package org.gluu.oxauth.service;

import com.unboundid.ldap.sdk.LDAPException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.enterprise.context.RequestScoped;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.gluu.oxauth.audit.ApplicationAuditLogger;
import org.gluu.oxauth.model.audit.Action;
import org.gluu.oxauth.model.audit.OAuth2AuditLog;
import org.gluu.oxauth.model.common.Prompt;
import org.gluu.oxauth.model.common.SessionId;
import org.gluu.oxauth.model.common.SessionIdState;
import org.gluu.oxauth.model.common.User;
import org.gluu.oxauth.model.config.ConfigurationFactory;
import org.gluu.oxauth.model.config.Constants;
import org.gluu.oxauth.model.config.WebKeysConfiguration;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.gluu.oxauth.model.exception.AcrChangedException;
import org.gluu.oxauth.model.exception.InvalidSessionStateException;
import org.gluu.oxauth.model.jwt.Jwt;
import org.gluu.oxauth.model.jwt.JwtSubClaimObject;
import org.gluu.oxauth.model.token.JwtSigner;
import org.gluu.oxauth.model.util.JwtUtil;
import org.gluu.oxauth.model.util.Util;
import org.gluu.oxauth.service.external.ExternalApplicationSessionService;
import org.gluu.oxauth.service.external.ExternalAuthenticationService;
import org.gluu.oxauth.util.ServerUtil;
import org.gluu.persist.exception.EntryPersistenceException;
import org.gluu.service.CacheService;
import org.gluu.util.StringHelper;
import org.json.JSONException;
import org.slf4j.Logger;

@RequestScoped
@Named
/* loaded from: input_file:org/gluu/oxauth/service/SessionIdService.class */
public class SessionIdService {
    public static final String SESSION_STATE_COOKIE_NAME = "session_state";
    public static final String OP_BROWSER_STATE = "opbs";
    public static final String SESSION_ID_COOKIE_NAME = "session_id";
    public static final String RP_ORIGIN_ID_COOKIE_NAME = "rp_origin_id";
    public static final String UMA_SESSION_ID_COOKIE_NAME = "uma_session_id";
    public static final String CONSENT_SESSION_ID_COOKIE_NAME = "consent_session_id";
    public static final String SESSION_CUSTOM_STATE = "session_custom_state";

    @Inject
    private Logger log;

    @Inject
    private ExternalAuthenticationService externalAuthenticationService;

    @Inject
    private ExternalApplicationSessionService externalApplicationSessionService;

    @Inject
    private ApplicationAuditLogger applicationAuditLogger;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private WebKeysConfiguration webKeysConfiguration;

    @Inject
    private ConfigurationFactory configurationFactory;

    @Inject
    private FacesContext facesContext;

    @Inject
    private ExternalContext externalContext;

    @Inject
    private CacheService cacheService;

    @Inject
    private RequestParameterService requestParameterService;

    @Inject
    private UserService userService;

    public String getAcr(SessionId sessionId) {
        if (sessionId == null) {
            return null;
        }
        String str = sessionId.getSessionAttributes().get("acr");
        if (StringUtils.isBlank(str)) {
            str = sessionId.getSessionAttributes().get("acr_values");
        }
        return str;
    }

