package net.shibboleth.idp.session.impl;

import java.io.IOException;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.AuthenticationFlowDescriptor;
import net.shibboleth.idp.authn.AuthenticationResult;
import net.shibboleth.idp.session.AbstractIdPSession;
import net.shibboleth.idp.session.SPSession;
import net.shibboleth.idp.session.SessionException;
import net.shibboleth.utilities.java.support.annotation.constraint.Live;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.annotation.constraint.NotLive;
import net.shibboleth.utilities.java.support.annotation.constraint.Unmodifiable;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.apache.commons.codec.digest.DigestUtils;
import org.opensaml.storage.StorageRecord;
import org.opensaml.storage.StorageSerializer;
import org.opensaml.storage.VersionMismatchException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/session/impl/StorageBackedIdPSession.class */
public class StorageBackedIdPSession extends AbstractIdPSession {

    @Nonnull
    private final Logger log;

    @Nonnull
    private final StorageBackedSessionManager sessionManager;
    private long version;

    public StorageBackedIdPSession(@Nonnull StorageBackedSessionManager storageBackedSessionManager, @NotEmpty @Nonnull String str, @NotEmpty @Nonnull String str2, @Nonnull Instant instant) {
        super(str, str2, instant);
        this.log = LoggerFactory.getLogger(StorageBackedIdPSession.class);
        this.sessionManager = (StorageBackedSessionManager) Constraint.isNotNull(storageBackedSessionManager, "SessionManager cannot be null");
        this.version = 1L;
    }

    public void setLastActivityInstant(@Nonnull Instant instant) throws SessionException {
        Instant plus = instant.plus((TemporalAmount) this.sessionManager.getSessionTimeout()).plus((TemporalAmount) this.sessionManager.getSessionSlop());
        this.log.debug("Updating expiration of primary record for session {} to {}", getId(), plus);
        try {
            this.sessionManager.getStorageService().updateExpiration(getId(), StorageBackedSessionManager.SESSION_PRIMARY_KEY, Long.valueOf(plus.toEpochMilli()));
            super.setLastActivityInstant(instant);
        } catch (IOException e) {
            if (!this.sessionManager.isMaskStorageFailure()) {
                throw new SessionException("Exception updating expiration of session record", e);
            }
            this.log.error("Exception updating expiration of primary record for session {}", getId(), e);
        }
    }

    public boolean checkAddress(@NotEmpty @Nonnull String str) throws SessionException {
        AbstractIdPSession.AddressFamily addressFamily = getAddressFamily(str);
        if (addressFamily == AbstractIdPSession.AddressFamily.UNKNOWN) {
            this.log.warn("Address {} is of unknown type", str);
            return false;
        }
        String address = getAddress(addressFamily);
        if (address != null) {
            if (this.sessionManager.getConsistentAddressCondition().test(address, str)) {
                return true;
            }
            this.log.warn("Client address {} invalid for session {} bound to {}", new Object[]{str, getId(), address});
            return false;
        }
        this.log.info("Session {} not yet bound to a {} address, binding to {}", new Object[]{getId(), addressFamily, str});
        try {
            bindToAddress(str);
            return true;
        } catch (SessionException e) {
            this.log.error("Unable to bind session {} to address {}", getId(), str);
            return false;
        }
    }

    public void bindToAddress(@NotEmpty @Nonnull String str) throws SessionException {
        super.bindToAddress(str);
        try {
            int i = 10;
            boolean writeToStorage = writeToStorage();
            while (!writeToStorage) {
                int i2 = i;
                i--;
                if (i2 <= 0) {
                    break;
                }
                String address = getAddress(getAddressFamily(str));
                if (address != null) {
                    if (address.equals(str)) {
                        return;
                    }
                    this.log.warn("Client address is {} but session {} already bound to {}", new Object[]{str, getId(), address});
                    throw new SessionException("A different address of the same type was bound to the session");
                }
                super.bindToAddress(str);
                writeToStorage = writeToStorage();
            }
            if (!writeToStorage) {
                this.log.error("Exhausted retry attempts updating record for session {}", getId());
            }
        } catch (IOException e) {
            if (!this.sessionManager.isMaskStorageFailure()) {
                throw new SessionException("Exception updating address binding of session record", e);
            }
            this.log.error("Exception updating address binding of primary record for session {}", getId(), e);
        }
    }

