package io.jans.as.server.service;

import com.google.common.base.Preconditions;
import com.google.common.collect.Sets;
import com.unboundid.ldap.sdk.LDAPException;
import io.jans.as.common.model.common.User;
import io.jans.as.common.model.session.SessionId;
import io.jans.as.common.model.session.SessionIdState;
import io.jans.as.model.common.Prompt;
import io.jans.as.model.config.StaticConfiguration;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.util.JwtUtil;
import io.jans.as.model.util.Pair;
import io.jans.as.model.util.Util;
import io.jans.as.server.audit.ApplicationAuditLogger;
import io.jans.as.server.model.audit.Action;
import io.jans.as.server.model.audit.OAuth2AuditLog;
import io.jans.as.server.model.config.Constants;
import io.jans.as.server.model.exception.AcrChangedException;
import io.jans.as.server.model.exception.InvalidSessionStateException;
import io.jans.as.server.security.Identity;
import io.jans.as.server.service.exception.FailedComputeSessionStateException;
import io.jans.as.server.service.external.ExternalApplicationSessionService;
import io.jans.as.server.service.external.ExternalAuthenticationService;
import io.jans.as.server.service.external.session.SessionEvent;
import io.jans.as.server.service.external.session.SessionEventType;
import io.jans.as.server.service.stat.StatService;
import io.jans.as.server.util.ServerUtil;
import io.jans.orm.PersistenceEntryManager;
import io.jans.orm.exception.EntryPersistenceException;
import io.jans.orm.search.filter.Filter;
import io.jans.service.CacheService;
import io.jans.service.LocalCacheService;
import io.jans.util.StringHelper;
import jakarta.enterprise.context.RequestScoped;
import jakarta.faces.context.ExternalContext;
import jakarta.faces.context.FacesContext;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang.StringUtils;
import org.jetbrains.annotations.Nullable;
import org.json.JSONException;
import org.slf4j.Logger;

@Named
@RequestScoped
/* loaded from: input_file:io/jans/as/server/service/SessionIdService.class */
public class SessionIdService {
    private static final int MAX_MERGE_ATTEMPTS = 3;
    private static final int DEFAULT_LOCAL_CACHE_EXPIRATION = 2;

    @Inject
    private Logger log;

    @Inject
    private ExternalAuthenticationService externalAuthenticationService;

    @Inject
    private ExternalApplicationSessionService externalApplicationSessionService;

    @Inject
    private ApplicationAuditLogger applicationAuditLogger;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private FacesContext facesContext;

    @Inject
    private ExternalContext externalContext;

    @Inject
    private RequestParameterService requestParameterService;

    @Inject
    private io.jans.as.common.service.common.UserService userService;

    @Inject
    private PersistenceEntryManager persistenceEntryManager;

    @Inject
    private StaticConfiguration staticConfiguration;

    @Inject
    private CookieService cookieService;

    @Inject
    private Identity identity;

    @Inject
    private LocalCacheService localCacheService;

    @Inject
    private CacheService cacheService;

    @Inject
    private StatService statService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.jans.as.server.service.SessionIdService$1, reason: invalid class name */
    /* loaded from: input_file:io/jans/as/server/service/SessionIdService$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$jans$as$common$model$session$SessionIdState = new int[SessionIdState.values().length];

        static {
            try {
                $SwitchMap$io$jans$as$common$model$session$SessionIdState[SessionIdState.AUTHENTICATED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$jans$as$common$model$session$SessionIdState[SessionIdState.UNAUTHENTICATED.ordinal()] = SessionIdService.DEFAULT_LOCAL_CACHE_EXPIRATION;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    private String buildDn(String str) {
        return String.format("jansId=%s,%s", str, this.staticConfiguration.getBaseDn().getSessions());
    }

    public Set<SessionId> getCurrentSessions() {
        Set<String> currentSessions = this.cookieService.getCurrentSessions();
        this.log.trace("current_sessions: {}", currentSessions);
        HashSet newHashSet = Sets.newHashSet();
        for (String str : currentSessions) {
            if (StringUtils.isBlank(str)) {
                this.log.error("Invalid sessionId in current_sessions: {}", str);
            } else {
                SessionId sessionId = getSessionId(str);
                if (sessionId == null) {
                    this.log.trace("Unable to find session object by id: {} (expired?)", str);
                } else if (sessionId.getState() != SessionIdState.AUTHENTICATED) {
                    this.log.error("Session is not authenticated, id: {}", str);
                } else {
                    newHashSet.add(sessionId);
                }
            }
        }
        return newHashSet;
    }

