package org.teiid.services;

import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.teiid.adminapi.VDB;
import org.teiid.adminapi.impl.SessionMetadata;
import org.teiid.adminapi.impl.VDBMetaData;
import org.teiid.client.security.InvalidSessionException;
import org.teiid.client.security.LogonException;
import org.teiid.client.security.SessionToken;
import org.teiid.core.util.ArgCheck;
import org.teiid.core.util.PropertiesUtils;
import org.teiid.deployers.VDBRepository;
import org.teiid.dqp.internal.process.DQPCore;
import org.teiid.dqp.service.SessionService;
import org.teiid.dqp.service.SessionServiceException;
import org.teiid.logging.AuditMessage;
import org.teiid.logging.LogManager;
import org.teiid.net.socket.AuthenticationType;
import org.teiid.runtime.RuntimePlugin;
import org.teiid.security.Credentials;
import org.teiid.security.GSSResult;
import org.teiid.security.SecurityHelper;

/* loaded from: input_file:org/teiid/services/SessionServiceImpl.class */
public class SessionServiceImpl implements SessionService {
    public static final String GSS_PATTERN_PROPERTY = "gss-pattern";
    public static final String PASSWORD_PATTERN_PROPERTY = "password-pattern";
    public static final String SECURITY_DOMAIN_PROPERTY = "security-domain";
    public static final String AUTHENTICATION_TYPE_PROPERTY = "authentication-type";
    public static final String AT = "@";
    private static boolean CHECK_PING = PropertiesUtils.getBooleanProperty(System.getProperties(), "org.teiid.checkPing", true);
    private VDBRepository vdbRepository;
    protected SecurityHelper securityHelper;
    private DQPCore dqp;
    private List<String> securityDomainNames;
    private long sessionMaxLimit = 10000;
    private long sessionExpirationTimeLimit = 0;
    private AuthenticationType defaultAuthenticationType = AuthenticationType.USERPASSWORD;
    private Map<String, SessionMetadata> sessionCache = new ConcurrentHashMap();
    private Timer sessionMonitor = null;
    private boolean trustAllLocal = true;

    public void setSecurityDomain(String str) {
        if (str == null) {
            this.securityDomainNames = null;
        } else {
            this.securityDomainNames = Arrays.asList(str.split(","));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void monitorSessions() {
        long currentTimeMillis = System.currentTimeMillis();
        for (SessionMetadata sessionMetadata : this.sessionCache.values()) {
            try {
                if (CHECK_PING && !sessionMetadata.isEmbedded() && currentTimeMillis - sessionMetadata.getLastPingTime() > 600000) {
                    LogManager.logInfo("org.teiid.SECURITY", RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40007, new Object[]{sessionMetadata.getSessionId()}));
                    closeSession(sessionMetadata.getSessionId());
                } else if (this.sessionExpirationTimeLimit > 0 && currentTimeMillis - sessionMetadata.getCreatedTime() > this.sessionExpirationTimeLimit) {
                    LogManager.logInfo("org.teiid.SECURITY", RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40008, new Object[]{sessionMetadata.getSessionId()}));
                    closeSession(sessionMetadata.getSessionId());
                }
            } catch (Exception e) {
                LogManager.logDetail("org.teiid.SECURITY", e, "error running session monitor, unable to monitor:", sessionMetadata.getSessionId());
            }
        }
    }

    public void closeSession(String str) throws InvalidSessionException {
        if (LogManager.isMessageToBeRecorded("org.teiid.SECURITY", 5)) {
            LogManager.logDetail("org.teiid.SECURITY", new Object[]{"closeSession", str});
        }
        SessionMetadata sessionInfo = getSessionInfo(str, true);
        if (LogManager.isMessageToBeRecorded("org.teiid.AUDIT_LOG", 5)) {
            LogManager.logDetail("org.teiid.AUDIT_LOG", new AuditMessage("session", "logoff", sessionInfo));
        }
        if (sessionInfo.getVDBName() != null) {
            try {
                this.dqp.terminateSession(sessionInfo.getSessionId());
            } catch (Exception e) {
                LogManager.logWarning("org.teiid.SECURITY", e, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40018, new Object[0]));
            }
        }
        sessionInfo.setSecurityContext((Object) null);
        sessionInfo.setClosed();
        sessionInfo.getSessionVariables().clear();
    }

