package org.xdi.oxauth.service;

import com.unboundid.ldap.sdk.Filter;
import com.unboundid.util.StaticUtils;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.faces.context.FacesContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.gluu.site.ldap.persistence.LdapEntryManager;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.contexts.Lifecycle;
import org.jboss.seam.log.Log;
import org.xdi.oxauth.model.common.Prompt;
import org.xdi.oxauth.model.common.SessionId;
import org.xdi.oxauth.model.common.SessionIdState;
import org.xdi.oxauth.model.config.ConfigurationFactory;
import org.xdi.oxauth.model.util.Util;
import org.xdi.util.StringHelper;

@Name("sessionIdService")
@AutoCreate
@Scope(ScopeType.STATELESS)
/* loaded from: input_file:org/xdi/oxauth/service/SessionIdService.class */
public class SessionIdService {
    private static final String SESSION_ID_COOKIE_NAME = "session_id";
    private static final String STORED_ORIGIN_PARAMETERS = "stored_origin_parameters";

    @Logger
    private Log log;

    @In
    private LdapEntryManager ldapEntryManager;

    @In
    private AuthenticationService authenticationService;

    public static SessionIdService instance() {
        if (!Contexts.isEventContextActive() && !Contexts.isApplicationContextActive()) {
            Lifecycle.beginCall();
        }
        return (SessionIdService) Component.getInstance(SessionIdService.class);
    }

    public SessionId updateSessionIfNeeded(SessionId sessionId, String str, String str2) throws AcrChangedException {
        if (sessionId != null && !sessionId.getSessionAttributes().isEmpty()) {
            Map<String, String> sessionAttributes = sessionId.getSessionAttributes();
            if ((str2 == null || str2.equals(sessionAttributes.get("acr_values"))) ? false : true) {
                throw new AcrChangedException();
            }
            Map<String, String> currentSessionAttributes = getCurrentSessionAttributes(sessionAttributes);
            if (!currentSessionAttributes.equals(sessionAttributes)) {
                sessionAttributes.putAll(currentSessionAttributes);
                sessionAttributes.put("auth_step", "1");
                Iterator<Map.Entry<String, String>> it = currentSessionAttributes.entrySet().iterator();
                while (it.hasNext()) {
                    if (it.next().getKey().startsWith("auth_step_passed_")) {
                        it.remove();
                    }
                }
                sessionId.setSessionAttributes(currentSessionAttributes);
                if (!updateSessionId(sessionId, true, true)) {
                    this.log.debug("Failed to update session entry: '{0}'", new Object[]{sessionId.getId()});
                }
            }
        }
        return sessionId;
    }

    private Map<String, String> getCurrentSessionAttributes(Map<String, String> map) {
        FacesContext currentInstance = FacesContext.getCurrentInstance();
        if (currentInstance == null) {
            return map;
        }
        HashMap hashMap = new HashMap(map);
        for (Map.Entry<String, String> entry : this.authenticationService.getAllowedParameters(currentInstance.getExternalContext().getRequestParameterMap()).entrySet()) {
            String key = entry.getKey();
            if (!StringHelper.equalsIgnoreCase(key, "auth_step")) {
                hashMap.put(key, entry.getValue());
            }
        }
        return hashMap;
    }

    public String getSessionIdFromCookie(HttpServletRequest httpServletRequest) {
        try {
            Cookie[] cookies = httpServletRequest.getCookies();
            if (cookies != null) {
                for (Cookie cookie : cookies) {
                    if (cookie.getName().equals(SESSION_ID_COOKIE_NAME)) {
                        this.log.trace("Found session_id cookie: '{0}'", new Object[]{cookie.getValue()});
                        return cookie.getValue();
                    }
                }
            }
            return "";
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return "";
        }
    }

    public String getSessionIdFromCookie() {
        try {
            return getSessionIdFromCookie((HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest());
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return null;
        }
    }

    public String getSessionIdFromOpbsCookie(HttpServletRequest httpServletRequest) {
        try {
            Cookie[] cookies = httpServletRequest.getCookies();
            if (cookies != null) {
                for (Cookie cookie : cookies) {
                    if (cookie.getName().equals("opbs")) {
                        this.log.trace("Found session_id cookie: '{0}'", new Object[]{cookie.getValue()});
                        return cookie.getValue();
                    }
                }
            }
            return "";
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return "";
        }
    }

    public void createSessionIdCookie(String str) {
        try {
            Object response = FacesContext.getCurrentInstance().getExternalContext().getResponse();
            if (response instanceof HttpServletResponse) {
                Cookie cookie = new Cookie(SESSION_ID_COOKIE_NAME, str);
                cookie.setPath("/");
                ((HttpServletResponse) response).addCookie(cookie);
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
        }
    }