    public String getAcr(SessionId sessionId) {
        if (sessionId == null) {
            return null;
        }
        String str = (String) sessionId.getSessionAttributes().get("acr");
        if (StringUtils.isBlank(str)) {
            str = (String) sessionId.getSessionAttributes().get("acr_values");
        }
        return str;
    }

    public SessionId assertAuthenticatedSessionCorrespondsToNewRequest(SessionId sessionId, String str) throws AcrChangedException {
        if (sessionId != null && !sessionId.getSessionAttributes().isEmpty() && sessionId.getState() == SessionIdState.AUTHENTICATED) {
            Map sessionAttributes = sessionId.getSessionAttributes();
            String acr = getAcr(sessionId);
            if (StringUtils.isBlank(acr)) {
                boolean containsKey = sessionAttributes.containsKey("device_authorization");
                this.log.trace("Failed to fetch acr from session, attributes: {}", sessionAttributes);
                if (!containsKey) {
                    return sessionId;
                }
            }
            List<String> acrValuesList = acrValuesList(str);
            if ((acrValuesList.isEmpty() || acrValuesList.contains(acr)) ? false : true) {
                Map<String, Integer> acrToLevelMapping = this.externalAuthenticationService.acrToLevelMapping();
                Integer valueOf = Integer.valueOf(Util.asInt(acrToLevelMapping.get(this.externalAuthenticationService.scriptName(acr)), -1));
                this.log.trace("acrChanged, acrToLevel: {}, sessionAcrLevel: {}", acrToLevelMapping, valueOf);
                for (String str2 : acrValuesList) {
                    Integer num = acrToLevelMapping.get(this.externalAuthenticationService.scriptName(str2));
                    this.log.info("Acr is changed. Session acr: {} (level: {}), current acr: {} (level: {})", new Object[]{acr, valueOf, str2, num});
                    if (num == null) {
                        if (Util.isBuiltInPasswordAuthn(str2)) {
                            return sessionId;
                        }
                        throw new AcrChangedException(false);
                    }
                    if (valueOf.intValue() < num.intValue()) {
                        throw new AcrChangedException();
                    }
                }
                return sessionId;
            }
            reinitLogin(sessionId, false);
        }
        return sessionId;
    }

    private static boolean shouldReinitSession(Map<String, String> map, Map<String, String> map2) {
        HashMap hashMap = new HashMap(map);
        HashMap hashMap2 = new HashMap(map2);
        hashMap.remove("state");
        hashMap2.remove("state");
        return !hashMap2.equals(hashMap);
    }

    public boolean reinitLogin(SessionId sessionId, boolean z) {
        Map<String, String> sessionAttributes = sessionId.getSessionAttributes();
        Map<String, String> currentSessionAttributes = getCurrentSessionAttributes(sessionAttributes);
        if (this.log.isTraceEnabled()) {
            this.log.trace("sessionAttributes: {}", sessionAttributes);
            this.log.trace("currentSessionAttributes: {}", currentSessionAttributes);
            this.log.trace("shouldReinitSession: {}, force: {}", Boolean.valueOf(shouldReinitSession(sessionAttributes, currentSessionAttributes)), Boolean.valueOf(z));
        }
        if (!z && !shouldReinitSession(sessionAttributes, currentSessionAttributes)) {
            return false;
        }
        sessionAttributes.putAll(currentSessionAttributes);
        sessionAttributes.put("c", "1");
        Iterator<Map.Entry<String, String>> it = currentSessionAttributes.entrySet().iterator();
        while (it.hasNext()) {
            if (it.next().getKey().startsWith("auth_step_passed_")) {
                it.remove();
            }
        }
        sessionId.setSessionAttributes(currentSessionAttributes);
        if (z) {
            sessionId.setState(SessionIdState.UNAUTHENTICATED);
            externalEvent(new SessionEvent(SessionEventType.UNAUTHENTICATED, sessionId));
        }
        boolean updateSessionId = updateSessionId(sessionId, true, true, true);
        if (!updateSessionId) {
            this.log.debug("Failed to update session entry: '{}'", sessionId.getId());
        }
        if (this.log.isTraceEnabled()) {
            this.log.trace("sessionAttributes after update: {}, ", sessionId.getSessionAttributes());
        }
        return updateSessionId;
    }

