package org.teiid.services;

import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.teiid.adminapi.VDB;
import org.teiid.adminapi.impl.SessionMetadata;
import org.teiid.adminapi.impl.VDBMetaData;
import org.teiid.client.security.InvalidSessionException;
import org.teiid.client.security.SessionToken;
import org.teiid.core.util.ArgCheck;
import org.teiid.deployers.VDBRepository;
import org.teiid.dqp.internal.process.DQPCore;
import org.teiid.dqp.service.SessionService;
import org.teiid.dqp.service.SessionServiceException;
import org.teiid.logging.LogManager;
import org.teiid.net.socket.AuthenticationType;
import org.teiid.runtime.RuntimePlugin;
import org.teiid.security.Credentials;
import org.teiid.security.SecurityHelper;

/* loaded from: input_file:org/teiid/services/SessionServiceImpl.class */
public class SessionServiceImpl implements SessionService {
    public static final String AT = "@";
    private String gssSecurityDomain;
    private VDBRepository vdbRepository;
    protected SecurityHelper securityHelper;
    private DQPCore dqp;
    private List<String> securityDomainNames;
    private long sessionMaxLimit = 5000;
    private long sessionExpirationTimeLimit = 0;
    private AuthenticationType authenticationType = AuthenticationType.CLEARTEXT;
    private Map<String, SessionMetadata> sessionCache = new ConcurrentHashMap();
    private Timer sessionMonitor = new Timer("SessionMonitor", true);

    public void setSecurityDomains(List<String> list) {
        this.securityDomainNames = list;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void monitorSessions() {
        long currentTimeMillis = System.currentTimeMillis();
        for (SessionMetadata sessionMetadata : this.sessionCache.values()) {
            try {
                if (!sessionMetadata.isEmbedded() && currentTimeMillis - sessionMetadata.getLastPingTime() > 360000) {
                    LogManager.logInfo("org.teiid.SECURITY", RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40007, new Object[]{sessionMetadata.getSessionId()}));
                    closeSession(sessionMetadata.getSessionId());
                } else if (this.sessionExpirationTimeLimit > 0 && currentTimeMillis - sessionMetadata.getCreatedTime() > this.sessionExpirationTimeLimit) {
                    LogManager.logInfo("org.teiid.SECURITY", RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40008, new Object[]{sessionMetadata.getSessionId()}));
                    closeSession(sessionMetadata.getSessionId());
                }
            } catch (Exception e) {
                LogManager.logDetail("org.teiid.SECURITY", e, "error running session monitor, unable to monitor:", sessionMetadata.getSessionId());
            }
        }
    }

    public void closeSession(String str) throws InvalidSessionException {
        LogManager.logDetail("org.teiid.SECURITY", new Object[]{"closeSession", str});
        SessionMetadata sessionInfo = getSessionInfo(str, true);
        if (sessionInfo.getVDBName() != null) {
            try {
                this.dqp.terminateSession(sessionInfo.getSessionId());
            } catch (Exception e) {
                LogManager.logWarning("org.teiid.SECURITY", e, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40018, new Object[0]));
            }
        }
    }

    public SessionMetadata createSession(String str, Credentials credentials, String str2, Properties properties, boolean z) throws LoginException, SessionServiceException {
        ArgCheck.isNotNull(str2);
        ArgCheck.isNotNull(properties);
        String str3 = "none";
        Object obj = null;
        Subject subject = null;
        List<String> list = this.securityDomainNames;
        VDBMetaData vDBMetaData = null;
        String property = properties.getProperty("VirtualDatabaseName");
        if (property != null) {
            vDBMetaData = getActiveVDB(property, properties.getProperty("VirtualDatabaseVersion"));
        }
        if (this.sessionMaxLimit > 0 && getActiveSessionsCount() >= this.sessionMaxLimit) {
            throw new SessionServiceException(RuntimePlugin.Event.TEIID40043, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40043, new Object[]{new Long(this.sessionMaxLimit)}));
        }
        if (list == null || list.isEmpty() || !z) {
            LogManager.logDetail("org.teiid.SECURITY", new Object[]{"No Security Domain configured for Teiid for authentication"});
        } else {
            LogManager.logDetail("org.teiid.SECURITY", new Object[]{"authenticateUser", str, str2});
            TeiidLoginContext passThroughLogin = Boolean.valueOf(properties.getProperty("PassthroughAuthentication", "false")).booleanValue() ? passThroughLogin(str, list) : authenticate(str, credentials, str2, list);
            str = passThroughLogin.getUserName();
            str3 = passThroughLogin.getSecurityDomain();
            obj = passThroughLogin.getSecurityContext();
            subject = passThroughLogin.getSubject();
        }
        long currentTimeMillis = System.currentTimeMillis();
        SessionMetadata sessionMetadata = new SessionMetadata();
        sessionMetadata.setSessionToken(new SessionToken(str));
        sessionMetadata.setSessionId(sessionMetadata.getSessionToken().getSessionID());
        sessionMetadata.setUserName(str);
        sessionMetadata.setCreatedTime(currentTimeMillis);
        sessionMetadata.setApplicationName(str2);
        sessionMetadata.setClientHostName(properties.getProperty("clientHostName"));
        sessionMetadata.setIPAddress(properties.getProperty("clientIpAddress"));
        sessionMetadata.setClientHardwareAddress(properties.getProperty("clientMAC"));
        sessionMetadata.setSecurityDomain(str3);
        if (vDBMetaData != null) {
            sessionMetadata.setVDBName(vDBMetaData.getName());
            sessionMetadata.setVDBVersion(vDBMetaData.getVersion());
        }
        sessionMetadata.setSubject(subject);
        sessionMetadata.setSecurityContext(obj);
        sessionMetadata.setVdb(vDBMetaData);
        LogManager.logDetail("org.teiid.SECURITY", new Object[]{"Logon successful, created", sessionMetadata});
        this.sessionCache.put(sessionMetadata.getSessionId(), sessionMetadata);
        return sessionMetadata;
    }

