package org.keycloak.adapters.saml.undertow;

import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.handlers.ServletRequestContext;
import io.undertow.servlet.spec.HttpSessionImpl;
import java.security.Principal;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.jboss.logging.Logger;
import org.keycloak.adapters.saml.SamlSession;
import org.keycloak.adapters.saml.SamlSessionStore;
import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.adapters.undertow.SavedRequest;
import org.keycloak.adapters.undertow.UndertowUserSessionManagement;
import org.keycloak.common.util.KeycloakUriBuilder;

/* loaded from: input_file:org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.class */
public class ServletSamlSessionStore implements SamlSessionStore {
    protected static Logger log = Logger.getLogger(SamlSessionStore.class);
    public static final String SAML_REDIRECT_URI = "SAML_REDIRECT_URI";
    private final HttpServerExchange exchange;
    private final UndertowUserSessionManagement sessionManagement;
    private final SecurityContext securityContext;
    private final SessionIdMapper idMapper;

    public ServletSamlSessionStore(HttpServerExchange httpServerExchange, UndertowUserSessionManagement undertowUserSessionManagement, SecurityContext securityContext, SessionIdMapper sessionIdMapper) {
        this.exchange = httpServerExchange;
        this.sessionManagement = undertowUserSessionManagement;
        this.securityContext = securityContext;
        this.idMapper = sessionIdMapper;
    }

    public void setCurrentAction(SamlSessionStore.CurrentAction currentAction) {
        if (currentAction == SamlSessionStore.CurrentAction.NONE && getRequest().getSession(false) == null) {
            return;
        }
        getRequest().getSession().setAttribute("SAML_CURRENT_ACTION", currentAction);
    }

    public boolean isLoggingIn() {
        HttpSession session = getRequest().getSession(false);
        return session != null && ((SamlSessionStore.CurrentAction) session.getAttribute("SAML_CURRENT_ACTION")) == SamlSessionStore.CurrentAction.LOGGING_IN;
    }

    public boolean isLoggingOut() {
        HttpSession session = getRequest().getSession(false);
        return session != null && ((SamlSessionStore.CurrentAction) session.getAttribute("SAML_CURRENT_ACTION")) == SamlSessionStore.CurrentAction.LOGGING_OUT;
    }

    public void logoutAccount() {
        HttpSession session = getSession(false);
        if (session != null) {
            SamlSession samlSession = (SamlSession) session.getAttribute(SamlSession.class.getName());
            if (samlSession != null) {
                if (samlSession.getSessionIndex() != null) {
                    this.idMapper.removeSession(session.getId());
                }
                session.removeAttribute(SamlSession.class.getName());
            }
            session.removeAttribute(SAML_REDIRECT_URI);
        }
    }

    public void logoutByPrincipal(String str) {
        Set userSessions = this.idMapper.getUserSessions(str);
        if (userSessions != null) {
            LinkedList linkedList = new LinkedList();
            linkedList.addAll(userSessions);
            logoutSessionIds(linkedList);
            Iterator<String> it = linkedList.iterator();
            while (it.hasNext()) {
                this.idMapper.removeSession(it.next());
            }
        }
    }

    public void logoutBySsoId(List<String> list) {
        if (list == null) {
            return;
        }
        LinkedList linkedList = new LinkedList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String sessionFromSSO = this.idMapper.getSessionFromSSO(it.next());
            if (sessionFromSSO != null) {
                linkedList.add(sessionFromSSO);
                this.idMapper.removeSession(sessionFromSSO);
            }
        }
        logoutSessionIds(linkedList);
    }

    protected void logoutSessionIds(List<String> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        this.sessionManagement.logoutHttpSessions(((ServletRequestContext) this.exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY)).getDeployment().getSessionManager(), list);
    }

    public boolean isLoggedIn() {
        HttpSession session = getSession(false);
        if (session == null) {
            log.debug("session was null, returning null");
            return false;
        }
        final SamlSession samlSession = (SamlSession) session.getAttribute(SamlSession.class.getName());
        if (samlSession == null) {
            log.debug("SamlSession was not in session, returning null");
            return false;
        }
        this.securityContext.authenticationComplete(new Account() { // from class: org.keycloak.adapters.saml.undertow.ServletSamlSessionStore.1
            public Principal getPrincipal() {
                return samlSession.getPrincipal();
            }

            public Set<String> getRoles() {
                return samlSession.getRoles();
            }
        }, "KEYCLOAK-SAML", false);
        restoreRequest();
        return true;
    }

    public void saveAccount(SamlSession samlSession) {
        ServletRequestContext servletRequestContext = (ServletRequestContext) this.exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        HttpSession session = getSession(true);
        session.setAttribute(SamlSession.class.getName(), samlSession);
        this.sessionManagement.login(servletRequestContext.getDeployment().getSessionManager());
        this.idMapper.map(samlSession.getSessionIndex(), samlSession.getPrincipal().getSamlSubject(), session.getId());
    }

    public SamlSession getAccount() {
        return (SamlSession) getSession(true).getAttribute(SamlSession.class.getName());
    }

    public String getRedirectUri() {
        return (String) ((ServletRequestContext) this.exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY)).getCurrentServletContext().getSession(this.exchange, true).getAttribute(SAML_REDIRECT_URI);
    }

    public void saveRequest() {
        SavedRequest.trySaveRequest(this.exchange);
        HttpSessionImpl session = ((ServletRequestContext) this.exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY)).getCurrentServletContext().getSession(this.exchange, true);
        KeycloakUriBuilder replaceQuery = KeycloakUriBuilder.fromUri(this.exchange.getRequestURI()).replaceQuery(this.exchange.getQueryString());
        if (!this.exchange.isHostIncludedInRequestURI()) {
            replaceQuery.scheme(this.exchange.getRequestScheme()).host(this.exchange.getHostAndPort());
        }
        session.setAttribute(SAML_REDIRECT_URI, replaceQuery.build(new Object[0]).toString());
    }

    public boolean restoreRequest() {
        HttpSession session = getSession(false);
        if (session == null) {
            return false;
        }
        SavedRequest.tryRestoreRequest(this.exchange, session);
        session.removeAttribute(SAML_REDIRECT_URI);
        return false;
    }

    protected HttpSession getSession(boolean z) {
        return getRequest().getSession(z);
    }

    private HttpServletResponse getResponse() {
        return ((ServletRequestContext) this.exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY)).getServletResponse();
    }

    private HttpServletRequest getRequest() {
        return ((ServletRequestContext) this.exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY)).getServletRequest();
    }
}
