package net.shibboleth.idp.session.impl;

import com.google.common.base.Predicates;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.idp.authn.AuthenticationFlowDescriptor;
import net.shibboleth.idp.session.IdPSession;
import net.shibboleth.idp.session.SPSession;
import net.shibboleth.idp.session.SPSessionSerializerRegistry;
import net.shibboleth.idp.session.SessionException;
import net.shibboleth.idp.session.SessionManager;
import net.shibboleth.idp.session.SessionResolver;
import net.shibboleth.idp.session.criterion.HttpServletRequestCriterion;
import net.shibboleth.idp.session.criterion.SPSessionCriterion;
import net.shibboleth.idp.session.criterion.SessionIdCriterion;
import net.shibboleth.utilities.java.support.annotation.Duration;
import net.shibboleth.utilities.java.support.annotation.constraint.NonNegative;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.annotation.constraint.Positive;
import net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.net.CookieManager;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy;
import org.opensaml.storage.RequestScopedStorageService;
import org.opensaml.storage.StorageRecord;
import org.opensaml.storage.StorageSerializer;
import org.opensaml.storage.StorageService;
import org.opensaml.storage.VersionMismatchException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/session/impl/StorageBackedSessionManager.class */
public class StorageBackedSessionManager extends AbstractIdentifiableInitializableComponent implements SessionManager, SessionResolver {

    @NotEmpty
    @Nonnull
    public static final String SESSION_MASTER_KEY = "_session";

    @NotEmpty
    @Nonnull
    protected static final String DEFAULT_COOKIE_NAME = "shib_idp_session";

    @Nullable
    private HttpServletRequest httpRequest;

    @Nullable
    private HttpServletResponse httpResponse;

    @NonNegative
    @Duration
    private long sessionSlop;
    private boolean maskStorageFailure;
    private boolean trackSPSessions;
    private boolean secondaryServiceIndex;

    @NonnullAfterInit
    private CookieManager cookieManager;

    @NonnullAfterInit
    private StorageService storageService;

    @NonnullAfterInit
    private IdentifierGenerationStrategy idGenerator;

    @Nullable
    private SPSessionSerializerRegistry spSessionSerializerRegistry;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(StorageBackedSessionManager.class);

    @Positive
    @Duration
    private long sessionTimeout = 3600000;

    @Nonnull
    private final StorageBackedIdPSessionSerializer serializer = new StorageBackedIdPSessionSerializer(this, null);

    @NonnullElements
    @Nonnull
    private final Map<String, AuthenticationFlowDescriptor> flowDescriptorMap = new HashMap();
    private boolean consistentAddress = true;

    @NotEmpty
    @Nonnull
    private String cookieName = DEFAULT_COOKIE_NAME;

    public void setHttpServletRequest(@Nullable HttpServletRequest httpServletRequest) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.httpRequest = httpServletRequest;
    }

    public void setHttpServletResponse(@Nullable HttpServletResponse httpServletResponse) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.httpResponse = httpServletResponse;
    }

    @Positive
    public long getSessionTimeout() {
        return this.sessionTimeout;
    }

    public void setSessionTimeout(@Positive @Duration long j) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.sessionTimeout = Constraint.isGreaterThan(0L, j, "Timeout must be greater than zero");
    }

    @Positive
    public long getSessionSlop() {
        return this.sessionSlop;
    }

    public void setSessionSlop(@NonNegative @Duration long j) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.sessionSlop = Constraint.isGreaterThanOrEqual(0L, j, "Slop must be greater than or equal to zero");
    }

    public boolean isMaskStorageFailure() {
        return this.maskStorageFailure;
    }

    public void setMaskStorageFailure(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.maskStorageFailure = z;
    }

    public boolean isTrackSPSessions() {
        return this.trackSPSessions;
    }

    public void setTrackSPSessions(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.trackSPSessions = z;
    }

    public boolean isSecondaryServiceIndex() {
        return this.secondaryServiceIndex;
    }

    public void setSecondaryServiceIndex(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.secondaryServiceIndex = z;
    }

    public boolean isConsistentAddress() {
        return this.consistentAddress;
    }

    public void setConsistentAddress(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.consistentAddress = z;
    }

    public void setCookieName(@NotEmpty @Nonnull String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.cookieName = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Cookie name cannot be null or empty");
    }

    public void setCookieManager(@Nonnull CookieManager cookieManager) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.cookieManager = (CookieManager) Constraint.isNotNull(cookieManager, "CookieManager cannot be null");
    }