    public SessionId resetToStep(SessionId sessionId, int i) {
        Map sessionAttributes = sessionId.getSessionAttributes();
        int integer = sessionAttributes.containsKey("auth_step") ? StringHelper.toInteger((String) sessionAttributes.get("auth_step"), 1) : 1;
        if (i <= integer) {
            for (int i2 = i; i2 <= integer; i2++) {
                sessionAttributes.remove(String.format("auth_step_passed_%d", Integer.valueOf(i2)));
            }
        } else {
            for (int i3 = integer + 1; i3 < i; i3++) {
                sessionAttributes.put(String.format("auth_step_passed_%d", Integer.valueOf(i3)), Boolean.TRUE.toString());
            }
        }
        sessionAttributes.put("auth_step", String.valueOf(i));
        if (updateSessionId(sessionId, true, true, true)) {
            return sessionId;
        }
        this.log.debug("Failed to update session entry: '{}'", sessionId.getId());
        return null;
    }

    private Map<String, String> getCurrentSessionAttributes(Map<String, String> map) {
        if (this.facesContext == null) {
            return map;
        }
        HashMap hashMap = new HashMap(map);
        Map<String, String> requestParameterMap = this.externalContext.getRequestParameterMap();
        for (Map.Entry<String, String> entry : this.requestParameterService.getAllowedParameters(requestParameterMap).entrySet()) {
            String key = entry.getKey();
            if (!StringHelper.equalsIgnoreCase(key, "auth_step")) {
                hashMap.put(key, entry.getValue());
            }
        }
        if (!requestParameterMap.containsKey("code_challenge") || !requestParameterMap.containsKey("code_challenge_method")) {
            hashMap.remove("code_challenge");
            hashMap.remove("code_challenge_method");
        }
        return hashMap;
    }

    public SessionId getSessionId() {
        String sessionIdFromCookie = this.cookieService.getSessionIdFromCookie();
        if (StringHelper.isEmpty(sessionIdFromCookie) && this.identity.getSessionId() != null) {
            sessionIdFromCookie = this.identity.getSessionId().getId();
        }
        SessionId sessionId = null;
        if (StringHelper.isNotEmpty(sessionIdFromCookie)) {
            sessionId = getSessionId(sessionIdFromCookie);
            if (sessionId == null && this.identity.getSessionId() != null) {
                sessionId = getSessionId(this.identity.getSessionId().getId());
            }
        } else {
            this.log.trace("Session cookie not exists");
        }
        return sessionId;
    }

    public Map<String, String> getSessionAttributes(SessionId sessionId) {
        if (sessionId != null) {
            return sessionId.getSessionAttributes();
        }
        return null;
    }

    public SessionId generateAuthenticatedSessionId(HttpServletRequest httpServletRequest, String str) throws InvalidSessionStateException {
        HashMap hashMap = new HashMap();
        hashMap.put("prompt", "");
        return generateAuthenticatedSessionId(httpServletRequest, str, hashMap);
    }

    public SessionId generateAuthenticatedSessionId(HttpServletRequest httpServletRequest, String str, String str2) throws InvalidSessionStateException {
        HashMap hashMap = new HashMap();
        hashMap.put("prompt", str2);
        return generateAuthenticatedSessionId(httpServletRequest, str, hashMap);
    }

    public SessionId generateAuthenticatedSessionId(HttpServletRequest httpServletRequest, String str, Map<String, String> map) throws InvalidSessionStateException {
        SessionId generateSessionId = generateSessionId(str, new Date(), SessionIdState.AUTHENTICATED, map, true);
        if (generateSessionId == null) {
            throw new InvalidSessionStateException("Failed to generate authenticated session.");
        }
        reportActiveUser(generateSessionId);
        if (this.externalApplicationSessionService.isEnabled()) {
            String str2 = (String) generateSessionId.getSessionAttributes().get(Constants.AUTHENTICATED_USER);
            boolean executeExternalStartSessionMethods = this.externalApplicationSessionService.executeExternalStartSessionMethods(httpServletRequest, generateSessionId);
            this.log.info("Start session result for '{}': '{}'", str2, Boolean.valueOf(executeExternalStartSessionMethods));
            if (!executeExternalStartSessionMethods) {
                reinitLogin(generateSessionId, true);
                throw new InvalidSessionStateException("Session creation is prohibited by external session script!");
            }
            externalEvent(new SessionEvent(SessionEventType.AUTHENTICATED, generateSessionId).setHttpRequest(httpServletRequest));
        }
        return generateSessionId;
    }