    public SessionMetadata createSession(String str, String str2, AuthenticationType authenticationType, String str3, Credentials credentials, String str4, Properties properties) throws LoginException, SessionServiceException {
        ArgCheck.isNotNull(str4);
        ArgCheck.isNotNull(properties);
        Object obj = null;
        Subject subject = null;
        String property = properties.getProperty("clientHostName");
        String property2 = properties.getProperty("clientIpAddress");
        String property3 = properties.getProperty("clientMAC");
        boolean booleanValue = Boolean.valueOf(properties.getProperty("PassthroughAuthentication", "false")).booleanValue();
        AuditMessage.LogonInfo logonInfo = new AuditMessage.LogonInfo(str, str2, authenticationType.toString(), str3, str4, property, property2, property3, booleanValue);
        if (LogManager.isMessageToBeRecorded("org.teiid.AUDIT_LOG", 5)) {
            LogManager.logDetail("org.teiid.AUDIT_LOG", new AuditMessage("session", "logon-request", logonInfo, (Exception) null));
        }
        VDBMetaData vDBMetaData = null;
        if (str != null) {
            try {
                vDBMetaData = getActiveVDB(str, str2);
            } catch (LoginException e) {
                if (LogManager.isMessageToBeRecorded("org.teiid.AUDIT_LOG", 5)) {
                    LogManager.logDetail("org.teiid.AUDIT_LOG", new AuditMessage("session", "logon-fail", logonInfo, e));
                }
                throw e;
            } catch (SessionServiceException e2) {
                if (LogManager.isMessageToBeRecorded("org.teiid.AUDIT_LOG", 5)) {
                    LogManager.logDetail("org.teiid.AUDIT_LOG", new AuditMessage("session", "logon-fail", logonInfo, e2));
                }
                throw e2;
            }
        }
        if (this.sessionMaxLimit > 0 && getActiveSessionsCount() >= this.sessionMaxLimit) {
            throw new SessionServiceException(RuntimePlugin.Event.TEIID40043, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40043, new Object[]{new Long(this.sessionMaxLimit)}));
        }
        String securityDomain = getSecurityDomain(str3, str, str2, vDBMetaData);
        if (securityDomain != null) {
            LogManager.logDetail("org.teiid.SECURITY", new Object[]{"authenticateUser", str3, str4});
            String baseUsername = getBaseUsername(str3);
            if (booleanValue || authenticationType.equals(AuthenticationType.GSS)) {
                subject = this.securityHelper.getSubjectInContext(securityDomain);
                if (subject != null) {
                    str3 = escapeName(getUserName(subject, baseUsername)) + AT + securityDomain;
                } else if (!booleanValue || !this.trustAllLocal) {
                    throw new LoginException(RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40087, new Object[0]));
                }
                obj = this.securityHelper.getSecurityContext();
            } else {
                str3 = escapeName(baseUsername) + AT + securityDomain;
                obj = this.securityHelper.authenticate(securityDomain, baseUsername, credentials, str4);
                subject = this.securityHelper.getSubjectInContext(obj);
            }
        } else {
            LogManager.logDetail("org.teiid.SECURITY", RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40117, new Object[0]));
        }
        long currentTimeMillis = System.currentTimeMillis();
        SessionMetadata sessionMetadata = new SessionMetadata();
        sessionMetadata.setSessionToken(new SessionToken(str3));
        sessionMetadata.setSessionId(sessionMetadata.getSessionToken().getSessionID());
        sessionMetadata.setUserName(str3);
        sessionMetadata.setCreatedTime(currentTimeMillis);
        sessionMetadata.setApplicationName(str4);
        sessionMetadata.setClientHostName(property);
        sessionMetadata.setIPAddress(property2);
        sessionMetadata.setClientHardwareAddress(property3);
        sessionMetadata.setSecurityDomain(securityDomain);
        if (vDBMetaData != null) {
            sessionMetadata.setVDBName(vDBMetaData.getName());
            sessionMetadata.setVDBVersion(vDBMetaData.getVersion());
        }
        sessionMetadata.setSubject(subject);
        sessionMetadata.setSecurityContext(obj);
        sessionMetadata.setVdb(vDBMetaData);
        if (LogManager.isMessageToBeRecorded("org.teiid.SECURITY", 5)) {
            LogManager.logDetail("org.teiid.SECURITY", new Object[]{"Logon successful, created", sessionMetadata});
        }
        this.sessionCache.put(sessionMetadata.getSessionId(), sessionMetadata);
        if (LogManager.isMessageToBeRecorded("org.teiid.AUDIT_LOG", 5)) {
            LogManager.logDetail("org.teiid.AUDIT_LOG", new AuditMessage("session", "logon-success", sessionMetadata));
        }
        return sessionMetadata;
    }