    @Nonnull
    public StorageService getStorageService() {
        return this.storageService;
    }

    public void setStorageService(@Nonnull StorageService storageService) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.storageService = (StorageService) Constraint.isNotNull(storageService, "StorageService cannot be null");
    }

    public void setIDGenerator(@Nonnull IdentifierGenerationStrategy identifierGenerationStrategy) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.idGenerator = (IdentifierGenerationStrategy) Constraint.isNotNull(identifierGenerationStrategy, "IdentifierGenerationStrategy cannot be null");
    }

    @Nonnull
    public StorageSerializer<StorageBackedIdPSession> getStorageSerializer() {
        return this.serializer;
    }

    @Nullable
    public AuthenticationFlowDescriptor getAuthenticationFlowDescriptor(@NotEmpty @Nonnull String str) {
        return this.flowDescriptorMap.get(str);
    }

    public void setAuthenticationFlowDescriptors(@NonnullElements @Nonnull Iterable<AuthenticationFlowDescriptor> iterable) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        Constraint.isNotNull(iterable, "Flow collection cannot be null");
        this.flowDescriptorMap.clear();
        for (AuthenticationFlowDescriptor authenticationFlowDescriptor : Iterables.filter(iterable, Predicates.notNull())) {
            this.flowDescriptorMap.put(authenticationFlowDescriptor.getId(), authenticationFlowDescriptor);
        }
    }

    @Nullable
    public SPSessionSerializerRegistry getSPSessionSerializerRegistry() {
        return this.spSessionSerializerRegistry;
    }

    public void setSPSessionSerializerRegistry(@Nullable SPSessionSerializerRegistry sPSessionSerializerRegistry) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.spSessionSerializerRegistry = sPSessionSerializerRegistry;
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.storageService == null) {
            throw new ComponentInitializationException("Initialization of StorageBackedSessionManager requires non-null StorageService");
        }
        if (this.idGenerator == null) {
            throw new ComponentInitializationException("Initialization of StorageBackedSessionManager requires non-null IdentifierGenerationStrategy");
        }
        if (this.cookieManager == null) {
            throw new ComponentInitializationException("Initialization of StorageBackedSessionManager requires non-null CookieManager");
        }
        if ((this.trackSPSessions || this.secondaryServiceIndex) && (this.storageService instanceof RequestScopedStorageService)) {
            throw new ComponentInitializationException("Tracking SPSessions requires a server-side StorageService");
        }
        if (this.trackSPSessions && this.spSessionSerializerRegistry == null) {
            throw new ComponentInitializationException("Tracking SPSessions requires a spSessionSerializerRegistry");
        }
        this.serializer.initialize();
    }

    @Nonnull
    public IdPSession createSession(@NotEmpty @Nonnull String str) throws SessionException {
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        String str2 = null;
        if (this.consistentAddress) {
            if (this.httpRequest == null) {
                throw new SessionException("No HttpServletRequest available, can't bind to client address");
            }
            str2 = StringSupport.trimOrNull(this.httpRequest.getRemoteAddr());
            if (str2 == null) {
                throw new SessionException("No client address to bind");
            }
        }
        String generateIdentifier = this.idGenerator.generateIdentifier(false);
        if (generateIdentifier.length() > this.storageService.getCapabilities().getContextSize()) {
            throw new SessionException("Session IDs are too large for StorageService, check configuration");
        }
        StorageBackedIdPSession storageBackedIdPSession = new StorageBackedIdPSession(this, generateIdentifier, str, System.currentTimeMillis());
        storageBackedIdPSession.doBindToAddress(str2);
        try {
        } catch (IOException e) {
            this.log.error("Exception while storing new session for principal {}", str, e);
            if (!this.maskStorageFailure) {
                throw new SessionException("Exception while storing new session", e);
            }
        }
        if (!this.storageService.create(generateIdentifier, SESSION_MASTER_KEY, storageBackedIdPSession, this.serializer, Long.valueOf(storageBackedIdPSession.getCreationInstant() + this.sessionTimeout + this.sessionSlop))) {
            throw new SessionException("A duplicate session ID was generated, unable to create session");
        }
        this.log.debug("Created new session {} for principal {}", generateIdentifier, str);
        this.cookieManager.addCookie(this.cookieName, generateIdentifier);
        return storageBackedIdPSession;
    }