    public void removeSessionIdCookie() {
        try {
            FacesContext currentInstance = FacesContext.getCurrentInstance();
            if (currentInstance != null && currentInstance.getExternalContext() != null) {
                Object response = currentInstance.getExternalContext().getResponse();
                if (response instanceof HttpServletResponse) {
                    removeSessionIdCookie((HttpServletResponse) response);
                }
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
        }
    }

    public void removeSessionIdCookie(HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(SESSION_ID_COOKIE_NAME, (String) null);
        cookie.setPath("/");
        cookie.setMaxAge(0);
        httpServletResponse.addCookie(cookie);
    }

    public SessionId getSessionId() {
        String sessionIdFromCookie = getSessionIdFromCookie();
        if (StringHelper.isNotEmpty(sessionIdFromCookie)) {
            return getSessionId(sessionIdFromCookie);
        }
        return null;
    }

    public Map<String, String> getSessionAttributes(SessionId sessionId) {
        if (sessionId != null) {
            return sessionId.getSessionAttributes();
        }
        return null;
    }

    public SessionId generateAuthenticatedSessionId(String str) {
        return generateAuthenticatedSessionId(str, "");
    }

    public SessionId generateAuthenticatedSessionId(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("prompt", str2);
        return generateSessionId(str, new Date(), SessionIdState.AUTHENTICATED, hashMap, true);
    }

    public SessionId generateAuthenticatedSessionId(String str, Map<String, String> map) {
        return generateSessionId(str, new Date(), SessionIdState.AUTHENTICATED, map, true);
    }

    public SessionId generateSessionId(String str, Date date, SessionIdState sessionIdState, Map<String, String> map, boolean z) {
        String uuid = UUID.randomUUID().toString();
        String dn = dn(uuid);
        if (StringUtils.isBlank(dn)) {
            return null;
        }
        if (SessionIdState.AUTHENTICATED == sessionIdState && StringUtils.isBlank(str)) {
            return null;
        }
        SessionId sessionId = new SessionId();
        sessionId.setId(uuid);
        sessionId.setDn(dn);
        if (StringUtils.isNotBlank(str)) {
            sessionId.setUserDn(str);
        }
        if (date != null) {
            sessionId.setAuthenticationTime(date);
        }
        if (sessionIdState != null) {
            sessionId.setState(sessionIdState);
        }
        configureOpbsCookie(sessionId);
        sessionId.setSessionAttributes(map);
        boolean z2 = false;
        if (z) {
            z2 = persistSessionId(sessionId);
        }
        this.log.trace("Generated new session, id = '{0}', state = '{1}', persisted = '{2}'", new Object[]{sessionId.getId(), sessionId.getState(), Boolean.valueOf(z2)});
        return sessionId;
    }

    public SessionId setSessionIdAuthenticated(SessionId sessionId, String str) {
        sessionId.setUserDn(str);
        sessionId.setAuthenticationTime(new Date());
        sessionId.setState(SessionIdState.AUTHENTICATED);
        configureOpbsCookie(sessionId);
        this.log.trace("Authenticated session, id = '{0}', state = '{1}', persisted = '{2}'", new Object[]{sessionId.getId(), sessionId.getState(), Boolean.valueOf(updateSessionId(sessionId, true, true))});
        return sessionId;
    }

    private void configureOpbsCookie(SessionId sessionId) {
        int sessionIdUnusedLifetime = ConfigurationFactory.instance().getConfiguration().getSessionIdUnusedLifetime();
        FacesContext currentInstance = FacesContext.getCurrentInstance();
        if (currentInstance != null) {
            Cookie cookie = new Cookie("opbs", sessionId.getId());
            cookie.setMaxAge(sessionIdUnusedLifetime);
            ((HttpServletResponse) currentInstance.getExternalContext().getResponse()).addCookie(cookie);
        }
    }

    public boolean persistSessionId(SessionId sessionId) {
        return persistSessionId(sessionId, false);
    }

    public boolean persistSessionId(SessionId sessionId, boolean z) {
        List<Prompt> promptsFromSessionId = getPromptsFromSessionId(sessionId);
        try {
            if ((ConfigurationFactory.instance().getConfiguration().getSessionIdUnusedLifetime() <= 0 || !isPersisted(promptsFromSessionId)) && !z) {
                return false;
            }
            sessionId.setLastUsedAt(new Date());
            sessionId.setPersisted(true);
            this.ldapEntryManager.persist(sessionId);
            return true;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return false;
        }
    }

    public boolean updateSessionId(SessionId sessionId) {
        return updateSessionId(sessionId, true);
    }

    public boolean updateSessionId(SessionId sessionId, boolean z) {
        return updateSessionId(sessionId, z, false);
    }

    public boolean updateSessionId(SessionId sessionId, boolean z, boolean z2) {
        List<Prompt> promptsFromSessionId = getPromptsFromSessionId(sessionId);
        try {
            if ((ConfigurationFactory.instance().getConfiguration().getSessionIdUnusedLifetime() > 0 && isPersisted(promptsFromSessionId)) || z2) {
                if (z) {
                    sessionId.setLastUsedAt(new Date());
                }
                sessionId.setPersisted(true);
                this.ldapEntryManager.merge(sessionId);
            }
            return true;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return false;
        }
    }