    public TeiidLoginContext passThroughLogin(String str, List<String> list) throws LoginException {
        for (String str2 : getDomainsForUser(list, str)) {
            Subject subjectInContext = this.securityHelper.getSubjectInContext(str2);
            if (subjectInContext != null) {
                return new TeiidLoginContext(getUserName(subjectInContext, str) + AT + str2, subjectInContext, str2, this.securityHelper.getSecurityContext());
            }
        }
        throw new LoginException(RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40087, new Object[0]));
    }

    private String getUserName(Subject subject, String str) {
        for (Principal principal : subject.getPrincipals()) {
            if (!(principal instanceof Group)) {
                return principal.getName();
            }
        }
        return getBaseUsername(str);
    }

    protected TeiidLoginContext authenticate(String str, Credentials credentials, String str2, List<String> list) throws LoginException {
        return passThroughLogin(str, list);
    }

    VDBMetaData getActiveVDB(String str, String str2) throws SessionServiceException {
        VDBMetaData liveVDB;
        int indexOf = str.indexOf(46);
        int lastIndexOf = str.lastIndexOf(46);
        if (indexOf != -1) {
            if (indexOf != lastIndexOf || str2 != null) {
                throw new SessionServiceException(RuntimePlugin.Event.TEIID40044, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40044, new Object[]{str, str2}));
            }
            str2 = str.substring(indexOf + 1);
            str = str.substring(0, indexOf);
        }
        try {
            if (str2 == null) {
                str2 = "latest";
                liveVDB = this.vdbRepository.getLiveVDB(str);
            } else {
                liveVDB = this.vdbRepository.getLiveVDB(str, Integer.parseInt(str2));
            }
            if (liveVDB == null) {
                throw new SessionServiceException(RuntimePlugin.Event.TEIID40046, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40046, new Object[]{str, str2}));
            }
            if (liveVDB.getConnectionType() == VDB.ConnectionType.NONE) {
                throw new SessionServiceException(RuntimePlugin.Event.TEIID40048, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40048, new Object[]{str, str2}));
            }
            return liveVDB;
        } catch (NumberFormatException e) {
            throw new SessionServiceException(RuntimePlugin.Event.TEIID40045, e, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40045, new Object[]{str2}));
        }
    }

    public LoginContext createLoginContext(String str, final String str2, final String str3) throws LoginException {
        return new LoginContext(str, new CallbackHandler() { // from class: org.teiid.services.SessionServiceImpl.1
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                for (int i = 0; i < callbackArr.length; i++) {
                    if (callbackArr[i] instanceof NameCallback) {
                        ((NameCallback) callbackArr[i]).setName(str2);
                    } else {
                        if (!(callbackArr[i] instanceof PasswordCallback)) {
                            throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
                        }
                        PasswordCallback passwordCallback = (PasswordCallback) callbackArr[i];
                        if (str3 != null) {
                            passwordCallback.setPassword(str3.toCharArray());
                        }
                    }
                }
            }
        });
    }

    public Collection<SessionMetadata> getActiveSessions() {
        return new ArrayList(this.sessionCache.values());
    }

    public SessionMetadata getActiveSession(String str) {
        return this.sessionCache.get(str);
    }

    public int getActiveSessionsCount() throws SessionServiceException {
        return this.sessionCache.size();
    }

    public Collection<SessionMetadata> getSessionsLoggedInToVDB(String str, int i) throws SessionServiceException {
        if (str == null || i <= 0) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (SessionMetadata sessionMetadata : this.sessionCache.values()) {
            if (str.equalsIgnoreCase(sessionMetadata.getVDBName()) && i == sessionMetadata.getVDBVersion()) {
                arrayList.add(sessionMetadata);
            }
        }
        return arrayList;
    }

