package org.jboss.web.tomcat.service.sso;

import java.io.IOException;
import java.security.Principal;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.management.ObjectName;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleEvent;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.SessionEvent;
import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.authenticator.SingleSignOn;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.session.ManagerBase;
import org.jboss.web.tomcat.service.session.JBossManager;

/* loaded from: input_file:org/jboss/web/tomcat/service/sso/ClusteredSingleSignOn.class */
public class ClusteredSingleSignOn extends SingleSignOn implements LifecycleListener {
    public static final int DEFAULT_PROCESS_EXPIRES_INTERVAL = 60;
    public static final int DEFAULT_MAX_EMPTY_LIFE = 1800;
    public static final String DEFAULT_CACHE_NAME = "clustered-sso";
    public static final String LEGACY_CACHE_NAME = "jboss.cache:service=TomcatClusteringCache";
    private String clusterManagerClass = TreeCacheSSOClusterManager.class.getName();
    private SSOClusterManager ssoClusterManager = null;
    private String treeCacheName = DEFAULT_CACHE_NAME;
    private String threadPoolName = TreeCacheSSOClusterManager.DEFAULT_THREAD_POOL_NAME;
    private Set activeManagers = Collections.synchronizedSet(new HashSet());
    private int maxEmptyLife = 1800000;
    private int processExpiresInterval = 60000;
    private long lastProcessExpires = System.currentTimeMillis();
    private Map emptySSOs = new ConcurrentHashMap();
    private final Object mutex = new Object();

    public SSOClusterManager getClusterManager() {
        return this.ssoClusterManager;
    }

    public void setClusterManager(SSOClusterManager sSOClusterManager) {
        if (this.started && sSOClusterManager != this.ssoClusterManager) {
            throw new IllegalStateException("already started -- cannot set a new SSOClusterManager");
        }
        this.ssoClusterManager = sSOClusterManager;
        if (sSOClusterManager != null) {
            this.clusterManagerClass = sSOClusterManager.getClass().getName();
        }
    }

    public String getClusterManagerClass() {
        return this.clusterManagerClass;
    }

    public void setClusterManagerClass(String str) {
        if (!this.started) {
            this.clusterManagerClass = str;
            return;
        }
        if (this.ssoClusterManager != null) {
            getContainer().getLogger().error("Cannot set clusterManagerClass to " + str + "; already started using " + this.clusterManagerClass);
            return;
        }
        try {
            createClusterManager(str);
        } catch (LifecycleException e) {
            getContainer().getLogger().error("Exception creating SSOClusterManager " + str, e);
        }
    }

    public String getTreeCacheName() {
        return this.treeCacheName;
    }

    public void setTreeCacheName(String str) throws Exception {
        this.treeCacheName = str;
        if (this.ssoClusterManager == null || !(this.ssoClusterManager instanceof TreeCacheSSOClusterManager)) {
            return;
        }
        ((TreeCacheSSOClusterManager) this.ssoClusterManager).setCacheName(str);
    }

    public String getThreadPoolName() {
        return this.threadPoolName;
    }

    public void setThreadPoolName(String str) throws Exception {
        this.threadPoolName = str;
        if (this.ssoClusterManager == null || !(this.ssoClusterManager instanceof TreeCacheSSOClusterManager)) {
            return;
        }
        ((TreeCacheSSOClusterManager) this.ssoClusterManager).setThreadPoolName(str);
    }

    public int getMaxEmptyLife() {
        return this.maxEmptyLife / 1000;
    }

    public void setMaxEmptyLife(int i) {
        if (i < 0) {
            throw new IllegalArgumentException("maxEmptyLife must be >= 0");
        }
        this.maxEmptyLife = i * 1000;
    }

    public int getProcessExpiresInterval() {
        return this.processExpiresInterval / 1000;
    }

    public void setProcessExpiresInterval(int i) {
        if (i < 0) {
            throw new IllegalArgumentException("processExpiresInterval must be >= 0");
        }
        this.processExpiresInterval = i * 1000;
    }

