package org.cloudfoundry.identity.uaa.authentication;

import java.io.IOException;
import java.util.Date;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.12.0.jar:org/cloudfoundry/identity/uaa/authentication/SessionResetFilter.class */
public class SessionResetFilter extends OncePerRequestFilter {
    private static Log logger = LogFactory.getLog(SessionResetFilter.class);
    private final RedirectStrategy strategy;
    private final String redirectUrl;
    private final UaaUserDatabase userDatabase;

    public SessionResetFilter(RedirectStrategy redirectStrategy, String str, UaaUserDatabase uaaUserDatabase) {
        this.strategy = redirectStrategy;
        this.redirectUrl = str;
        this.userDatabase = uaaUserDatabase;
    }

    public String getRedirectUrl() {
        return this.redirectUrl;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        SecurityContext context = SecurityContextHolder.getContext();
        if (context != null && context.getAuthentication() != null && (context.getAuthentication() instanceof UaaAuthentication)) {
            UaaAuthentication uaaAuthentication = (UaaAuthentication) context.getAuthentication();
            if (uaaAuthentication.isAuthenticated() && OriginKeys.UAA.equals(uaaAuthentication.getPrincipal().getOrigin()) && null != httpServletRequest.getSession(false)) {
                boolean z = false;
                String id = uaaAuthentication.getPrincipal().getId();
                try {
                    logger.debug("Evaluating user-id for session reset:" + id);
                    Date passwordLastModified = this.userDatabase.retrieveUserById(id).getPasswordLastModified();
                    if (passwordLastModified != null) {
                        long authenticatedTime = uaaAuthentication.getAuthenticatedTime();
                        long time = passwordLastModified.getTime();
                        if (hasPasswordChangedAfterAuthentication(authenticatedTime, time)) {
                            logger.debug(String.format("Resetting user session for user ID: %s Auth Time: %s Password Change Time: %s", id, Long.valueOf(authenticatedTime), Long.valueOf(time)));
                            z = true;
                        }
                    }
                } catch (UsernameNotFoundException e) {
                    logger.info("Authenticated user [" + id + "] was not found in DB.");
                    z = true;
                }
                if (z) {
                    handleRedirect(httpServletRequest, httpServletResponse);
                    return;
                }
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    protected boolean hasPasswordChangedAfterAuthentication(long j, long j2) {
        return j2 > j;
    }

    protected void handleRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            session.invalidate();
        }
        this.strategy.sendRedirect(httpServletRequest, httpServletResponse, getRedirectUrl());
    }
}
