package org.openanzo.security.keystore;

import com.nimbusds.jose.Header;
import java.io.File;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.CopyOnWriteArraySet;
import java.util.concurrent.Semaphore;
import java.util.function.Consumer;
import javax.crypto.SecretKey;
import org.openanzo.cache.EHCache;
import org.openanzo.cache.ICacheProvider;
import org.openanzo.exceptions.AnzoException;
import org.openanzo.exceptions.AnzoRuntimeException;
import org.openanzo.exceptions.EncryptionUtil;
import org.openanzo.exceptions.LogUtils;
import org.openanzo.rdf.BayeuxJMSConstants;
import org.openanzo.services.AbstractControlMessage;
import org.openanzo.services.CloseControlMessage;
import org.openanzo.services.IControlMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;

/* loaded from: input_file:org/openanzo/security/keystore/SecretKeyStore.class */
public class SecretKeyStore implements ISecretKeystore, ApplicationContextAware {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SecretKeyStore.class);
    public static final String resourcePrefix = "resource:";
    private final Dictionary<String, ?> configurationProperties;
    private EHCache<String, BrowserSession> sessionCache;
    private Timer timer = null;
    private long browserSessionTimeout = 2592000000L;
    Set<IBrowserSessionListener> sessionListeners = new CopyOnWriteArraySet();
    private ApplicationContext appCtx;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/openanzo/security/keystore/SecretKeyStore$SessionInvalidationTask.class */
    public class SessionInvalidationTask extends TimerTask {
        Semaphore sem = new Semaphore(1);

        SessionInvalidationTask() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            if (this.sem.tryAcquire()) {
                try {
                    SecretKeyStore.this.validateBrowserSessions();
                } finally {
                    this.sem.release();
                }
            }
        }
    }

    public SecretKeyStore(Dictionary<String, ? extends Object> dictionary, File file, ICacheProvider iCacheProvider) {
        this.configurationProperties = dictionary;
        if (iCacheProvider != null) {
            this.sessionCache = iCacheProvider.openPersistedCache("browserSessionsSSO", 200, Header.MAX_HEADER_STRING_LENGTH);
        }
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public void start() throws AnzoException {
        Long browserSessionTimeout = KeyStoreDictionary.getBrowserSessionTimeout(this.configurationProperties);
        if (browserSessionTimeout != null) {
            setBrowserSessionTimeout(browserSessionTimeout.longValue());
        }
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public void stop() throws AnzoException {
        if (this.timer != null) {
            this.timer.cancel();
        }
        if (this.sessionCache != null) {
            this.sessionCache.close();
        }
    }

    public void initialize(SecretKey secretKey, String str) throws AnzoException {
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public String encryptAndBase64EncodeString(String str) throws AnzoException {
        return EncryptionUtil.encryptBase64(str);
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public String encryptAndBase64EncodeBytes(byte[] bArr) throws AnzoException {
        return EncryptionUtil.encryptBase64(new String(bArr, StandardCharsets.UTF_8));
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public String decryptAndBase64DecodeString(String str) throws AnzoException {
        return EncryptionUtil.decryptBase64(str);
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public byte[] decryptAndBase64DecodeBytes(String str) throws AnzoException {
        return EncryptionUtil.decryptBase64(str).getBytes(StandardCharsets.UTF_8);
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public void storeBrowserSession(BrowserSession browserSession) throws AnzoException {
        putInCache(browserSession.browserId, browserSession);
        if (log.isDebugEnabled()) {
            log.debug("after add: browserSessions size {}: Caller {}: browserIds:{}", Integer.valueOf(this.sessionCache.keySet().size()), LogUtils.getCaller(), this.sessionCache.keySet());
        }
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public int incrementUsageBrowserSession(String str) throws AnzoException {
        BrowserSession browserSession = this.sessionCache.get(str);
        if (browserSession == null) {
            return -1;
        }
        int increment = browserSession.increment();
        browserSession.touch();
        putInCache(browserSession.browserId, browserSession);
        return increment;
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public int getUsageBrowserSession(String str) throws AnzoException {
        BrowserSession browserSession = this.sessionCache.get(str);
        if (browserSession != null) {
            return browserSession.usage;
        }
        return -1;
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public int decrementUsageBrowserSession(String str) throws AnzoException {
        BrowserSession browserSession = this.sessionCache.get(str);
        if (browserSession == null) {
            return -1;
        }
        int decrement = browserSession.decrement();
        putInCache(browserSession.browserId, browserSession);
        return decrement;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void removeFromCache(String str) {
        this.sessionCache.remove(str);
        BrowserSessionDestroyedEvent browserSessionDestroyedEvent = new BrowserSessionDestroyedEvent(str);
        log.debug("Publishing event: {}", browserSessionDestroyedEvent);
        if (this.appCtx != null) {
            this.appCtx.publishEvent(browserSessionDestroyedEvent);
        }
    }