    public long getLastProcessExpires() {
        return this.lastProcessExpires;
    }

    public void start() throws LifecycleException {
        if (this.started) {
            throw new LifecycleException(sm.getString("authenticator.alreadyStarted"));
        }
        createClusterManager(getClusterManagerClass());
        this.lifecycle.fireLifecycleEvent("start", (Object) null);
        this.started = true;
        if (this.ssoClusterManager != null) {
            this.ssoClusterManager.start();
        }
    }

    public void stop() throws LifecycleException {
        if (!this.started) {
            throw new LifecycleException(sm.getString("authenticator.notStarted"));
        }
        if (this.ssoClusterManager != null) {
            this.ssoClusterManager.stop();
        }
        this.lifecycle.fireLifecycleEvent("stop", (Object) null);
        this.started = false;
    }

    public void sessionEvent(SessionEvent sessionEvent) {
        String str;
        if ("destroySession".equals(sessionEvent.getType())) {
            Session session = sessionEvent.getSession();
            if (getContainer().getLogger().isTraceEnabled()) {
                getContainer().getLogger().trace("Process session destroyed on " + session);
            }
            synchronized (this.reverse) {
                str = (String) this.reverse.get(session);
            }
            if (str == null) {
                return;
            }
            try {
                if (isSessionTimedOut(session) || isManagerStopped(session)) {
                    removeSession(str, session);
                    processExpires();
                } else {
                    logout(str);
                }
            } catch (Exception e) {
                getContainer().getLogger().error("Caught exception updating SSO " + str + " following destruction of session " + session.getIdInternal(), e);
            }
        }
    }

    private boolean isSessionTimedOut(Session session) {
        return session.getMaxInactiveInterval() > 0 && System.currentTimeMillis() - session.getLastAccessedTime() >= ((long) (session.getMaxInactiveInterval() * 1000));
    }

    private boolean isManagerStopped(Session session) {
        boolean z = false;
        ManagerBase manager = session.getManager();
        if (manager instanceof ManagerBase) {
            z = !this.activeManagers.contains(manager.getObjectName());
        } else if (manager instanceof JBossManager) {
            z = !this.activeManagers.contains(((JBossManager) manager).getObjectName());
        } else if (manager instanceof Lifecycle) {
            z = !this.activeManagers.contains(manager);
        }
        return z;
    }

    public void lifecycleEvent(LifecycleEvent lifecycleEvent) {
        String type = lifecycleEvent.getType();
        if ("before_stop".equals(type) || "stop".equals(type) || "after_stop".equals(type)) {
            ManagerBase lifecycle = lifecycleEvent.getLifecycle();
            if (lifecycle instanceof ManagerBase ? this.activeManagers.remove(lifecycle.getObjectName()) : lifecycle instanceof JBossManager ? this.activeManagers.remove(((JBossManager) lifecycle).getObjectName()) : this.activeManagers.remove(lifecycle)) {
                lifecycle.removeLifecycleListener(this);
                getContainer().getLogger().debug("ClusteredSSO: removed stopped manager " + lifecycle.toString());
            }
        }
    }

