package com.inet.authentication.stayloggedin;

import com.inet.annotations.JsonData;
import com.inet.authentication.LoginProcessor;
import com.inet.authentication.base.LoginManager;
import com.inet.authentication.base.TwoFactorManager;
import com.inet.cache.MemoryStoreMap;
import com.inet.config.ConfigKey;
import com.inet.config.ConfigValue;
import com.inet.http.ExpandableHttpSessionListener;
import com.inet.http.servlet.CookieWithSameSite;
import com.inet.http.servlet.SessionStore;
import com.inet.id.GUID;
import com.inet.lib.json.Json;
import com.inet.lib.json.JsonParameterizedType;
import com.inet.lib.util.PasswordHashing;
import com.inet.lib.util.StringFunctions;
import com.inet.logging.SecurityEventLog;
import com.inet.permissions.url.legacy.OldPermissionXMLUtils;
import com.inet.persistence.Persistence;
import com.inet.persistence.PersistenceListener;
import com.inet.plugin.ServerPluginManager;
import com.inet.plugin.veto.VetoManager;
import com.inet.thread.ThreadUtils;
import com.inet.usersandgroups.api.user.UserAccount;
import com.inet.usersandgroups.api.user.UserAccountScope;
import com.inet.usersandgroups.api.user.UserManager;
import java.nio.charset.StandardCharsets;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.SuppressFBWarnings;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/inet/authentication/stayloggedin/StayLoggedInHandler.class */
public class StayLoggedInHandler {
    private static final String COOKIE = "SID";
    private static final int MAX_LOGIN_TIME_SECONDS = 2419200;
    private static final int MAX_SESSION_COUNT = 100;
    private static final TwoFactorManager c;
    public static final ConfigValue<String> SAME_SITE = new ConfigValue<>(ConfigKey.COOKIE_SAME_SITE);
    public static final ConfigValue<Boolean> AUTHENTICATION_STAY_LOGGED_IN = new ConfigValue<>(ConfigKey.AUTHENTICATION_STAY_LOGGED_IN);
    private static final Json a = new Json();
    private static final MemoryStoreMap<StayLoggedInSession, String[]> b = new MemoryStoreMap<>(5, false);

    /* JADX INFO: Access modifiers changed from: private */
    @JsonData
    /* loaded from: input_file:com/inet/authentication/stayloggedin/StayLoggedInHandler$StayLoggedinNodeEvent.class */
    public static class StayLoggedinNodeEvent {
        private List<StayLoggedInSession> delete;

        private StayLoggedinNodeEvent() {
        }
    }

    /* loaded from: input_file:com/inet/authentication/stayloggedin/StayLoggedInHandler$a.class */
    private static class a implements PersistenceListener<StayLoggedinNodeEvent> {
        private a() {
        }

        @Override // com.inet.persistence.PersistenceListener
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public void eventReceived(StayLoggedinNodeEvent stayLoggedinNodeEvent) {
            StayLoggedInHandler.a(stayLoggedinNodeEvent.delete);
        }
    }

    public static boolean handleCookie(String str, @Nonnull HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse, boolean z) {
        if (z && !AUTHENTICATION_STAY_LOGGED_IN.get().booleanValue()) {
            return false;
        }
        GUID currentUserAccountID = UserManager.getInstance().getCurrentUserAccountID();
        String a2 = a(httpServletRequest);
        String[] a3 = a(a2);
        if (VetoManager.getInstance().isCurrentlyVetoed() && !LoginManager.isUserManagerAvailable()) {
            return true;
        }
        if (a3 != null) {
            String str2 = a3[0];
            if (currentUserAccountID != null && !StringFunctions.isEmpty(str2) && !str2.equals(currentUserAccountID.toString())) {
                a(null, a3, httpServletRequest, false);
                a3 = null;
            }
        }
        if (a3 == null) {
            if (currentUserAccountID == null || str == null) {
                return false;
            }
            a3 = new String[3];
            a3[0] = currentUserAccountID.toString();
        }
        if (a2 == null || !z) {
            return a(str, a3, httpServletRequest, httpServletResponse, z);
        }
        synchronized (ThreadUtils.getSemaphore(a2)) {
            HttpSession session = httpServletRequest.getSession(false);
            if (session == null || session.getAttribute(LoginManager.WEB_USER_INFO) == null) {
                return a(str, a3, httpServletRequest, httpServletResponse, z);
            }
            LoginManager.initUserAccount(httpServletRequest.getSession());
            return true;
        }
    }

