package org.wildfly.security.http.util.sso;

import java.io.DataOutputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URI;
import java.util.Collections;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.function.Function;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.cache.CachedIdentity;
import org.wildfly.security.http.HttpScope;
import org.wildfly.security.http.HttpScopeNotification;
import org.wildfly.security.http.HttpServerRequest;
import org.wildfly.security.http.Scope;

/* loaded from: input_file:org/wildfly/security/http/util/sso/DefaultSingleSignOnSession.class */
public class DefaultSingleSignOnSession implements SingleSignOnSession {
    private static final String LOGOUT_REQUEST_PARAMETER = "ely_logout_message";
    private static final String SESSION_INVALIDATING_ATTRIBUTE = DefaultSingleSignOnSessionFactory.class.getName() + ".INVALIDATING";
    private static final Boolean SINGLE_SIGN_ON_KEY = Boolean.TRUE;
    private final HttpServerRequest request;
    private final ConcurrentMap<Boolean, SingleSignOn> map = new ConcurrentHashMap(1);
    private final SingleSignOnSessionContext context;
    private final Function<SecurityIdentity, SingleSignOn> ssoFactory;

    public DefaultSingleSignOnSession(SingleSignOnSessionContext singleSignOnSessionContext, HttpServerRequest httpServerRequest, String str) {
        this.context = (SingleSignOnSessionContext) Assert.checkNotNullParam("context", singleSignOnSessionContext);
        this.request = (HttpServerRequest) Assert.checkNotNullParam("request", httpServerRequest);
        Assert.checkNotNullParam("mechanismName", str);
        this.ssoFactory = securityIdentity -> {
            return singleSignOnSessionContext.getSingleSignOnManager().create(str, securityIdentity);
        };
    }

    public DefaultSingleSignOnSession(SingleSignOnSessionContext singleSignOnSessionContext, HttpServerRequest httpServerRequest, SingleSignOn singleSignOn) {
        this.context = (SingleSignOnSessionContext) Assert.checkNotNullParam("context", singleSignOnSessionContext);
        this.map.put(SINGLE_SIGN_ON_KEY, singleSignOn);
        this.request = (HttpServerRequest) Assert.checkNotNullParam("request", httpServerRequest);
        Assert.checkNotNullParam("sso", singleSignOn);
        this.ssoFactory = securityIdentity -> {
            return singleSignOn;
        };
    }

    @Override // org.wildfly.security.http.util.sso.SingleSignOnSession
    public String getId() {
        SingleSignOn singleSignOn = this.map.get(SINGLE_SIGN_ON_KEY);
        if (singleSignOn != null) {
            return singleSignOn.getId();
        }
        return null;
    }

    public CachedIdentity get() {
        SingleSignOn singleSignOn = this.map.get(SINGLE_SIGN_ON_KEY);
        if (singleSignOn != null) {
            return getCachedIdentity(singleSignOn);
        }
        return null;
    }

