package com.atlassian.bamboo.rest;

import com.atlassian.bamboo.user.BambooUserManager;
import com.atlassian.bamboo.utils.Random;
import java.util.Collections;
import java.util.Map;
import org.acegisecurity.Authentication;
import org.acegisecurity.context.SecurityContextHolder;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:META-INF/lib/atlassian-bamboo-core-2.6.jar:com/atlassian/bamboo/rest/DefaultSessionManager.class */
public class DefaultSessionManager implements SessionManager {
    public static long DEFAULT_TIMEOUT = 1800000;
    private BambooUserManager bambooUserManager;
    private Map userSessionMap;
    private Random randomGenerator;

    public DefaultSessionManager(BambooUserManager bambooUserManager) {
        this(DEFAULT_TIMEOUT, bambooUserManager);
    }

    public DefaultSessionManager(long j, BambooUserManager bambooUserManager) {
        this.randomGenerator = new Random();
        this.bambooUserManager = bambooUserManager;
        this.userSessionMap = Collections.synchronizedMap(new SessionTokenMap(j));
    }

    @Override // com.atlassian.bamboo.rest.SessionManager
    public String login(String str, String str2) throws BambooRemoteException {
        if (this.bambooUserManager.getBambooUser(str) != null && this.bambooUserManager.authenticate(str, str2)) {
            return createToken(str);
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            throw new BambooRemoteException("Invalid username or password.");
        }
        String name = authentication.getName();
        if (SessionManager.ANONYMOUS_USER.equals(name) || StringUtils.isBlank(name)) {
            throw new BambooRemoteException("Invalid username or password.");
        }
        return createToken(name);
    }

    @Override // com.atlassian.bamboo.rest.SessionManager
    public void logout(String str) {
        synchronized (this.userSessionMap) {
            this.userSessionMap.remove(str);
        }
    }

    @Override // com.atlassian.bamboo.rest.SessionManager
    public String getUserNameFromSession(String str) throws BambooRemoteException {
        String str2 = (String) this.userSessionMap.get(str);
        if (str2 == null) {
            throw new BambooRemoteException("User not authenticated yet, or session timed out.");
        }
        return str2;
    }

    private String createToken(String str) throws BambooRemoteException {
        String generateUniqueSessionId;
        synchronized (this.userSessionMap) {
            generateUniqueSessionId = generateUniqueSessionId();
            this.userSessionMap.put(generateUniqueSessionId, str);
        }
        return generateUniqueSessionId;
    }

    private String generateUniqueSessionId() throws BambooRemoteException {
        String randomString = this.randomGenerator.randomString(10);
        int i = 0;
        while (this.userSessionMap.containsKey(randomString)) {
            int i2 = i;
            i++;
            if (i2 >= 10) {
                break;
            }
            randomString = this.randomGenerator.randomString(10);
        }
        if (this.userSessionMap.containsKey(randomString)) {
            throw new BambooRemoteException("Error generating authentication sessionId, please try again.");
        }
        return randomString;
    }
}
