package org.opensaml.storage.impl;

import java.io.IOException;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.annotation.constraint.Positive;
import net.shibboleth.shared.annotation.constraint.ThreadSafeAfterInit;
import net.shibboleth.shared.component.AbstractIdentifiableInitializableComponent;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.apache.commons.codec.digest.DigestUtils;
import org.opensaml.storage.RevocationCache;
import org.opensaml.storage.StorageCapabilities;
import org.opensaml.storage.StorageRecord;
import org.opensaml.storage.StorageService;
import org.slf4j.Logger;

@ThreadSafeAfterInit
/* loaded from: input_file:WEB-INF/lib/opensaml-storage-impl-5.1.3.jar:org/opensaml/storage/impl/StorageServiceRevocationCache.class */
public class StorageServiceRevocationCache extends AbstractIdentifiableInitializableComponent implements RevocationCache {

    @NonnullAfterInit
    private StorageService storage;
    private boolean strict;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) StorageServiceRevocationCache.class);

    @Positive
    @Nonnull
    private Duration expires = Duration.ofHours(6);

    public void setEntryExpiration(@Positive @Nonnull Duration duration) {
        checkSetterPreconditions();
        Constraint.isTrue((duration == null || duration.isNegative() || duration.isZero()) ? false : true, "Revocation cache default entry expiration must be greater than 0");
        this.expires = duration;
    }

    @NonnullAfterInit
    public StorageService getStorage() {
        return this.storage;
    }

    public void setStorage(@Nonnull StorageService storageService) {
        checkSetterPreconditions();
        this.storage = (StorageService) Constraint.isNotNull(storageService, "StorageService cannot be null");
        Constraint.isTrue(this.storage.getCapabilities().isServerSide(), "StorageService cannot be client-side");
    }

    public boolean isStrict() {
        return this.strict;
    }

    public void setStrict(boolean z) {
        checkSetterPreconditions();
        this.strict = z;
    }

    @Override // net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent, net.shibboleth.shared.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.storage == null) {
            throw new ComponentInitializationException("StorageService cannot be null");
        }
    }

    @Override // org.opensaml.storage.RevocationCache
    public synchronized boolean revoke(@Nonnull @NotEmpty String str, @Nonnull @NotEmpty String str2, @Nonnull @NotEmpty String str3) {
        return revoke(str, str2, str3, this.expires);
    }

    @Override // org.opensaml.storage.RevocationCache
    public synchronized boolean revoke(@Nonnull @NotEmpty String str, @Nonnull @NotEmpty String str2, @Nonnull @NotEmpty String str3, @Nonnull Duration duration) {
        checkComponentActive();
        StorageCapabilities capabilities = this.storage.getCapabilities();
        if (str.length() > capabilities.getContextSize()) {
            this.log.error("context {} too long for StorageService (limit {})", str, Integer.valueOf(capabilities.getContextSize()));
            return false;
        }
        String sha1Hex = str2.length() > capabilities.getKeySize() ? DigestUtils.sha1Hex(str2) : str2;
        try {
            if (this.storage.read(str, sha1Hex) == null) {
                this.log.debug("Entry '{}' of context '{}' is not yet on list of revoked entries, adding to cache with expiration time {}", sha1Hex, str, this.expires);
                this.storage.create(str, sha1Hex, str3, Long.valueOf(Instant.now().plus((TemporalAmount) duration).toEpochMilli()));
                return true;
            }
            this.storage.updateExpiration(str, sha1Hex, Long.valueOf(Instant.now().plus((TemporalAmount) duration).toEpochMilli()));
            this.log.debug("Entry '{}' of context '{}' was already revoked, updating expiration", sha1Hex, str);
            return true;
        } catch (IOException e) {
            this.log.error("Exception reading/writing to storage service, returning {}", this.strict ? "failure" : "success", e);
            return !this.strict;
        }
    }

    @Override // org.opensaml.storage.RevocationCache
    public synchronized boolean unrevoke(@Nonnull @NotEmpty String str, @Nonnull @NotEmpty String str2) {
        checkComponentActive();
        StorageCapabilities capabilities = this.storage.getCapabilities();
        if (str.length() > capabilities.getContextSize()) {
            this.log.error("context {} too long for StorageService (limit {})", str, Integer.valueOf(capabilities.getContextSize()));
            return false;
        }
        try {
            return this.storage.delete(str, str2.length() > capabilities.getKeySize() ? DigestUtils.sha1Hex(str2) : str2);
        } catch (IOException e) {
            this.log.error("Exception writing to storage service", (Throwable) e);
            return false;
        }
    }

    @Override // org.opensaml.storage.RevocationCache
    public synchronized boolean isRevoked(@Nonnull @NotEmpty String str, @Nonnull @NotEmpty String str2) {
        checkComponentActive();
        StorageCapabilities capabilities = this.storage.getCapabilities();
        if (str.length() > capabilities.getContextSize()) {
            this.log.error("context {} too long for StorageService (limit {})", str, Integer.valueOf(capabilities.getContextSize()));
            return true;
        }
        String sha1Hex = str2.length() > capabilities.getKeySize() ? DigestUtils.sha1Hex(str2) : str2;
        try {
            if (this.storage.read(str, sha1Hex) == null) {
                this.log.debug("Entry '{}' is not revoked", sha1Hex);
                return false;
            }
            this.log.debug("Entry '{}' is revoked", str2);
            return true;
        } catch (IOException e) {
            this.log.error("Exception reading  storage service, indicating {}", this.strict ? "revoked" : "not revoked", e);
            return this.strict;
        }
    }

    @Override // org.opensaml.storage.RevocationCache
    @NotEmpty
    @Nullable
    public synchronized String getRevocationRecord(@Nonnull @NotEmpty String str, @Nonnull @NotEmpty String str2) throws IOException {
        checkComponentActive();
        StorageCapabilities capabilities = this.storage.getCapabilities();
        if (str.length() > capabilities.getContextSize()) {
            this.log.error("context {} too long for StorageService (limit {})", str, Integer.valueOf(capabilities.getContextSize()));
            throw new IOException("Context exceeded storage service limit.");
        }
        String sha1Hex = str2.length() > capabilities.getKeySize() ? DigestUtils.sha1Hex(str2) : str2;
        try {
            StorageRecord read = this.storage.read(str, sha1Hex);
            if (read == null) {
                this.log.debug("Entry '{}' is not revoked", sha1Hex);
                return null;
            }
            this.log.debug("Entry '{}' is revoked", str2);
            return read.getValue();
        } catch (IOException e) {
            if (this.strict) {
                throw e;
            }
            this.log.error("Exception reading from storage service, non-strict so treating as non-revoked", (Throwable) e);
            return null;
        }
    }
}