    protected VDBMetaData getActiveVDB(String str, String str2) throws SessionServiceException {
        VDBMetaData liveVDB;
        int indexOf;
        if (str2 == null && (indexOf = str.indexOf(46)) > 0) {
            str2 = str.substring(indexOf + 1);
            try {
                Integer.parseInt(str2);
                str = str.substring(0, indexOf);
            } catch (NumberFormatException e) {
                str2 = null;
            }
        }
        try {
            if (str2 == null) {
                str2 = "latest";
                liveVDB = this.vdbRepository.getLiveVDB(str);
            } else {
                liveVDB = this.vdbRepository.getLiveVDB(str, Integer.parseInt(str2));
            }
            if (liveVDB == null) {
                throw new SessionServiceException(RuntimePlugin.Event.TEIID40046, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40046, new Object[]{str, str2}));
            }
            if (liveVDB.getConnectionType() == VDB.ConnectionType.NONE) {
                throw new SessionServiceException(RuntimePlugin.Event.TEIID40048, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40048, new Object[]{str, str2}));
            }
            return liveVDB;
        } catch (NumberFormatException e2) {
            throw new SessionServiceException(RuntimePlugin.Event.TEIID40045, e2, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40045, new Object[]{str2}));
        }
    }

    public Collection<SessionMetadata> getActiveSessions() {
        return new ArrayList(this.sessionCache.values());
    }

    public SessionMetadata getActiveSession(String str) {
        return this.sessionCache.get(str);
    }

    public int getActiveSessionsCount() throws SessionServiceException {
        return this.sessionCache.size();
    }

    public Collection<SessionMetadata> getSessionsLoggedInToVDB(String str, int i) {
        if (str == null || i <= 0) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (SessionMetadata sessionMetadata : this.sessionCache.values()) {
            if (str.equalsIgnoreCase(sessionMetadata.getVDBName()) && i == sessionMetadata.getVDBVersion()) {
                arrayList.add(sessionMetadata);
            }
        }
        return arrayList;
    }

    public void pingServer(String str) throws InvalidSessionException {
        SessionMetadata sessionInfo = getSessionInfo(str, false);
        sessionInfo.setLastPingTime(System.currentTimeMillis());
        this.sessionCache.put(str, sessionInfo);
        LogManager.logDetail("org.teiid.SECURITY", "Keep-alive ping received for session:", str);
    }

    public boolean terminateSession(String str, String str2) {
        LogManager.logInfo("org.teiid.SECURITY", RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40009, new Object[]{str2, str}));
        try {
            closeSession(str);
            return true;
        } catch (InvalidSessionException e) {
            LogManager.logDetail("org.teiid.SECURITY", e, e.getMessage());
            return false;
        }
    }

    public SessionMetadata validateSession(String str) throws InvalidSessionException, SessionServiceException {
        return getSessionInfo(str, false);
    }

    private SessionMetadata getSessionInfo(String str, boolean z) throws InvalidSessionException {
        if (str == null) {
            throw new InvalidSessionException(RuntimePlugin.Event.TEIID40041, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40041, new Object[0]));
        }
        SessionMetadata remove = z ? this.sessionCache.remove(str) : this.sessionCache.get(str);
        if (remove == null) {
            throw new InvalidSessionException(RuntimePlugin.Event.TEIID40042, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40042, new Object[]{str}));
        }
        return remove;
    }

    public long getSessionMaxLimit() {
        return this.sessionMaxLimit;
    }

    public void setSessionMaxLimit(long j) {
        this.sessionMaxLimit = j;
    }

    public long getSessionExpirationTimeLimit() {
        return this.sessionExpirationTimeLimit;
    }

    public void setSessionExpirationTimeLimit(long j) {
        this.sessionExpirationTimeLimit = j;
    }

    public void setAuthenticationType(AuthenticationType authenticationType) {
        this.defaultAuthenticationType = authenticationType;
    }

    public void start() {
        LogManager.logDetail("org.teiid.SECURITY", new Object[]{"Default security domain configured=", this.securityDomainNames});
        this.sessionMonitor = new Timer("SessionMonitor", true);
        this.sessionMonitor.schedule(new TimerTask() { // from class: org.teiid.services.SessionServiceImpl.1
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                SessionServiceImpl.this.monitorSessions();
            }
        }, 360000L, 240000L);
    }

