package org.xdi.oxauth.service;

import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.util.StaticUtils;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.gluu.site.ldap.persistence.BatchOperation;
import org.gluu.site.ldap.persistence.LdapEntryManager;
import org.gluu.site.ldap.persistence.exception.EmptyEntryPersistenceException;
import org.gluu.site.ldap.persistence.exception.EntryPersistenceException;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.log.Log;
import org.xdi.ldap.model.SearchScope;
import org.xdi.oxauth.audit.ApplicationAuditLogger;
import org.xdi.oxauth.filter.CorsFilter;
import org.xdi.oxauth.model.audit.Action;
import org.xdi.oxauth.model.audit.OAuth2AuditLog;
import org.xdi.oxauth.model.common.Prompt;
import org.xdi.oxauth.model.common.SessionId;
import org.xdi.oxauth.model.common.SessionIdState;
import org.xdi.oxauth.model.config.StaticConf;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.xdi.oxauth.model.jwk.JSONWebKeySet;
import org.xdi.oxauth.model.jwt.Jwt;
import org.xdi.oxauth.model.jwt.JwtSubClaimObject;
import org.xdi.oxauth.model.token.JwtSigner;
import org.xdi.oxauth.model.util.Util;
import org.xdi.oxauth.service.external.ExternalAuthenticationService;
import org.xdi.oxauth.util.ServerUtil;
import org.xdi.util.StringHelper;

@Name("sessionIdService")
@AutoCreate
@Scope(ScopeType.STATELESS)
/* loaded from: input_file:org/xdi/oxauth/service/SessionIdService.class */
public class SessionIdService {
    public static final String SESSION_STATE_COOKIE_NAME = "session_state";
    public static final String SESSION_ID_COOKIE_NAME = "session_id";
    public static final String SESSION_CUSTOM_STATE = "session_custom_state";

    @Logger
    private Log log;

    @In
    private LdapEntryManager ldapEntryManager;

    @In
    private AuthenticationService authenticationService;

    @In
    private ExternalAuthenticationService externalAuthenticationService;

    @In
    private ApplicationAuditLogger applicationAuditLogger;

    @In
    private AppConfiguration appConfiguration;

    @In
    private StaticConf staticConfiguration;

    @In
    private JSONWebKeySet webKeysConfiguration;

    @In(required = false)
    private FacesContext facesContext;

    @In(value = "#{facesContext.externalContext}", required = false)
    private ExternalContext externalContext;

    public static SessionIdService instance() {
        return (SessionIdService) Component.getInstance(SessionIdService.class);
    }

    public String getAcr(SessionId sessionId) {
        if (sessionId == null || sessionId.getSessionAttributes() == null) {
            return null;
        }
        String str = sessionId.getSessionAttributes().get("acr");
        if (StringUtils.isBlank(str)) {
            str = sessionId.getSessionAttributes().get("acr_values");
        }
        return str;
    }

    public SessionId assertAuthenticatedSessionCorrespondsToNewRequest(SessionId sessionId, String str) throws AcrChangedException {
        if (sessionId != null && !sessionId.getSessionAttributes().isEmpty() && sessionId.getState() == SessionIdState.AUTHENTICATED) {
            Map<String, String> sessionAttributes = sessionId.getSessionAttributes();
            String acr = getAcr(sessionId);
            if (StringUtils.isBlank(acr)) {
                this.log.error("Failed to fetch acr from session, attributes: " + sessionAttributes, new Object[0]);
                return sessionId;
            }
            if ((str == null || str.equals(acr)) ? false : true) {
                Map<String, Integer> acrToLevelMapping = this.externalAuthenticationService.acrToLevelMapping();
                Integer num = acrToLevelMapping.get(acr);
                Integer num2 = acrToLevelMapping.get(str);
                this.log.info("Acr is changed. Session acr: " + acr + "(level: " + num + "), current acr: " + str + "(level: " + num2 + ")", new Object[0]);
                if (num.intValue() < num2.intValue()) {
                    throw new AcrChangedException();
                }
                return sessionId;
            }
            reinitLogin(sessionId, false);
        }
        return sessionId;
    }

