package pl.edu.icm.unity.engine.session;

import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.format.DateTimeFormatter;
import java.time.temporal.ChronoUnit;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.WeakHashMap;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.token.Token;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.engine.api.authn.LoginSession;
import pl.edu.icm.unity.engine.api.session.LoginToHttpSessionBinder;
import pl.edu.icm.unity.engine.api.session.SessionManagement;
import pl.edu.icm.unity.engine.api.session.SessionParticipant;
import pl.edu.icm.unity.engine.api.session.SessionParticipantTypesRegistry;
import pl.edu.icm.unity.engine.api.session.SessionParticipants;
import pl.edu.icm.unity.engine.api.token.TokensManagement;
import pl.edu.icm.unity.engine.api.utils.ExecutorsService;
import pl.edu.icm.unity.engine.attribute.AttributesHelper;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.exceptions.InternalException;
import pl.edu.icm.unity.exceptions.WrongArgumentException;
import pl.edu.icm.unity.stdext.attr.StringAttribute;
import pl.edu.icm.unity.store.api.EntityDAO;
import pl.edu.icm.unity.store.api.tx.Transactional;
import pl.edu.icm.unity.types.authn.AuthenticationRealm;
import pl.edu.icm.unity.types.basic.EntityInformation;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.types.basic.EntityState;

@Component
/* loaded from: input_file:pl/edu/icm/unity/engine/session/SessionManagementImpl.class */
public class SessionManagementImpl implements SessionManagement {
    private static final Logger log = Log.getLogger("unity.server", SessionManagementImpl.class);
    public static final long DB_ACTIVITY_WRITE_DELAY = 3000;
    public static final String SESSION_TOKEN_TYPE = "session";
    private TokensManagement tokensManagement;
    private LoginToHttpSessionBinder sessionBinder;
    private SessionParticipantTypesRegistry participantTypesRegistry;
    private EntityDAO entityDAO;
    private AttributesHelper attributeHelper;
    private Map<String, Long> recentUsageUpdates = new WeakHashMap();

    /* loaded from: input_file:pl/edu/icm/unity/engine/session/SessionManagementImpl$SessionExpiredException.class */
    public static class SessionExpiredException extends IllegalArgumentException {
    }

    /* loaded from: input_file:pl/edu/icm/unity/engine/session/SessionManagementImpl$TerminateInactiveSessions.class */
    private class TerminateInactiveSessions implements Runnable {
        private TerminateInactiveSessions() {
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                List<Token> allTokens = SessionManagementImpl.this.tokensManagement.getAllTokens(SessionManagementImpl.SESSION_TOKEN_TYPE);
                long currentTimeMillis = System.currentTimeMillis();
                for (Token token : allTokens) {
                    try {
                        removeSessionIfExpired(currentTimeMillis, token);
                    } catch (Exception e) {
                        SessionManagementImpl.log.warn("Removing expired session " + token.getValue() + " failed", e);
                    }
                }
            } catch (Exception e2) {
                SessionManagementImpl.log.warn("Encounterd an error when trying to obtain session tokens from DB. Cleanup will be tried again in the next round.", e2);
            }
        }

        private void removeSessionIfExpired(long j, Token token) {
            LoginSession loginSession = SessionManagementImpl.this.token2session(token);
            long time = j - loginSession.getLastUsed().getTime();
            if (time > loginSession.getMaxInactivity()) {
                SessionManagementImpl.log.debug("Expiring login session " + loginSession + " inactive for: " + time);
                try {
                    SessionManagementImpl.this.removeSession(loginSession.getId(), false);
                } catch (Exception e) {
                    SessionManagementImpl.log.error("Can't expire the session " + loginSession, e);
                }
            }
        }
    }

    @Autowired
    public SessionManagementImpl(TokensManagement tokensManagement, ExecutorsService executorsService, LoginToHttpSessionBinder loginToHttpSessionBinder, SessionParticipantTypesRegistry sessionParticipantTypesRegistry, EntityDAO entityDAO, AttributesHelper attributesHelper) {
        this.tokensManagement = tokensManagement;
        this.sessionBinder = loginToHttpSessionBinder;
        this.participantTypesRegistry = sessionParticipantTypesRegistry;
        this.entityDAO = entityDAO;
        this.attributeHelper = attributesHelper;
        executorsService.getService().scheduleWithFixedDelay(new TerminateInactiveSessions(), 20L, 30L, TimeUnit.SECONDS);
    }

