package li.strolch.rest;

import java.text.MessageFormat;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import li.strolch.agent.api.ComponentContainer;
import li.strolch.agent.api.StrolchComponent;
import li.strolch.exception.StrolchException;
import li.strolch.privilege.base.AccessDeniedException;
import li.strolch.privilege.base.PrivilegeException;
import li.strolch.privilege.model.Certificate;
import li.strolch.privilege.model.PrivilegeContext;
import li.strolch.privilege.model.SimpleRestrictable;
import li.strolch.privilege.model.Usage;
import li.strolch.rest.model.UserSession;
import li.strolch.runtime.StrolchConstants;
import li.strolch.runtime.configuration.ComponentConfiguration;
import li.strolch.runtime.privilege.PrivilegeHandler;
import li.strolch.utils.dbc.DBC;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/li.strolch.rest-1.3.0.jar:li/strolch/rest/DefaultStrolchSessionHandler.class */
public class DefaultStrolchSessionHandler extends StrolchComponent implements StrolchSessionHandler {
    public static final String PARAM_SESSION_TTL_MINUTES = "session.ttl.minutes";
    public static final String PARAM_SESSION_RELOAD_SESSIONS = "session.reload";
    private static final Logger logger = LoggerFactory.getLogger(DefaultStrolchSessionHandler.class);
    private PrivilegeHandler privilegeHandler;
    private Map<String, Certificate> certificateMap;
    private boolean reloadSessions;
    private long sessionTtl;
    private Timer sessionTimeoutTimer;

    /* loaded from: input_file:WEB-INF/lib/li.strolch.rest-1.3.0.jar:li/strolch/rest/DefaultStrolchSessionHandler$SessionTimeoutTask.class */
    private class SessionTimeoutTask extends TimerTask {
        private SessionTimeoutTask() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            DefaultStrolchSessionHandler.this.checkSessionsForTimeout();
        }
    }

    public DefaultStrolchSessionHandler(ComponentContainer componentContainer, String str) {
        super(componentContainer, str);
    }

    @Override // li.strolch.agent.api.StrolchComponent
    public void initialize(ComponentConfiguration componentConfiguration) throws Exception {
        this.sessionTtl = TimeUnit.MINUTES.toMillis(componentConfiguration.getInt(PARAM_SESSION_TTL_MINUTES, 30));
        this.reloadSessions = componentConfiguration.getBoolean(PARAM_SESSION_RELOAD_SESSIONS, false);
        super.initialize(componentConfiguration);
    }

    @Override // li.strolch.agent.api.StrolchComponent
    public void start() throws Exception {
        this.privilegeHandler = (PrivilegeHandler) getContainer().getComponent(PrivilegeHandler.class);
        this.certificateMap = Collections.synchronizedMap(new HashMap());
        if (this.reloadSessions) {
            List<Certificate> list = (List) runPrivilegedRunnable(privilegeContext -> {
                return (List) this.privilegeHandler.getPrivilegeHandler().getCertificates(privilegeContext.getCertificate()).stream().filter(certificate -> {
                    return !certificate.getUserState().isSystem();
                }).collect(Collectors.toList());
            });
            for (Certificate certificate : list) {
                this.certificateMap.put(certificate.getAuthToken(), certificate);
            }
            checkSessionsForTimeout();
            logger.info("Restored " + list.size() + " sessions of which " + (list.size() - this.certificateMap.size()) + " had timed out and were removed.");
        }
        this.sessionTimeoutTimer = new Timer("SessionTimeoutTimer", true);
        this.sessionTimeoutTimer.schedule(new SessionTimeoutTask(), TimeUnit.MINUTES.toMillis(5L), TimeUnit.MINUTES.toMillis(1L));
        super.start();
    }

    @Override // li.strolch.agent.api.StrolchComponent
    public void stop() throws Exception {
        if (this.reloadSessions) {
            runPrivilegedRunnable(privilegeContext -> {
                return Boolean.valueOf(getContainer().getPrivilegeHandler().getPrivilegeHandler().persistSessions(privilegeContext.getCertificate()));
            });
        } else if (this.certificateMap != null) {
            synchronized (this.certificateMap) {
                Iterator<Certificate> it = this.certificateMap.values().iterator();
                while (it.hasNext()) {
                    this.privilegeHandler.invalidateSession(it.next());
                }
                this.certificateMap.clear();
            }
        }
        if (this.sessionTimeoutTimer != null) {
            this.sessionTimeoutTimer.cancel();
        }
        this.sessionTimeoutTimer = null;
        this.privilegeHandler = null;
        super.stop();
    }

    @Override // li.strolch.agent.api.StrolchComponent
    public void destroy() throws Exception {
        this.certificateMap = null;
        super.destroy();
    }

    @Override // li.strolch.rest.StrolchSessionHandler
    public Certificate authenticate(String str, byte[] bArr) {
        DBC.PRE.assertNotEmpty("Username must be set!", str);
        DBC.PRE.assertNotNull("Passwort must be set", bArr);
        Certificate authenticate = this.privilegeHandler.authenticate(str, bArr);
        authenticate.setLastAccess(new Date());
        this.certificateMap.put(authenticate.getAuthToken(), authenticate);
        logger.info(MessageFormat.format("{0} sessions currently active.", Integer.valueOf(this.certificateMap.size())));
        return authenticate;
    }

    @Override // li.strolch.rest.StrolchSessionHandler
    public Certificate validate(String str) {
        DBC.PRE.assertNotEmpty("authToken must be set!", str);
        Certificate certificate = this.certificateMap.get(str);
        if (certificate == null) {
            throw new StrolchException(MessageFormat.format("No certificate exists for sessionId {0}", str));
        }
        return validate(certificate);
    }

