package eu.cec.digit.ecas.client.resolver.session;

import eu.cec.digit.ecas.client.logging.Logger;
import eu.cec.digit.ecas.client.resolver.ExceptionVersion;
import eu.cec.digit.ecas.client.resolver.logging.LoggerFactory;
import java.io.Serializable;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.catalina.session.StandardSession;
import org.apache.catalina.session.StandardSessionFacade;

/* loaded from: input_file:eu/cec/digit/ecas/client/resolver/session/TomcatHttpSessionHandler.class */
public final class TomcatHttpSessionHandler extends AbstractHttpSessionHandler implements HttpSessionHandler, Serializable {
    private static final long serialVersionUID = 4382752925166583774L;
    private static final Logger LOG = LoggerFactory.getInstance().getLogger(TomcatHttpSessionHandler.class);

    @Override // eu.cec.digit.ecas.client.resolver.session.AbstractHttpSessionHandler, eu.cec.digit.ecas.client.resolver.session.HttpSessionHandler
    public HttpSession getExistingSession(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getSession(false);
    }

    private <T> T getField(StandardSession standardSession, String str) {
        try {
            Field declaredField = StandardSession.class.getDeclaredField(str);
            declaredField.setAccessible(true);
            return (T) declaredField.get(standardSession);
        } catch (IllegalAccessException e) {
            IllegalStateException illegalStateException = new IllegalStateException(e.getMessage());
            ExceptionVersion.initCause(illegalStateException, e);
            throw illegalStateException;
        } catch (NoSuchFieldException e2) {
            IllegalStateException illegalStateException2 = new IllegalStateException(e2.getMessage());
            ExceptionVersion.initCause(illegalStateException2, e2);
            throw illegalStateException2;
        }
    }

    private Long getLastAccessedTime(StandardSession standardSession) {
        return (Long) getField(standardSession, "lastAccessedTime");
    }

    private Integer getMaxInactiveInterval(StandardSession standardSession) {
        return (Integer) getField(standardSession, "maxInactiveInterval");
    }

    @Override // eu.cec.digit.ecas.client.resolver.session.AbstractHttpSessionHandler, eu.cec.digit.ecas.client.resolver.session.HttpSessionHandler
    public HttpSession getOrCreateSession(HttpServletRequest httpServletRequest) throws IllegalStateException {
        return httpServletRequest.getSession(true);
    }

    private HttpSession getRealSession(HttpSession httpSession) {
        try {
            Field declaredField = StandardSessionFacade.class.getDeclaredField("session");
            declaredField.setAccessible(true);
            return (HttpSession) declaredField.get((StandardSessionFacade) httpSession);
        } catch (IllegalAccessException e) {
            IllegalStateException illegalStateException = new IllegalStateException(e.getMessage());
            ExceptionVersion.initCause(illegalStateException, e);
            throw illegalStateException;
        } catch (NoSuchFieldException e2) {
            IllegalStateException illegalStateException2 = new IllegalStateException(e2.getMessage());
            ExceptionVersion.initCause(illegalStateException2, e2);
            throw illegalStateException2;
        }
    }

    private Long getThisAccessedTime(StandardSession standardSession) {
        return (Long) getField(standardSession, "thisAccessedTime");
    }

    private Boolean isExpiring(StandardSession standardSession) {
        return (Boolean) getField(standardSession, "expiring");
    }

    private Boolean isValid(StandardSession standardSession) {
        return (Boolean) getField(standardSession, "isValid");
    }

    private Boolean isValidInternal(StandardSession standardSession) {
        try {
            Method declaredMethod = StandardSession.class.getDeclaredMethod("isValidInternal", new Class[0]);
            declaredMethod.setAccessible(true);
            return (Boolean) declaredMethod.invoke(standardSession, new Object[0]);
        } catch (IllegalAccessException e) {
            IllegalStateException illegalStateException = new IllegalStateException(e.getMessage());
            ExceptionVersion.initCause(illegalStateException, e);
            throw illegalStateException;
        } catch (NoSuchMethodException e2) {
            IllegalStateException illegalStateException2 = new IllegalStateException(e2.getMessage());
            ExceptionVersion.initCause(illegalStateException2, e2);
            throw illegalStateException2;
        } catch (InvocationTargetException e3) {
            Throwable targetException = e3.getTargetException();
            IllegalStateException illegalStateException3 = new IllegalStateException(targetException.getMessage());
            ExceptionVersion.initCause(illegalStateException3, targetException);
            throw illegalStateException3;
        }
    }