    public void stop() {
        if (this.sessionMonitor != null) {
            this.sessionMonitor.cancel();
        }
        this.sessionCache.clear();
    }

    public void setVDBRepository(VDBRepository vDBRepository) {
        this.vdbRepository = vDBRepository;
    }

    public void setSecurityHelper(SecurityHelper securityHelper) {
        this.securityHelper = securityHelper;
    }

    public void setDqp(DQPCore dQPCore) {
        this.dqp = dQPCore;
    }

    public SecurityHelper getSecurityHelper() {
        return this.securityHelper;
    }

    static String getBaseUsername(String str) {
        if (str == null) {
            return str;
        }
        int qualifierIndex = getQualifierIndex(str);
        String str2 = str;
        if (qualifierIndex != -1) {
            str2 = str.substring(0, qualifierIndex);
        }
        return str2.replaceAll("\\\\@", AT);
    }

    static String escapeName(String str) {
        return str == null ? str : str.replaceAll(AT, "\\\\@");
    }

    static String getDomainName(String str) {
        if (str == null) {
            return str;
        }
        int qualifierIndex = getQualifierIndex(str);
        if (qualifierIndex != -1) {
            return str.substring(qualifierIndex + 1);
        }
        return null;
    }

    static int getQualifierIndex(String str) {
        int length = str.length();
        while (true) {
            int lastIndexOf = str.lastIndexOf(AT, length - 1);
            length = lastIndexOf;
            if (lastIndexOf == -1) {
                return -1;
            }
            if (length > 0 && str.charAt(length - 1) != '\\') {
                return length;
            }
        }
    }

    public AuthenticationType getAuthenticationType(String str, String str2, String str3) throws LogonException {
        if (str != null) {
            try {
                VDBMetaData activeVDB = getActiveVDB(str, str2);
                String propertyValue = activeVDB.getPropertyValue(GSS_PATTERN_PROPERTY);
                if (propertyValue != null && Pattern.matches(propertyValue, str3)) {
                    return AuthenticationType.GSS;
                }
                String propertyValue2 = activeVDB.getPropertyValue(PASSWORD_PATTERN_PROPERTY);
                if (propertyValue2 != null && Pattern.matches(propertyValue2, str3)) {
                    return AuthenticationType.USERPASSWORD;
                }
                String propertyValue3 = activeVDB.getPropertyValue(AUTHENTICATION_TYPE_PROPERTY);
                if (propertyValue3 != null) {
                    return AuthenticationType.valueOf(propertyValue3);
                }
            } catch (SessionServiceException e) {
                throw new LogonException(e);
            }
        }
        return this.defaultAuthenticationType;
    }

    public String getSecurityDomain(String str, String str2, String str3, VDB vdb) throws LoginException {
        String domainName = getDomainName(str);
        if (str2 != null) {
            if (vdb == null) {
                try {
                    vdb = getActiveVDB(str2, str3);
                } catch (SessionServiceException e) {
                }
            }
            String propertyValue = vdb.getPropertyValue(SECURITY_DOMAIN_PROPERTY);
            if (propertyValue != null) {
                if (domainName == null || propertyValue.equals(domainName)) {
                    return propertyValue;
                }
                throw new LoginException(RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40116, new Object[0]));
            }
        }
        if (domainName != null) {
            if (this.securityDomainNames == null || !this.securityDomainNames.contains(domainName)) {
                throw new LoginException(RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40116, new Object[0]));
            }
            return domainName;
        }
        if (this.securityDomainNames == null || this.securityDomainNames.isEmpty()) {
            return null;
        }
        return this.securityDomainNames.get(0);
    }

    public GSSResult neogitiateGssLogin(String str, String str2, String str3, byte[] bArr) throws LoginException, LogonException {
        String securityDomain = getSecurityDomain(str, str2, str3, null);
        if (securityDomain == null) {
            throw new LogonException(RuntimePlugin.Event.TEIID40059, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40059, new Object[0]));
        }
        return this.securityHelper.negotiateGssLogin(securityDomain, bArr);
    }

    public AuthenticationType getDefaultAuthenticationType() {
        return this.defaultAuthenticationType;
    }

    private String getUserName(Subject subject, String str) {
        for (Principal principal : subject.getPrincipals()) {
            if (!(principal instanceof Group)) {
                return principal.getName();
            }
        }
        return str;
    }

    public boolean isTrustAllLocal() {
        return this.trustAllLocal;
    }

    public void setTrustAllLocal(boolean z) {
        this.trustAllLocal = z;
    }
}