    private static boolean a(String str, @Nonnull String[] strArr, @Nonnull HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse, boolean z) {
        a(str, strArr, httpServletRequest, z);
        String a2 = a(strArr);
        CookieWithSameSite cookieWithSameSite = new CookieWithSameSite("SID" + httpServletRequest.getLocalPort(), a2);
        cookieWithSameSite.setHttpOnly(true);
        cookieWithSameSite.setSecure(httpServletRequest.isSecure());
        String contextPath = httpServletRequest.getContextPath();
        cookieWithSameSite.setPath(contextPath.isEmpty() ? OldPermissionXMLUtils.XML_END : contextPath);
        cookieWithSameSite.setSameSite(SAME_SITE.get());
        if (StringFunctions.isEmpty(a2)) {
            cookieWithSameSite.setMaxAge(0);
            LoginProcessor.LOGGER.debug("Delete login cookie");
        } else {
            cookieWithSameSite.setMaxAge(MAX_LOGIN_TIME_SECONDS);
            LoginProcessor.LOGGER.debug("Send new login cookie");
            httpServletRequest.getSession().setAttribute(COOKIE, cookieWithSameSite);
        }
        cookieWithSameSite.addCookieTo(httpServletResponse);
        return !StringFunctions.isEmpty(strArr[0]);
    }

    @SuppressFBWarnings(value = {"COOKIE_USAGE"}, justification = "cookie data need live longer as session")
    public static void checkCookie(@Nonnull HttpSession httpSession, @Nonnull HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse) {
        Object attribute = httpSession.getAttribute(COOKIE);
        if (attribute == null || !(attribute instanceof CookieWithSameSite)) {
            return;
        }
        CookieWithSameSite cookieWithSameSite = (CookieWithSameSite) attribute;
        if (Objects.equals(a(httpServletRequest), cookieWithSameSite.getValue())) {
            httpServletRequest.getSession().removeAttribute(COOKIE);
            return;
        }
        if (LoginProcessor.LOGGER.isDebug()) {
            StringBuilder append = new StringBuilder("Resend login cookie: ").append(cookieWithSameSite.getName()).append('=').append(cookieWithSameSite.getValue());
            append.append("\tReceived cookies:\n");
            Cookie[] cookies = httpServletRequest.getCookies();
            if (cookies != null) {
                for (Cookie cookie : cookies) {
                    append.append('\t').append(cookie.getName()).append('=').append(cookie.getValue()).append('\n');
                }
            }
            LoginProcessor.LOGGER.debug(append);
        }
        cookieWithSameSite.addCookieTo(httpServletResponse);
    }

    @Nullable
    @SuppressFBWarnings(value = {"COOKIE_USAGE"}, justification = "cookie data need live longer as session")
    private static String a(@Nonnull HttpServletRequest httpServletRequest) {
        String str = "SID" + httpServletRequest.getLocalPort();
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (str.equals(cookie.getName())) {
                return cookie.getValue();
            }
        }
        return null;
    }