    public void reinitLogin(SessionId sessionId, boolean z) {
        Map<String, String> sessionAttributes = sessionId.getSessionAttributes();
        Map<String, String> currentSessionAttributes = getCurrentSessionAttributes(sessionAttributes);
        if (z || !currentSessionAttributes.equals(sessionAttributes)) {
            sessionAttributes.putAll(currentSessionAttributes);
            sessionAttributes.put("auth_step", "1");
            Iterator<Map.Entry<String, String>> it = currentSessionAttributes.entrySet().iterator();
            while (it.hasNext()) {
                if (it.next().getKey().startsWith("auth_step_passed_")) {
                    it.remove();
                }
            }
            sessionId.setSessionAttributes(currentSessionAttributes);
            if (updateSessionId(sessionId, true, true, true)) {
                return;
            }
            this.log.debug("Failed to update session entry: '{0}'", new Object[]{sessionId.getId()});
        }
    }

    public void resetToStep(SessionId sessionId, int i) {
        Map<String, String> sessionAttributes = sessionId.getSessionAttributes();
        int integer = sessionAttributes.containsKey("auth_step") ? StringHelper.toInteger(sessionAttributes.get("auth_step"), 1) : 1;
        for (int i2 = i; i2 <= integer; i2++) {
            sessionAttributes.remove(String.format("auth_step_passed_%d", Integer.valueOf(i2)));
        }
        sessionAttributes.put("auth_step", String.valueOf(i));
        if (updateSessionId(sessionId, true, true, true)) {
            return;
        }
        this.log.debug("Failed to update session entry: '{0}'", new Object[]{sessionId.getId()});
    }

    private Map<String, String> getCurrentSessionAttributes(Map<String, String> map) {
        if (this.facesContext == null) {
            return map;
        }
        HashMap hashMap = new HashMap(map);
        for (Map.Entry<String, String> entry : this.authenticationService.getAllowedParameters(this.externalContext.getRequestParameterMap()).entrySet()) {
            String key = entry.getKey();
            if (!StringHelper.equalsIgnoreCase(key, "auth_step")) {
                hashMap.put(key, entry.getValue());
            }
        }
        return hashMap;
    }

    public String getSessionIdFromCookie(HttpServletRequest httpServletRequest) {
        try {
            Cookie[] cookies = httpServletRequest.getCookies();
            if (cookies != null) {
                for (Cookie cookie : cookies) {
                    if (cookie.getName().equals(SESSION_ID_COOKIE_NAME)) {
                        this.log.trace("Found session_id cookie: '{0}'", new Object[]{cookie.getValue()});
                        return cookie.getValue();
                    }
                }
            }
            return CorsFilter.DEFAULT_EXPOSED_HEADERS;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return CorsFilter.DEFAULT_EXPOSED_HEADERS;
        }
    }

    public String getSessionIdFromCookie() {
        try {
            if (this.facesContext == null) {
                return null;
            }
            return getSessionIdFromCookie((HttpServletRequest) this.externalContext.getRequest());
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return null;
        }
    }

    public void createSessionIdCookie(String str, String str2, HttpServletResponse httpServletResponse) {
        String str3 = ((("session_id=" + str) + "; Path=/") + "; Secure") + "; HttpOnly";
        Integer sessionIdLifetime = this.appConfiguration.getSessionIdLifetime();
        if (sessionIdLifetime != null) {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("E, dd MMM yyyy HH:mm:ss Z");
            Calendar calendar = Calendar.getInstance();
            calendar.add(13, sessionIdLifetime.intValue());
            str3 = str3 + "; Expires=" + simpleDateFormat.format(calendar.getTime()) + ";";
        }
        httpServletResponse.addHeader("Set-Cookie", str3);
        createSessionStateCookie(str2, httpServletResponse);
    }

    public void createSessionIdCookie(String str, String str2) {
        try {
            Object response = this.externalContext.getResponse();
            if (response instanceof HttpServletResponse) {
                createSessionIdCookie(str, str2, (HttpServletResponse) response);
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
        }
    }

    public void createSessionStateCookie(String str, HttpServletResponse httpServletResponse) {
        String str2 = (("session_state=" + str) + "; Path=/") + "; Secure";
        Integer sessionIdLifetime = this.appConfiguration.getSessionIdLifetime();
        if (sessionIdLifetime != null) {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("E, dd MMM yyyy HH:mm:ss Z");
            Calendar calendar = Calendar.getInstance();
            calendar.add(13, sessionIdLifetime.intValue());
            str2 = str2 + "; Expires=" + simpleDateFormat.format(calendar.getTime()) + ";";
        }
        httpServletResponse.addHeader("Set-Cookie", str2);
    }