    @NonnullElements
    @Nonnull
    @NotLive
    @Unmodifiable
    public Set<AuthenticationResult> getAuthenticationResults() {
        Iterator<Map.Entry<String, Optional<AuthenticationResult>>> it = getAuthenticationResultMap().entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<String, Optional<AuthenticationResult>> next = it.next();
            if (next.getValue().isEmpty()) {
                try {
                    AuthenticationResult loadAuthenticationResultFromStorage = loadAuthenticationResultFromStorage(next.getKey());
                    if (loadAuthenticationResultFromStorage != null) {
                        next.setValue(Optional.of(loadAuthenticationResultFromStorage));
                    } else {
                        it.remove();
                    }
                } catch (IOException e) {
                }
            }
        }
        return super.getAuthenticationResults();
    }

    @Nullable
    public AuthenticationResult getAuthenticationResult(@NotEmpty @Nonnull String str) {
        AuthenticationResult authenticationResult = super.getAuthenticationResult(str);
        if (authenticationResult != null) {
            return authenticationResult;
        }
        String trimOrNull = StringSupport.trimOrNull(str);
        if (!getAuthenticationResultMap().containsKey(trimOrNull)) {
            return null;
        }
        try {
            authenticationResult = loadAuthenticationResultFromStorage(trimOrNull);
            if (authenticationResult != null) {
                doAddAuthenticationResult(authenticationResult);
            } else {
                getAuthenticationResultMap().remove(trimOrNull);
            }
        } catch (IOException e) {
        }
        return authenticationResult;
    }

    @Nullable
    public AuthenticationResult addAuthenticationResult(@Nonnull AuthenticationResult authenticationResult) throws SessionException {
        try {
            if (!saveAuthenticationResultToStorage(authenticationResult) && !this.sessionManager.isMaskStorageFailure()) {
                throw new SessionException("Unable to save AuthenticationResult to storage");
            }
            AuthenticationResult addAuthenticationResult = super.addAuthenticationResult(authenticationResult);
            if (addAuthenticationResult == null) {
                int i = 10;
                boolean writeToStorage = writeToStorage();
                while (!writeToStorage) {
                    int i2 = i;
                    i--;
                    if (i2 <= 0) {
                        break;
                    }
                    if (getAuthenticationResultMap().containsKey(authenticationResult.getAuthenticationFlowId())) {
                        writeToStorage = true;
                    } else {
                        super.addAuthenticationResult(authenticationResult);
                        writeToStorage = writeToStorage();
                    }
                }
                if (!writeToStorage) {
                    this.log.error("Exhausted retry attempts updating record for session {}", getId());
                }
            }
            return addAuthenticationResult;
        } catch (IOException e) {
            if (!this.sessionManager.isMaskStorageFailure()) {
                throw new SessionException("Exception saving AuthenticationResult record to storage", e);
            }
            this.log.error("Exception saving AuthenticationResult record for session {} and flow {}", new Object[]{getId(), authenticationResult.getAuthenticationFlowId(), e});
            return null;
        }
    }

