package org.wildfly.security.http.oidc;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.wildfly.security.http.HttpScope;
import org.wildfly.security.http.HttpScopeNotification;
import org.wildfly.security.http.Scope;

/* loaded from: input_file:org/wildfly/security/http/oidc/OidcSessionTokenStore.class */
public class OidcSessionTokenStore implements OidcTokenStore {
    private final OidcHttpFacade httpFacade;

    public OidcSessionTokenStore(OidcHttpFacade oidcHttpFacade) {
        this.httpFacade = oidcHttpFacade;
    }

    @Override // org.wildfly.security.http.oidc.OidcTokenStore
    public void checkCurrentToken() {
        RefreshableOidcSecurityContext refreshableOidcSecurityContext;
        HttpScope scope = this.httpFacade.getScope(Scope.SESSION);
        if (scope == null || !scope.exists() || (refreshableOidcSecurityContext = (RefreshableOidcSecurityContext) scope.getAttachment(OidcSecurityContext.class.getName())) == null) {
            return;
        }
        if (refreshableOidcSecurityContext.getOidcClientConfiguration() == null) {
            refreshableOidcSecurityContext.setCurrentRequestInfo(this.httpFacade.getOidcClientConfiguration(), this);
        }
        if (!refreshableOidcSecurityContext.isActive() || refreshableOidcSecurityContext.getOidcClientConfiguration().isAlwaysRefreshToken()) {
            if (refreshableOidcSecurityContext.refreshToken(false) && refreshableOidcSecurityContext.isActive()) {
                return;
            }
            scope.setAttachment(OidcSecurityContext.class.getName(), null);
            scope.invalidate();
        }
    }

    @Override // org.wildfly.security.http.oidc.OidcTokenStore
    public boolean isCached(RequestAuthenticator requestAuthenticator) {
        HttpScope scope = this.httpFacade.getScope(Scope.SESSION);
        if (scope == null || !scope.supportsAttachments()) {
            ElytronMessages.log.debug("session was null, returning null");
            return false;
        }
        try {
            OidcAccount oidcAccount = (OidcAccount) scope.getAttachment(OidcAccount.class.getName());
            if (oidcAccount == null) {
                ElytronMessages.log.debug("Account was not in session, returning null");
                return false;
            }
            if (!Oidc.checkCachedAccountMatchesRequest(oidcAccount, this.httpFacade.getOidcClientConfiguration())) {
                return false;
            }
            boolean checkActive = oidcAccount.checkActive();
            if (!checkActive) {
                checkActive = oidcAccount.tryRefresh();
            }
            if (checkActive) {
                ElytronMessages.log.debug("Cached account found");
                restoreRequest();
                this.httpFacade.authenticationComplete(oidcAccount, true);
                return true;
            }
            ElytronMessages.log.debug("Refresh failed. Account was not active. Returning null and invalidating Http session");
            try {
                scope.setAttachment(OidcSecurityContext.class.getName(), null);
                scope.setAttachment(OidcAccount.class.getName(), null);
                scope.invalidate();
                return false;
            } catch (Exception e) {
                ElytronMessages.log.debug("Failed to invalidate session, might already be invalidated");
                return false;
            }
        } catch (IllegalStateException e2) {
            ElytronMessages.log.debug("session was invalidated.  Return false.");
            return false;
        }
    }

    @Override // org.wildfly.security.http.oidc.OidcTokenStore
    public void saveAccountInfo(OidcAccount oidcAccount) {
        HttpScope scope = this.httpFacade.getScope(Scope.SESSION);
        if (!scope.exists()) {
            scope.create();
            scope.registerForNotification(httpScopeNotification -> {
                HttpScope scope2;
                if (httpScopeNotification.isOfType(HttpScopeNotification.SessionNotificationType.UNDEPLOY) || (scope2 = httpScopeNotification.getScope(Scope.SESSION)) == null) {
                    return;
                }
                scope2.setAttachment(OidcAccount.class.getName(), null);
                scope2.setAttachment(OidcSecurityContext.class.getName(), null);
            });
        }
        scope.setAttachment(OidcAccount.class.getName(), oidcAccount);
        scope.setAttachment(OidcSecurityContext.class.getName(), oidcAccount.getOidcSecurityContext());
        this.httpFacade.getScope(Scope.EXCHANGE).setAttachment(OidcSecurityContext.class.getName(), oidcAccount.getOidcSecurityContext());
    }

    @Override // org.wildfly.security.http.oidc.OidcTokenStore
    public void logout() {
        logout(false);
    }

    @Override // org.wildfly.security.http.oidc.OidcTokenStore
    public void refreshCallback(RefreshableOidcSecurityContext refreshableOidcSecurityContext) {
        saveAccountInfo(new OidcAccount(new OidcPrincipal(refreshableOidcSecurityContext.getIDToken().getPrincipalName(this.httpFacade.getOidcClientConfiguration()), refreshableOidcSecurityContext)));
    }

    @Override // org.wildfly.security.http.oidc.OidcTokenStore
    public void saveRequest() {
        this.httpFacade.suspendRequest();
    }

    @Override // org.wildfly.security.http.oidc.OidcTokenStore
    public boolean restoreRequest() {
        return this.httpFacade.restoreRequest();
    }

    @Override // org.wildfly.security.http.oidc.OidcTokenStore
    public void logout(boolean z) {
        HttpScope scope = this.httpFacade.getScope(Scope.SESSION);
        if (scope.exists()) {
            OidcSecurityContext oidcSecurityContext = (OidcSecurityContext) scope.getAttachment(OidcSecurityContext.class.getName());
            try {
                if (!z || oidcSecurityContext == null) {
                    scope.setAttachment(OidcAccount.class.getName(), null);
                    scope.setAttachment(OidcSecurityContext.class.getName(), null);
                } else {
                    OidcClientConfiguration oidcClientConfiguration = this.httpFacade.getOidcClientConfiguration();
                    scope.invalidate();
                    if (!oidcClientConfiguration.isBearerOnly() && oidcSecurityContext != null && (oidcSecurityContext instanceof RefreshableOidcSecurityContext)) {
                        ((RefreshableOidcSecurityContext) oidcSecurityContext).logout(oidcClientConfiguration);
                    }
                }
            } catch (IllegalStateException e) {
                ElytronMessages.log.debugf("Session %s logged-out already", scope.getID());
            }
        }
    }

    @Override // org.wildfly.security.http.oidc.OidcTokenStore
    public void logoutAll() {
        logoutHttpSessions(new ArrayList(this.httpFacade.getScopeIds(Scope.SESSION)));
    }

    @Override // org.wildfly.security.http.oidc.OidcTokenStore
    public void logoutHttpSessions(List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            HttpScope scope = this.httpFacade.getScope(Scope.SESSION, it.next());
            if (scope != null) {
                scope.invalidate();
            }
        }
    }
}