    public void removeSessionIdCookie() {
        try {
            if (this.facesContext != null && this.externalContext != null) {
                Object response = this.externalContext.getResponse();
                if (response instanceof HttpServletResponse) {
                    removeSessionIdCookie((HttpServletResponse) response);
                }
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
        }
    }

    public void removeSessionIdCookie(HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(SESSION_ID_COOKIE_NAME, (String) null);
        cookie.setPath("/");
        cookie.setMaxAge(0);
        httpServletResponse.addCookie(cookie);
    }

    public SessionId getSessionId() {
        String sessionIdFromCookie = getSessionIdFromCookie();
        if (StringHelper.isNotEmpty(sessionIdFromCookie)) {
            return getSessionId(sessionIdFromCookie);
        }
        return null;
    }

    public Map<String, String> getSessionAttributes(SessionId sessionId) {
        if (sessionId != null) {
            return sessionId.getSessionAttributes();
        }
        return null;
    }

    public SessionId generateAuthenticatedSessionId(String str) {
        return generateAuthenticatedSessionId(str, CorsFilter.DEFAULT_EXPOSED_HEADERS);
    }

    public SessionId generateAuthenticatedSessionId(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("prompt", str2);
        return generateSessionId(str, new Date(), SessionIdState.AUTHENTICATED, hashMap, true);
    }

    public SessionId generateAuthenticatedSessionId(String str, Map<String, String> map) {
        return generateSessionId(str, new Date(), SessionIdState.AUTHENTICATED, map, true);
    }

    public SessionId generateUnauthenticatedSessionId(String str, Date date, SessionIdState sessionIdState, Map<String, String> map, boolean z) {
        return generateSessionId(str, date, sessionIdState, map, z);
    }

    private SessionId generateSessionId(String str, Date date, SessionIdState sessionIdState, Map<String, String> map, boolean z) {
        String uuid = UUID.randomUUID().toString();
        String uuid2 = UUID.randomUUID().toString();
        String dn = dn(uuid);
        if (StringUtils.isBlank(dn)) {
            return null;
        }
        if (SessionIdState.AUTHENTICATED == sessionIdState && StringUtils.isBlank(str)) {
            return null;
        }
        SessionId sessionId = new SessionId();
        sessionId.setId(uuid);
        sessionId.setDn(dn);
        sessionId.setUserDn(str);
        sessionId.setSessionState(uuid2);
        Boolean sessionAsJwt = this.appConfiguration.getSessionAsJwt();
        sessionId.setIsJwt(Boolean.valueOf(sessionAsJwt != null && sessionAsJwt.booleanValue()));
        if (date != null) {
            sessionId.setAuthenticationTime(date);
        }
        if (sessionIdState != null) {
            sessionId.setState(sessionIdState);
        }
        sessionId.setSessionAttributes(map);
        sessionId.setLastUsedAt(new Date());
        if (sessionId.getIsJwt().booleanValue()) {
            sessionId.setJwt(generateJwt(sessionId, str).asString());
        }
        boolean z2 = false;
        if (z) {
            z2 = persistSessionId(sessionId);
        }
        auditLogging(sessionId);
        this.log.trace("Generated new session, id = '{0}', state = '{1}', asJwt = '{2}', persisted = '{3}'", new Object[]{sessionId.getId(), sessionId.getState(), sessionId.getIsJwt(), Boolean.valueOf(z2)});
        return sessionId;
    }