    public void invoke(Request request, Response response) throws IOException, ServletException {
        request.removeNote("org.apache.catalina.request.SSOID");
        if (getContainer().getLogger().isTraceEnabled()) {
            getContainer().getLogger().trace("Process request for '" + request.getRequestURI() + "'");
        }
        if (request.getUserPrincipal() != null) {
            if (getContainer().getLogger().isTraceEnabled()) {
                getContainer().getLogger().trace(" Principal '" + request.getUserPrincipal().getName() + "' has already been authenticated");
            }
            getNext().invoke(request, response);
            return;
        }
        Cookie cookie = null;
        Cookie[] cookies = request.getCookies();
        if (cookies == null) {
            cookies = new Cookie[0];
        }
        int i = 0;
        while (true) {
            if (i >= cookies.length) {
                break;
            }
            if (Constants.SINGLE_SIGN_ON_COOKIE.equals(cookies[i].getName())) {
                cookie = cookies[i];
                break;
            }
            i++;
        }
        if (cookie == null) {
            if (getContainer().getLogger().isTraceEnabled()) {
                getContainer().getLogger().trace(" SSO cookie is not present");
            }
            getNext().invoke(request, response);
            return;
        }
        String value = cookie.getValue();
        if (getContainer().getLogger().isTraceEnabled()) {
            getContainer().getLogger().trace(" Checking for cached principal for " + value);
        }
        JBossSingleSignOnEntry singleSignOnEntry = getSingleSignOnEntry(cookie.getValue());
        if (singleSignOnEntry == null || !isValid(value, singleSignOnEntry)) {
            if (getContainer().getLogger().isTraceEnabled()) {
                getContainer().getLogger().trace(" No cached principal found, erasing SSO cookie");
            }
            cookie.setMaxAge(0);
            response.addCookie(cookie);
        } else {
            Principal principal = singleSignOnEntry.getPrincipal();
            if (getContainer().getLogger().isTraceEnabled()) {
                getContainer().getLogger().trace(" Found cached principal '" + (principal == null ? "NULL" : principal.getName()) + "' with auth type '" + singleSignOnEntry.getAuthType() + "'");
            }
            request.setNote("org.apache.catalina.request.SSOID", cookie.getValue());
            if (!getRequireReauthentication() && principal != null) {
                request.setAuthType(singleSignOnEntry.getAuthType());
                request.setUserPrincipal(principal);
            }
        }
        getNext().invoke(request, response);
    }

    public void associate(String str, Session session) {
        if (getContainer().getLogger().isTraceEnabled()) {
            getContainer().getLogger().trace("Associate sso id " + str + " with session " + session);
        }
        JBossSingleSignOnEntry singleSignOnEntry = getSingleSignOnEntry(str);
        boolean z = false;
        if (singleSignOnEntry != null) {
            z = singleSignOnEntry.addSession2(this, session);
        }
        synchronized (this.reverse) {
            this.reverse.put(session, str);
        }
        if (z) {
            ObjectName manager = session.getManager();
            ObjectName objectName = null;
            if (manager instanceof ManagerBase) {
                objectName = ((ManagerBase) manager).getObjectName();
            } else if (manager instanceof JBossManager) {
                objectName = ((JBossManager) manager).getObjectName();
            } else if (manager instanceof Lifecycle) {
                objectName = manager;
            } else {
                getContainer().getLogger().warn("Manager for session " + session.getIdInternal() + " does not implement Lifecycle; web app shutdown may  lead to incorrect SSO invalidations");
            }
            if (objectName != null) {
                synchronized (this.activeManagers) {
                    if (!this.activeManagers.contains(objectName)) {
                        this.activeManagers.add(objectName);
                        ((Lifecycle) manager).addLifecycleListener(this);
                    }
                }
            }
            if (this.ssoClusterManager != null) {
                this.ssoClusterManager.addSession(str, session);
            }
        }
    }

    protected void deregister(String str, Session session) {
        synchronized (this.reverse) {
            this.reverse.remove(session);
        }
        JBossSingleSignOnEntry singleSignOnEntry = getSingleSignOnEntry(str);
        if (singleSignOnEntry == null) {
            return;
        }
        if (singleSignOnEntry.removeSession2(session) && this.ssoClusterManager != null) {
            this.ssoClusterManager.removeSession(str, session);
        }
        if (singleSignOnEntry.getSessionCount() == 0) {
            synchronized (this.cache) {
            }
        }
    }

    public void deregister(String str) {
        JBossSingleSignOnEntry jBossSingleSignOnEntry;
        if (getContainer().getLogger().isTraceEnabled()) {
            getContainer().getLogger().trace("Deregistering sso id '" + str + "'");
        }
        this.emptySSOs.remove(str);
        synchronized (this.cache) {
            jBossSingleSignOnEntry = (JBossSingleSignOnEntry) this.cache.remove(str);
        }
        if (jBossSingleSignOnEntry == null) {
            return;
        }
        Session[] findSessions = jBossSingleSignOnEntry.findSessions();
        for (int i = 0; i < findSessions.length; i++) {
            if (getContainer().getLogger().isTraceEnabled()) {
                getContainer().getLogger().trace(" Invalidating session " + findSessions[i]);
            }
            synchronized (this.reverse) {
                this.reverse.remove(findSessions[i]);
            }
            findSessions[i].expire();
        }
    }