    public SessionId assertAuthenticatedSessionCorrespondsToNewRequest(SessionId sessionId, String str) throws AcrChangedException {
        if (sessionId != null && !sessionId.getSessionAttributes().isEmpty() && sessionId.getState() == SessionIdState.AUTHENTICATED) {
            Map<String, String> sessionAttributes = sessionId.getSessionAttributes();
            String acr = getAcr(sessionId);
            if (StringUtils.isBlank(acr)) {
                this.log.trace("Failed to fetch acr from session, attributes: " + sessionAttributes);
                return sessionId;
            }
            List<String> acrValuesList = acrValuesList(str);
            if ((acrValuesList.isEmpty() || acrValuesList.contains(acr)) ? false : true) {
                Map<String, Integer> acrToLevelMapping = this.externalAuthenticationService.acrToLevelMapping();
                Integer num = acrToLevelMapping.get(this.externalAuthenticationService.scriptName(acr));
                for (String str2 : acrValuesList) {
                    Integer num2 = acrToLevelMapping.get(this.externalAuthenticationService.scriptName(str2));
                    this.log.info("Acr is changed. Session acr: " + acr + "(level: " + num + "), current acr: " + str2 + "(level: " + num2 + ")");
                    if (num2 == null) {
                        throw new AcrChangedException(false);
                    }
                    if (num.intValue() < num2.intValue()) {
                        throw new AcrChangedException();
                    }
                }
                return sessionId;
            }
            reinitLogin(sessionId, false);
        }
        return sessionId;
    }

    private static boolean shouldReinitSession(Map<String, String> map, Map<String, String> map2) {
        HashMap hashMap = new HashMap(map);
        HashMap hashMap2 = new HashMap(map2);
        hashMap.remove("state");
        hashMap2.remove("state");
        return !hashMap2.equals(hashMap);
    }

    public void reinitLogin(SessionId sessionId, boolean z) {
        Map<String, String> sessionAttributes = sessionId.getSessionAttributes();
        Map<String, String> currentSessionAttributes = getCurrentSessionAttributes(sessionAttributes);
        if (z || shouldReinitSession(sessionAttributes, currentSessionAttributes)) {
            sessionAttributes.putAll(currentSessionAttributes);
            sessionAttributes.put("c", "1");
            Iterator<Map.Entry<String, String>> it = currentSessionAttributes.entrySet().iterator();
            while (it.hasNext()) {
                if (it.next().getKey().startsWith("auth_step_passed_")) {
                    it.remove();
                }
            }
            sessionId.setSessionAttributes(currentSessionAttributes);
            if (z) {
                sessionId.setState(SessionIdState.UNAUTHENTICATED);
            }
            if (updateSessionId(sessionId, true, true, true)) {
                return;
            }
            this.log.debug("Failed to update session entry: '{}'", sessionId.getId());
        }
    }

    public void resetToStep(SessionId sessionId, int i) {
        Map<String, String> sessionAttributes = sessionId.getSessionAttributes();
        int integer = sessionAttributes.containsKey("auth_step") ? StringHelper.toInteger(sessionAttributes.get("auth_step"), 1) : 1;
        for (int i2 = i; i2 <= integer; i2++) {
            sessionAttributes.remove(String.format("auth_step_passed_%d", Integer.valueOf(i2)));
        }
        sessionAttributes.put("auth_step", String.valueOf(i));
        if (updateSessionId(sessionId, true, true, true)) {
            return;
        }
        this.log.debug("Failed to update session entry: '{}'", sessionId.getId());
    }

    private Map<String, String> getCurrentSessionAttributes(Map<String, String> map) {
        if (this.facesContext == null) {
            return map;
        }
        HashMap hashMap = new HashMap(map);
        for (Map.Entry<String, String> entry : this.requestParameterService.getAllowedParameters(this.externalContext.getRequestParameterMap()).entrySet()) {
            String key = entry.getKey();
            if (!StringHelper.equalsIgnoreCase(key, "auth_step")) {
                hashMap.put(key, entry.getValue());
            }
        }
        return hashMap;
    }

    public String getSessionIdFromCookie(HttpServletRequest httpServletRequest) {
        return getValueFromCookie(httpServletRequest, SESSION_ID_COOKIE_NAME);
    }

    public String getUmaSessionIdFromCookie(HttpServletRequest httpServletRequest) {
        return getValueFromCookie(httpServletRequest, UMA_SESSION_ID_COOKIE_NAME);
    }

    public String getConsentSessionIdFromCookie(HttpServletRequest httpServletRequest) {
        return getValueFromCookie(httpServletRequest, CONSENT_SESSION_ID_COOKIE_NAME);
    }

