context, as request processing completed");
                throw th;
            }
        } catch (ServletException e3) {
            throw e3;
        }
    }

    public SecurityContext generateNewContext() throws ServletException {
        try {
            return (SecurityContext) this.context.newInstance();
        } catch (IllegalAccessException e) {
            throw new ServletException(e);
        } catch (InstantiationException e2) {
            throw new ServletException(e2);
        }
    }

    public Class getContext() {
        return this.context;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public boolean isAllowSessionCreation() {
        return this.allowSessionCreation;
    }

    public boolean isCloneFromHttpSession() {
        return this.cloneFromHttpSession;
    }

    public boolean isForceEagerSessionCreation() {
        return this.forceEagerSessionCreation;
    }

    public void setAllowSessionCreation(boolean z) {
        this.allowSessionCreation = z;
    }

    public void setCloneFromHttpSession(boolean z) {
        this.cloneFromHttpSession = z;
    }

    public void setContext(Class cls) {
        this.context = cls;
    }

    public void setForceEagerSessionCreation(boolean z) {
        this.forceEagerSessionCreation = z;
    }
}
