package hudson.security;

import hudson.model.User;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import jenkins.security.NonSerializableSecurityContext;
import jenkins.security.seed.UserSeedProperty;
import org.acegisecurity.Authentication;
import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;

/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.223-rc29386.47a0be9eda79.jar:hudson/security/HttpSessionContextIntegrationFilter2.class */
public class HttpSessionContextIntegrationFilter2 extends HttpSessionContextIntegrationFilter {
    public HttpSessionContextIntegrationFilter2() throws ServletException {
        setContext(NonSerializableSecurityContext.class);
    }

    @Override // org.acegisecurity.context.HttpSessionContextIntegrationFilter, javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        SecurityContext securityContext;
        Authentication authentication;
        HttpSession session = ((HttpServletRequest) servletRequest).getSession(false);
        if (session != null && (securityContext = (SecurityContext) session.getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)) != null && (authentication = securityContext.getAuthentication()) != null && (isAuthInvalidated(authentication) || hasInvalidSessionSeed(authentication, session))) {
            session.setAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY, null);
        }
        super.doFilter(servletRequest, servletResponse, filterChain);
    }

    private boolean isAuthInvalidated(Authentication authentication) {
        return (authentication.getPrincipal() instanceof InvalidatableUserDetails) && ((InvalidatableUserDetails) authentication.getPrincipal()).isInvalid();
    }

    private boolean hasInvalidSessionSeed(Authentication authentication, HttpSession httpSession) {
        if (UserSeedProperty.DISABLE_USER_SEED || (authentication instanceof AnonymousAuthenticationToken)) {
            return false;
        }
        try {
            User byId = User.getById(authentication.getName(), false);
            if (byId == null) {
                return false;
            }
            Object attribute = httpSession.getAttribute(UserSeedProperty.USER_SESSION_SEED);
            if (!(attribute instanceof String)) {
                return true;
            }
            String str = (String) attribute;
            UserSeedProperty userSeedProperty = (UserSeedProperty) byId.getProperty(UserSeedProperty.class);
            return userSeedProperty == null || !str.equals(userSeedProperty.getSeed());
        } catch (IllegalStateException e) {
            logger.warn("Encountered IllegalStateException trying to get a user. System init may not have completed yet. Invalidating user session.");
            return false;
        }
    }
}