    @Transactional
    public LoginSession getCreateSession(long j, AuthenticationRealm authenticationRealm, String str, String str2, LoginSession.RememberMeInfo rememberMeInfo, String str3, String str4) {
        try {
            try {
                LoginSession ownedSessionInternal = getOwnedSessionInternal(new EntityParam(Long.valueOf(j)), authenticationRealm.getName());
                if (ownedSessionInternal == null) {
                    LoginSession createSession = createSession(j, authenticationRealm, str, str2, rememberMeInfo, str3, str4);
                    clearScheduledRemovalStatus(j);
                    return createSession;
                }
                Date date = new Date();
                ownedSessionInternal.setLastUsed(date);
                ownedSessionInternal.setRememberMeInfo(rememberMeInfo);
                ownedSessionInternal.setOutdatedCredentialId(str2);
                ownedSessionInternal.setLogin1stFactor(new LoginSession.AuthNInfo(str3, date));
                ownedSessionInternal.setLogin2ndFactor(new LoginSession.AuthNInfo(str4, date));
                this.tokensManagement.updateToken(SESSION_TOKEN_TYPE, ownedSessionInternal.getId(), (Date) null, ownedSessionInternal.getTokenContents());
                if (log.isDebugEnabled()) {
                    log.debug("Using existing session " + ownedSessionInternal.getId() + " for logged entity " + ownedSessionInternal.getEntityId() + " in realm " + authenticationRealm.getName());
                }
                return ownedSessionInternal;
            } catch (EngineException e) {
                throw new InternalException("Can't retrieve current sessions of the authenticated user", e);
            }
        } finally {
            clearScheduledRemovalStatus(j);
        }
    }

    private void clearScheduledRemovalStatus(long j) {
        EntityInformation entityInformation = (EntityInformation) this.entityDAO.getByKey(j);
        if (entityInformation.getState() != EntityState.onlyLoginPermitted) {
            return;
        }
        log.debug("Removing scheduled removal of an account [as the user is being logged] for entity " + j);
        entityInformation.setState(EntityState.valid);
        entityInformation.setRemovalByUserTime((Date) null);
        this.entityDAO.updateByKey(j, entityInformation);
    }

    @Transactional
    public LoginSession createSession(long j, AuthenticationRealm authenticationRealm, String str, String str2, LoginSession.RememberMeInfo rememberMeInfo, String str3, String str4) {
        String uuid = UUID.randomUUID().toString();
        Date date = new Date();
        LoginSession loginSession = new LoginSession(uuid, date, authenticationRealm.getMaxInactivity() * 1000, j, authenticationRealm.getName(), rememberMeInfo, new LoginSession.AuthNInfo(str3, date), new LoginSession.AuthNInfo(str4, date));
        loginSession.setOutdatedCredentialId(str2);
        loginSession.setEntityLabel(str);
        try {
            this.tokensManagement.addToken(SESSION_TOKEN_TYPE, uuid, new EntityParam(Long.valueOf(j)), loginSession.getTokenContents(), loginSession.getStarted(), loginSession.getExpires());
            updateLoginAttributes(j, loginSession.getStarted());
            log.debug("Created a new session {} for logged entity {} in realm {}", loginSession.getId(), Long.valueOf(loginSession.getEntityId()), authenticationRealm.getName());
            return loginSession;
        } catch (Exception e) {
            throw new InternalException("Can't create a new session", e);
        }
    }

    @Transactional
    public void updateSessionAttributes(String str, SessionManagement.AttributeUpdater attributeUpdater) {
        updateSession(str, loginSession -> {
            attributeUpdater.updateAttributes(loginSession.getSessionData());
        });
    }