    private void reportActiveUser(SessionId sessionId) {
        try {
            User user = getUser(sessionId);
            if (user != null) {
                this.statService.reportActiveUser(user.getUserId());
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public SessionId generateUnauthenticatedSessionId(String str) {
        return generateSessionId(str, new Date(), SessionIdState.UNAUTHENTICATED, new HashMap(), true);
    }

    public SessionId generateUnauthenticatedSessionId(String str, Date date, SessionIdState sessionIdState, Map<String, String> map, boolean z) {
        return generateSessionId(str, date, sessionIdState, map, z);
    }

    public String computeSessionState(SessionId sessionId, String str, String str2) {
        if (str.equals(sessionId.getSessionAttributes().get("client_id")) && str2.equals(sessionId.getSessionAttributes().get("redirect_uri"))) {
            return sessionId.getSessionState();
        }
        return computeSessionState(str, str2, sessionId.getOPBrowserState(), UUID.randomUUID().toString());
    }

    private String computeSessionState(String str, String str2, String str3, String str4) {
        try {
            return JwtUtil.bytesToHex(JwtUtil.getMessageDigestSHA256(str + " " + getClientOrigin(str2) + " " + str3 + " " + str4)) + "." + str4;
        } catch (URISyntaxException | NoSuchAlgorithmException | NoSuchProviderException e) {
            if (this.log.isErrorEnabled()) {
                this.log.error("Failed generating session state! " + e.getMessage(), e);
            }
            throw new FailedComputeSessionStateException(e.getMessage(), e);
        }
    }

    private String getClientOrigin(String str) throws URISyntaxException {
        if (!StringHelper.isNotEmpty(str)) {
            return this.appConfiguration.getIssuer();
        }
        URI uri = new URI(str);
        String str2 = uri.getScheme() + "://" + uri.getHost();
        if (uri.getPort() > 0) {
            str2 = str2 + ":" + uri.getPort();
        }
        return str2;
    }

    private SessionId generateSessionId(String str, Date date, SessionIdState sessionIdState, Map<String, String> map, boolean z) {
        String uuid = UUID.randomUUID().toString();
        String uuid2 = UUID.randomUUID().toString();
        String uuid3 = UUID.randomUUID().toString();
        String str2 = map.get("client_id");
        String uuid4 = UUID.randomUUID().toString();
        String computeSessionState = computeSessionState(str2, map.get("redirect_uri"), uuid4, uuid3);
        String buildDn = buildDn(uuid);
        map.put(CookieService.OP_BROWSER_STATE, uuid4);
        Preconditions.checkNotNull(buildDn);
        if (SessionIdState.AUTHENTICATED == sessionIdState && StringUtils.isBlank(str) && !map.containsKey("uma")) {
            return null;
        }
        SessionId sessionId = new SessionId();
        sessionId.setId(uuid);
        sessionId.setOutsideSid(uuid2);
        sessionId.setDn(buildDn);
        sessionId.setUserDn(str);
        sessionId.setSessionState(computeSessionState);
        Pair<Date, Integer> expirationDate = expirationDate(sessionId.getCreationDate(), sessionIdState);
        sessionId.setExpirationDate((Date) expirationDate.getFirst());
        sessionId.setTtl(((Integer) expirationDate.getSecond()).intValue());
        sessionId.setAuthenticationTime(date != null ? date : new Date());
        if (sessionIdState != null) {
            sessionId.setState(sessionIdState);
        }
        sessionId.setSessionAttributes(map);
        sessionId.setLastUsedAt(new Date());
        boolean z2 = false;
        if (z) {
            z2 = persistSessionId(sessionId);
        }
        auditLogging(sessionId);
        this.log.trace("Generated new session, id = '{}', state = '{}', persisted = '{}'", new Object[]{sessionId.getId(), sessionId.getState(), Boolean.valueOf(z2)});
        return sessionId;
    }

