package org.broadleafcommerce.profile.web.core.security;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import javax.annotation.Resource;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.broadleafcommerce.common.encryption.EncryptionModule;
import org.broadleafcommerce.common.security.RandomGenerator;
import org.broadleafcommerce.common.security.util.CookieUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

@Component("blSessionFixationProtectionFilter")
/* loaded from: input_file:org/broadleafcommerce/profile/web/core/security/SessionFixationProtectionFilter.class */
public class SessionFixationProtectionFilter extends GenericFilterBean {
    private static final Log LOG = LogFactory.getLog(SessionFixationProtectionFilter.class);
    protected static final String SESSION_ATTR = "SFP-ActiveID";

    @Resource(name = "blSessionFixationEncryptionModule")
    protected EncryptionModule encryptionModule;

    @Resource(name = "blCookieUtils")
    protected CookieUtils cookieUtils;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession(false);
        if (SecurityContextHolder.getContext() == null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
        String str = (String) session.getAttribute(SESSION_ATTR);
        if (StringUtils.isNotBlank(str) && httpServletRequest.isSecure()) {
            if (!str.equals(this.encryptionModule.decrypt(this.cookieUtils.getCookieValue(httpServletRequest, SessionFixationProtectionCookie.COOKIE_NAME)))) {
                abortUser(httpServletRequest, httpServletResponse);
                LOG.info("Session has been terminated. ActiveID did not match expected value.");
                return;
            }
        } else if (httpServletRequest.isSecure()) {
            try {
                String generateRandomId = RandomGenerator.generateRandomId("SHA1PRNG", 32);
                String encrypt = this.encryptionModule.encrypt(generateRandomId);
                session.setAttribute(SESSION_ATTR, generateRandomId);
                this.cookieUtils.setCookieValue(httpServletResponse, SessionFixationProtectionCookie.COOKIE_NAME, encrypt, "/", -1, true);
            } catch (NoSuchAlgorithmException e) {
                throw new ServletException(e);
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    protected void abortUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        SecurityContextHolder.clearContext();
        this.cookieUtils.invalidateCookie(httpServletResponse, SessionFixationProtectionCookie.COOKIE_NAME);
        this.cookieUtils.setCookieValue(httpServletResponse, "JSESSIONID", "-1", "/", 0, false);
        httpServletResponse.sendRedirect("/");
    }
}