    public void put(SecurityIdentity securityIdentity) {
        SingleSignOn computeIfAbsent = this.map.computeIfAbsent(SINGLE_SIGN_ON_KEY, bool -> {
            return this.ssoFactory.apply(securityIdentity);
        });
        computeIfAbsent.setIdentity(securityIdentity);
        HttpScope scope = this.request.getScope(Scope.SESSION);
        if (!scope.exists()) {
            scope.create();
        }
        URI requestURI = this.request.getRequestURI();
        String id = scope.getID();
        String id2 = this.request.getScope(Scope.APPLICATION).getID();
        if (computeIfAbsent.addParticipant(id2, id, requestURI)) {
            String id3 = computeIfAbsent.getId();
            ElytronMessages.log.debugf("Updating local sessions for SSO [%s]. New local session [%s]. Local sessions: [%s]", id3, id, computeIfAbsent.getParticipants());
            scope.registerForNotification(httpScopeNotification -> {
                HttpScope scope2 = httpScopeNotification.getScope(Scope.SESSION);
                Map<String, Map.Entry<String, URI>> emptyMap = Collections.emptyMap();
                SingleSignOn find = this.context.getSingleSignOnManager().find(id3);
                try {
                    if (find != null) {
                        Map.Entry<String, URI> removeParticipant = find.removeParticipant(id2);
                        if (removeParticipant != null) {
                            ElytronMessages.log.debugf("Removed local session [%s] from SSO [%s]", removeParticipant.getKey(), find.getId());
                        }
                        if (scope2.getAttachment(SESSION_INVALIDATING_ATTRIBUTE) == null) {
                            Map<String, Map.Entry<String, URI>> participants = find.getParticipants();
                            if (participants.isEmpty()) {
                                ElytronMessages.log.debugf("Destroying SSO [%s]. SSO is not associated with participants", find.getId());
                                find.invalidate();
                            } else if (httpScopeNotification.isOfType(new Enum[]{HttpScopeNotification.SessionNotificationType.INVALIDATED})) {
                                emptyMap = participants;
                            }
                        }
                    }
                    if (emptyMap.isEmpty()) {
                        return;
                    }
                    emptyMap.forEach((str, entry) -> {
                        ?? r12;
                        ?? r13;
                        String str = (String) entry.getKey();
                        URI uri = (URI) entry.getValue();
                        try {
                            try {
                                HttpURLConnection httpURLConnection = (HttpURLConnection) uri.toURL().openConnection();
                                this.context.configureLogoutConnection(httpURLConnection);
                                httpURLConnection.setRequestMethod("POST");
                                httpURLConnection.setDoOutput(true);
                                httpURLConnection.setAllowUserInteraction(false);
                                httpURLConnection.setConnectTimeout(10000);
                                httpURLConnection.setReadTimeout(10000);
                                httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
                                StringBuilder sb = new StringBuilder();
                                sb.append(LOGOUT_REQUEST_PARAMETER).append("=").append(this.context.createLogoutParameter(str));
                                httpURLConnection.setRequestProperty("Content-Length", Integer.toString(sb.length()));
                                OutputStream outputStream = httpURLConnection.getOutputStream();
                                DataOutputStream dataOutputStream = new DataOutputStream(outputStream);
                                Throwable th = null;
                                try {
                                    try {
                                        dataOutputStream.writeBytes(sb.toString());
                                        $closeResource(null, dataOutputStream);
                                        if (outputStream != null) {
                                            $closeResource(null, outputStream);
                                        }
                                        httpURLConnection.getInputStream().close();
                                    } catch (Throwable th2) {
                                        th = th2;
                                        throw th2;
                                    }
                                } catch (Throwable th3) {
                                    $closeResource(th, dataOutputStream);
                                    throw th3;
                                }
                            } catch (Throwable th4) {
                                if (r12 != 0) {
                                    $closeResource(r13, r12);
                                }
                                throw th4;
                            }
                        } catch (Exception e) {
                            ElytronMessages.log.warnHttpMechSsoFailedLogoutParticipant(uri.toString(), e);
                        }
                    });
                    SingleSignOn find2 = this.context.getSingleSignOnManager().find(id3);
                    Throwable th = null;
                    if (find2 != null) {
                        try {
                            try {
                                if (find2.getParticipants().isEmpty()) {
                                    ElytronMessages.log.debugf("Destroying SSO [%s]. SSO is no longer associated with any participants", find2.getId());
                                } else {
                                    ElytronMessages.log.debugf("Destroying SSO [%s]. Participant list not empty.", find2.getId());
                                }
                                find2.invalidate();
                            } catch (Throwable th2) {
                                th = th2;
                                throw th2;
                            }
                        } catch (Throwable th3) {
                            if (find2 != null) {
                                $closeResource(th, find2);
                            }
                            throw th3;
                        }
                    }
                    if (find2 != null) {
                        $closeResource(null, find2);
                    }
                } finally {
                    if (find != null) {
                        $closeResource(null, find);
                    }
                }
            });
        }
    }

    public CachedIdentity remove() {
        SingleSignOn singleSignOn = this.map.get(SINGLE_SIGN_ON_KEY);
        if (singleSignOn == null) {
            return null;
        }
        singleSignOn.invalidate();
        HttpScope scope = this.request.getScope(Scope.SESSION);
        if (scope.exists()) {
            invalidateLocalSession(scope);
        }
        return getCachedIdentity(singleSignOn);
    }

    @Override // org.wildfly.security.http.util.sso.SingleSignOnSession
    public boolean logout() {
        String verifyLogoutParameter;
        HttpScope scope;
        String firstParameterValue = this.request.getFirstParameterValue(LOGOUT_REQUEST_PARAMETER);
        if (firstParameterValue == null) {
            return false;
        }
        try {
            verifyLogoutParameter = this.context.verifyLogoutParameter(firstParameterValue);
            scope = this.request.getScope(Scope.SESSION, verifyLogoutParameter);
        } catch (Exception e) {
            ElytronMessages.log.errorHttpMechSsoFailedInvalidateLocalSession(e);
        }
        if (!scope.exists()) {
            return false;
        }
        ElytronMessages.log.debugf("Invalidating local session [%s] from SSO [%s]", verifyLogoutParameter, getId());
        invalidateLocalSession(scope);
        this.request.authenticationInProgress(httpServerResponse -> {
            httpServerResponse.setStatusCode(200);
        });
        return true;
    }

    @Override // org.wildfly.security.http.util.sso.SingleSignOnSession, java.lang.AutoCloseable
    public void close() {
        Optional.ofNullable(this.map.remove(SINGLE_SIGN_ON_KEY)).ifPresent((v0) -> {
            v0.close();
        });
    }

    void invalidateLocalSession(HttpScope httpScope) {
        httpScope.setAttachment(SESSION_INVALIDATING_ATTRIBUTE, true);
        httpScope.invalidate();
        ElytronMessages.log.debugf("Local session [%s] invalidated for SSO [%s]", httpScope.getID(), getId());
    }

    private static CachedIdentity getCachedIdentity(SingleSignOn singleSignOn) {
        String mechanism = singleSignOn.getMechanism();
        SecurityIdentity identity = singleSignOn.getIdentity();
        return identity != null ? new CachedIdentity(mechanism, identity) : new CachedIdentity(mechanism, new NamePrincipal(singleSignOn.getName()));
    }

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }
}
