package org.josso.agent;

import java.io.IOException;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.josso.gateway.GatewayServiceLocator;
import org.josso.gateway.assertion.exceptions.AssertionNotValidException;
import org.josso.gateway.identity.service.SSOIdentityManagerService;
import org.josso.gateway.identity.service.SSOIdentityProviderService;
import org.josso.gateway.session.exceptions.FatalSSOSessionException;
import org.josso.gateway.session.exceptions.NoSuchSessionException;
import org.josso.gateway.session.exceptions.SSOSessionException;
import org.josso.gateway.session.service.SSOSessionManagerService;

/* loaded from: input_file:org/josso/agent/AbstractSSOAgent.class */
public abstract class AbstractSSOAgent implements SSOAgent {
    public static final long DEFAULT_SESSION_ACCESS_MIN_INTERVAL = 1000;
    public static final ThreadLocal<SSOAgentRequest> _currentRequest = new ThreadLocal<>();
    protected GatewayServiceLocator gsl;
    protected SSOSessionManagerService smDefault;
    protected SSOIdentityManagerService imDefault;
    protected SSOIdentityProviderService ipDefault;
    protected SSOAgentConfiguration _cfg;
    private String _gatewayLoginUrl;
    private String _gatewayLogoutUrl;
    private String _gatewayLoginErrorUrl;
    private String _singlePointOfAccess;
    private long _requestCount;
    private long _l1CacheHits;
    private long _l2CacheHits;
    protected final Map<String, SingleSignOnEntry> cache = Collections.synchronizedMap(new HashMap());
    protected final Map<LocalSession, String> reverse = Collections.synchronizedMap(new HashMap());
    protected boolean started = false;
    protected int debug = 0;
    protected Map<String, GatewayServiceLocator> gslsByNode = new HashMap();
    protected Map<String, NodeServices> servicesByNode = new HashMap();
    private long _sessionAccessMinInterval = 1000;
    private boolean _isStateOnClient = false;

    /* loaded from: input_file:org/josso/agent/AbstractSSOAgent$NodeServices.class */
    public class NodeServices {
        private String nodeId;
        protected GatewayServiceLocator gsl;
        protected SSOSessionManagerService sm;
        protected SSOIdentityManagerService im;
        protected SSOIdentityProviderService ip;

        public NodeServices(String str, GatewayServiceLocator gatewayServiceLocator) {
            this.nodeId = str;
            this.gsl = gatewayServiceLocator;
        }

        public void start() {
            try {
                this.sm = this.gsl.getSSOSessionManager();
                this.im = this.gsl.getSSOIdentityManager();
                this.ip = this.gsl.getSSOIdentityProvider();
                if (AbstractSSOAgent.this.debug > 0) {
                    AbstractSSOAgent.this.log("Agent Services clients started for " + this.nodeId);
                }
            } catch (Exception e) {
                AbstractSSOAgent.this.log("Can't create session/identity/provider managers : \n" + e.getMessage(), e);
            }
        }

        public SSOSessionManagerService getSm() {
            return this.sm;
        }

        public SSOIdentityManagerService getIm() {
            return this.im;
        }

        public SSOIdentityProviderService getIp() {
            return this.ip;
        }
    }

    @Override // org.josso.agent.SSOAgent
    public void setGatewayServiceLocator(GatewayServiceLocator gatewayServiceLocator) {
        this.gsl = gatewayServiceLocator;
    }

    public GatewayServiceLocator getGatewayServiceLocator() {
        return this.gsl;
    }

    @Override // org.josso.agent.SSOAgent
    public SSOSessionManagerService getSSOSessionManager() {
        return getSSOSessionManager(null);
    }

    @Override // org.josso.agent.SSOAgent
    public SSOSessionManagerService getSSOSessionManager(String str) {
        NodeServices nodeServices;
        return (str == null || (nodeServices = this.servicesByNode.get(str)) == null || nodeServices.getSm() == null) ? this.smDefault : nodeServices.getSm();
    }