    public void updateAuthenticationResultActivity(@Nonnull AuthenticationResult authenticationResult) throws SessionException {
        String authenticationFlowId = authenticationResult.getAuthenticationFlowId();
        AuthenticationFlowDescriptor authenticationFlowDescriptor = this.sessionManager.getAuthenticationFlowDescriptor(authenticationFlowId);
        if (authenticationFlowDescriptor == null) {
            this.log.warn("No flow descriptor installed for ID {}, unable to update result in storage", authenticationFlowId);
            return;
        }
        try {
            if (!this.sessionManager.getStorageService().updateExpiration(getId(), authenticationResult.getAuthenticationFlowId(), Long.valueOf(authenticationResult.getLastActivityInstant().plus((TemporalAmount) authenticationFlowDescriptor.getInactivityTimeout()).plus((TemporalAmount) AuthenticationFlowDescriptor.STORAGE_EXPIRATION_OFFSET).toEpochMilli()))) {
                this.log.warn("Skipping update, AuthenticationResult for flow {} in session {} not found in storage", authenticationFlowId, getId());
            }
        } catch (IOException e) {
            if (!this.sessionManager.isMaskStorageFailure()) {
                throw new SessionException("Exception updating AuthenticationResult expiration in storage", e);
            }
            this.log.error("Exception updating AuthenticationResult expiration for session {} and flow {}", new Object[]{getId(), authenticationFlowId, e});
        }
    }

    public boolean removeAuthenticationResult(@Nonnull AuthenticationResult authenticationResult) throws SessionException {
        if (!super.removeAuthenticationResult(authenticationResult)) {
            return false;
        }
        try {
            this.sessionManager.getStorageService().delete(getId(), authenticationResult.getAuthenticationFlowId());
        } catch (IOException e) {
            if (!this.sessionManager.isMaskStorageFailure()) {
                throw new SessionException("Exception removing AuthenticationResult record from storage", e);
            }
            this.log.error("Exception removing AuthenticationResult record for session {} and flow {}", new Object[]{getId(), authenticationResult.getAuthenticationFlowId(), e});
        }
        try {
            int i = 10;
            boolean writeToStorage = writeToStorage();
            while (!writeToStorage) {
                int i2 = i;
                i--;
                if (i2 <= 0) {
                    break;
                }
                if (!super.removeAuthenticationResult(authenticationResult)) {
                    return true;
                }
                writeToStorage = writeToStorage();
            }
            if (!writeToStorage) {
                this.log.error("Exhausted retry attempts updating record for session {}", getId());
            }
            return true;
        } catch (IOException e2) {
            if (!this.sessionManager.isMaskStorageFailure()) {
                throw new SessionException("Exception updating session record after AuthenticationResult removal", e2);
            }
            this.log.error("Exception updating record for session {}", getId(), e2);
            return true;
        }
    }

    @NonnullElements
    @Nonnull
    @NotLive
    @Unmodifiable
    public Set<SPSession> getSPSessions() {
        if (this.sessionManager.isTrackSPSessions() && this.sessionManager.storageServiceMeetsThreshold()) {
            Iterator<Map.Entry<String, Optional<SPSession>>> it = getSPSessionMap().entrySet().iterator();
            while (it.hasNext()) {
                Map.Entry<String, Optional<SPSession>> next = it.next();
                if (next.getValue().isEmpty()) {
                    try {
                        SPSession loadSPSessionFromStorage = loadSPSessionFromStorage(next.getKey());
                        if (loadSPSessionFromStorage != null) {
                            next.setValue(Optional.of(loadSPSessionFromStorage));
                        } else {
                            it.remove();
                        }
                    } catch (IOException e) {
                    }
                }
            }
        }
        return super.getSPSessions();
    }

    @Nullable
    public SPSession getSPSession(@NotEmpty @Nonnull String str) {
        if (!this.sessionManager.isTrackSPSessions() || !this.sessionManager.storageServiceMeetsThreshold()) {
            return null;
        }
        SPSession sPSession = super.getSPSession(str);
        if (sPSession != null) {
            return sPSession;
        }
        String trimOrNull = StringSupport.trimOrNull(str);
        if (!getSPSessionMap().containsKey(trimOrNull)) {
            return null;
        }
        try {
            sPSession = loadSPSessionFromStorage(trimOrNull);
            if (sPSession != null) {
                doAddSPSession(sPSession);
            } else {
                getSPSessionMap().remove(trimOrNull);
            }
        } catch (IOException e) {
        }
        return sPSession;
    }