    private Jwt generateJwt(SessionId sessionId, String str) {
        try {
            JwtSigner jwtSigner = new JwtSigner(this.appConfiguration, this.webKeysConfiguration, SignatureAlgorithm.RS512, str);
            Jwt newJwt = jwtSigner.newJwt();
            newJwt.getClaims().setClaim("id", sessionId.getId());
            newJwt.getClaims().setClaim("authentication_time", sessionId.getAuthenticationTime());
            newJwt.getClaims().setClaim("user_dn", sessionId.getUserDn());
            newJwt.getClaims().setClaim("state", sessionId.getState() != null ? sessionId.getState().getValue() : CorsFilter.DEFAULT_EXPOSED_HEADERS);
            newJwt.getClaims().setClaim("session_attributes", JwtSubClaimObject.fromMap(sessionId.getSessionAttributes()));
            newJwt.getClaims().setClaim("last_used_at", sessionId.getLastUsedAt());
            newJwt.getClaims().setClaim("permission_granted", sessionId.getPermissionGranted());
            newJwt.getClaims().setClaim("permission_granted_map", JwtSubClaimObject.fromBooleanMap(sessionId.getPermissionGrantedMap().getPermissionGranted()));
            newJwt.getClaims().setClaim("involved_clients_map", JwtSubClaimObject.fromBooleanMap(sessionId.getInvolvedClients().getPermissionGranted()));
            return jwtSigner.sign();
        } catch (Exception e) {
            this.log.error("Failed to sign session jwt! " + e.getMessage(), e, new Object[0]);
            throw new RuntimeException(e);
        }
    }

    public SessionId setSessionIdAuthenticated(SessionId sessionId, String str) {
        sessionId.setUserDn(str);
        sessionId.setAuthenticationTime(new Date());
        sessionId.setState(SessionIdState.AUTHENTICATED);
        boolean updateSessionId = updateSessionId(sessionId, true, true, true);
        auditLogging(sessionId);
        this.log.trace("Authenticated session, id = '{0}', state = '{1}', persisted = '{2}'", new Object[]{sessionId.getId(), sessionId.getState(), Boolean.valueOf(updateSessionId)});
        return sessionId;
    }

    public boolean persistSessionId(SessionId sessionId) {
        return persistSessionId(sessionId, false);
    }

    public boolean persistSessionId(SessionId sessionId, boolean z) {
        List<Prompt> promptsFromSessionId = getPromptsFromSessionId(sessionId);
        try {
            if ((this.appConfiguration.getSessionIdUnusedLifetime() <= 0 || !isPersisted(promptsFromSessionId)) && !z) {
                return false;
            }
            sessionId.setLastUsedAt(new Date());
            sessionId.setPersisted(true);
            this.log.trace("sessionIdAttributes: " + sessionId.getPermissionGrantedMap(), new Object[0]);
            this.ldapEntryManager.persist(sessionId);
            return true;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return false;
        }
    }

    public boolean updateSessionId(SessionId sessionId) {
        return updateSessionId(sessionId, true);
    }

    public boolean updateSessionId(SessionId sessionId, boolean z) {
        return updateSessionId(sessionId, z, false, true);
    }

    public boolean updateSessionId(SessionId sessionId, boolean z, boolean z2, boolean z3) {
        List<Prompt> promptsFromSessionId = getPromptsFromSessionId(sessionId);
        try {
            if ((this.appConfiguration.getSessionIdUnusedLifetime() > 0 && isPersisted(promptsFromSessionId)) || z2) {
                boolean z4 = z3;
                if (z) {
                    Date date = new Date();
                    if (sessionId.getLastUsedAt() == null) {
                        z4 = true;
                        sessionId.setLastUsedAt(date);
                    } else if (date.getTime() - sessionId.getLastUsedAt().getTime() > 500) {
                        z4 = true;
                        sessionId.setLastUsedAt(date);
                    }
                }
                if (!sessionId.isPersisted()) {
                    z4 = true;
                    sessionId.setPersisted(true);
                }
                if (z4) {
                    try {
                        mergeWithRetry(sessionId, 3);
                    } catch (EmptyEntryPersistenceException e) {
                        this.log.warn("Faield to update session entry '{0}': '{1}'", new Object[]{sessionId.getId(), e.getMessage()});
                    }
                }
            }
            return true;
        } catch (Exception e2) {
            this.log.error(e2.getMessage(), e2, new Object[0]);
            return false;
        }
    }

    private SessionId mergeWithRetry(SessionId sessionId, int i) {
        EntryPersistenceException entryPersistenceException = null;
        for (int i2 = 1; i2 <= i; i2++) {
            try {
                return (SessionId) this.ldapEntryManager.merge(sessionId);
            } catch (EntryPersistenceException e) {
                entryPersistenceException = e;
                if (e.getCause() instanceof LDAPException) {
                    LDAPException cause = e.getCause();
                    this.log.debug("LDAP exception resultCode: '{0}'", new Object[]{Integer.valueOf(cause.getResultCode().intValue())});
                    if (cause.getResultCode().intValue() == 16 || cause.getResultCode().intValue() == 20) {
                        this.log.warn("Session entry update attempt '{0}' was unsuccessfull", new Object[]{Integer.valueOf(i2)});
                    }
                }
                throw e;
            }
        }
        this.log.error("Session entry update attempt was unsuccessfull after '{0}' attempts", new Object[]{Integer.valueOf(i)});
        throw entryPersistenceException;
    }