    @Override // eu.cec.digit.ecas.client.resolver.session.AbstractHttpSessionHandler, eu.cec.digit.ecas.client.resolver.session.HttpSessionHandler
    public HttpSession renewSession(HttpServletRequest httpServletRequest, HttpSession httpSession) {
        if (httpSession.isNew()) {
            return httpSession;
        }
        String id = httpSession.getId();
        boolean isDebugEnabled = LOG.isDebugEnabled();
        Map copySessionAttributes = copySessionAttributes(httpSession);
        String str = null;
        if (isDebugEnabled) {
            str = httpSession.toString();
        }
        invalidateSession(httpSession);
        HttpSession orCreateSession = getOrCreateSession(httpServletRequest);
        synchronized (orCreateSession) {
            HttpSession realSession = getRealSession(orCreateSession);
            StandardSession standardSession = (StandardSession) realSession;
            synchronized (standardSession) {
                String id2 = orCreateSession.getId();
                if (isDebugEnabled) {
                    LOG.debug("Current request class: " + httpServletRequest.getClass().getName());
                    LOG.debug("Current request: " + httpServletRequest);
                    LOG.debug("Old session class: " + httpSession.getClass().getName());
                    LOG.debug("Old session: " + str);
                    HttpSession realSession2 = getRealSession(httpSession);
                    LOG.debug("Old Tomcat session: " + realSession2);
                    LOG.debug("Old Tomcat session identity: " + identityHashCodeString(realSession2));
                    LOG.debug("Old Tomcat session class: " + realSession2.getClass().getName());
                    LOG.debug("Current session class: " + orCreateSession.getClass().getName());
                    LOG.debug("Current session: " + orCreateSession);
                    LOG.debug("Current Tomcat session: " + realSession);
                    LOG.debug("Current Tomcat session identity: " + identityHashCodeString(realSession));
                    LOG.debug("Current Tomcat session class: " + realSession.getClass().getName());
                    Boolean isValid = isValid(standardSession);
                    Boolean isExpiring = isExpiring(standardSession);
                    LOG.debug("Current Tomcat session #isValid: " + isValid);
                    LOG.debug("Current Tomcat session #expiring: " + isExpiring);
                    LOG.debug("Current session #maxInactiveInterval(): " + getMaxInactiveInterval(standardSession));
                    LOG.debug("Current session #lastAccessedTime(): " + getLastAccessedTime(standardSession));
                    LOG.debug("Current session #thisAccessedTime(): " + getThisAccessedTime(standardSession));
                    LOG.debug("Current session #isNew(): " + orCreateSession.isNew());
                    LOG.debug("Old session ID: \"" + id + "\"");
                    LOG.debug("New session ID: \"" + id2 + "\"");
                    LOG.debug("request.getSession(false): \"" + httpServletRequest.getSession(false) + "\"");
                    LOG.debug("request.getSession(false).getId(): \"" + (null == httpServletRequest.getSession(false) ? "" : httpServletRequest.getSession(false).getId()) + "\"");
                    LOG.debug("Current Tomcat session #isValidInternal(): " + isValidInternal(standardSession));
                    LOG.debug("Current Tomcat session #isValid(): " + standardSession.isValid());
                }
                if (!orCreateSession.isNew()) {
                    if (LOG.isErrorEnabled()) {
                        LOG.error("This Servlet Container does not renew HttpSessions. Therefore all your applications are not adequately protected against session-fixation attacks! You should not use this Servlet Container for a production-grade application!");
                    }
                    throw new SecurityException("This Servlet Container does not renew HttpSessions. Therefore all your applications are not adequately protected against session-fixation attacks! You should not use this Servlet Container for a production-grade application!");
                }
                if (id.equals(id2)) {
                    if (LOG.isErrorEnabled()) {
                        LOG.error("This Servlet Container does not change the HttpSession ID when a new HttpSession is created. Therefore all your applications are not adequately protected against session-fixation attacks! You should not use this Servlet Container for a production-grade application!");
                    }
                    throw new SecurityException("This Servlet Container does not change the HttpSession ID when a new HttpSession is created. Therefore all your applications are not adequately protected against session-fixation attacks! You should not use this Servlet Container for a production-grade application!");
                }
                restoreSessionAttributes(copySessionAttributes, orCreateSession);
            }
        }
        return orCreateSession;
    }
}