    public String getSessionStateFromCookie(HttpServletRequest httpServletRequest) {
        return getValueFromCookie(httpServletRequest, SESSION_STATE_COOKIE_NAME);
    }

    public String getRpOriginIdCookie() {
        return getValueFromCookie(RP_ORIGIN_ID_COOKIE_NAME);
    }

    public String getValueFromCookie(String str) {
        try {
            if (this.facesContext == null) {
                return null;
            }
            HttpServletRequest httpServletRequest = (HttpServletRequest) this.externalContext.getRequest();
            if (httpServletRequest != null) {
                return getValueFromCookie(httpServletRequest, str);
            }
            this.log.trace("Faces context returns null for http request object.");
            return null;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return null;
        }
    }

    public String getValueFromCookie(HttpServletRequest httpServletRequest, String str) {
        try {
            Cookie[] cookies = httpServletRequest.getCookies();
            if (cookies != null) {
                for (Cookie cookie : cookies) {
                    if (cookie.getName().equals(str)) {
                        this.log.trace("Found session_id cookie: '{}'", cookie.getValue());
                        return cookie.getValue();
                    }
                }
            }
            return "";
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return "";
        }
    }

    public String getSessionIdFromCookie() {
        try {
            if (this.facesContext == null) {
                return null;
            }
            HttpServletRequest httpServletRequest = (HttpServletRequest) this.externalContext.getRequest();
            if (httpServletRequest != null) {
                return getSessionIdFromCookie(httpServletRequest);
            }
            this.log.trace("Faces context returns null for http request object.");
            return null;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return null;
        }
    }

    public void creatRpOriginIdCookie(String str) {
        try {
            Object response = this.externalContext.getResponse();
            if (response instanceof HttpServletResponse) {
                creatRpOriginIdCookie(str, (HttpServletResponse) response);
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public void creatRpOriginIdCookie(String str, HttpServletResponse httpServletResponse) {
        createCookie(((("rp_origin_id=" + str) + "; Path=" + this.configurationFactory.getContextPath()) + "; Secure") + "; HttpOnly", httpServletResponse);
    }

    public void createSessionIdCookie(String str, String str2, String str3, HttpServletResponse httpServletResponse, String str4) {
        createCookie((((str4 + "=" + str) + "; Path=/") + "; Secure") + "; HttpOnly", httpServletResponse);
        createSessionStateCookie(str2, httpServletResponse);
        createOPBrowserStateCookie(str3, httpServletResponse);
    }

    public void createSessionIdCookie(String str, String str2, String str3, HttpServletResponse httpServletResponse, boolean z) {
        createSessionIdCookie(str, str2, str3, httpServletResponse, z ? UMA_SESSION_ID_COOKIE_NAME : SESSION_ID_COOKIE_NAME);
    }

    public void createSessionIdCookie(String str, String str2, String str3, boolean z) {
        try {
            Object response = this.externalContext.getResponse();
            if (response instanceof HttpServletResponse) {
                createSessionIdCookie(str, str2, str3, (HttpServletResponse) response, z);
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public void createSessionStateCookie(String str, HttpServletResponse httpServletResponse) {
        createCookie((("session_state=" + str) + "; Path=/") + "; Secure", httpServletResponse);
    }

    public void createOPBrowserStateCookie(String str, HttpServletResponse httpServletResponse) {
        String str2 = (("opbs=" + str) + "; Path=/") + "; Secure";
        Integer sessionIdLifetime = this.appConfiguration.getSessionIdLifetime();
        if (sessionIdLifetime != null && sessionIdLifetime.intValue() > 0) {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("E, dd MMM yyyy HH:mm:ss Z");
            Calendar calendar = Calendar.getInstance();
            calendar.add(13, sessionIdLifetime.intValue());
            str2 = str2 + "; Expires=" + simpleDateFormat.format(calendar.getTime()) + ";";
            if (StringUtils.isNotBlank(this.appConfiguration.getСookieDomain())) {
                str2 = str2 + "Domain=" + this.appConfiguration.getСookieDomain() + ";";
            }
        }
        httpServletResponse.addHeader("Set-Cookie", str2);
    }