    @Nullable
    public SPSession addSPSession(@Nonnull SPSession sPSession) throws SessionException {
        if (!this.sessionManager.isTrackSPSessions()) {
            this.log.debug("Ignoring SPSession add, session manager is not configured to track them");
            return null;
        }
        if (!this.sessionManager.storageServiceMeetsThreshold()) {
            this.log.debug("Unable to add SP session due to to storage service limitations");
            return null;
        }
        try {
            getSPSession(sPSession.getId());
            if (!saveSPSessionToStorage(sPSession) && !this.sessionManager.isMaskStorageFailure()) {
                throw new SessionException("Unable to save SPSession to storage");
            }
            SPSession addSPSession = super.addSPSession(sPSession);
            if (addSPSession == null) {
                int i = 10;
                boolean writeToStorage = writeToStorage();
                while (!writeToStorage) {
                    int i2 = i;
                    i--;
                    if (i2 <= 0) {
                        break;
                    }
                    if (getSPSessionMap().containsKey(sPSession.getId())) {
                        writeToStorage = true;
                    } else {
                        super.addSPSession(sPSession);
                        writeToStorage = writeToStorage();
                    }
                }
                if (!writeToStorage) {
                    this.log.error("Exhausted retry attempts updating record for session {}", getId());
                }
            } else {
                this.sessionManager.unindexSPSession(this, addSPSession, 10);
            }
            this.sessionManager.indexBySPSession(this, sPSession, 10);
            return addSPSession;
        } catch (IOException e) {
            if (!this.sessionManager.isMaskStorageFailure()) {
                throw new SessionException("Exception saving SPSession record to storage", e);
            }
            this.log.error("Exception saving SPSession record for IdP session {} and service {}", new Object[]{getId(), sPSession.getId(), e});
            return null;
        }
    }

    public boolean removeSPSession(@Nonnull SPSession sPSession) throws SessionException {
        if (!super.removeSPSession(sPSession)) {
            return false;
        }
        try {
            this.sessionManager.getStorageService().delete(getId(), getSPSessionStorageKey(sPSession.getId()));
        } catch (IOException e) {
            this.log.error("Exception removing SPSession record for IdP session {} and service {}", new Object[]{getId(), sPSession.getId(), e});
            if (!this.sessionManager.isMaskStorageFailure()) {
                throw new SessionException("Exception removing SPSession record from storage", e);
            }
        }
        try {
            int i = 10;
            boolean writeToStorage = writeToStorage();
            while (!writeToStorage) {
                int i2 = i;
                i--;
                if (i2 <= 0) {
                    break;
                }
                if (!super.removeSPSession(sPSession)) {
                    return true;
                }
                writeToStorage = writeToStorage();
            }
            if (!writeToStorage) {
                this.log.error("Exhausted retry attempts updating record for session {}", getId());
            }
            return true;
        } catch (IOException e2) {
            if (!this.sessionManager.isMaskStorageFailure()) {
                throw new SessionException("Exception updating session record after SPSession removal", e2);
            }
            this.log.error("Exception updating record for session {}", getId(), e2);
            return true;
        }
    }

    public boolean checkTimeout() throws SessionException {
        if (getLastActivityInstant().plus((TemporalAmount) this.sessionManager.getSessionTimeout()).isAfter(Instant.now())) {
            return super.checkTimeout();
        }
        return false;
    }

    protected long getVersion() {
        return this.version;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setVersion(long j) {
        this.version = j;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NonnullElements
    @Live
    @Nonnull
    public Map<String, Optional<AuthenticationResult>> getAuthenticationResultMap() {
        return super.getAuthenticationResultMap();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NonnullElements
    @Live
    @Nonnull
    public Map<String, Optional<SPSession>> getSPSessionMap() {
        return super.getSPSessionMap();
    }

