package org.apache.jetspeed.security.impl;

import java.io.IOException;
import java.security.AccessControlContext;
import java.security.Principal;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import javax.servlet.http.HttpSession;
import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
import org.apache.jetspeed.pipeline.PipelineException;
import org.apache.jetspeed.pipeline.valve.AbstractValve;
import org.apache.jetspeed.pipeline.valve.SecurityValve;
import org.apache.jetspeed.pipeline.valve.ValveContext;
import org.apache.jetspeed.request.RequestContext;
import org.apache.jetspeed.security.JSSubject;

/* loaded from: input_file:org/apache/jetspeed/security/impl/AbstractSecurityValve.class */
public abstract class AbstractSecurityValve extends AbstractValve implements SecurityValve {
    protected PortalAuthenticationConfiguration authenticationConfiguration = null;

    protected abstract Subject getSubject(RequestContext requestContext) throws Exception;

    protected abstract Principal getUserPrincipal(RequestContext requestContext) throws Exception;

    /* JADX INFO: Access modifiers changed from: protected */
    public final Subject getSubjectFromSession(RequestContext requestContext) throws Exception {
        return (Subject) requestContext.getRequest().getSession().getAttribute("org.apache.jetspeed.security.subject");
    }

    @Override // org.apache.jetspeed.pipeline.valve.AbstractValve
    public void invoke(RequestContext requestContext, ValveContext valveContext) throws PipelineException {
        if (isSessionExpired(requestContext)) {
            return;
        }
        try {
            Subject subject = getSubject(requestContext);
            requestContext.getRequest().getSession().setAttribute("org.apache.jetspeed.security.subject", subject);
            requestContext.setSubject(subject);
            PipelineException pipelineException = (PipelineException) JSSubject.doAsPrivileged(subject, new PrivilegedAction(this, valveContext, requestContext) { // from class: org.apache.jetspeed.security.impl.AbstractSecurityValve.1
                private final ValveContext val$vc;
                private final RequestContext val$rc;
                private final AbstractSecurityValve this$0;

                {
                    this.this$0 = this;
                    this.val$vc = valveContext;
                    this.val$rc = requestContext;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    try {
                        this.val$vc.invokeNext(this.val$rc);
                        return null;
                    } catch (PipelineException e) {
                        return e;
                    }
                }
            }, (AccessControlContext) null);
            if (pipelineException != null) {
                throw pipelineException;
            }
        } catch (Exception e) {
            throw new PipelineException(e.getMessage(), e);
        }
    }

    protected boolean isSessionExpired(RequestContext requestContext) throws PipelineException {
        if (this.authenticationConfiguration == null || !this.authenticationConfiguration.isMaxSessionHardLimitEnabled()) {
            return false;
        }
        HttpSession session = requestContext.getRequest().getSession();
        if (System.currentTimeMillis() - session.getCreationTime() <= this.authenticationConfiguration.getMsMaxSessionHardLimit()) {
            return false;
        }
        session.invalidate();
        try {
            requestContext.getResponse().sendRedirect(new StringBuffer().append(requestContext.getRequest().getContextPath()).append(this.authenticationConfiguration.getTimeoutRedirectLocation()).toString());
            return true;
        } catch (IOException e) {
            throw new PipelineException(e);
        }
    }
}