    protected void createCookie(String str, HttpServletResponse httpServletResponse) {
        Integer sessionIdLifetime = this.appConfiguration.getSessionIdLifetime();
        if (sessionIdLifetime != null && sessionIdLifetime.intValue() > 0) {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("E, dd MMM yyyy HH:mm:ss Z");
            Calendar calendar = Calendar.getInstance();
            calendar.add(13, sessionIdLifetime.intValue());
            str = str + "; Expires=" + simpleDateFormat.format(calendar.getTime()) + ";";
            if (StringUtils.isNotBlank(this.appConfiguration.getСookieDomain())) {
                str = str + "Domain=" + this.appConfiguration.getСookieDomain() + ";";
            }
        }
        httpServletResponse.addHeader("Set-Cookie", str);
    }

    public void removeSessionIdCookie(HttpServletResponse httpServletResponse) {
        removeCookie(SESSION_ID_COOKIE_NAME, httpServletResponse);
    }

    public void removeOPBrowserStateCookie(HttpServletResponse httpServletResponse) {
        removeCookie(OP_BROWSER_STATE, httpServletResponse);
    }

    public void removeUmaSessionIdCookie(HttpServletResponse httpServletResponse) {
        removeCookie(UMA_SESSION_ID_COOKIE_NAME, httpServletResponse);
    }

    public void removeConsentSessionIdCookie(HttpServletResponse httpServletResponse) {
        removeCookie(CONSENT_SESSION_ID_COOKIE_NAME, httpServletResponse);
    }

    public void removeCookie(String str, HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(str, (String) null);
        cookie.setPath("/");
        cookie.setMaxAge(0);
        if (StringUtils.isNotBlank(this.appConfiguration.getСookieDomain())) {
            cookie.setDomain(this.appConfiguration.getСookieDomain());
        }
        httpServletResponse.addCookie(cookie);
    }

    public SessionId getSessionId() {
        String sessionIdFromCookie = getSessionIdFromCookie();
        if (StringHelper.isNotEmpty(sessionIdFromCookie)) {
            return getSessionId(sessionIdFromCookie);
        }
        this.log.trace("Session cookie not exists");
        return null;
    }

    public Map<String, String> getSessionAttributes(SessionId sessionId) {
        if (sessionId != null) {
            return sessionId.getSessionAttributes();
        }
        return null;
    }

    public SessionId generateAuthenticatedSessionId(HttpServletRequest httpServletRequest, String str) throws InvalidSessionStateException {
        HashMap hashMap = new HashMap();
        hashMap.put("prompt", "");
        return generateAuthenticatedSessionId(httpServletRequest, str, hashMap);
    }

    public SessionId generateAuthenticatedSessionId(HttpServletRequest httpServletRequest, String str, String str2) throws InvalidSessionStateException {
        HashMap hashMap = new HashMap();
        hashMap.put("prompt", str2);
        return generateAuthenticatedSessionId(httpServletRequest, str, hashMap);
    }

    public SessionId generateAuthenticatedSessionId(HttpServletRequest httpServletRequest, String str, Map<String, String> map) throws InvalidSessionStateException {
        SessionId generateSessionId = generateSessionId(str, new Date(), SessionIdState.AUTHENTICATED, map, true);
        if (this.externalApplicationSessionService.isEnabled()) {
            String str2 = generateSessionId.getSessionAttributes().get(Constants.AUTHENTICATED_USER);
            boolean executeExternalStartSessionMethods = this.externalApplicationSessionService.executeExternalStartSessionMethods(httpServletRequest, generateSessionId);
            this.log.info("Start session result for '{}': '{}'", new Object[]{str2, "start", Boolean.valueOf(executeExternalStartSessionMethods)});
            if (!executeExternalStartSessionMethods) {
                reinitLogin(generateSessionId, true);
                throw new InvalidSessionStateException("Session creation is prohibited by external session script!");
            }
        }
        return generateSessionId;
    }

