package jenkins.security;

import hudson.Extension;
import hudson.ExtensionList;
import hudson.model.ManagementLink;
import hudson.model.ModelObject;
import hudson.security.ACL;
import hudson.util.FormApply;
import java.time.Instant;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.stream.Collectors;
import javax.annotation.CheckForNull;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import jenkins.model.Jenkins;
import jenkins.util.SessionListener;
import org.acegisecurity.context.SecurityContext;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.interceptor.RequirePOST;

@Extension
@Restricted({NoExternalUse.class})
/* loaded from: input_file:jenkins/security/HttpSessionManager.class */
public class HttpSessionManager extends ManagementLink implements SessionListener {
    private final ConcurrentMap<String, HttpSession> activeSessionsById = new ConcurrentHashMap();

    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:jenkins/security/HttpSessionManager$SessionDetails.class */
    public static class SessionDetails implements ModelObject {
        private final String sessionId;
        private final String userId;
        private final Instant creationTime;
        private final Instant lastAccessedTime;

        private SessionDetails(HttpSession httpSession) {
            this.sessionId = httpSession.getId();
            this.userId = extractUserId(httpSession);
            this.creationTime = Instant.ofEpochMilli(httpSession.getCreationTime());
            this.lastAccessedTime = Instant.ofEpochMilli(httpSession.getLastAccessedTime());
        }

        private static String extractUserId(HttpSession httpSession) {
            Optional ofNullable = Optional.ofNullable(httpSession.getAttribute("ACEGI_SECURITY_CONTEXT"));
            Class<SecurityContext> cls = SecurityContext.class;
            SecurityContext.class.getClass();
            Optional filter = ofNullable.filter(cls::isInstance);
            Class<SecurityContext> cls2 = SecurityContext.class;
            SecurityContext.class.getClass();
            return (String) filter.map(cls2::cast).flatMap(securityContext -> {
                return Optional.ofNullable(securityContext.getAuthentication());
            }).map((v0) -> {
                return v0.getName();
            }).orElse(ACL.ANONYMOUS_USERNAME);
        }

        public String getSessionId() {
            return this.sessionId;
        }

        public String getUserId() {
            return this.userId;
        }

        public Instant getCreationTime() {
            return this.creationTime;
        }

        public Instant getLastAccessedTime() {
            return this.lastAccessedTime;
        }

        @Override // hudson.model.ModelObject
        public String getDisplayName() {
            return this.userId + ": " + this.sessionId;
        }
    }

    public static HttpSessionManager getInstance() {
        return (HttpSessionManager) ExtensionList.lookupSingleton(HttpSessionManager.class);
    }

    @Override // jenkins.util.SessionListener
    public void sessionCreated(HttpSessionEvent httpSessionEvent) {
        addSession(httpSessionEvent.getSession());
    }

    @Override // jenkins.util.SessionListener
    public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {
        removeSession(httpSessionEvent.getSession());
    }

    @Override // jenkins.util.SessionListener
    public void sessionWillPassivate(HttpSessionEvent httpSessionEvent) {
        removeSession(httpSessionEvent.getSession());
    }

    @Override // jenkins.util.SessionListener
    public void sessionDidActivate(HttpSessionEvent httpSessionEvent) {
        addSession(httpSessionEvent.getSession());
    }

    @Override // jenkins.util.SessionListener
    public void sessionIdChanged(HttpSessionEvent httpSessionEvent, String str) {
        this.activeSessionsById.remove(str);
        addSession(httpSessionEvent.getSession());
    }

    @RequirePOST
    public void doInvalidateAllSessions() {
        checkPermissions();
        this.activeSessionsById.values().forEach(this::tryInvalidateSession);
    }

    @RequirePOST
    public HttpResponse doInvalidateAllSessionsExcept(@QueryParameter(required = true) String str) {
        checkPermissions();
        this.activeSessionsById.entrySet().stream().filter(entry -> {
            return !((String) entry.getKey()).equals(str);
        }).map((v0) -> {
            return v0.getValue();
        }).forEach(this::tryInvalidateSession);
        return FormApply.success(".");
    }

    @RequirePOST
    public HttpResponse doInvalidateSession(@QueryParameter(required = true) String str) {
        checkPermissions();
        HttpSession httpSession = this.activeSessionsById.get(str);
        if (httpSession != null) {
            tryInvalidateSession(httpSession);
        }
        return FormApply.success(".");
    }

    public List<SessionDetails> getActiveSessions() {
        checkPermissions();
        return (List) this.activeSessionsById.values().stream().map(httpSession -> {
            return new SessionDetails(httpSession);
        }).collect(Collectors.toList());
    }

    private void addSession(HttpSession httpSession) {
        this.activeSessionsById.put(httpSession.getId(), httpSession);
    }

    private void removeSession(HttpSession httpSession) {
        this.activeSessionsById.remove(httpSession.getId());
    }

    private void tryInvalidateSession(HttpSession httpSession) {
        removeSession(httpSession);
        try {
            httpSession.invalidate();
        } catch (IllegalStateException e) {
        }
    }

    private void checkPermissions() {
        Jenkins instanceOrNull = Jenkins.getInstanceOrNull();
        if (instanceOrNull != null) {
            instanceOrNull.checkPermission(Jenkins.ADMINISTER);
        }
    }

    @Override // hudson.model.ManagementLink, hudson.model.Action
    @CheckForNull
    public String getIconFileName() {
        return "user.png";
    }

    @Override // hudson.model.ManagementLink, hudson.model.Action
    @CheckForNull
    public String getUrlName() {
        return "sessions";
    }

    @Override // hudson.model.Action, hudson.model.ModelObject
    @CheckForNull
    public String getDisplayName() {
        return "Manage Active HTTP Sessions";
    }
}