    @Override // org.josso.agent.SSOAgent
    public SSOIdentityManagerService getSSOIdentityManager() {
        return getSSOIdentityManager(null);
    }

    @Override // org.josso.agent.SSOAgent
    public SSOIdentityManagerService getSSOIdentityManager(String str) {
        NodeServices nodeServices;
        return (str == null || (nodeServices = this.servicesByNode.get(str)) == null || nodeServices.getIm() == null) ? this.imDefault : nodeServices.getIm();
    }

    @Override // org.josso.agent.SSOAgent
    public SSOIdentityProviderService getSSOIdentityProvider() {
        return getSSOIdentityProvider(null);
    }

    @Override // org.josso.agent.SSOAgent
    public SSOIdentityProviderService getSSOIdentityProvider(String str) {
        NodeServices nodeServices;
        return (str == null || (nodeServices = this.servicesByNode.get(str)) == null || nodeServices.getIp() == null) ? this.ipDefault : nodeServices.getIp();
    }

    public Map<String, GatewayServiceLocator> getGatewayServiceLocators() {
        return this.gslsByNode;
    }

    public void setGatewayServiceLocators(Map<String, GatewayServiceLocator> map) {
        this.gslsByNode = map;
    }

    public void setGatewayLoginUrl(String str) {
        this._gatewayLoginUrl = str;
    }

    public String getGatewayLoginUrl() {
        return this._gatewayLoginUrl;
    }

    public String getGatewayLoginErrorUrl() {
        return this._gatewayLoginErrorUrl;
    }

    public void setGatewayLoginErrorUrl(String str) {
        log("gatewayLoginErrorUrl is no longer supported, modify your agent config.  Check customLoginUrl in JOSSO Gwy config for alternatives.");
        this._gatewayLoginErrorUrl = str;
    }

    public void setGatewayLogoutUrl(String str) {
        this._gatewayLogoutUrl = str;
    }

    public String getGatewayLogoutUrl() {
        return this._gatewayLogoutUrl;
    }

    public void setSessionAccessMinInterval(String str) {
        setSessionAccessMinInterval(Long.parseLong(str));
    }

    public long getSessionAccessMinInterval() {
        return this._sessionAccessMinInterval;
    }

    public void setSessionAccessMinInterval(long j) {
        this._sessionAccessMinInterval = j;
    }

    public String getSinglePointOfAccess() {
        return this._singlePointOfAccess;
    }

    public void setSinglePointOfAccess(String str) {
        this._singlePointOfAccess = str;
    }

    @Override // org.josso.agent.SSOAgent
    public boolean isPartnerApp(String str, String str2) {
        return getPartnerAppConfig(str, str2) != null;
    }

    public SSOPartnerAppConfig getPartnerAppConfig(String str, String str2) {
        List<SSOPartnerAppConfig> ssoPartnerApps = this._cfg.getSsoPartnerApps();
        if (str2 == null || "".equals(str2)) {
            str2 = "/";
        }
        for (SSOPartnerAppConfig sSOPartnerAppConfig : ssoPartnerApps) {
            if (sSOPartnerAppConfig.getVhost() == null || sSOPartnerAppConfig.getVhost().equals(str)) {
                if (str2.equals(sSOPartnerAppConfig.getContext())) {
                    return sSOPartnerAppConfig;
                }
            }
        }
        log("No partner application configured for '" + str + "' and '" + str2 + "'");
        return null;
    }