    public SessionId generateUnauthenticatedSessionId(String str) {
        return generateSessionId(str, new Date(), SessionIdState.UNAUTHENTICATED, new HashMap(), true);
    }

    public SessionId generateUnauthenticatedSessionId(String str, Date date, SessionIdState sessionIdState, Map<String, String> map, boolean z) {
        return generateSessionId(str, date, sessionIdState, map, z);
    }

    public String computeSessionState(SessionId sessionId, String str, String str2) {
        if (str.equals(sessionId.getSessionAttributes().get("client_id")) && str2.equals(sessionId.getSessionAttributes().get("redirect_uri"))) {
            return sessionId.getSessionState();
        }
        return computeSessionState(str, str2, sessionId.getOPBrowserState(), UUID.randomUUID().toString());
    }

    private String computeSessionState(String str, String str2, String str3, String str4) {
        try {
            return JwtUtil.bytesToHex(JwtUtil.getMessageDigestSHA256(str + " " + getClientOrigin(str2) + " " + str3 + " " + str4)) + "." + str4;
        } catch (UnsupportedEncodingException | URISyntaxException | NoSuchAlgorithmException | NoSuchProviderException e) {
            this.log.error("Failed generating session state! " + e.getMessage(), e);
            throw new RuntimeException(e);
        }
    }

    private String getClientOrigin(String str) throws URISyntaxException {
        if (!StringHelper.isNotEmpty(str)) {
            return this.appConfiguration.getIssuer();
        }
        URI uri = new URI(str);
        String str2 = uri.getScheme() + "://" + uri.getHost();
        if (uri.getPort() > 0) {
            str2 = str2 + ":" + Integer.toString(uri.getPort());
        }
        return str2;
    }

    private SessionId generateSessionId(String str, Date date, SessionIdState sessionIdState, Map<String, String> map, boolean z) {
        String uuid = UUID.randomUUID().toString();
        String uuid2 = UUID.randomUUID().toString();
        String str2 = map.get("client_id");
        String uuid3 = UUID.randomUUID().toString();
        String computeSessionState = computeSessionState(str2, map.get("redirect_uri"), uuid3, uuid2);
        map.put(OP_BROWSER_STATE, uuid3);
        if (StringUtils.isBlank(uuid)) {
            return null;
        }
        if (SessionIdState.AUTHENTICATED == sessionIdState && StringUtils.isBlank(str)) {
            return null;
        }
        SessionId sessionId = new SessionId();
        sessionId.setId(uuid);
        sessionId.setDn(uuid);
        sessionId.setUserDn(str);
        sessionId.setSessionState(computeSessionState);
        Boolean sessionAsJwt = this.appConfiguration.getSessionAsJwt();
        sessionId.setIsJwt(Boolean.valueOf(sessionAsJwt != null && sessionAsJwt.booleanValue()));
        if (date != null) {
            sessionId.setAuthenticationTime(date);
        }
        if (sessionIdState != null) {
            sessionId.setState(sessionIdState);
        }
        sessionId.setSessionAttributes(map);
        sessionId.setLastUsedAt(new Date());
        if (sessionId.getIsJwt().booleanValue()) {
            sessionId.setJwt(generateJwt(sessionId, str).asString());
        }
        boolean z2 = false;
        if (z) {
            z2 = persistSessionId(sessionId);
        }
        auditLogging(sessionId);
        this.log.trace("Generated new session, id = '{}', state = '{}', asJwt = '{}', persisted = '{}'", new Object[]{sessionId.getId(), sessionId.getState(), sessionId.getIsJwt(), Boolean.valueOf(z2)});
        return sessionId;
    }