    private static void a(String str, @Nonnull String[] strArr, HttpServletRequest httpServletRequest, boolean z) {
        GUID valueOf = GUID.valueOf(strArr[0]);
        UserManager userManager = UserManager.getInstance();
        UserAccount userAccount = userManager.getUserAccount(valueOf);
        if (userAccount == null || !userAccount.isActive()) {
            strArr[0] = null;
            return;
        }
        if (c != null && c.forceTwoFactor() && !c.hasTwoFactorSettings(userAccount)) {
            strArr[0] = null;
            userManager.updateUserData(valueOf, FieldStayLoggedIn.INSTANCE, str2 -> {
                return null;
            });
            return;
        }
        userManager.updateUserData(valueOf, FieldStayLoggedIn.INSTANCE, str3 -> {
            ArrayList arrayList;
            UserAccountScope create;
            try {
                arrayList = (ArrayList) a.fromJson(str3, new JsonParameterizedType(ArrayList.class, StayLoggedInSession.class));
            } catch (Throwable th) {
                arrayList = new ArrayList();
            }
            String str3 = str;
            String str4 = strArr[1];
            boolean z2 = str4 == null;
            String[] strArr2 = null;
            long currentTimeMillis = System.currentTimeMillis() - 2419200000L;
            Iterator it = arrayList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                StayLoggedInSession stayLoggedInSession = (StayLoggedInSession) it.next();
                if (stayLoggedInSession.getLastUse() < currentTimeMillis) {
                    it.remove();
                    if (LoginProcessor.LOGGER.isDebug()) {
                        LoginProcessor.LOGGER.debug("Login token removed because outdated: user: " + userAccount.getDisplayName() + "; os: " + stayLoggedInSession.getOS() + "; browser: " + stayLoggedInSession.getBrowser() + "; date: " + new Timestamp(stayLoggedInSession.getLastUse()));
                    }
                } else if (str4 != null && str4.equals(stayLoggedInSession.getClientID())) {
                    it.remove();
                    str3 = stayLoggedInSession.getProvider();
                    if (z) {
                        strArr2 = b.get(stayLoggedInSession);
                        if (strArr2 == null && !PasswordHashing.isMatching(stayLoggedInSession.getHashToken(), strArr[2].toCharArray())) {
                            z2 = false;
                            str4 = null;
                            strArr[1] = null;
                            create = UserAccountScope.create(valueOf);
                            try {
                                SecurityEventLog.InvalidSessionCookie.log(new Object[0]);
                                if (create != null) {
                                    create.close();
                                }
                                LoginProcessor.LOGGER.debug("Invalid session cookie");
                            } finally {
                            }
                        } else if (LoginManager.getActiveStayLoginProviders().contains(str3)) {
                            z2 = true;
                            LoginProcessor.LOGGER.debug("Login token validated");
                        } else {
                            z2 = false;
                            str4 = null;
                            strArr[1] = null;
                            strArr2 = null;
                            create = UserAccountScope.create(valueOf);
                            try {
                                SecurityEventLog.InvalidSessionCookie.log(new Object[0]);
                                if (create != null) {
                                    create.close();
                                }
                            } finally {
                            }
                        }
                    }
                }
            }
            if (z && !z2 && str != null && strArr[0] != null) {
                str3 = str;
                str4 = null;
                z2 = true;
            }
            if (z && z2) {
                if (strArr2 != null) {
                    strArr[2] = strArr2[2];
                } else {
                    if (str4 == null) {
                        strArr[1] = GUID.generateNew().toString();
                    }
                    strArr[2] = GUID.generateNew().toString();
                }
                StayLoggedInSession stayLoggedInSession2 = new StayLoggedInSession(httpServletRequest, str3, strArr);
                b.put(stayLoggedInSession2, strArr);
                httpServletRequest.getSession().setAttribute(StayLoggedInSession.class.getName(), stayLoggedInSession2);
                arrayList.add(stayLoggedInSession2);
            } else {
                strArr[0] = null;
            }
            if (arrayList.size() > 100) {
                arrayList.remove(0);
            }
            return a.toJson(arrayList);
        });
        if (StringFunctions.isEmpty(strArr[0]) || str != null) {
            return;
        }
        LoginManager.setCurrentLoginProcessor(httpServletRequest, userManager.getNonSessionLoginProcessor(valueOf));
        LoginManager.initUserAccount(httpServletRequest.getSession());
    }

    private static String a(String[] strArr) {
        return (strArr == null || StringFunctions.isEmpty(strArr[0])) ? "" : Base64.getUrlEncoder().encodeToString(a.toJson(strArr).getBytes(StandardCharsets.ISO_8859_1));
    }

    private static String[] a(@Nullable String str) {
        if (StringFunctions.isEmpty(str)) {
            return null;
        }
        try {
            String[] strArr = (String[]) a.fromJson(Base64.getUrlDecoder().decode(str), String[].class);
            if (strArr == null || strArr.length != 3 || strArr[0] == null || strArr[1] == null) {
                return null;
            }
            if (strArr[2] == null) {
                return null;
            }
            return strArr;
        } catch (Exception e) {
            return null;
        }
    }