    @Override // org.josso.agent.SSOAgent
    public void start() {
        try {
            this.smDefault = this.gsl.getSSOSessionManager();
            this.imDefault = this.gsl.getSSOIdentityManager();
            this.ipDefault = this.gsl.getSSOIdentityProvider();
            for (String str : this.gslsByNode.keySet()) {
                NodeServices nodeServices = new NodeServices(str, this.gslsByNode.get(str));
                nodeServices.start();
                this.servicesByNode.put(str, nodeServices);
            }
            for (SSOPartnerAppConfig sSOPartnerAppConfig : this._cfg.getSsoPartnerApps()) {
                if (sSOPartnerAppConfig.getId() == null) {
                    log("ERROR! You should define an ID for partner application " + sSOPartnerAppConfig.getContext());
                }
                sSOPartnerAppConfig.getIdentityProviderService();
                sSOPartnerAppConfig.getIdentityManagerService();
                sSOPartnerAppConfig.getSessionManagerService();
            }
            if (this.debug > 0) {
                log("Agent Started");
            }
        } catch (Exception e) {
            log("Can't create session/identity/provider managers : \n" + e.getMessage(), e);
        }
    }

    @Override // org.josso.agent.SSOAgent
    public final SingleSignOnEntry processRequest(SSOAgentRequest sSOAgentRequest) {
        try {
            _currentRequest.set(sSOAgentRequest);
            SingleSignOnEntry execute = execute(sSOAgentRequest);
            _currentRequest.remove();
            return execute;
        } catch (Throwable th) {
            _currentRequest.remove();
            throw th;
        }
    }

    protected SingleSignOnEntry execute(SSOAgentRequest sSOAgentRequest) {
        try {
            this._requestCount++;
            int action = sSOAgentRequest.getAction();
            String sessionId = sSOAgentRequest.getSessionId();
            LocalSession localSession = sSOAgentRequest.getLocalSession();
            if (action == 3) {
                try {
                    accessSession(sSOAgentRequest.getConfig(this), sSOAgentRequest.getRequester(), sessionId, sSOAgentRequest.getNodeId());
                    return null;
                } catch (SSOSessionException e) {
                    throw new FatalSSOSessionException("Assertion error for session : " + sessionId, e);
                }
            }
            if (action == 4) {
                sendCustomAuthentication(sSOAgentRequest);
                return null;
            }
            if (action == 2) {
                sessionId = resolveAssertion(sSOAgentRequest.getConfig(this), sSOAgentRequest.getRequester(), sSOAgentRequest.getAssertionId(), sSOAgentRequest.getNodeId());
                sSOAgentRequest.setSessionId(sessionId);
            }
            if (this.debug > 0) {
                log("Checking for cached principal for " + sessionId);
            }
            SingleSignOnEntry lookup = lookup(sessionId);
            if (lookup != null) {
                if (this.debug > 0) {
                    log(" Found cached principal '" + lookup.principal.getName() + "' with auth type '" + lookup.authType + "'");
                }
                this._l1CacheHits++;
                SingleSignOnEntry accessSession = accessSession(sSOAgentRequest.getConfig(this), sSOAgentRequest.getRequester(), lookup, sessionId, sSOAgentRequest.getNodeId());
                if (accessSession != null) {
                    if (isAuthenticationAlwaysRequired()) {
                        Principal authenticate = authenticate(sSOAgentRequest);
                        if (this.debug > 0) {
                            log("Updating Principal information");
                        }
                        accessSession.updatePrincipal(authenticate);
                    }
                    propagateSecurityContext(sSOAgentRequest, accessSession.principal);
                }
                return accessSession;
            }
            localSession.addSessionListener(this);
            associateLocalSession(sessionId, localSession);
            Principal authenticate2 = authenticate(sSOAgentRequest);
            if (authenticate2 == null) {
                if (this.debug <= 0) {
                    return null;
                }
                log("There is no associated principal for SSO Session '" + sessionId + "'");
                return null;
            }
            if (this.debug > 0) {
                log("Principal checked for SSO Session '" + sessionId + "' : " + authenticate2);
            }
            register(sessionId, authenticate2, "JOSSO");
            SingleSignOnEntry accessSession2 = accessSession(sSOAgentRequest.getConfig(this), sSOAgentRequest.getRequester(), lookup(sessionId), sessionId, sSOAgentRequest.getNodeId());
            if (accessSession2 != null) {
                propagateSecurityContext(sSOAgentRequest, accessSession2.principal);
            }
            return accessSession2;
        } catch (Exception e2) {
            log("Error processing JOSSO Agent request : " + e2.getMessage());
            if (this.debug <= 0) {
                return null;
            }
            log("Exception recieved while processing JOSSO Agent request : " + e2.getMessage(), e2);
            return null;
        }
    }