    public void updateSessionIdIfNeeded(SessionId sessionId, boolean z) {
        updateSessionId(sessionId, true, false, z);
    }

    private boolean isPersisted(List<Prompt> list) {
        if (list == null || !list.contains(Prompt.NONE)) {
            return true;
        }
        Boolean sessionIdPersistOnPromptNone = this.appConfiguration.getSessionIdPersistOnPromptNone();
        return sessionIdPersistOnPromptNone != null && sessionIdPersistOnPromptNone.booleanValue();
    }

    private String dn(String str) {
        String baseDn = getBaseDn();
        StringBuilder sb = new StringBuilder();
        if (Util.allNotBlank(new String[]{str, getBaseDn()})) {
            sb.append("oxAuthSessionId=").append(str).append(",").append(baseDn);
        }
        return sb.toString();
    }

    public SessionId getSessionByDN(String str) {
        try {
            return (SessionId) this.ldapEntryManager.find(SessionId.class, str);
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e, new Object[0]);
            return null;
        }
    }

    public SessionId getSessionId(String str) {
        if (StringHelper.isEmpty(str)) {
            return null;
        }
        String dn = dn(str);
        if (!containsSessionId(dn)) {
            return null;
        }
        try {
            SessionId sessionByDN = getSessionByDN(dn);
            this.log.trace("Try to get session by id: {0} ...", new Object[]{str});
            if (sessionByDN != null) {
                this.log.trace("Session dn: {0}", new Object[]{sessionByDN.getDn()});
                if (isSessionValid(sessionByDN)) {
                    return sessionByDN;
                }
            }
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e, new Object[0]);
        }
        this.log.trace("Failed to get session by id: {0}", new Object[]{str});
        return null;
    }

    public boolean containsSessionId(String str) {
        try {
            return this.ldapEntryManager.contains(SessionId.class, str);
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e, new Object[0]);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getBaseDn() {
        return this.staticConfiguration.getBaseDn().getSessionId();
    }

    public boolean remove(SessionId sessionId) {
        try {
            this.ldapEntryManager.remove(sessionId);
            return true;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return false;
        }
    }

    public void remove(List<SessionId> list) {
        Iterator<SessionId> it = list.iterator();
        while (it.hasNext()) {
            try {
                remove(it.next());
            } catch (Exception e) {
                this.log.error("Failed to remove entry", e, new Object[0]);
            }
        }
    }

    public void cleanUpSessions() {
        final int sessionIdUnusedLifetime = this.appConfiguration.getSessionIdUnusedLifetime();
        final int sessionIdUnauthenticatedUnusedLifetime = this.appConfiguration.getSessionIdUnauthenticatedUnusedLifetime();
        new BatchOperation<SessionId>(this.ldapEntryManager) { // from class: org.xdi.oxauth.service.SessionIdService.1
            protected List<SessionId> getChunkOrNull(int i) {
                return SessionIdService.this.ldapEntryManager.findEntries(SessionIdService.this.getBaseDn(), SessionId.class, getFilter(), SearchScope.SUB, (String[]) null, this, 0, i, i);
            }

            protected void performAction(List<SessionId> list) {
                SessionIdService.this.remove(list);
            }

            private Filter getFilter() {
                try {
                    String encodeGeneralizedTime = StaticUtils.encodeGeneralizedTime(new Date(new Date().getTime() - TimeUnit.SECONDS.toMillis(sessionIdUnauthenticatedUnusedLifetime)));
                    return Filter.create(String.format("&(oxLastAccessTime<=%s)(oxState=unauthenticated)", encodeGeneralizedTime, encodeGeneralizedTime));
                } catch (LDAPException e) {
                    SessionIdService.this.log.trace(e.getMessage(), e, new Object[0]);
                    return Filter.createPresenceFilter("oxLastAccessTime");
                }
            }
        }.iterateAllByChunks(100);
        new BatchOperation<SessionId>(this.ldapEntryManager) { // from class: org.xdi.oxauth.service.SessionIdService.2
            protected List<SessionId> getChunkOrNull(int i) {
                return SessionIdService.this.ldapEntryManager.findEntries(SessionIdService.this.getBaseDn(), SessionId.class, getFilter(), SearchScope.SUB, (String[]) null, this, 0, i, i);
            }