    public void destroySession(@NotEmpty @Nonnull String str, boolean z) throws SessionException {
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        if (z) {
            this.cookieManager.unsetCookie(this.cookieName);
        }
        try {
            this.storageService.deleteContext(str);
            this.log.debug("Destroyed session {}", str);
        } catch (IOException e) {
            this.log.error("Exception while destroying session {}", str, e);
            throw new SessionException("Exception while destroying session", e);
        }
    }

    @NonnullElements
    @Nonnull
    public Iterable<IdPSession> resolve(@Nullable CriteriaSet criteriaSet) throws ResolverException {
        IdPSession lookupBySessionId;
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        if (criteriaSet != null) {
            if (((HttpServletRequestCriterion) criteriaSet.get(HttpServletRequestCriterion.class)) != null) {
                if (this.httpRequest == null) {
                    throw new ResolverException("HttpServletRequest is null");
                }
                Cookie[] cookies = this.httpRequest.getCookies();
                if (cookies != null) {
                    for (Cookie cookie : cookies) {
                        if (this.cookieName.equals(cookie.getName()) && (lookupBySessionId = lookupBySessionId(cookie.getValue())) != null) {
                            return ImmutableList.of(lookupBySessionId);
                        }
                    }
                }
                return ImmutableList.of();
            }
            SessionIdCriterion sessionIdCriterion = (SessionIdCriterion) criteriaSet.get(SessionIdCriterion.class);
            if (sessionIdCriterion != null) {
                IdPSession lookupBySessionId2 = lookupBySessionId(sessionIdCriterion.getSessionId());
                return lookupBySessionId2 != null ? ImmutableList.of(lookupBySessionId2) : ImmutableList.of();
            }
            SPSessionCriterion sPSessionCriterion = (SPSessionCriterion) criteriaSet.get(SPSessionCriterion.class);
            if (sPSessionCriterion != null) {
                if (this.secondaryServiceIndex) {
                    return lookupBySPSession(sPSessionCriterion);
                }
                throw new ResolverException("Secondary service index is disabled");
            }
        }
        throw new ResolverException("No supported criterion supplied");
    }

    @Nullable
    public IdPSession resolveSingle(@Nullable CriteriaSet criteriaSet) throws ResolverException {
        Iterator<IdPSession> it = resolve(criteriaSet).iterator();
        if (it == null || !it.hasNext()) {
            return null;
        }
        return it.next();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void indexBySPSession(@Nonnull IdPSession idPSession, @Nonnull SPSession sPSession, int i) throws SessionException {
        if (i <= 0) {
            this.log.error("Exceeded retry attempts while adding to secondary index");
            if (!this.maskStorageFailure) {
                throw new SessionException("Exceeded retry attempts while adding to secondary index");
            }
            return;
        }
        if (this.secondaryServiceIndex) {
            String id = sPSession.getId();
            String sPSessionKey = sPSession.getSPSessionKey();
            if (sPSessionKey == null) {
                return;
            }
            this.log.debug("Maintaining secondary index for service ID {} and key {}", id, sPSessionKey);
            int contextSize = this.storageService.getCapabilities().getContextSize();
            int keySize = this.storageService.getCapabilities().getKeySize();
            if (id.length() > contextSize) {
                id = id.substring(0, contextSize);
            }
            if (sPSessionKey.length() > keySize) {
                sPSessionKey = sPSessionKey.substring(0, keySize);
            }
            StorageRecord storageRecord = null;
            try {
                storageRecord = this.storageService.read(id, sPSessionKey);
            } catch (IOException e) {
                this.log.error("Exception while querying based service ID {} and key {}", new Object[]{id, sPSessionKey, e});
                if (!this.maskStorageFailure) {
                    throw new SessionException("Exception while querying based on SPSession", e);
                }
            }
            if (storageRecord != null) {
                try {
                    if (!storageRecord.getValue().contains(idPSession.getId() + ',')) {
                        if (this.storageService.updateWithVersion(storageRecord.getVersion(), id, sPSessionKey, storageRecord.getValue() + idPSession.getId() + ',', Long.valueOf(Math.max(storageRecord.getExpiration().longValue(), sPSession.getExpirationInstant() + this.sessionSlop))) == null) {
                            this.log.debug("Secondary index record disappeared, retrying as insert");
                            indexBySPSession(idPSession, sPSession, i - 1);
                        }
                    }
                } catch (IOException e2) {
                    this.log.error("Exception maintaining secondary index for service ID {} and key {}", new Object[]{id, sPSessionKey, e2});
                    if (!this.maskStorageFailure) {
                        throw new SessionException("Exception maintaining seconday index", e2);
                    }
                    return;
                } catch (VersionMismatchException e3) {
                    this.log.debug("Secondary index record was updated between read/update, retrying");
                    indexBySPSession(idPSession, sPSession, i - 1);
                    return;
                }
            }
            if (!this.storageService.create(id, sPSessionKey, idPSession.getId() + ',', Long.valueOf(sPSession.getExpirationInstant() + this.sessionSlop))) {
                this.log.debug("Secondary index record appeared, retrying as update");
                indexBySPSession(idPSession, sPSession, i - 1);
            }
        }
    }