    private Jwt generateJwt(SessionId sessionId, String str) {
        try {
            JwtSigner jwtSigner = new JwtSigner(this.appConfiguration, this.webKeysConfiguration, SignatureAlgorithm.RS512, str);
            Jwt newJwt = jwtSigner.newJwt();
            newJwt.getClaims().setClaim("id", sessionId.getId());
            newJwt.getClaims().setClaim("authentication_time", sessionId.getAuthenticationTime());
            newJwt.getClaims().setClaim("user_dn", sessionId.getUserDn());
            newJwt.getClaims().setClaim("state", sessionId.getState() != null ? sessionId.getState().getValue() : "");
            newJwt.getClaims().setClaim("session_attributes", JwtSubClaimObject.fromMap(sessionId.getSessionAttributes()));
            newJwt.getClaims().setClaim("last_used_at", sessionId.getLastUsedAt());
            newJwt.getClaims().setClaim("permission_granted", sessionId.getPermissionGranted());
            newJwt.getClaims().setClaim("permission_granted_map", JwtSubClaimObject.fromBooleanMap(sessionId.getPermissionGrantedMap().getPermissionGranted()));
            newJwt.getClaims().setClaim("involved_clients_map", JwtSubClaimObject.fromBooleanMap(sessionId.getInvolvedClients().getPermissionGranted()));
            return jwtSigner.sign();
        } catch (Exception e) {
            this.log.error("Failed to sign session jwt! " + e.getMessage(), e);
            throw new RuntimeException(e);
        }
    }

    public SessionId setSessionIdStateAuthenticated(HttpServletRequest httpServletRequest, SessionId sessionId, String str) {
        sessionId.setUserDn(str);
        sessionId.setAuthenticationTime(new Date());
        sessionId.setState(SessionIdState.AUTHENTICATED);
        boolean updateSessionId = updateSessionId(sessionId, true, true, true);
        auditLogging(sessionId);
        this.log.trace("Authenticated session, id = '{}', state = '{}', persisted = '{}'", new Object[]{sessionId.getId(), sessionId.getState(), Boolean.valueOf(updateSessionId)});
        if (this.externalApplicationSessionService.isEnabled()) {
            String str2 = sessionId.getSessionAttributes().get(Constants.AUTHENTICATED_USER);
            boolean executeExternalStartSessionMethods = this.externalApplicationSessionService.executeExternalStartSessionMethods(httpServletRequest, sessionId);
            this.log.info("Start session result for '{}': '{}'", new Object[]{str2, "start", Boolean.valueOf(executeExternalStartSessionMethods)});
            if (!executeExternalStartSessionMethods) {
                reinitLogin(sessionId, true);
                throw new InvalidSessionStateException("Session creation is prohibited by external session script!");
            }
        }
        return sessionId;
    }

    public boolean persistSessionId(SessionId sessionId) {
        return persistSessionId(sessionId, false);
    }

    public boolean persistSessionId(SessionId sessionId, boolean z) {
        List<Prompt> promptsFromSessionId = getPromptsFromSessionId(sessionId);
        try {
            if ((this.appConfiguration.getSessionIdUnusedLifetime() <= 0 || !isPersisted(promptsFromSessionId)) && !z) {
                return false;
            }
            sessionId.setLastUsedAt(new Date());
            sessionId.setPersisted(true);
            this.log.trace("sessionIdAttributes: " + sessionId.getPermissionGrantedMap());
            putInCache(sessionId);
            return true;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return false;
        }
    }

    public boolean updateSessionId(SessionId sessionId) {
        return updateSessionId(sessionId, true);
    }

    public boolean updateSessionId(SessionId sessionId, boolean z) {
        return updateSessionId(sessionId, z, false, true);
    }