    @Override // li.strolch.rest.StrolchSessionHandler
    public Certificate validate(Certificate certificate) {
        this.privilegeHandler.isCertificateValid(certificate);
        certificate.setLastAccess(new Date());
        return certificate;
    }

    @Override // li.strolch.rest.StrolchSessionHandler
    public void invalidate(Certificate certificate) {
        DBC.PRE.assertNotNull("Certificate must be given!", certificate);
        if (this.certificateMap.remove(certificate.getAuthToken()) == null) {
            logger.error(MessageFormat.format("No session was registered with token {0}", certificate.getAuthToken()));
        }
        this.privilegeHandler.invalidateSession(certificate);
    }

    @Override // li.strolch.rest.StrolchSessionHandler
    public void initiateChallengeFor(Usage usage, String str) {
        this.privilegeHandler.getPrivilegeHandler().initiateChallengeFor(usage, str);
    }

    @Override // li.strolch.rest.StrolchSessionHandler
    public Certificate validateChallenge(String str, String str2) throws PrivilegeException {
        DBC.PRE.assertNotEmpty("username must be set!", str);
        DBC.PRE.assertNotEmpty("challenge must be set", str2);
        Certificate validateChallenge = this.privilegeHandler.getPrivilegeHandler().validateChallenge(str, str2);
        validateChallenge.setLastAccess(new Date());
        this.certificateMap.put(validateChallenge.getAuthToken(), validateChallenge);
        logger.info(MessageFormat.format("{0} sessions currently active.", Integer.valueOf(this.certificateMap.size())));
        return validateChallenge;
    }

    protected void sessionTimeout(Certificate certificate) {
        DBC.PRE.assertNotNull("Certificate must be given!", certificate);
        if (this.certificateMap.remove(certificate.getAuthToken()) == null) {
            logger.error(MessageFormat.format("No session was registered with token {0}", certificate.getAuthToken()));
        }
        this.privilegeHandler.sessionTimeout(certificate);
    }

    protected Map<String, Certificate> getCertificateMap() {
        return this.certificateMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkSessionsForTimeout() {
        HashMap hashMap;
        Map<String, Certificate> certificateMap = getCertificateMap();
        synchronized (certificateMap) {
            hashMap = new HashMap(certificateMap);
        }
        LocalDateTime minus = LocalDateTime.now().minus(this.sessionTtl, (TemporalUnit) ChronoUnit.MILLIS);
        ZoneId systemDefault = ZoneId.systemDefault();
        for (Certificate certificate : hashMap.values()) {
            if (minus.isAfter(LocalDateTime.ofInstant(certificate.getLastAccess().toInstant(), systemDefault))) {
                logger.info(MessageFormat.format("Session {0} for user {1} has expired, invalidating session...", certificate.getSessionId(), certificate.getUsername()));
                sessionTimeout(certificate);
            }
        }
    }

    @Override // li.strolch.rest.StrolchSessionHandler
    public UserSession getSession(Certificate certificate, String str) {
        PrivilegeContext privilegeContext = this.privilegeHandler.getPrivilegeContext(certificate);
        privilegeContext.assertHasPrivilege(StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_GET_SESSION);
        synchronized (this.certificateMap) {
            for (Certificate certificate2 : this.certificateMap.values()) {
                if (certificate2.getSessionId().equals(str)) {
                    privilegeContext.validateAction(new SimpleRestrictable(StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_GET_SESSION, certificate2));
                    return new UserSession(certificate2);
                }
            }
            throw new PrivilegeException("No Session exists with the id " + str);
        }
    }

    @Override // li.strolch.rest.StrolchSessionHandler
    public List<UserSession> getSessions(Certificate certificate) {
        PrivilegeContext privilegeContext = this.privilegeHandler.getPrivilegeContext(certificate);
        privilegeContext.assertHasPrivilege(StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_GET_SESSION);
        ArrayList arrayList = new ArrayList(this.certificateMap.size());
        synchronized (this.certificateMap) {
            for (Certificate certificate2 : this.certificateMap.values()) {
                try {
                    privilegeContext.validateAction(new SimpleRestrictable(StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_GET_SESSION, certificate2));
                    arrayList.add(new UserSession(certificate2));
                } catch (AccessDeniedException e) {
                }
            }
        }
        return arrayList;
    }

    @Override // li.strolch.rest.StrolchSessionHandler
    public void invalidateSession(Certificate certificate, String str) {
        HashMap hashMap;
        PrivilegeContext privilegeContext = this.privilegeHandler.getPrivilegeContext(certificate);
        privilegeContext.assertHasPrivilege(StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_INVALIDATE_SESSION);
        synchronized (this.certificateMap) {
            hashMap = new HashMap(this.certificateMap);
        }
        boolean z = false;
        Iterator it = hashMap.values().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Certificate certificate2 = (Certificate) it.next();
            if (certificate2.getSessionId().equals(str)) {
                privilegeContext.validateAction(new SimpleRestrictable(StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_INVALIDATE_SESSION, certificate2));
                invalidate(certificate2);
                z = true;
                break;
            }
        }
        if (!z) {
            throw new PrivilegeException("Can not invalidate session as no session exists with the id " + str);
        }
    }

    @Override // li.strolch.rest.StrolchSessionHandler
    public void setSessionLocale(Certificate certificate, String str, Locale locale) {
        if (!certificate.getSessionId().equals(str)) {
            throw new AccessDeniedException(MessageFormat.format("User's can only change their own session locale: {0} may not change locale of session {1}", certificate.getUsername(), str));
        }
        synchronized (this.certificateMap) {
            for (Certificate certificate2 : this.certificateMap.values()) {
                if (certificate2.getSessionId().equals(str)) {
                    certificate2.setLocale(locale);
                }
            }
        }
    }
}