    @Nullable
    private AuthenticationResult loadAuthenticationResultFromStorage(@NotEmpty @Nonnull String str) throws IOException {
        this.log.debug("Loading AuthenticationResult for flow {} in session {}", str, getId());
        AuthenticationFlowDescriptor authenticationFlowDescriptor = this.sessionManager.getAuthenticationFlowDescriptor(str);
        if (authenticationFlowDescriptor == null) {
            this.log.warn("No flow descriptor installed for ID {}, unable to load result from storage", str);
            return null;
        }
        try {
            StorageRecord read = this.sessionManager.getStorageService().read(getId(), str);
            if (read != null) {
                return (AuthenticationResult) read.getValue(authenticationFlowDescriptor, getId(), str);
            }
            this.log.debug("No AuthenticationResult for flow {} in session {}", str, getId());
            return null;
        } catch (IOException e) {
            this.log.error("Exception loading AuthenticationResult for flow {} from storage: {}", str, e.getMessage());
            throw e;
        }
    }

    private boolean saveAuthenticationResultToStorage(@Nonnull AuthenticationResult authenticationResult) throws IOException {
        boolean create;
        int i;
        String authenticationFlowId = authenticationResult.getAuthenticationFlowId();
        this.log.debug("Saving AuthenticationResult for flow {} in session {}", authenticationFlowId, getId());
        AuthenticationFlowDescriptor authenticationFlowDescriptor = this.sessionManager.getAuthenticationFlowDescriptor(authenticationFlowId);
        if (authenticationFlowDescriptor == null) {
            this.log.warn("No flow descriptor installed for ID {}, unable to save result to storage", authenticationFlowId);
            return false;
        }
        int i2 = 10;
        do {
            try {
                create = this.sessionManager.getStorageService().create(getId(), authenticationFlowId, authenticationResult, authenticationFlowDescriptor, Long.valueOf(authenticationResult.getLastActivityInstant().plus((TemporalAmount) authenticationFlowDescriptor.getInactivityTimeout()).plus((TemporalAmount) AuthenticationFlowDescriptor.STORAGE_EXPIRATION_OFFSET).toEpochMilli()));
                if (!create) {
                    create = this.sessionManager.getStorageService().update(getId(), authenticationFlowId, authenticationResult, authenticationFlowDescriptor, Long.valueOf(authenticationResult.getLastActivityInstant().plus((TemporalAmount) authenticationFlowDescriptor.getInactivityTimeout()).plus((TemporalAmount) AuthenticationFlowDescriptor.STORAGE_EXPIRATION_OFFSET).toEpochMilli()));
                }
                if (create) {
                    break;
                }
                i = i2;
                i2--;
            } catch (IOException e) {
                this.log.error("Exception saving AuthenticationResult for flow {} to storage: {}", authenticationFlowId, e.getMessage());
                throw e;
            }
        } while (i > 0);
        if (!create) {
            this.log.error("Exhausted retry attempts storing AuthenticationResult for flow {} in session {}", authenticationFlowId, getId());
        }
        return create;
    }

    @Nullable
    private SPSession loadSPSessionFromStorage(@NotEmpty @Nonnull String str) throws IOException {
        this.log.debug("Loading SPSession for service {} in session {}", str, getId());
        String sPSessionStorageKey = getSPSessionStorageKey(str);
        try {
            StorageRecord read = this.sessionManager.getStorageService().read(getId(), sPSessionStorageKey);
            if (read == null) {
                this.log.debug("No SPSession found for service {} in session {}", str, getId());
                return null;
            }
            int indexOf = read.getValue().indexOf(58);
            if (indexOf <= 0) {
                throw new IOException("No class type found prefixed to record");
            }
            String substring = read.getValue().substring(0, indexOf);
            StorageSerializer lookup = this.sessionManager.getSPSessionSerializerRegistry().lookup(Class.forName(substring).asSubclass(SPSession.class));
            if (lookup == null) {
                throw new IOException("No serializer registered for SPSession type " + substring);
            }
            return (SPSession) lookup.deserialize(read.getVersion(), getId(), sPSessionStorageKey, read.getValue().substring(indexOf + 1), read.getExpiration());
        } catch (IOException e) {
            this.log.error("IOException loading SPSession for service {} from storage: {}", str, e.getMessage());
            throw e;
        } catch (ClassNotFoundException e2) {
            this.log.error("ClassNotFoundException loading SPSession for service {} from storage: {}", str, e2.getMessage());
            throw new IOException(e2);
        }
    }