    protected void logout(String str) {
        deregister(str);
        if (this.ssoClusterManager != null) {
            this.ssoClusterManager.logout(str);
        }
    }

    protected JBossSingleSignOnEntry getSingleSignOnEntry(String str) {
        JBossSingleSignOnEntry localLookup = localLookup(str);
        if (localLookup == null && this.ssoClusterManager != null) {
            localLookup = this.ssoClusterManager.lookup(str);
            if (localLookup != null) {
                synchronized (this.cache) {
                    this.cache.put(str, localLookup);
                }
            }
        }
        return localLookup;
    }

    public boolean reauthenticate(String str, Realm realm, Request request) {
        String username;
        Principal authenticate;
        if (str == null || realm == null) {
            return false;
        }
        boolean z = false;
        JBossSingleSignOnEntry singleSignOnEntry = getSingleSignOnEntry(str);
        if (singleSignOnEntry != null && singleSignOnEntry.getCanReauthenticate() && (username = singleSignOnEntry.getUsername()) != null && (authenticate = realm.authenticate(username, singleSignOnEntry.getPassword())) != null) {
            z = true;
            request.setAuthType(singleSignOnEntry.getAuthType());
            request.setUserPrincipal(authenticate);
            singleSignOnEntry.setPrincipal(authenticate);
        }
        return z;
    }

    public void register(String str, Principal principal, String str2, String str3, String str4) {
        registerLocal(str, principal, str2, str3, str4);
        if (this.ssoClusterManager != null) {
            this.ssoClusterManager.register(str, str2, str3, str4);
        }
    }

    protected void removeSession(String str, Session session) {
        if (getContainer().getLogger().isTraceEnabled()) {
            getContainer().getLogger().trace("Removing session " + session.toString() + " from sso id " + str);
        }
        JBossSingleSignOnEntry singleSignOnEntry = getSingleSignOnEntry(str);
        if (singleSignOnEntry == null) {
            return;
        }
        if (singleSignOnEntry.removeSession2(session) && this.ssoClusterManager != null) {
            this.ssoClusterManager.removeSession(str, session);
        }
        synchronized (this.reverse) {
            this.reverse.remove(session);
        }
    }

    public void update(String str, Principal principal, String str2, String str3, String str4) {
        if (!updateLocal(str, principal, str2, str3, str4) || this.ssoClusterManager == null) {
            return;
        }
        this.ssoClusterManager.updateCredentials(str, str2, str3, str4);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JBossSingleSignOnEntry localLookup(String str) {
        JBossSingleSignOnEntry jBossSingleSignOnEntry;
        synchronized (this.cache) {
            jBossSingleSignOnEntry = (JBossSingleSignOnEntry) this.cache.get(str);
        }
        return jBossSingleSignOnEntry;
    }

    void registerLocal(String str, Principal principal, String str2, String str3, String str4) {
        if (getContainer().getLogger().isTraceEnabled()) {
            getContainer().getLogger().trace("Registering sso id '" + str + "' for user '" + principal.getName() + "' with auth type '" + str2 + "'");
        }
        synchronized (this.cache) {
            this.cache.put(str, new JBossSingleSignOnEntry(principal, str2, str3, str4));
        }
    }