    private static boolean isPersisted(List<Prompt> list) {
        if (list == null || !list.contains(Prompt.NONE)) {
            return true;
        }
        Boolean sessionIdPersistOnPromptNone = ConfigurationFactory.instance().getConfiguration().getSessionIdPersistOnPromptNone();
        return sessionIdPersistOnPromptNone != null && sessionIdPersistOnPromptNone.booleanValue();
    }

    private static String dn(String str) {
        String baseDn = getBaseDn();
        StringBuilder sb = new StringBuilder();
        if (Util.allNotBlank(new String[]{str, getBaseDn()})) {
            sb.append("uniqueIdentifier=").append(str).append(",").append(baseDn);
        }
        return sb.toString();
    }

    public SessionId getSessionByDN(String str) {
        try {
            return (SessionId) this.ldapEntryManager.find(SessionId.class, str);
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e, new Object[0]);
            return null;
        }
    }

    public SessionId getSessionId(String str) {
        if (StringHelper.isEmpty(str)) {
            return null;
        }
        String dn = dn(str);
        if (!containsSessionId(dn)) {
            return null;
        }
        try {
            SessionId sessionByDN = getSessionByDN(dn);
            this.log.trace("Try to get session by id: {0} ...", new Object[]{str});
            if (sessionByDN != null) {
                this.log.trace("Session dn: {0}", new Object[]{sessionByDN.getDn()});
                if (isSessionValid(sessionByDN)) {
                    return sessionByDN;
                }
            }
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e, new Object[0]);
        }
        this.log.trace("Failed to get session by id: {0}", new Object[]{str});
        return null;
    }

    public boolean containsSessionId(String str) {
        try {
            return this.ldapEntryManager.contains(SessionId.class, str);
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e, new Object[0]);
            return false;
        }
    }

    private static String getBaseDn() {
        return ConfigurationFactory.instance().getBaseDn().getSessionId();
    }

    public boolean remove(SessionId sessionId) {
        try {
            this.ldapEntryManager.remove(sessionId);
            return true;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return false;
        }
    }

    public void remove(List<SessionId> list) {
        Iterator<SessionId> it = list.iterator();
        while (it.hasNext()) {
            remove(it.next());
        }
    }

    public void cleanUpSessions() {
        int sessionIdUnusedLifetime = ConfigurationFactory.instance().getConfiguration().getSessionIdUnusedLifetime();
        remove(getUnauthenticatedIdsOlderThan(ConfigurationFactory.instance().getConfiguration().getSessionIdUnauthenticatedUnusedLifetime()));
        remove(getIdsOlderThan(sessionIdUnusedLifetime));
    }

    public List<SessionId> getUnauthenticatedIdsOlderThan(int i) {
        try {
            return this.ldapEntryManager.findEntries(getBaseDn(), SessionId.class, Filter.create(String.format("&(lastModifiedTime<=%s)(oxState=unauthenticated)", StaticUtils.encodeGeneralizedTime(new Date(new Date().getTime() - TimeUnit.SECONDS.toMillis(i))))));
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return Collections.emptyList();
        }
    }

    public List<SessionId> getIdsOlderThan(int i) {
        try {
            return this.ldapEntryManager.findEntries(getBaseDn(), SessionId.class, Filter.create(String.format("(lastModifiedTime<=%s)", StaticUtils.encodeGeneralizedTime(new Date(new Date().getTime() - TimeUnit.SECONDS.toMillis(i))))));
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return Collections.emptyList();
        }
    }

    public boolean isSessionValid(SessionId sessionId) {
        if (sessionId == null) {
            return false;
        }
        long millis = TimeUnit.SECONDS.toMillis(ConfigurationFactory.instance().getConfiguration().getSessionIdUnusedLifetime());
        long millis2 = TimeUnit.SECONDS.toMillis(ConfigurationFactory.instance().getConfiguration().getSessionIdUnauthenticatedUnusedLifetime());
        long currentTimeMillis = System.currentTimeMillis() - sessionId.getLastUsedAt().getTime();
        if (currentTimeMillis <= millis || ConfigurationFactory.instance().getConfiguration().getSessionIdUnusedLifetime() == -1) {
            return sessionId.getState() != SessionIdState.UNAUTHENTICATED || currentTimeMillis <= millis2 || ConfigurationFactory.instance().getConfiguration().getSessionIdUnauthenticatedUnusedLifetime() == -1;
        }
        return false;
    }

    private List<Prompt> getPromptsFromSessionId(SessionId sessionId) {
        return Prompt.fromString(sessionId.getSessionAttributes().get("prompt"), " ");
    }
}