    protected void propagateSecurityContext(SSOAgentRequest sSOAgentRequest, Principal principal) {
        throw new UnsupportedOperationException("No support for alternative mechanisms for security context propagation");
    }

    protected String resolveAssertion(SSOPartnerAppConfig sSOPartnerAppConfig, String str, String str2, String str3) {
        String resolveAuthenticationAssertion;
        try {
            if (this.debug > 0) {
                log("Dereferencing assertion for id '" + str2 + "'");
            }
            SSOIdentityProviderService identityProviderService = sSOPartnerAppConfig.getIdentityProviderService();
            if (identityProviderService == null) {
                identityProviderService = getSSOIdentityProvider(str3);
            }
            if (str3 == null || "".equals(str3)) {
                resolveAuthenticationAssertion = identityProviderService.resolveAuthenticationAssertion(str, str2);
            } else {
                NodeServices nodeServices = this.servicesByNode.get(str3);
                resolveAuthenticationAssertion = nodeServices != null ? nodeServices.getIp().resolveAuthenticationAssertion(str, str2) : identityProviderService.resolveAuthenticationAssertion(str, str2);
            }
            if (this.debug > 0) {
                log("Dereferencing assertion for id '" + str2 + "' as SSO Session '" + resolveAuthenticationAssertion + "'");
            }
            return resolveAuthenticationAssertion;
        } catch (AssertionNotValidException e) {
            if (this.debug <= 0) {
                return null;
            }
            log("Invalid Assertion");
            return null;
        } catch (Exception e2) {
            log(e2.getMessage() != null ? e2.getMessage() : e2.toString(), e2);
            return null;
        }
    }

    protected SingleSignOnEntry accessSession(SSOPartnerAppConfig sSOPartnerAppConfig, String str, SingleSignOnEntry singleSignOnEntry, String str2, String str3) {
        if (singleSignOnEntry == null) {
            return singleSignOnEntry;
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - singleSignOnEntry.lastAccessTime < getSessionAccessMinInterval()) {
            this._l2CacheHits++;
            return singleSignOnEntry;
        }
        try {
            if (this.debug > 0) {
                log("Notifying keep-alive event for session '" + str2 + "'");
            }
            SSOSessionManagerService sessionManagerService = sSOPartnerAppConfig.getSessionManagerService();
            if (sessionManagerService == null) {
                sessionManagerService = getSSOSessionManager(str3);
            }
            if (str3 == null || "".equals(str3)) {
                if (this.debug > 0) {
                    log("Using default services, no node found");
                }
                sessionManagerService.accessSession(str, str2);
            } else {
                NodeServices nodeServices = this.servicesByNode.get(str3);
                if (nodeServices != null) {
                    if (this.debug > 0) {
                        log("Using services for node : " + str3);
                    }
                    nodeServices.getSm().accessSession(str, str2);
                } else {
                    if (this.debug > 0) {
                        log("Using default services for node : " + str3);
                    }
                    sessionManagerService.accessSession(str, str2);
                }
            }
            singleSignOnEntry.lastAccessTime = currentTimeMillis;
            return singleSignOnEntry;
        } catch (NoSuchSessionException e) {
            if (this.debug > 0) {
                log("SSO Session is no longer valid");
            }
            deregister(singleSignOnEntry.ssoId);
            return null;
        } catch (Exception e2) {
            log(e2.getMessage() != null ? e2.getMessage() : e2.toString(), e2);
            deregister(singleSignOnEntry.ssoId);
            return null;
        }
    }