    public SessionId setSessionIdStateAuthenticated(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SessionId sessionId, String str) {
        boolean updateSessionId;
        sessionId.setUserDn(str);
        sessionId.setAuthenticationTime(new Date());
        sessionId.setState(SessionIdState.AUTHENTICATED);
        User user = getUser(sessionId);
        if (user != null) {
            this.statService.reportActiveUser(user.getUserId());
        }
        if (!BooleanUtils.isTrue(this.appConfiguration.getChangeSessionIdOnAuthentication()) || httpServletResponse == null) {
            updateSessionId = updateSessionId(sessionId, true, true, true);
        } else {
            String id = sessionId.getId();
            String uuid = UUID.randomUUID().toString();
            this.log.debug("Changing session id from {} to {} ...", id, uuid);
            remove(sessionId);
            sessionId.setId(uuid);
            sessionId.setDn(buildDn(uuid));
            sessionId.getSessionAttributes().put("old_session_id", id);
            updateSessionId = persistSessionId(sessionId, true);
            this.cookieService.createSessionIdCookie(sessionId, httpServletRequest, httpServletResponse, false);
            this.log.debug("Session identifier changed from {} to {} .", id, uuid);
        }
        auditLogging(sessionId);
        this.log.trace("Authenticated session, id = '{}', state = '{}', persisted = '{}'", new Object[]{sessionId.getId(), sessionId.getState(), Boolean.valueOf(updateSessionId)});
        if (this.externalApplicationSessionService.isEnabled()) {
            String str2 = (String) sessionId.getSessionAttributes().get(Constants.AUTHENTICATED_USER);
            boolean executeExternalStartSessionMethods = this.externalApplicationSessionService.executeExternalStartSessionMethods(httpServletRequest, sessionId);
            this.log.info("Start session result for '{}': '{}'", str2, Boolean.valueOf(executeExternalStartSessionMethods));
            if (!executeExternalStartSessionMethods) {
                reinitLogin(sessionId, true);
                throw new InvalidSessionStateException("Session creation is prohibited by external session script!");
            }
            externalEvent(new SessionEvent(SessionEventType.AUTHENTICATED, sessionId).setHttpRequest(httpServletRequest).setHttpResponse(httpServletResponse));
        }
        return sessionId;
    }

    public boolean persistSessionId(SessionId sessionId) {
        return persistSessionId(sessionId, false);
    }

    public boolean persistSessionId(SessionId sessionId, boolean z) {
        List<Prompt> promptsFromSessionId = getPromptsFromSessionId(sessionId);
        try {
            if ((this.appConfiguration.getSessionIdUnusedLifetime() <= 0 || !isPersisted(promptsFromSessionId)) && !z) {
                return false;
            }
            sessionId.setLastUsedAt(new Date());
            Pair<Date, Integer> expirationDate = expirationDate(sessionId.getCreationDate(), sessionId.getState());
            sessionId.setPersisted(true);
            sessionId.setExpirationDate((Date) expirationDate.getFirst());
            sessionId.setTtl(((Integer) expirationDate.getSecond()).intValue());
            this.log.trace("sessionIdAttributes: {}", sessionId.getPermissionGrantedMap());
            if (BooleanUtils.isTrue(this.appConfiguration.getSessionIdPersistInCache())) {
                this.cacheService.put(((Integer) expirationDate.getSecond()).intValue(), sessionId.getDn(), sessionId);
            } else {
                this.persistenceEntryManager.persist(sessionId);
            }
            this.localCacheService.put(DEFAULT_LOCAL_CACHE_EXPIRATION, sessionId.getDn(), sessionId);
            return true;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return false;
        }
    }

    public boolean updateSessionId(SessionId sessionId) {
        return updateSessionId(sessionId, true);
    }

    public boolean updateSessionId(SessionId sessionId, boolean z) {
        return updateSessionId(sessionId, z, false, true);
    }

    public boolean updateSessionId(SessionId sessionId, boolean z, boolean z2, boolean z3) {
        List<Prompt> promptsFromSessionId = getPromptsFromSessionId(sessionId);
        try {
            int sessionIdUnusedLifetime = this.appConfiguration.getSessionIdUnusedLifetime();
            if ((sessionIdUnusedLifetime > 0 && isPersisted(promptsFromSessionId)) || z2) {
                boolean z4 = z3;
                if (z) {
                    Date date = new Date();
                    if (sessionId.getLastUsedAt() != null) {
                        long time = date.getTime() - sessionId.getLastUsedAt().getTime();
                        if (((int) (time / 1000)) > sessionIdUnusedLifetime) {
                            this.log.debug("Session id expired: {} by sessionIdUnusedLifetime, remove it.", sessionId.getId());
                            remove(sessionId);
                            return false;
                        }
                        if (time > 500) {
                            z4 = true;
                            sessionId.setLastUsedAt(date);
                        }
                    } else {
                        z4 = true;
                        sessionId.setLastUsedAt(date);
                    }
                }
                if (!sessionId.isPersisted()) {
                    z4 = true;
                    sessionId.setPersisted(true);
                }
                if (isExpired(sessionId)) {
                    this.log.debug("Session id expired: {} by lifetime property, remove it.", sessionId.getId());
                    remove(sessionId);
                    z4 = false;
                }
                if (z4) {
                    mergeWithRetry(sessionId);
                }
            }
            return true;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return false;
        }
    }