    private boolean saveSPSessionToStorage(@Nonnull SPSession sPSession) throws IOException {
        boolean create;
        int i;
        this.log.debug("Saving SPSession for service {} in session {}", sPSession.getId(), getId());
        StorageSerializer lookup = this.sessionManager.getSPSessionSerializerRegistry().lookup(sPSession.getClass());
        if (lookup == null) {
            throw new IOException("No serializer registered for SPSession type " + sPSession.getClass().getName());
        }
        String sPSessionStorageKey = getSPSessionStorageKey(sPSession.getId());
        StringBuilder sb = new StringBuilder(sPSession.getClass().getName());
        sb.append(':').append(lookup.serialize(sPSession));
        int i2 = 10;
        do {
            try {
                Instant plus = sPSession.getExpirationInstant().plus((TemporalAmount) this.sessionManager.getSessionSlop());
                create = this.sessionManager.getStorageService().create(getId(), sPSessionStorageKey, sb.toString(), Long.valueOf(plus.toEpochMilli()));
                if (!create) {
                    create = this.sessionManager.getStorageService().update(getId(), sPSessionStorageKey, sb.toString(), Long.valueOf(plus.toEpochMilli()));
                }
                if (create) {
                    break;
                }
                i = i2;
                i2--;
            } catch (IOException e) {
                this.log.error("IOException saving SPSession for service {} to storage: {}", sPSession.getId(), e.getMessage());
                throw e;
            }
        } while (i > 0);
        if (!create) {
            this.log.error("Exhausted retry attempts storing SPService for service {} in session {}", sPSession.getId(), getId());
        }
        return create;
    }

    @NotEmpty
    @Nonnull
    private String getSPSessionStorageKey(@NotEmpty @Nonnull String str) {
        return str.length() > this.sessionManager.getStorageService().getCapabilities().getKeySize() ? DigestUtils.sha256Hex(str) : str;
    }

    private boolean writeToStorage() throws IOException {
        try {
            Long updateWithVersion = this.sessionManager.getStorageService().updateWithVersion(this.version, getId(), StorageBackedSessionManager.SESSION_PRIMARY_KEY, this, this.sessionManager.getStorageSerializer(), Long.valueOf(getLastActivityInstant().plus((TemporalAmount) this.sessionManager.getSessionTimeout()).plus((TemporalAmount) this.sessionManager.getSessionSlop()).toEpochMilli()));
            if (updateWithVersion == null) {
                this.log.error("Record for session {} has disappeared from backing store", getId());
                throw new IOException("Unable to update session, record disappeared");
            }
            this.version = updateWithVersion.longValue();
            return true;
        } catch (VersionMismatchException e) {
            StorageRecord read = this.sessionManager.getStorageService().read(getId(), StorageBackedSessionManager.SESSION_PRIMARY_KEY);
            if (read == null) {
                this.log.error("Record for session {} has disappeared from backing store", getId());
                throw new IOException("Unable to update session, record disappeared");
            }
            read.getValue(new StorageBackedIdPSessionSerializer(this.sessionManager, this), getId(), StorageBackedSessionManager.SESSION_PRIMARY_KEY);
            return false;
        }
    }
}