    public boolean updateSessionId(SessionId sessionId, boolean z, boolean z2, boolean z3) {
        List<Prompt> promptsFromSessionId = getPromptsFromSessionId(sessionId);
        try {
            if ((this.appConfiguration.getSessionIdUnusedLifetime() > 0 && isPersisted(promptsFromSessionId)) || z2) {
                boolean z4 = z3;
                if (z) {
                    Date date = new Date();
                    if (sessionId.getLastUsedAt() == null) {
                        z4 = true;
                        sessionId.setLastUsedAt(date);
                    } else if (date.getTime() - sessionId.getLastUsedAt().getTime() > 500) {
                        z4 = true;
                        sessionId.setLastUsedAt(date);
                    }
                }
                if (!sessionId.isPersisted()) {
                    z4 = true;
                    sessionId.setPersisted(true);
                }
                if (sessionId.getAuthenticationTime() != null) {
                    long currentTimeMillis = (System.currentTimeMillis() - sessionId.getAuthenticationTime().getTime()) / 1000;
                    if (this.appConfiguration.getSessionIdLifetime() == null || this.appConfiguration.getSessionIdLifetime().intValue() <= 0) {
                        this.log.debug("Session id lifetime configuration is null.");
                    } else if (currentTimeMillis > this.appConfiguration.getSessionIdLifetime().intValue()) {
                        this.log.debug("Session id expired: {}, remove it.", sessionId.getId());
                        remove(sessionId);
                        z4 = false;
                    }
                }
                if (z4) {
                    mergeWithRetry(sessionId, 3);
                }
            }
            return true;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return false;
        }
    }

    private void putInCache(SessionId sessionId) {
        this.cacheService.put(Integer.toString(sessionId.getState() == SessionIdState.UNAUTHENTICATED ? this.appConfiguration.getSessionIdUnauthenticatedUnusedLifetime() : (this.appConfiguration.getSessionIdLifetime() == null || this.appConfiguration.getSessionIdLifetime().intValue() <= 0) ? Integer.MAX_VALUE : this.appConfiguration.getSessionIdLifetime().intValue()), sessionId.getId(), sessionId);
    }

    private SessionId getFromCache(String str) {
        return (SessionId) this.cacheService.get((String) null, str);
    }

    private SessionId mergeWithRetry(SessionId sessionId, int i) {
        EntryPersistenceException entryPersistenceException = null;
        for (int i2 = 1; i2 <= i; i2++) {
            try {
                putInCache(sessionId);
                return sessionId;
            } catch (EntryPersistenceException e) {
                entryPersistenceException = e;
                if (e.getCause() instanceof LDAPException) {
                    LDAPException cause = e.getCause();
                    this.log.debug("LDAP exception resultCode: '{}'", Integer.valueOf(cause.getResultCode().intValue()));
                    if (cause.getResultCode().intValue() == 16 || cause.getResultCode().intValue() == 20) {
                        this.log.warn("Session entry update attempt '{}' was unsuccessfull", Integer.valueOf(i2));
                    }
                }
                throw e;
            }
        }
        this.log.error("Session entry update attempt was unsuccessfull after '{}' attempts", Integer.valueOf(i));
        throw entryPersistenceException;
    }

    public void updateSessionIdIfNeeded(SessionId sessionId, boolean z) {
        updateSessionId(sessionId, true, false, z);
    }

    private boolean isPersisted(List<Prompt> list) {
        if (list == null || !list.contains(Prompt.NONE)) {
            return true;
        }
        Boolean sessionIdPersistOnPromptNone = this.appConfiguration.getSessionIdPersistOnPromptNone();
        return sessionIdPersistOnPromptNone != null && sessionIdPersistOnPromptNone.booleanValue();
    }

    public SessionId getSessionById(String str) {
        return getFromCache(str);
    }

    public SessionId getSessionId(HttpServletRequest httpServletRequest) {
        return getSessionId(getSessionIdFromCookie(httpServletRequest));
    }