            protected void performAction(List<SessionId> list) {
                SessionIdService.this.remove(list);
            }

            private Filter getFilter() {
                try {
                    String encodeGeneralizedTime = StaticUtils.encodeGeneralizedTime(new Date(new Date().getTime() - TimeUnit.SECONDS.toMillis(sessionIdUnusedLifetime)));
                    return Filter.create(String.format("(oxLastAccessTime<=%s)", encodeGeneralizedTime, encodeGeneralizedTime));
                } catch (LDAPException e) {
                    SessionIdService.this.log.trace(e.getMessage(), e, new Object[0]);
                    return Filter.createPresenceFilter("oxLastAccessTime");
                }
            }
        }.iterateAllByChunks(100);
    }

    public List<SessionId> getUnauthenticatedIdsOlderThan(int i) {
        try {
            String encodeGeneralizedTime = StaticUtils.encodeGeneralizedTime(new Date(new Date().getTime() - TimeUnit.SECONDS.toMillis(i)));
            return this.ldapEntryManager.findEntries(getBaseDn(), SessionId.class, Filter.create(String.format("&(oxLastAccessTime<=%s)(oxState=unauthenticated)", encodeGeneralizedTime, encodeGeneralizedTime)));
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return Collections.emptyList();
        }
    }

    public List<SessionId> getIdsOlderThan(int i) {
        try {
            String encodeGeneralizedTime = StaticUtils.encodeGeneralizedTime(new Date(new Date().getTime() - TimeUnit.SECONDS.toMillis(i)));
            return this.ldapEntryManager.findEntries(getBaseDn(), SessionId.class, Filter.create(String.format("(oxLastAccessTime<=%s)", encodeGeneralizedTime, encodeGeneralizedTime)));
        } catch (Exception e) {
            this.log.error(e.getMessage(), e, new Object[0]);
            return Collections.emptyList();
        }
    }

    public boolean isSessionValid(SessionId sessionId) {
        if (sessionId == null) {
            return false;
        }
        long millis = TimeUnit.SECONDS.toMillis(this.appConfiguration.getSessionIdUnusedLifetime());
        long millis2 = TimeUnit.SECONDS.toMillis(this.appConfiguration.getSessionIdUnauthenticatedUnusedLifetime());
        long currentTimeMillis = System.currentTimeMillis() - sessionId.getLastUsedAt().getTime();
        if (currentTimeMillis <= millis || this.appConfiguration.getSessionIdUnusedLifetime() == -1) {
            return sessionId.getState() != SessionIdState.UNAUTHENTICATED || currentTimeMillis <= millis2 || this.appConfiguration.getSessionIdUnauthenticatedUnusedLifetime() == -1;
        }
        return false;
    }

    private List<Prompt> getPromptsFromSessionId(SessionId sessionId) {
        return Prompt.fromString(sessionId.getSessionAttributes().get("prompt"), " ");
    }

    public boolean isSessionIdAuthenticated() {
        SessionId sessionId = getSessionId();
        if (sessionId == null) {
            return false;
        }
        return SessionIdState.AUTHENTICATED.equals(sessionId.getState());
    }

    public boolean isNotSessionIdAuthenticated() {
        return !isSessionIdAuthenticated();
    }

    private void auditLogging(SessionId sessionId) {
        Action action;
        HttpServletRequest requestOrNull = ServerUtil.getRequestOrNull();
        if (requestOrNull != null) {
            switch (sessionId.getState()) {
                case AUTHENTICATED:
                    action = Action.SESSION_AUTHENTICATED;
                    break;
                case UNAUTHENTICATED:
                    action = Action.SESSION_UNAUTHENTICATED;
                    break;
                default:
                    action = Action.SESSION_UNAUTHENTICATED;
                    break;
            }
            OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(requestOrNull), action);
            oAuth2AuditLog.setSuccess(true);
            this.applicationAuditLogger.sendMessage(oAuth2AuditLog);
        }
    }
}