    @Transactional
    public void recordAdditionalAuthentication(String str, String str2) {
        updateSession(str, loginSession -> {
            loginSession.setAdditionalAuthn(new LoginSession.AuthNInfo(str2, new Date()));
        });
        log.debug("Recorded additional authentication with {} for session {}", str2, str);
    }

    public void removeSession(String str, boolean z) {
        this.sessionBinder.removeLoginSession(str, z);
        try {
            this.tokensManagement.removeToken(SESSION_TOKEN_TYPE, str);
            if (log.isDebugEnabled()) {
                log.debug("Removed session with id " + str);
            }
        } catch (IllegalArgumentException e) {
        }
    }

    public LoginSession getSession(String str) {
        LoginSession loginSession = token2session(this.tokensManagement.getTokenById(SESSION_TOKEN_TYPE, str));
        if (loginSession.isExpiredAt(System.currentTimeMillis())) {
            throw new SessionExpiredException();
        }
        log.trace("Returning session {} last used at {} maxInactivity {}", str, loginSession.getLastUsed(), Long.valueOf(loginSession.getMaxInactivity()));
        return loginSession;
    }

    private LoginSession getOwnedSessionInternal(EntityParam entityParam, String str) throws EngineException {
        Iterator it = this.tokensManagement.getOwnedTokens(SESSION_TOKEN_TYPE, entityParam).iterator();
        while (it.hasNext()) {
            LoginSession loginSession = token2session((Token) it.next());
            if (str.equals(loginSession.getRealm()) && !loginSession.isExpiredAt(System.currentTimeMillis())) {
                return loginSession;
            }
        }
        return null;
    }

    @Transactional
    public LoginSession getOwnedSession(EntityParam entityParam, String str) throws EngineException {
        LoginSession ownedSessionInternal = getOwnedSessionInternal(entityParam, str);
        if (ownedSessionInternal == null) {
            throw new WrongArgumentException("No session for this owner in the given realm");
        }
        return ownedSessionInternal;
    }

    @Transactional
    public void updateSessionActivity(String str) {
        Long l = this.recentUsageUpdates.get(str);
        if (l == null || System.currentTimeMillis() >= l.longValue() + DB_ACTIVITY_WRITE_DELAY) {
            if (!updateSession(str, loginSession -> {
                loginSession.setLastUsed(new Date());
            })) {
                throw new SessionExpiredException();
            }
            log.trace("Updated in db session activity timestamp for " + str);
            this.recentUsageUpdates.put(str, Long.valueOf(System.currentTimeMillis()));
        }
    }

    public void addSessionParticipant(SessionParticipant... sessionParticipantArr) {
        LoginSession loginSession = InvocationContext.getCurrent().getLoginSession();
        try {
            updateSessionAttributes(loginSession.getId(), new SessionParticipants.AddParticipantToSessionTask(this.participantTypesRegistry, sessionParticipantArr));
        } catch (IllegalArgumentException e) {
            throw new InternalException("Can not add session participant to the existing session?", e);
        }
    }

    private boolean updateSession(String str, Consumer<LoginSession> consumer) {
        LoginSession loginSession = token2session(this.tokensManagement.getTokenById(SESSION_TOKEN_TYPE, str));
        if (loginSession.isExpiredAt(System.currentTimeMillis())) {
            return false;
        }
        consumer.accept(loginSession);
        updateCurrentSessionIfMatching(loginSession);
        this.tokensManagement.updateToken(SESSION_TOKEN_TYPE, str, (Date) null, loginSession.getTokenContents());
        return true;
    }

    private void updateCurrentSessionIfMatching(LoginSession loginSession) {
        LoginSession loginSession2;
        if (InvocationContext.hasCurrent() && (loginSession2 = InvocationContext.getCurrent().getLoginSession()) != null && loginSession.getId().equals(loginSession2.getId())) {
            InvocationContext.getCurrent().setLoginSession(loginSession);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public LoginSession token2session(Token token) {
        LoginSession loginSession = new LoginSession();
        loginSession.deserialize(token);
        return loginSession;
    }

    private void updateLoginAttributes(long j, Date date) throws EngineException {
        this.attributeHelper.addSystemAttribute(j, StringAttribute.of(LastAuthenticationAttributeTypeProvider.LAST_AUTHENTICATION, "/", new String[]{LocalDateTime.ofInstant(date.toInstant().truncatedTo(ChronoUnit.SECONDS), ZoneId.systemDefault()).format(DateTimeFormatter.ISO_LOCAL_DATE_TIME)}), true);
    }
}