    @Nullable
    private IdPSession lookupBySessionId(@NotEmpty @Nonnull String str) throws ResolverException {
        this.log.debug("Performing primary lookup on session ID {}", str);
        try {
            StorageRecord read = this.storageService.read(str, SESSION_MASTER_KEY);
            if (read != null) {
                return (IdPSession) read.getValue(this.serializer, str, SESSION_MASTER_KEY);
            }
            this.log.debug("Primary lookup failed for session ID {}", str);
            return null;
        } catch (IOException e) {
            this.log.error("Exception while querying for session ID {}", str, e);
            if (this.maskStorageFailure) {
                return null;
            }
            throw new ResolverException("Exception while querying for session", e);
        }
    }

    @NonnullElements
    @Nonnull
    private Iterable<IdPSession> lookupBySPSession(@Nonnull SPSessionCriterion sPSessionCriterion) throws ResolverException {
        int contextSize = this.storageService.getCapabilities().getContextSize();
        int keySize = this.storageService.getCapabilities().getKeySize();
        String serviceId = sPSessionCriterion.getServiceId();
        String sPSessionKey = sPSessionCriterion.getSPSessionKey();
        this.log.debug("Performing secondary lookup on service ID {} and key {}", serviceId, sPSessionKey);
        if (serviceId.length() > contextSize) {
            serviceId = serviceId.substring(0, contextSize);
        }
        if (sPSessionKey.length() > keySize) {
            sPSessionKey = sPSessionKey.substring(0, keySize);
        }
        StorageRecord storageRecord = null;
        try {
            storageRecord = this.storageService.read(serviceId, sPSessionKey);
        } catch (IOException e) {
            this.log.error("Exception while querying based service ID {} and key {}", new Object[]{serviceId, sPSessionKey, e});
            if (!this.maskStorageFailure) {
                throw new ResolverException("Exception while querying based on SPSession", e);
            }
        }
        if (storageRecord == null) {
            this.log.debug("Secondary lookup failed on service ID {} and key {}", serviceId, sPSessionKey);
            return ImmutableList.of();
        }
        ImmutableList.Builder builder = ImmutableList.builder();
        StringBuilder sb = new StringBuilder(storageRecord.getValue().length());
        for (String str : storageRecord.getValue().split(",")) {
            IdPSession lookupBySessionId = lookupBySessionId(str);
            if (lookupBySessionId != null) {
                builder.add(lookupBySessionId);
                sb.append(str);
                sb.append(',');
            }
        }
        try {
            String sb2 = sb.toString();
            if (sb2.length() == 0) {
                this.storageService.deleteWithVersion(storageRecord.getVersion(), serviceId, sPSessionKey);
            } else if (!sb2.equals(storageRecord.getValue())) {
                this.storageService.updateWithVersion(storageRecord.getVersion(), serviceId, sPSessionKey, sb2, storageRecord.getExpiration());
            }
        } catch (IOException e2) {
            this.log.warn("Ignoring exception while updating secondary index", e2);
        } catch (VersionMismatchException e3) {
            this.log.debug("Ignoring version mismatch while updating secondary index");
        }
        return builder.build();
    }
}