    public boolean isExpired(SessionId sessionId) {
        return sessionId.getAuthenticationTime() != null && (System.currentTimeMillis() - sessionId.getAuthenticationTime().getTime()) / 1000 > ((long) getServerSessionIdLifetimeInSeconds());
    }

    public int getServerSessionIdLifetimeInSeconds() {
        if (this.appConfiguration.getSessionIdLifetime() != null) {
            if (this.appConfiguration.getSessionIdLifetime().intValue() > 0) {
                return this.appConfiguration.getSessionIdLifetime().intValue();
            }
            return Integer.MAX_VALUE;
        }
        if (this.appConfiguration.getSessionIdCookieLifetime() != null && this.appConfiguration.getSessionIdCookieLifetime().intValue() > 0) {
            return this.appConfiguration.getSessionIdCookieLifetime().intValue();
        }
        this.log.debug("Session id lifetime configuration is null. (Both 'sessionIdLifetime' and 'sessionIdCookieLifetime' are null. Fallback to 86400 value.");
        return 86400;
    }

    private Pair<Date, Integer> expirationDate(Date date, SessionIdState sessionIdState) {
        int sessionIdUnauthenticatedUnusedLifetime = sessionIdState == SessionIdState.UNAUTHENTICATED ? this.appConfiguration.getSessionIdUnauthenticatedUnusedLifetime() : getServerSessionIdLifetimeInSeconds();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(13, sessionIdUnauthenticatedUnusedLifetime);
        return new Pair<>(calendar.getTime(), Integer.valueOf(sessionIdUnauthenticatedUnusedLifetime));
    }

    private void mergeWithRetry(SessionId sessionId) {
        Pair<Date, Integer> expirationDate = expirationDate(sessionId.getCreationDate(), sessionId.getState());
        sessionId.setExpirationDate((Date) expirationDate.getFirst());
        sessionId.setTtl(((Integer) expirationDate.getSecond()).intValue());
        EntryPersistenceException entryPersistenceException = null;
        for (int i = 1; i <= MAX_MERGE_ATTEMPTS; i++) {
            try {
                if (BooleanUtils.isTrue(this.appConfiguration.getSessionIdPersistInCache())) {
                    this.cacheService.put(((Integer) expirationDate.getSecond()).intValue(), sessionId.getDn(), sessionId);
                } else {
                    this.persistenceEntryManager.merge(sessionId);
                }
                this.localCacheService.put(DEFAULT_LOCAL_CACHE_EXPIRATION, sessionId.getDn(), sessionId);
                externalEvent(new SessionEvent(SessionEventType.UPDATED, sessionId));
                return;
            } catch (EntryPersistenceException e) {
                entryPersistenceException = e;
                if (e.getCause() instanceof LDAPException) {
                    LDAPException cause = e.getCause();
                    this.log.debug("LDAP exception resultCode: '{}'", Integer.valueOf(cause.getResultCode().intValue()));
                    if (cause.getResultCode().intValue() == 16 || cause.getResultCode().intValue() == 20) {
                        this.log.warn("Session entry update attempt '{}' was unsuccessfull", Integer.valueOf(i));
                    }
                }
                throw e;
            }
        }
        this.log.error("Session entry update attempt was unsuccessfull after '{}' attempts", Integer.valueOf(MAX_MERGE_ATTEMPTS));
        throw entryPersistenceException;
    }

    public void updateSessionIdIfNeeded(SessionId sessionId, boolean z) {
        updateSessionId(sessionId, true, false, z);
    }

    private boolean isPersisted(List<Prompt> list) {
        if (list == null || !list.contains(Prompt.NONE)) {
            return true;
        }
        Boolean sessionIdPersistOnPromptNone = this.appConfiguration.getSessionIdPersistOnPromptNone();
        return sessionIdPersistOnPromptNone != null && sessionIdPersistOnPromptNone.booleanValue();
    }

