package org.webswing.server.common.service.security.impl;

import com.google.inject.Singleton;
import java.util.concurrent.ExecutionException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.webswing.Constants;
import org.webswing.server.common.service.security.SecurableService;
import org.webswing.server.common.service.security.SecurityManagerService;
import org.webswing.server.common.util.ServerUtil;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/webswing-server-common-20.2.1.jar:org/webswing/server/common/service/security/impl/SecurityManagerServiceImpl.class
 */
@Singleton
/* loaded from: input_file:WEB-INF/swing-lib/webswing-server-common-20.2.1.jar:org/webswing/server/common/service/security/impl/SecurityManagerServiceImpl.class */
public class SecurityManagerServiceImpl implements SecurityManagerService {
    private static final Logger log = LoggerFactory.getLogger(SecurityManagerServiceImpl.class);

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/webswing-server-common-20.2.1.jar:org/webswing/server/common/service/security/impl/SecurityManagerServiceImpl$SessionlessHttpServletRequestWrapper.class
     */
    /* loaded from: input_file:WEB-INF/swing-lib/webswing-server-common-20.2.1.jar:org/webswing/server/common/service/security/impl/SecurityManagerServiceImpl$SessionlessHttpServletRequestWrapper.class */
    public static class SessionlessHttpServletRequestWrapper extends HttpServletRequestWrapper {
        public SessionlessHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
            super(httpServletRequest);
        }

        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
        public HttpSession getSession() {
            throw new UnsupportedOperationException("Session storage is not supported.");
        }

        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
        public HttpSession getSession(boolean z) {
            throw new UnsupportedOperationException("Session storage is not supported.");
        }
    }

    @Override // org.webswing.server.common.service.security.SecurityManagerService
    public Object secure(SecurableService securableService, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        WebswingSecuritySubject buildFrom = WebswingSecuritySubject.buildFrom(new SessionlessHttpServletRequestWrapper(httpServletRequest));
        checkIPAddress(httpServletRequest, buildFrom);
        try {
            return buildFrom.execute(() -> {
                return securableService.secureServe(httpServletRequest, httpServletResponse);
            });
        } catch (ExecutionException e) {
            log.error("Failed to execute secured handler.", (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    private void checkIPAddress(HttpServletRequest httpServletRequest, WebswingSecuritySubject webswingSecuritySubject) {
        if (Boolean.getBoolean(Constants.LINK_COOKIE_TO_IP) && !StringUtils.equals(ServerUtil.getClientIp(httpServletRequest), webswingSecuritySubject.getHost())) {
            throw new RuntimeException("IP address does not match Session host!");
        }
    }
}
