package org.apereo.cas.web.support;

import java.io.Serializable;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.util.cipher.NoOpCipherExecutor;
import org.apereo.inspektr.common.web.ClientInfo;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-cookie-5.1.4.jar:org/apereo/cas/web/support/DefaultCasCookieValueManager.class */
public class DefaultCasCookieValueManager implements CookieValueManager {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultCasCookieValueManager.class);
    private static final char COOKIE_FIELD_SEPARATOR = '@';
    private static final int COOKIE_FIELDS_LENGTH = 3;
    private CipherExecutor<Serializable, String> cipherExecutor;

    public DefaultCasCookieValueManager(CipherExecutor cipherExecutor) {
        this.cipherExecutor = NoOpCipherExecutor.getInstance();
        this.cipherExecutor = cipherExecutor;
    }

    @Override // org.apereo.cas.web.support.CookieValueManager
    public String buildCookieValue(String str, HttpServletRequest httpServletRequest) {
        StringBuilder append = new StringBuilder(str).append('@').append(ClientInfoHolder.getClientInfo().getClientIpAddress());
        String httpServletRequestUserAgent = WebUtils.getHttpServletRequestUserAgent(httpServletRequest);
        if (StringUtils.isBlank(httpServletRequestUserAgent)) {
            throw new IllegalStateException("Request does not specify a user-agent");
        }
        append.append('@').append(httpServletRequestUserAgent);
        String sb = append.toString();
        LOGGER.debug("Encoding cookie value [{}]", sb);
        return this.cipherExecutor.encode(sb);
    }

    @Override // org.apereo.cas.web.support.CookieValueManager
    public String obtainCookieValue(Cookie cookie, HttpServletRequest httpServletRequest) {
        String decode = this.cipherExecutor.decode(cookie.getValue());
        LOGGER.debug("Decoded cookie value is [{}]", decode);
        if (StringUtils.isBlank(decode)) {
            LOGGER.debug("Retrieved decoded cookie value is blank. Failed to decode cookie [{}]", cookie.getName());
            return null;
        }
        String[] split = decode.split(String.valueOf('@'));
        if (split.length != 3) {
            throw new IllegalStateException("Invalid cookie. Required fields are missing");
        }
        String str = split[0];
        String str2 = split[1];
        String str3 = split[2];
        if (StringUtils.isBlank(str) || StringUtils.isBlank(str2) || StringUtils.isBlank(str3)) {
            throw new IllegalStateException("Invalid cookie. Required fields are empty");
        }
        ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
        if (!str2.equals(clientInfo.getClientIpAddress())) {
            throw new IllegalStateException("Invalid cookie. Required remote address " + str2 + " does not match " + clientInfo.getClientIpAddress());
        }
        String httpServletRequestUserAgent = WebUtils.getHttpServletRequestUserAgent(httpServletRequest);
        if (str3.equals(httpServletRequestUserAgent)) {
            return str;
        }
        throw new IllegalStateException("Invalid cookie. Required user-agent " + str3 + " does not match " + httpServletRequestUserAgent);
    }
}
