package com.atlassian.labs.botkiller;

import com.atlassian.sal.api.user.UserManager;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/labs/botkiller/BotKiller.class */
public class BotKiller {
    private static final Logger log = LoggerFactory.getLogger(BotKiller.class);
    private static final String SYSTEM_PROPERTY_BASE = BotKiller.class.getName() + ".";
    private static final int DEFAULT_ANONYMOUS_LOW_INACTIVE_TIMEOUT = 60;
    private static final int DEFAULT_USER_LOW_INACTIVE_TIMEOUT = 600;
    private static final int DEFAULT_ANONYMOUS_ACTIVE_TIMEOUT = 3600;
    private final UserManager userManager;
    private final int anonymousLowInactiveTimeout;
    private final int userLowInactiveTimeout;
    private final int anonymousActiveTimeout;
    private final int minimumTimeout;

    public BotKiller(UserManager userManager) {
        this(userManager, Integer.getInteger(SYSTEM_PROPERTY_BASE + "anonymousLowInactiveTimeout", DEFAULT_ANONYMOUS_LOW_INACTIVE_TIMEOUT).intValue(), Integer.getInteger(SYSTEM_PROPERTY_BASE + "userLowInactiveTimeout", DEFAULT_USER_LOW_INACTIVE_TIMEOUT).intValue(), Integer.getInteger(SYSTEM_PROPERTY_BASE + "anonymousActiveTimeout", DEFAULT_ANONYMOUS_ACTIVE_TIMEOUT).intValue());
    }

    public BotKiller(UserManager userManager, int i, int i2, int i3) {
        this.userManager = userManager;
        this.anonymousLowInactiveTimeout = i;
        this.userLowInactiveTimeout = i2;
        this.anonymousActiveTimeout = i3;
        this.minimumTimeout = Math.min(i, Math.min(i2, i3));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void processRequest(HttpServletRequest httpServletRequest) {
        try {
            HttpSession session = httpServletRequest.getSession(false);
            if (session == null) {
                return;
            }
            fiddleWithSession(httpServletRequest, session);
        } catch (IllegalStateException e) {
        }
    }

    private void fiddleWithSession(HttpServletRequest httpServletRequest, HttpSession httpSession) throws IllegalStateException {
        Integer num = (Integer) httpSession.getAttribute(BotKiller.class.getName());
        if (num == null) {
            Integer valueOf = Integer.valueOf(httpSession.getMaxInactiveInterval());
            if (valueOf.intValue() <= this.minimumTimeout) {
                return;
            }
            httpSession.setAttribute(BotKiller.class.getName(), valueOf);
            int min = Math.min(thereIsAUserInPlay(httpServletRequest) ? this.userLowInactiveTimeout : this.anonymousLowInactiveTimeout, valueOf.intValue());
            httpSession.setMaxInactiveInterval(min);
            if (log.isDebugEnabled()) {
                log.debug("Lowering session inactivity timeout to " + min);
                return;
            }
            return;
        }
        if (httpSession.getMaxInactiveInterval() != num.intValue()) {
            if (thereIsAUserInPlay(httpServletRequest)) {
                httpSession.setMaxInactiveInterval(num.intValue());
                if (log.isDebugEnabled()) {
                    log.debug("Upping session inactivity timeout to " + num);
                    return;
                }
                return;
            }
            httpSession.setMaxInactiveInterval(Math.min(num.intValue(), this.anonymousActiveTimeout));
            if (log.isDebugEnabled()) {
                log.debug("Lowering session inactivity timeout to " + this.anonymousActiveTimeout + " for repeated anonymous request");
            }
        }
    }

    private boolean thereIsAUserInPlay(HttpServletRequest httpServletRequest) {
        try {
            if (this.userManager.getRemoteUsername(httpServletRequest) != null) {
                return true;
            }
            return httpServletRequest.getRemoteUser() != null;
        } catch (Exception e) {
            log.error("Error occurred when figuring out if the session has a user, assuming there is no user.", e);
            return false;
        }
    }
}