    public SessionId getSessionId(String str) {
        if (StringHelper.isEmpty(str)) {
            return null;
        }
        try {
            SessionId sessionById = getSessionById(str);
            this.log.trace("Try to get session by id: {} ...", str);
            if (sessionById != null) {
                this.log.trace("Session dn: {}", sessionById.getDn());
                if (isSessionValid(sessionById)) {
                    return sessionById;
                }
            }
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e);
        }
        this.log.trace("Failed to get session by id: {}", str);
        return null;
    }

    public boolean remove(SessionId sessionId) {
        try {
            this.cacheService.remove(sessionId.getId());
            return true;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return false;
        }
    }

    public void remove(List<SessionId> list) {
        Iterator<SessionId> it = list.iterator();
        while (it.hasNext()) {
            try {
                remove(it.next());
            } catch (Exception e) {
                this.log.error("Failed to remove entry", e);
            }
        }
    }

    public boolean isSessionValid(SessionId sessionId) {
        if (sessionId == null) {
            return false;
        }
        long millis = TimeUnit.SECONDS.toMillis(this.appConfiguration.getSessionIdUnusedLifetime());
        long millis2 = TimeUnit.SECONDS.toMillis(this.appConfiguration.getSessionIdUnauthenticatedUnusedLifetime());
        long currentTimeMillis = System.currentTimeMillis() - sessionId.getLastUsedAt().getTime();
        if (currentTimeMillis <= millis || this.appConfiguration.getSessionIdUnusedLifetime() == -1) {
            return sessionId.getState() != SessionIdState.UNAUTHENTICATED || currentTimeMillis <= millis2 || this.appConfiguration.getSessionIdUnauthenticatedUnusedLifetime() == -1;
        }
        return false;
    }

    private List<Prompt> getPromptsFromSessionId(SessionId sessionId) {
        return Prompt.fromString(sessionId.getSessionAttributes().get("prompt"), " ");
    }

    public boolean isSessionIdAuthenticated() {
        return isSessionIdAuthenticated(getSessionId());
    }

    public boolean isSessionIdAuthenticated(SessionId sessionId) {
        if (sessionId == null) {
            return false;
        }
        return SessionIdState.AUTHENTICATED.equals(sessionId.getState());
    }

    public boolean isNotSessionIdAuthenticated() {
        return !isSessionIdAuthenticated();
    }

    public List<String> acrValuesList(String str) {
        List splittedStringAsList;
        try {
            splittedStringAsList = Util.jsonArrayStringAsList(str);
        } catch (JSONException e) {
            splittedStringAsList = Util.splittedStringAsList(str, " ");
        }
        HashSet hashSet = new HashSet();
        Iterator it = splittedStringAsList.iterator();
        while (it.hasNext()) {
            hashSet.add(this.externalAuthenticationService.scriptName((String) it.next()));
        }
        return new ArrayList(hashSet);
    }

    private void auditLogging(SessionId sessionId) {
        Action action;
        HttpServletRequest requestOrNull = ServerUtil.getRequestOrNull();
        if (requestOrNull != null) {
            switch (sessionId.getState()) {
                case AUTHENTICATED:
                    action = Action.SESSION_AUTHENTICATED;
                    break;
                case UNAUTHENTICATED:
                    action = Action.SESSION_UNAUTHENTICATED;
                    break;
                default:
                    action = Action.SESSION_UNAUTHENTICATED;
                    break;
            }
            OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(requestOrNull), action);
            oAuth2AuditLog.setSuccess(true);
            this.applicationAuditLogger.sendMessage(oAuth2AuditLog);
        }
    }

    public User getUser(SessionId sessionId) {
        User userByDn;
        if (sessionId == null) {
            return null;
        }
        if (sessionId.getUser() != null) {
            return sessionId.getUser();
        }
        if (StringUtils.isBlank(sessionId.getUserDn()) || (userByDn = this.userService.getUserByDn(sessionId.getUserDn(), new String[0])) == null) {
            return null;
        }
        sessionId.setUser(userByDn);
        return userByDn;
    }
}
