package com.atlassian.confluence.security.websudo;

import com.atlassian.confluence.core.ConfluenceSystemProperties;
import com.atlassian.confluence.setup.settings.SettingsManager;
import com.atlassian.confluence.user.AuthenticatorOverwrite;
import com.atlassian.confluence.web.ResponseHeaderNames;
import com.google.common.base.Preconditions;
import com.opensymphony.xwork.Action;
import java.lang.reflect.Method;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/atlassian/confluence/security/websudo/DefaultWebSudoManager.class */
public class DefaultWebSudoManager implements WebSudoManager {
    private final SettingsManager settingsManager;
    private static final String URL_AUTHENTICATE = "/authenticate.action";
    private static final String URL_ADMIN = "/admin/";
    private static final String SESSION_TIMESTAMP = "confluence.websudo.timestamp";
    private static final String REQUEST_ATTRIBUTE = "confluence.websudo.request";
    private static final String REQUIRE_AUTHENTICATION = "Require-Authentication";
    private static final String HAS_AUTHENTICATION = "Has-Authentication";

    public DefaultWebSudoManager(SettingsManager settingsManager) {
        this.settingsManager = settingsManager;
    }

    @Override // com.atlassian.confluence.security.websudo.WebSudoManager
    public boolean isEnabled() {
        return (ConfluenceSystemProperties.isDevMode() || !this.settingsManager.getGlobalSettings().getWebSudoEnabled() || AuthenticatorOverwrite.isPasswordConfirmationDisabled()) ? false : true;
    }

    @Override // com.atlassian.confluence.security.websudo.WebSudoManager
    public boolean matches(String str, Class<? extends Action> cls, Method method) {
        if (str.startsWith(URL_AUTHENTICATE)) {
            return false;
        }
        return str.startsWith(URL_ADMIN) ? method.getAnnotation(com.atlassian.sal.api.websudo.WebSudoNotRequired.class) == null && method.getAnnotation(WebSudoNotRequired.class) == null && cls.getAnnotation(com.atlassian.sal.api.websudo.WebSudoNotRequired.class) == null && cls.getAnnotation(WebSudoNotRequired.class) == null && cls.getPackage().getAnnotation(com.atlassian.sal.api.websudo.WebSudoNotRequired.class) == null : (method.getAnnotation(com.atlassian.sal.api.websudo.WebSudoRequired.class) == null && method.getAnnotation(WebSudoRequired.class) == null && cls.getAnnotation(com.atlassian.sal.api.websudo.WebSudoRequired.class) == null && cls.getAnnotation(WebSudoRequired.class) == null && cls.getPackage().getAnnotation(com.atlassian.sal.api.websudo.WebSudoRequired.class) == null) ? false : true;
    }

    @Override // com.atlassian.confluence.security.websudo.WebSudoManager
    public boolean hasValidSession(HttpSession httpSession) {
        if (null == httpSession) {
            return false;
        }
        long webSudoTimeout = this.settingsManager.getGlobalSettings().getWebSudoTimeout();
        Long l = (Long) httpSession.getAttribute(SESSION_TIMESTAMP);
        return l != null && l.longValue() >= currentTimeMillis() - ((webSudoTimeout * 60) * 1000);
    }

    @Override // com.atlassian.confluence.security.websudo.WebSudoManager
    public void startSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Preconditions.checkNotNull(httpServletRequest);
        Preconditions.checkNotNull(httpServletResponse);
        httpServletRequest.getSession(true).setAttribute(SESSION_TIMESTAMP, Long.valueOf(currentTimeMillis()));
        markWebSudoRequest(httpServletRequest);
        httpServletResponse.setHeader(ResponseHeaderNames.WEBSUDO, HAS_AUTHENTICATION);
    }

    @Override // com.atlassian.confluence.security.websudo.WebSudoManager
    public void markWebSudoRequest(HttpServletRequest httpServletRequest) {
        if (null == httpServletRequest) {
            return;
        }
        httpServletRequest.setAttribute(REQUEST_ATTRIBUTE, Boolean.TRUE);
    }

    @Override // com.atlassian.confluence.security.websudo.WebSudoManager
    public boolean isWebSudoRequest(HttpServletRequest httpServletRequest) {
        return null != httpServletRequest && Boolean.TRUE.equals(httpServletRequest.getAttribute(REQUEST_ATTRIBUTE));
    }

    @Override // com.atlassian.confluence.security.websudo.WebSudoManager
    public void invalidateSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = null != httpServletRequest ? httpServletRequest.getSession(false) : null;
        if (null != session) {
            session.removeAttribute(SESSION_TIMESTAMP);
        }
        httpServletResponse.setHeader(ResponseHeaderNames.WEBSUDO, REQUIRE_AUTHENTICATION);
    }

    long currentTimeMillis() {
        return System.currentTimeMillis();
    }
}