    @Nullable
    public SessionId getSessionById(@Nullable String str, boolean z) {
        return getSessionByDn(buildDn(str), z);
    }

    @Nullable
    public SessionId getSessionByDn(@Nullable String str) {
        return getSessionByDn(str, false);
    }

    @Nullable
    public SessionId getSessionBySid(@Nullable String str) {
        List findEntries;
        if (StringUtils.isBlank(str) || (findEntries = this.persistenceEntryManager.findEntries(this.staticConfiguration.getBaseDn().getSessions(), SessionId.class, Filter.createEqualityFilter("sid", str))) == null || findEntries.size() != 1) {
            return null;
        }
        return (SessionId) findEntries.get(0);
    }

    @Nullable
    public SessionId getSessionByDeviceSecret(@Nullable String str) {
        List findEntries;
        if (StringUtils.isBlank(str) || (findEntries = this.persistenceEntryManager.findEntries(this.staticConfiguration.getBaseDn().getSessions(), SessionId.class, Filter.createEqualityFilter("deviceSecret", str))) == null || findEntries.size() != 1) {
            return null;
        }
        return (SessionId) findEntries.get(0);
    }

    @Nullable
    public SessionId getSessionByDn(@Nullable String str, boolean z) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        Object obj = this.localCacheService.get(str);
        if (obj instanceof SessionId) {
            if (isSessionValid((SessionId) obj)) {
                return (SessionId) obj;
            }
            this.localCacheService.remove(str);
        }
        try {
            SessionId sessionId = BooleanUtils.isTrue(this.appConfiguration.getSessionIdPersistInCache()) ? (SessionId) this.cacheService.get(str) : (SessionId) this.persistenceEntryManager.find(SessionId.class, str);
            this.localCacheService.put(DEFAULT_LOCAL_CACHE_EXPIRATION, sessionId.getDn(), sessionId);
            return sessionId;
        } catch (Exception e) {
            if (z) {
                return null;
            }
            if (BooleanUtils.isTrue(this.appConfiguration.getLogNotFoundEntityAsError())) {
                this.log.error("Failed to get session by dn: {}. {}", str, e.getMessage());
                return null;
            }
            this.log.trace("Failed to get session by dn: {}. {}", str, e.getMessage());
            return null;
        }
    }

    public SessionId getSessionId(HttpServletRequest httpServletRequest) {
        String sessionIdFromCookie = this.cookieService.getSessionIdFromCookie(httpServletRequest);
        this.log.trace("SessionId from cookie: {}", sessionIdFromCookie);
        return getSessionId(sessionIdFromCookie);
    }

    public SessionId getSessionId(String str) {
        return getSessionId(str, false);
    }

    public SessionId getSessionId(String str, boolean z) {
        if (StringHelper.isEmpty(str)) {
            return null;
        }
        try {
            SessionId sessionById = getSessionById(str, z);
            this.log.trace("Try to get session by id: {} ...", str);
            if (sessionById != null) {
                this.log.trace("Session dn: {}", sessionById.getDn());
                if (isSessionValid(sessionById)) {
                    return sessionById;
                }
            }
        } catch (Exception e) {
            if (!z) {
                this.log.trace(e.getMessage(), e);
            }
        }
        this.log.trace("Failed to get session by id: {}", str);
        return null;
    }

    public boolean remove(SessionId sessionId) {
        try {
            if (BooleanUtils.isTrue(this.appConfiguration.getSessionIdPersistInCache())) {
                this.cacheService.remove(sessionId.getDn());
            } else {
                this.persistenceEntryManager.remove(sessionId.getDn(), SessionId.class);
            }
            this.localCacheService.remove(sessionId.getDn());
            externalEvent(new SessionEvent(SessionEventType.GONE, sessionId));
            return true;
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return false;
        }
    }

    public void remove(List<SessionId> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        Iterator<SessionId> it = list.iterator();
        while (it.hasNext()) {
            try {
                remove(it.next());
            } catch (Exception e) {
                this.log.error("Failed to remove entry", e);
            }
        }
    }