    public void pingServer(String str) throws InvalidSessionException {
        SessionMetadata sessionInfo = getSessionInfo(str, false);
        sessionInfo.setLastPingTime(System.currentTimeMillis());
        this.sessionCache.put(str, sessionInfo);
        LogManager.logDetail("org.teiid.SECURITY", "Keep-alive ping received for session:", str);
    }

    public boolean terminateSession(String str, String str2) {
        LogManager.logInfo("org.teiid.SECURITY", RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40009, new Object[]{str2, str}));
        try {
            closeSession(str);
            return true;
        } catch (InvalidSessionException e) {
            LogManager.logDetail("org.teiid.SECURITY", e, e.getMessage());
            return false;
        }
    }

    public SessionMetadata validateSession(String str) throws InvalidSessionException, SessionServiceException {
        return getSessionInfo(str, false);
    }

    private SessionMetadata getSessionInfo(String str, boolean z) throws InvalidSessionException {
        if (str == null) {
            throw new InvalidSessionException(RuntimePlugin.Event.TEIID40041, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40041, new Object[0]));
        }
        SessionMetadata remove = z ? this.sessionCache.remove(str) : this.sessionCache.get(str);
        if (remove == null) {
            throw new InvalidSessionException(RuntimePlugin.Event.TEIID40042, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40042, new Object[]{str}));
        }
        return remove;
    }

    public long getSessionMaxLimit() {
        return this.sessionMaxLimit;
    }

    public void setSessionMaxLimit(long j) {
        this.sessionMaxLimit = j;
    }

    public long getSessionExpirationTimeLimit() {
        return this.sessionExpirationTimeLimit;
    }

    public void setSessionExpirationTimeLimit(long j) {
        this.sessionExpirationTimeLimit = j;
    }

    public AuthenticationType getAuthenticationType() {
        return this.authenticationType;
    }

    public void setAuthenticationType(AuthenticationType authenticationType) {
        this.authenticationType = authenticationType;
    }

    public void start() {
        LogManager.logDetail("org.teiid.SECURITY", RuntimePlugin.Util.getString("auth_type", new Object[]{this.authenticationType, this.securityDomainNames}));
        this.sessionMonitor.schedule(new TimerTask() { // from class: org.teiid.services.SessionServiceImpl.2
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                SessionServiceImpl.this.monitorSessions();
            }
        }, 360000L, 240000L);
    }

    public void stop() {
        this.sessionMonitor.cancel();
        this.sessionCache.clear();
    }

    public void setVDBRepository(VDBRepository vDBRepository) {
        this.vdbRepository = vDBRepository;
    }

    public void setSecurityHelper(SecurityHelper securityHelper) {
        this.securityHelper = securityHelper;
    }

    public void setDqp(DQPCore dQPCore) {
        this.dqp = dQPCore;
    }

    public void setGssSecurityDomain(String str) {
        this.gssSecurityDomain = str;
    }

    public String getGssSecurityDomain() {
        return this.gssSecurityDomain;
    }

    public SecurityHelper getSecurityHelper() {
        return this.securityHelper;
    }

    protected Collection<String> getDomainsForUser(List<String> list, String str) {
        String domainName;
        if (str != null && (domainName = getDomainName(str)) != null) {
            String str2 = null;
            Iterator<String> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String next = it.next();
                if (next.equalsIgnoreCase(domainName)) {
                    str2 = next;
                    break;
                }
            }
            if (str2 == null) {
                return Collections.emptyList();
            }
            LinkedList linkedList = new LinkedList();
            linkedList.add(str2);
            return linkedList;
        }
        return list;
    }

    protected static String getBaseUsername(String str) {
        if (str == null) {
            return str;
        }
        int qualifierIndex = getQualifierIndex(str);
        String str2 = str;
        if (qualifierIndex != -1) {
            str2 = str.substring(0, qualifierIndex);
        }
        return str2.replaceAll("\\\\@", AT);
    }

    static String escapeName(String str) {
        return str == null ? str : str.replaceAll(AT, "\\\\@");
    }

    static String getDomainName(String str) {
        if (str == null) {
            return str;
        }
        int qualifierIndex = getQualifierIndex(str);
        if (qualifierIndex != -1) {
            return str.substring(qualifierIndex + 1);
        }
        return null;
    }

    static int getQualifierIndex(String str) {
        int length = str.length();
        while (true) {
            int lastIndexOf = str.lastIndexOf(AT, length - 1);
            length = lastIndexOf;
            if (lastIndexOf == -1) {
                return -1;
            }
            if (length > 0 && str.charAt(length - 1) != '\\') {
                return length;
            }
        }
    }
}
