package io.confluent.controlcenter.rest;

import com.google.common.base.Preconditions;
import io.confluent.monitoring.common.Clock;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.security.authentication.SessionAuthentication;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.UserIdentity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/controlcenter/rest/SessionBasicAuthenticator.class */
public class SessionBasicAuthenticator extends BasicAuthenticator {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SessionBasicAuthenticator.class);
    private final Clock clock;
    private final long authSessionExpiration;

    public SessionBasicAuthenticator(Clock clock, long j) {
        Preconditions.checkArgument(j > 0);
        this.clock = clock;
        this.authSessionExpiration = j;
    }

    @Override // org.eclipse.jetty.security.authentication.BasicAuthenticator, org.eclipse.jetty.security.Authenticator
    public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        ExpiringSessionAuthentication expiringSessionAuthentication;
        HttpSession session = ((HttpServletRequest) servletRequest).getSession(false);
        if (session == null) {
            expiringSessionAuthentication = null;
        } else {
            try {
                expiringSessionAuthentication = (ExpiringSessionAuthentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
            } catch (ServerAuthException e) {
                if (session != null) {
                    session.invalidate();
                }
                throw e;
            }
        }
        ExpiringSessionAuthentication expiringSessionAuthentication2 = expiringSessionAuthentication;
        if (expiringSessionAuthentication2 != null) {
            if (!expiringSessionAuthentication2.isExpired(this.clock.currentTimeMillis())) {
                LOG.trace("using session cache for authentication and authorization");
                return expiringSessionAuthentication2;
            }
            LOG.debug("session auth cache expired, forcing re-authentication");
            session.removeAttribute(SessionAuthentication.__J_AUTHENTICATED);
        }
        return super.validateRequest(servletRequest, servletResponse, z);
    }

    @Override // org.eclipse.jetty.security.authentication.LoginAuthenticator
    public UserIdentity login(String str, Object obj, ServletRequest servletRequest) {
        UserIdentity login = super.login(str, obj, servletRequest);
        if (login != null) {
            ((HttpServletRequest) servletRequest).getSession(true).setAttribute(SessionAuthentication.__J_AUTHENTICATED, new ExpiringSessionAuthentication(getAuthMethod(), login, obj, this.clock.currentTimeMillis() + this.authSessionExpiration));
        }
        return login;
    }
}