    public boolean isSessionValid(SessionId sessionId) {
        if (sessionId == null) {
            return false;
        }
        long millis = TimeUnit.SECONDS.toMillis(this.appConfiguration.getSessionIdUnusedLifetime());
        long millis2 = TimeUnit.SECONDS.toMillis(this.appConfiguration.getSessionIdUnauthenticatedUnusedLifetime());
        long currentTimeMillis = System.currentTimeMillis() - sessionId.getLastUsedAt().getTime();
        if (currentTimeMillis <= millis || this.appConfiguration.getSessionIdUnusedLifetime() == -1) {
            return sessionId.getState() != SessionIdState.UNAUTHENTICATED || currentTimeMillis <= millis2 || this.appConfiguration.getSessionIdUnauthenticatedUnusedLifetime() == -1;
        }
        return false;
    }

    private List<Prompt> getPromptsFromSessionId(SessionId sessionId) {
        return Prompt.fromString((String) sessionId.getSessionAttributes().get("prompt"), " ");
    }

    public boolean isSessionIdAuthenticated(SessionId sessionId) {
        if (sessionId == null) {
            return false;
        }
        return SessionIdState.AUTHENTICATED.equals(sessionId.getState());
    }

    public List<String> acrValuesList(String str) {
        List splittedStringAsList;
        try {
            splittedStringAsList = Util.jsonArrayStringAsList(str);
        } catch (JSONException e) {
            splittedStringAsList = Util.splittedStringAsList(str, " ");
        }
        HashSet hashSet = new HashSet();
        Iterator it = splittedStringAsList.iterator();
        while (it.hasNext()) {
            hashSet.add(this.externalAuthenticationService.scriptName((String) it.next()));
        }
        return new ArrayList(hashSet);
    }

    private void auditLogging(SessionId sessionId) {
        Action action;
        HttpServletRequest requestOrNull = ServerUtil.getRequestOrNull();
        if (requestOrNull != null) {
            switch (AnonymousClass1.$SwitchMap$io$jans$as$common$model$session$SessionIdState[sessionId.getState().ordinal()]) {
                case 1:
                    action = Action.SESSION_AUTHENTICATED;
                    break;
                case DEFAULT_LOCAL_CACHE_EXPIRATION /* 2 */:
                    action = Action.SESSION_UNAUTHENTICATED;
                    break;
                default:
                    action = Action.SESSION_UNAUTHENTICATED;
                    break;
            }
            OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(requestOrNull), action);
            oAuth2AuditLog.setSuccess(true);
            this.applicationAuditLogger.sendMessage(oAuth2AuditLog);
        }
    }

    public User getUser(SessionId sessionId) {
        User userByDn;
        if (sessionId == null) {
            return null;
        }
        if (sessionId.getUser() != null) {
            return sessionId.getUser();
        }
        if (StringUtils.isBlank(sessionId.getUserDn()) || (userByDn = this.userService.getUserByDn(sessionId.getUserDn(), new String[0])) == null) {
            return null;
        }
        sessionId.setUser(userByDn);
        return userByDn;
    }

    public List<SessionId> findByUser(String str) {
        if (BooleanUtils.isTrue(this.appConfiguration.getSessionIdPersistInCache())) {
            throw new UnsupportedOperationException("Operation is not supported with sessionIdPersistInCache=true. Set it to false to avoid this exception.");
        }
        return this.persistenceEntryManager.findEntries(this.staticConfiguration.getBaseDn().getSessions(), SessionId.class, Filter.createEqualityFilter("jansUsrDN", str));
    }

    public boolean hasAllScopes(SessionId sessionId, Set<String> set) {
        if (sessionId == null || sessionId.getSessionAttributes().isEmpty() || set == null || set.isEmpty()) {
            return false;
        }
        return hasAllScopes((String) sessionId.getSessionAttributes().get("scope"), set);
    }

    public boolean hasClientAllScopes(SessionId sessionId, String str, Set<String> set) {
        if (sessionId == null || sessionId.getSessionAttributes().isEmpty() || StringUtils.isBlank(str) || set == null || set.isEmpty()) {
            return false;
        }
        return hasAllScopes((String) sessionId.getSessionAttributes().get(str + "_authz_scopes"), set);
    }

    public static boolean hasAllScopes(String str, Set<String> set) {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (!str.contains(it.next())) {
                return false;
            }
        }
        return true;
    }

    public void externalEvent(SessionEvent sessionEvent) {
        this.externalApplicationSessionService.externalEvent(sessionEvent);
    }
}