    boolean updateLocal(String str, Principal principal, String str2, String str3, String str4) {
        boolean z = false;
        JBossSingleSignOnEntry singleSignOnEntry = getSingleSignOnEntry(str);
        if (singleSignOnEntry != null) {
            if (!singleSignOnEntry.getCanReauthenticate()) {
                if (getContainer().getLogger().isTraceEnabled()) {
                    getContainer().getLogger().trace("Update sso id " + str + " to auth type " + str2);
                }
                synchronized (singleSignOnEntry) {
                    z = singleSignOnEntry.updateCredentials2(principal, str2, str3, str4);
                }
            } else if (singleSignOnEntry.getPrincipal() == null && principal != null) {
                if (getContainer().getLogger().isTraceEnabled()) {
                    getContainer().getLogger().trace("Update sso id " + str + " with principal " + principal.getName());
                }
                synchronized (singleSignOnEntry) {
                    singleSignOnEntry.setPrincipal(principal);
                }
            }
        }
        return z;
    }

    void remoteUpdate(String str, String str2, String str3, String str4) {
        JBossSingleSignOnEntry singleSignOnEntry = getSingleSignOnEntry(str);
        if (singleSignOnEntry == null || singleSignOnEntry.getCanReauthenticate()) {
            return;
        }
        if (getContainer().getLogger().isTraceEnabled()) {
            getContainer().getLogger().trace("Update sso id " + str + " to auth type " + str2);
        }
        synchronized (singleSignOnEntry) {
            singleSignOnEntry.updateCredentials(singleSignOnEntry.getPrincipal(), str2, str3, str4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void notifySSOEmpty(String str) {
        if (this.emptySSOs.put(str, new Long(System.currentTimeMillis())) == null && getContainer().getLogger().isTraceEnabled()) {
            getContainer().getLogger().trace("Notified that SSO " + str + " is empty");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void notifySSONotEmpty(String str) {
        if (this.emptySSOs.remove(str) == null || !getContainer().getLogger().isTraceEnabled()) {
            return;
        }
        getContainer().getLogger().trace("Notified that SSO " + str + " is no longer empty");
    }

    private void createClusterManager(String str) throws LifecycleException {
        if (this.ssoClusterManager == null && str != null) {
            try {
                SSOClusterManager sSOClusterManager = (SSOClusterManager) Thread.currentThread().getContextClassLoader().loadClass(str).newInstance();
                sSOClusterManager.setSingleSignOnValve(this);
                if (sSOClusterManager instanceof TreeCacheSSOClusterManager) {
                    ((TreeCacheSSOClusterManager) sSOClusterManager).setCacheName(getTreeCacheName());
                    ((TreeCacheSSOClusterManager) sSOClusterManager).setThreadPoolName(getThreadPoolName());
                }
                this.ssoClusterManager = sSOClusterManager;
                this.clusterManagerClass = str;
                if (this.started) {
                    this.ssoClusterManager.start();
                }
            } catch (Throwable th) {
                throw new LifecycleException("Cannot create SSOClusterManager using " + str, th);
            }
        }
    }

    private void processExpires() {
        synchronized (this.mutex) {
            long currentTimeMillis = System.currentTimeMillis();
            if (currentTimeMillis - this.lastProcessExpires > this.processExpiresInterval) {
                this.lastProcessExpires = currentTimeMillis;
                clearExpiredSSOs(currentTimeMillis);
            }
        }
    }

    private synchronized void clearExpiredSSOs(long j) {
        for (Map.Entry entry : this.emptySSOs.entrySet()) {
            if (j - ((Long) entry.getValue()).longValue() > this.maxEmptyLife) {
                String str = (String) entry.getKey();
                if (getContainer().getLogger().isTraceEnabled()) {
                    getContainer().getLogger().trace("Invalidating expired SSO " + str);
                }
                logout(str);
            }
        }
    }

    private boolean isValid(String str, JBossSingleSignOnEntry jBossSingleSignOnEntry) {
        Long l;
        boolean z = true;
        if (jBossSingleSignOnEntry.getSessionCount() == 0 && (l = (Long) this.emptySSOs.get(str)) != null && System.currentTimeMillis() - l.longValue() > this.maxEmptyLife) {
            z = false;
            if (getContainer().getLogger().isTraceEnabled()) {
                getContainer().getLogger().trace("Invalidating expired SSO " + str);
            }
            logout(str);
        }
        return z;
    }

    static {
        info = ClusteredSingleSignOn.class.getName();
    }
}
