package org.opensaml.storage.impl;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
import javax.annotation.Nonnull;
import net.shibboleth.idp.saml.profile.SAMLAuditFields;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.annotation.constraint.ThreadSafeAfterInit;
import net.shibboleth.shared.codec.StringDigester;
import net.shibboleth.shared.component.AbstractIdentifiableInitializableComponent;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.storage.ReplayCache;
import org.opensaml.storage.StorageCapabilities;
import org.opensaml.storage.StorageRecord;
import org.opensaml.storage.StorageService;
import org.slf4j.Logger;

@ThreadSafeAfterInit
/* loaded from: input_file:WEB-INF/lib/opensaml-storage-impl-5.0.0.jar:org/opensaml/storage/impl/StorageServiceReplayCache.class */
public class StorageServiceReplayCache extends AbstractIdentifiableInitializableComponent implements ReplayCache {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) StorageServiceReplayCache.class);

    @NonnullAfterInit
    private StorageService storage;

    @NonnullAfterInit
    private StringDigester digester;
    private boolean strict;

    @NonnullAfterInit
    public StorageService getStorage() {
        return this.storage;
    }

    public void setStorage(@Nonnull StorageService storageService) {
        checkSetterPreconditions();
        this.storage = (StorageService) Constraint.isNotNull(storageService, "StorageService cannot be null");
        Constraint.isTrue(this.storage.getCapabilities().isServerSide(), "StorageService cannot be client-side");
    }

    public boolean isStrict() {
        return this.strict;
    }

    public void setStrict(boolean z) {
        checkSetterPreconditions();
        this.strict = z;
    }

    @Override // net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent, net.shibboleth.shared.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        if (this.storage == null) {
            throw new ComponentInitializationException("StorageService cannot be null");
        }
        try {
            this.digester = new StringDigester("SHA", StringDigester.OutputFormat.HEX_LOWER);
        } catch (NoSuchAlgorithmException e) {
            throw new ComponentInitializationException(e);
        }
    }

    @Override // org.opensaml.storage.ReplayCache
    public synchronized boolean check(@Nonnull @NotEmpty String str, @Nonnull @NotEmpty String str2, @Nonnull Instant instant) {
        String str3;
        StorageCapabilities capabilities = this.storage.getCapabilities();
        if (str.length() > capabilities.getContextSize()) {
            this.log.error("Context '{}' too long for StorageService (limit {})", str, Integer.valueOf(capabilities.getContextSize()));
            return false;
        }
        if (str2.length() > capabilities.getKeySize()) {
            str3 = this.digester.apply(str2);
            if (str3 == null) {
                this.log.error("Result of digesting key was null");
                return false;
            }
        } else {
            str3 = str2;
        }
        try {
            StorageRecord read = this.storage.read(str, str3);
            if (read == null) {
                this.log.debug("Value '{}' was not a replay, adding to cache with expiration time {}", str2, instant);
                this.storage.create(str, str3, SAMLAuditFields.SESSION_INDEX, Long.valueOf(instant.toEpochMilli()));
                return true;
            }
            Long expiration = read.getExpiration();
            this.log.debug("Replay of value '{}' detected in cache, expires at {}", str2, Instant.ofEpochMilli(expiration != null ? expiration.longValue() : 0L));
            return false;
        } catch (IOException e) {
            this.log.error("Exception reading/writing to storage service, returning {}", this.strict ? "failure" : "success", e);
            return !this.strict;
        }
    }
}
