package uk.gov.di.ipv.cri.common.library.service;

import com.nimbusds.oauth2.sdk.token.AccessToken;
import java.time.Clock;
import java.util.Optional;
import java.util.UUID;
import software.amazon.lambda.powertools.logging.LoggingUtils;
import uk.gov.di.ipv.cri.common.library.annotations.ExcludeFromGeneratedCoverageReport;
import uk.gov.di.ipv.cri.common.library.domain.SessionRequest;
import uk.gov.di.ipv.cri.common.library.exception.AccessTokenExpiredException;
import uk.gov.di.ipv.cri.common.library.exception.AuthorizationCodeExpiredException;
import uk.gov.di.ipv.cri.common.library.exception.SessionExpiredException;
import uk.gov.di.ipv.cri.common.library.exception.SessionNotFoundException;
import uk.gov.di.ipv.cri.common.library.persistence.DataStore;
import uk.gov.di.ipv.cri.common.library.persistence.DynamoDbEnhancedClientFactory;
import uk.gov.di.ipv.cri.common.library.persistence.item.SessionItem;
import uk.gov.di.ipv.cri.common.library.util.ListUtil;

/* loaded from: input_file:uk/gov/di/ipv/cri/common/library/service/SessionService.class */
public class SessionService {
    private static final String SESSION_TABLE_PARAM_NAME = "SessionTableName";
    private static final String GOVUK_SIGNIN_JOURNEY_ID = "govuk_signin_journey_id";
    private final ConfigurationService configurationService;
    private final DataStore<SessionItem> dataStore;
    private final ListUtil listUtil;
    private final Clock clock;

    @ExcludeFromGeneratedCoverageReport
    public SessionService() {
        this.configurationService = new ConfigurationService();
        this.dataStore = new DataStore<>(this.configurationService.getCommonParameterValue(SESSION_TABLE_PARAM_NAME), SessionItem.class, new DynamoDbEnhancedClientFactory().getClient());
        this.clock = Clock.systemUTC();
        this.listUtil = new ListUtil();
    }

    @ExcludeFromGeneratedCoverageReport
    public SessionService(ConfigurationService configurationService) {
        this(new DataStore(configurationService.getCommonParameterValue(SESSION_TABLE_PARAM_NAME), SessionItem.class, new DynamoDbEnhancedClientFactory().getClient()), configurationService, Clock.systemUTC(), new ListUtil());
    }

    public SessionService(DataStore<SessionItem> dataStore, ConfigurationService configurationService, Clock clock, ListUtil listUtil) {
        this.dataStore = dataStore;
        this.configurationService = configurationService;
        this.clock = clock;
        this.listUtil = listUtil;
    }

    public UUID saveSession(SessionRequest sessionRequest) {
        SessionItem sessionItem = new SessionItem();
        sessionItem.setCreatedDate(this.clock.instant().getEpochSecond());
        sessionItem.setExpiryDate(this.configurationService.getSessionExpirationEpoch());
        sessionItem.setState(sessionRequest.getState());
        sessionItem.setClientId(sessionRequest.getClientId());
        sessionItem.setRedirectUri(sessionRequest.getRedirectUri());
        sessionItem.setSubject(sessionRequest.getSubject());
        sessionItem.setPersistentSessionId(sessionRequest.getPersistentSessionId());
        sessionItem.setClientSessionId(sessionRequest.getClientSessionId());
        sessionItem.setClientIpAddress(sessionRequest.getClientIpAddress());
        sessionItem.setAttemptCount(0);
        setSessionItemsToLogging(sessionItem);
        this.dataStore.create(sessionItem);
        return sessionItem.getSessionId();
    }

    public void updateSession(SessionItem sessionItem) {
        setSessionItemsToLogging(sessionItem);
        this.dataStore.update(sessionItem);
    }

    public void createAuthorizationCode(SessionItem sessionItem) {
        sessionItem.setAuthorizationCode(UUID.randomUUID().toString());
        sessionItem.setAuthorizationCodeExpiryDate(this.configurationService.getAuthorizationCodeExpirationEpoch());
        updateSession(sessionItem);
    }

    public SessionItem validateSessionId(String str) throws SessionNotFoundException, SessionExpiredException {
        SessionItem item = this.dataStore.getItem(str);
        setSessionItemsToLogging(item);
        if (item == null) {
            throw new SessionNotFoundException("session not found");
        }
        if (item.getExpiryDate() < this.clock.instant().getEpochSecond()) {
            throw new SessionExpiredException("session expired");
        }
        return item;
    }

    private void setSessionItemsToLogging(SessionItem sessionItem) {
        Optional.ofNullable(sessionItem).ifPresent(sessionItem2 -> {
            Optional.ofNullable(sessionItem2.getClientSessionId()).ifPresent(str -> {
                LoggingUtils.appendKey(GOVUK_SIGNIN_JOURNEY_ID, str);
            });
        });
    }

    public SessionItem getSession(String str) {
        SessionItem item = this.dataStore.getItem(str);
        setSessionItemsToLogging(item);
        return item;
    }

    public SessionItem getSessionByAccessToken(AccessToken accessToken) throws SessionExpiredException, AccessTokenExpiredException, SessionNotFoundException {
        try {
            SessionItem validateSessionId = validateSessionId(String.valueOf(((SessionItem) this.listUtil.getOneItemOrThrowError(this.dataStore.getItemByIndex(SessionItem.ACCESS_TOKEN_INDEX, accessToken.toAuthorizationHeader()))).getSessionId()));
            if (validateSessionId.getAccessTokenExpiryDate() < this.clock.instant().getEpochSecond()) {
                throw new AccessTokenExpiredException("access code expired");
            }
            return validateSessionId;
        } catch (IllegalArgumentException e) {
            if (e.getMessage().contains("No items found")) {
                throw new SessionNotFoundException("no session found with that access token");
            }
            throw new SessionNotFoundException("more than one session found with that access token");
        }
    }

    public SessionItem getSessionByAuthorisationCode(String str) throws SessionExpiredException, AuthorizationCodeExpiredException, SessionNotFoundException {
        try {
            SessionItem validateSessionId = validateSessionId(String.valueOf(((SessionItem) this.listUtil.getOneItemOrThrowError(this.dataStore.getItemByIndex(SessionItem.AUTHORIZATION_CODE_INDEX, str))).getSessionId()));
            if (validateSessionId.getAuthorizationCodeExpiryDate() < this.clock.instant().getEpochSecond()) {
                throw new AuthorizationCodeExpiredException("authorization code expired");
            }
            return validateSessionId;
        } catch (IllegalArgumentException e) {
            if (e.getMessage().contains("No items found")) {
                throw new SessionNotFoundException("no session found with that authorization code");
            }
            throw new SessionNotFoundException("more than one session found with that authorization code");
        }
    }
}