    protected void accessSession(SSOPartnerAppConfig sSOPartnerAppConfig, String str, String str2, String str3) throws SSOSessionException {
        try {
            if (this.debug > 0) {
                log("Notifying keep-alive event for session '" + str2 + "'");
            }
            SSOSessionManagerService sessionManagerService = sSOPartnerAppConfig.getSessionManagerService();
            if (sessionManagerService == null) {
                sessionManagerService = getSSOSessionManager(str3);
            }
            sessionManagerService.accessSession(str, str2);
        } catch (Exception e) {
            log(e.getMessage() != null ? e.getMessage() : e.toString(), e);
            throw new SSOSessionException(e.getMessage() != null ? e.getMessage() : e.toString(), e);
        } catch (NoSuchSessionException e2) {
            if (this.debug > 0) {
                log("SSO Session is no longer valid");
            }
            throw e2;
        }
    }

    protected abstract void sendCustomAuthentication(SSOAgentRequest sSOAgentRequest) throws IOException;

    protected abstract Principal authenticate(SSOAgentRequest sSOAgentRequest);

    protected abstract boolean isAuthenticationAlwaysRequired();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract void log(String str);

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract void log(String str, Throwable th);

    @Override // org.josso.agent.SSOAgent
    public void stop() {
        if (this.debug > 0) {
            log("Agent Stopped");
        }
    }

    @Override // org.josso.agent.LocalSessionListener
    public void localSessionEvent(LocalSessionEvent localSessionEvent) {
        if (LocalSession.LOCAL_SESSION_DESTROYED_EVENT.equals(localSessionEvent.getType())) {
            LocalSession localSession = localSessionEvent.getLocalSession();
            if (this.debug > 0) {
                log("Local session destroyed on " + localSession);
            }
            localSessionDestroyedEvent(localSession);
        }
    }

    @Override // org.josso.agent.SSOAgent
    public void setConfiguration(SSOAgentConfiguration sSOAgentConfiguration) {
        this._cfg = sSOAgentConfiguration;
    }

    @Override // org.josso.agent.SSOAgent
    public SSOAgentConfiguration getConfiguration() {
        return this._cfg;
    }

    protected void localSessionDestroyedEvent(LocalSession localSession) {
        String remove;
        synchronized (this.reverse) {
            remove = this.reverse.remove(localSession);
        }
        if (remove == null) {
            return;
        }
        deregister(remove);
    }

    protected void associateLocalSession(String str, LocalSession localSession) {
        SingleSignOnEntry lookup = lookup(str);
        if (lookup != null) {
            lookup.addSession(localSession);
        }
        synchronized (this.reverse) {
            this.reverse.put(localSession, str);
        }
    }

    protected void deregister(String str) {
        synchronized (this.cache) {
            this.cache.remove(str);
        }
    }

    protected void register(String str, Principal principal, String str2) {
        synchronized (this.cache) {
            this.cache.put(str, new SingleSignOnEntry(str, principal, str2));
        }
    }

    protected SingleSignOnEntry lookup(String str) {
        SingleSignOnEntry singleSignOnEntry;
        synchronized (this.cache) {
            singleSignOnEntry = this.cache.get(str);
        }
        return singleSignOnEntry;
    }

    public int getDebug() {
        return this.debug;
    }

    public void setDebug(int i) {
        this.debug = i;
    }

    public long getRequestCount() {
        return this._requestCount;
    }

    public long getL1CacheHits() {
        return this._l1CacheHits;
    }

    public long getL2CacheHits() {
        return this._l2CacheHits;
    }

    public boolean isStateOnClient() {
        return this._isStateOnClient;
    }

    public void setIsStateOnClient(boolean z) {
        this._isStateOnClient = z;
    }

    public void setStateOnClient(boolean z) {
        this._isStateOnClient = z;
    }
}