    @Nonnull
    public static List<StayLoggedInSession> getSessions(GUID guid) {
        return getSessions(guid, UserManager.getInstance());
    }

    @Nonnull
    public static List<StayLoggedInSession> getSessions(GUID guid, UserManager userManager) {
        String str;
        UserAccount userAccount = userManager.getUserAccount(guid);
        if (userAccount != null && (str = (String) userAccount.getValue(FieldStayLoggedIn.INSTANCE)) != null) {
            return (List) new Json().fromJson(str, new JsonParameterizedType(ArrayList.class, StayLoggedInSession.class));
        }
        return Collections.emptyList();
    }

    public static StayLoggedInSession getActiveSession(List<StayLoggedInSession> list) {
        HttpSession httpSession;
        StayLoggedInSession stayLoggedInSession;
        HttpServletRequest httpServletRequest = SessionStore.getHttpServletRequest();
        if (httpServletRequest == null) {
            return null;
        }
        String[] a2 = a(a(httpServletRequest));
        if (a2 == null && (httpSession = SessionStore.getHttpSession()) != null) {
            String id = httpSession.getId();
            for (HttpSession httpSession2 : ExpandableHttpSessionListener.getActiveSessions()) {
                if (id.equals(httpSession2.getId()) && (stayLoggedInSession = (StayLoggedInSession) httpSession2.getAttribute(StayLoggedInSession.class.getName())) != null) {
                    a2 = new String[]{null, stayLoggedInSession.getClientID(), null};
                }
            }
        }
        if (a2 == null) {
            return null;
        }
        for (StayLoggedInSession stayLoggedInSession2 : list) {
            if (stayLoggedInSession2.getClientID().equals(a2[1])) {
                return stayLoggedInSession2;
            }
        }
        return null;
    }

    public static void deleteSessions(@Nonnull GUID guid, @Nonnull List<StayLoggedInSession> list) {
        deleteSessions(guid, list, UserManager.getInstance());
    }

    public static void deleteSessions(@Nonnull GUID guid, @Nonnull List<StayLoggedInSession> list, UserManager userManager) {
        LoginProcessor.LOGGER.debug("Delete login cookie sessions");
        userManager.updateUserData(guid, FieldStayLoggedIn.INSTANCE, str -> {
            ArrayList arrayList;
            try {
                arrayList = (ArrayList) a.fromJson(str, new JsonParameterizedType(ArrayList.class, StayLoggedInSession.class));
            } catch (Throwable th) {
                arrayList = new ArrayList();
            }
            arrayList.removeAll(list);
            return a.toJson(arrayList);
        });
        try {
            a(list);
        } catch (NoClassDefFoundError e) {
        }
        StayLoggedinNodeEvent stayLoggedinNodeEvent = new StayLoggedinNodeEvent();
        stayLoggedinNodeEvent.delete = list;
        Persistence.getInstance().sendEvent(stayLoggedinNodeEvent);
    }

    private static void a(List<StayLoggedInSession> list) {
        for (HttpSession httpSession : ExpandableHttpSessionListener.getActiveSessions()) {
            Object attribute = httpSession.getAttribute(StayLoggedInSession.class.getName());
            if (attribute != null && list.contains(attribute)) {
                try {
                    httpSession.invalidate();
                } catch (IllegalStateException e) {
                }
            }
        }
    }

    static {
        Persistence.getInstance().registerListener(new a());
        c = (TwoFactorManager) ServerPluginManager.getInstance().getOptionalInstance(TwoFactorManager.class);
    }
}