    private void putInCache(String str, BrowserSession browserSession) {
        if (browserSession == null) {
            log.warn(LogUtils.SECURITY_MARKER, "A null session was attempted to be put in cache for browserId {}", str);
            return;
        }
        this.sessionCache.put(str, browserSession);
        BrowserSessionCreatedEvent browserSessionCreatedEvent = new BrowserSessionCreatedEvent(browserSession);
        log.debug("Publishing event: {}", browserSessionCreatedEvent);
        if (this.appCtx != null) {
            this.appCtx.publishEvent(browserSessionCreatedEvent);
        }
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public void touchBrowserSession(String str) throws AnzoException {
        BrowserSession browserSession = this.sessionCache.get(str);
        if (browserSession != null) {
            browserSession.touch();
            putInCache(browserSession.browserId, browserSession);
        }
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public BrowserSession getBrowserSession(String str) {
        return this.sessionCache.get(str);
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public boolean validateBrowserSession(BrowserSession browserSession) {
        if (browserSession == null) {
            log.warn(LogUtils.SECURITY_MARKER, "Session is null");
            return false;
        }
        long currentTimeMillis = System.currentTimeMillis();
        long individualSessionTimout = browserSession.getIndividualSessionTimout();
        long lastAccessTime = currentTimeMillis - browserSession.getLastAccessTime();
        if (!(!Objects.equals(Long.valueOf(browserSession.getBrowserSessionTimeout()), Long.valueOf(this.browserSessionTimeout)))) {
            boolean z = (individualSessionTimout == -1 && this.browserSessionTimeout == -1) || (currentTimeMillis >= browserSession.getLastAccessTime() && ((individualSessionTimout > -1 && lastAccessTime < individualSessionTimout) || (this.browserSessionTimeout > -1 && lastAccessTime < this.browserSessionTimeout)));
            if (!z) {
                log.debug(LogUtils.SECURITY_MARKER, "Auth token timestamp is expired: - tokenTimestamp:{} currentTime:{} difference:{}", Long.valueOf(browserSession.getLastAccessTime()), Long.valueOf(currentTimeMillis), Long.valueOf(currentTimeMillis - browserSession.getLastAccessTime()));
                try {
                    closeBrowserSession(browserSession.getBrowserId());
                } catch (AnzoException e) {
                    throw new AnzoRuntimeException(e);
                }
            }
            return z;
        }
        log.debug(LogUtils.SECURITY_MARKER, "Auth token timeout has changed: - previous timeout:{} current timeout:{}", Long.valueOf(browserSession.getBrowserSessionTimeout()), Long.valueOf(this.browserSessionTimeout));
        if ((browserSession.getBrowserSessionTimeout() != -1 && this.browserSessionTimeout == -1) || (browserSession.getBrowserSessionTimeout() == -1 && this.browserSessionTimeout != -1)) {
            fix(browserSession.getBrowserId());
        }
        browserSession.setBrowserSessionTimeout(this.browserSessionTimeout);
        return false;
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public void closeBrowserSession(String str) throws AnzoException {
        closeBrowserSessionWithControlType(str, null);
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public void closeBrowserSessionWithControlType(String str, String str2) throws AnzoException {
        sendMessage(new CloseControlMessage(str, str2));
        log.debug("removing browserId {} from sessionCache", str);
        if (log.isTraceEnabled()) {
            StringWriter stringWriter = new StringWriter();
            new Throwable("").printStackTrace(new PrintWriter(stringWriter));
            log.trace(stringWriter.toString());
        }
        removeFromCache(str);
        if (log.isDebugEnabled()) {
            log.debug("after remove: browserSessions size {}: Caller {}: browserIds:{}", Integer.valueOf(this.sessionCache.keySet().size()), LogUtils.getCaller(), this.sessionCache.keySet());
        }
    }

    public void fix(String str) {
        sendMessage(new AbstractControlMessage(str) { // from class: org.openanzo.security.keystore.SecretKeyStore.1
            @Override // org.openanzo.services.IControlMessage
            public Map<String, Object> getControlData() {
                HashMap hashMap = new HashMap();
                hashMap.put("type", BayeuxJMSConstants.CONTROL_TYPE_SESSION_UPDATE);
                return hashMap;
            }

            @Override // org.openanzo.services.AbstractControlMessage, org.openanzo.services.IControlMessage
            public Consumer<IControlMessage> getFailureCallback() {
                return iControlMessage -> {
                    SecretKeyStore.this.removeFromCache(iControlMessage.getBrowserId());
                };
            }
        });
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public void sendMessage(IControlMessage iControlMessage) {
        Iterator<IBrowserSessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            try {
                it.next().sendMessage(iControlMessage);
            } catch (Throwable th) {
                log.error("Unexpected session error", th);
            }
        }
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public void registerListener(IBrowserSessionListener iBrowserSessionListener) {
        this.sessionListeners.add(iBrowserSessionListener);
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public void unregisterListener(IBrowserSessionListener iBrowserSessionListener) {
        this.sessionListeners.remove(iBrowserSessionListener);
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public void setBrowserSessionTimeout(long j) {
        if (!Objects.equals(Long.valueOf(this.browserSessionTimeout), Long.valueOf(j))) {
            this.browserSessionTimeout = j;
            if (this.timer != null) {
                this.timer.cancel();
            }
            if (j > -1) {
                this.timer = new Timer("BrowserSession Invalidator", true);
                this.timer.schedule(new SessionInvalidationTask(), j, j);
            }
            validateBrowserSessions();
        }
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public long getBrowserSessionTimeout() {
        return this.browserSessionTimeout;
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public void validateBrowserSessions() {
        Iterator it = new HashSet(this.sessionCache.keySet()).iterator();
        while (it.hasNext()) {
            validateBrowserSession(this.sessionCache.get((String) it.next()));
        }
    }

    @Override // org.openanzo.security.keystore.ISecretKeystore
    public boolean getLongliveSession() {
        return this.browserSessionTimeout == -1;
    }

    public void setApplicationContext(ApplicationContext applicationContext) {
        this.appCtx = applicationContext;
    }
}
