package org.josso.agent;

import java.io.IOException;
import java.security.Principal;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.josso.gateway.GatewayServiceLocator;
import org.josso.gateway.assertion.exceptions.AssertionNotValidException;
import org.josso.gateway.identity.service.SSOIdentityManagerService;
import org.josso.gateway.identity.service.SSOIdentityProviderService;
import org.josso.gateway.session.exceptions.FatalSSOSessionException;
import org.josso.gateway.session.exceptions.NoSuchSessionException;
import org.josso.gateway.session.exceptions.SSOSessionException;
import org.josso.gateway.session.service.SSOSessionManagerService;

/* loaded from: input_file:WEB-INF/lib/josso-agent-j14compat-1.8.9-SNAPSHOT.jar:org/josso/agent/AbstractSSOAgent.class */
public abstract class AbstractSSOAgent implements SSOAgent {
    public static final long DEFAULT_SESSION_ACCESS_MIN_INTERVAL = 1000;
    public static final ThreadLocal _currentRequest = new ThreadLocal();
    protected GatewayServiceLocator gsl;
    protected SSOSessionManagerService sm;
    protected SSOIdentityManagerService im;
    protected SSOIdentityProviderService ip;
    protected SSOAgentConfiguration _cfg;
    private String _gatewayLoginUrl;
    private String _gatewayLogoutUrl;
    private String _gatewayLoginErrorUrl;
    private String _singlePointOfAccess;
    private long _requestCount;
    private long _l1CacheHits;
    private long _l2CacheHits;
    protected final Map cache = new HashMap();
    protected final Map reverse = new HashMap();
    protected boolean started = false;
    protected int debug = 0;
    private long _sessionAccessMinInterval = 1000;
    private boolean _isStateOnClient = false;

    @Override // org.josso.agent.SSOAgent
    public void setGatewayServiceLocator(GatewayServiceLocator gatewayServiceLocator) {
        this.gsl = gatewayServiceLocator;
    }

    public GatewayServiceLocator getGatewayServiceLocator() {
        return this.gsl;
    }

    @Override // org.josso.agent.SSOAgent
    public SSOSessionManagerService getSSOSessionManager() {
        return this.sm;
    }

    @Override // org.josso.agent.SSOAgent
    public SSOIdentityManagerService getSSOIdentityManager() {
        return this.im;
    }

    public void setGatewayLoginUrl(String str) {
        this._gatewayLoginUrl = str;
    }

    public String getGatewayLoginUrl() {
        return this._gatewayLoginUrl;
    }

    public String getGatewayLoginErrorUrl() {
        return this._gatewayLoginErrorUrl;
    }

    public void setGatewayLoginErrorUrl(String str) {
        log("gatewayLoginErrorUrl is no longer supported, modify your agent config.  Check customLoginUrl in JOSSO Gwy config for alternatives.");
        this._gatewayLoginErrorUrl = str;
    }

    public void setGatewayLogoutUrl(String str) {
        this._gatewayLogoutUrl = str;
    }

    public String getGatewayLogoutUrl() {
        return this._gatewayLogoutUrl;
    }

    public void setSessionAccessMinInterval(String str) {
        setSessionAccessMinInterval(Long.parseLong(str));
    }

    public long getSessionAccessMinInterval() {
        return this._sessionAccessMinInterval;
    }

    public void setSessionAccessMinInterval(long j) {
        this._sessionAccessMinInterval = j;
    }

    public String getSinglePointOfAccess() {
        return this._singlePointOfAccess;
    }

    public void setSinglePointOfAccess(String str) {
        this._singlePointOfAccess = str;
    }

    @Override // org.josso.agent.SSOAgent
    public boolean isPartnerApp(String str, String str2) {
        return getPartnerAppConfig(str, str2) != null;
    }

    public SSOPartnerAppConfig getPartnerAppConfig(String str, String str2) {
        List ssoPartnerApps = this._cfg.getSsoPartnerApps();
        for (int i = 0; i < ssoPartnerApps.size(); i++) {
            SSOPartnerAppConfig sSOPartnerAppConfig = (SSOPartnerAppConfig) ssoPartnerApps.get(i);
            if ((sSOPartnerAppConfig.getVhost() == null || sSOPartnerAppConfig.getVhost().equals(str)) && str2.equals(sSOPartnerAppConfig.getContext())) {
                return sSOPartnerAppConfig;
            }
        }
        return null;
    }

    @Override // org.josso.agent.SSOAgent
    public void start() {
        try {
            this.sm = this.gsl.getSSOSessionManager();
            this.im = this.gsl.getSSOIdentityManager();
            this.ip = this.gsl.getSSOIdentityProvider();
            if (this.debug > 0) {
                log("Agent Started");
            }
        } catch (Exception e) {
            log(new StringBuffer().append("Can't create session/identity managers : \n").append(e.getMessage()).toString(), e);
        }
    }

    @Override // org.josso.agent.SSOAgent
    public final SingleSignOnEntry processRequest(SSOAgentRequest sSOAgentRequest) {
        try {
            _currentRequest.set(sSOAgentRequest);
            SingleSignOnEntry execute = execute(sSOAgentRequest);
            _currentRequest.remove();
            return execute;
        } catch (Throwable th) {
            _currentRequest.remove();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SingleSignOnEntry execute(SSOAgentRequest sSOAgentRequest) {
        try {
            this._requestCount++;
            int action = sSOAgentRequest.getAction();
            String sessionId = sSOAgentRequest.getSessionId();
            LocalSession localSession = sSOAgentRequest.getLocalSession();
            if (action == 3) {
                try {
                    accessSession(sSOAgentRequest.getRequester(), sessionId);
                    return null;
                } catch (SSOSessionException e) {
                    throw new FatalSSOSessionException(new StringBuffer().append("Assertion error for session : ").append(sessionId).toString(), e);
                }
            }
            if (action == 4) {
                sendCustomAuthentication(sSOAgentRequest);
                return null;
            }
            if (action == 2) {
                sessionId = resolveAssertion(sSOAgentRequest.getRequester(), sSOAgentRequest.getAssertionId());
                sSOAgentRequest.setSessionId(sessionId);
            }
            if (this.debug > 0) {
                log(new StringBuffer().append("Checking for cached principal for ").append(sessionId).toString());
            }
            SingleSignOnEntry lookup = lookup(sessionId);
            if (lookup != null) {
                if (this.debug > 0) {
                    log(new StringBuffer().append(" Found cached principal '").append(lookup.principal.getName()).append("' with auth type '").append(lookup.authType).append("'").toString());
                }
                this._l1CacheHits++;
                SingleSignOnEntry accessSession = accessSession(sSOAgentRequest.getRequester(), lookup, sessionId);
                if (accessSession != null) {
                    if (isAuthenticationAlwaysRequired()) {
                        Principal authenticate = authenticate(sSOAgentRequest);
                        if (this.debug > 0) {
                            log("Updating Principal information");
                        }
                        accessSession.updatePrincipal(authenticate);
                    }
                    propagateSecurityContext(sSOAgentRequest, accessSession.principal);
                }
                return accessSession;
            }
            localSession.addSessionListener(this);
            associateLocalSession(sessionId, localSession);
            Principal authenticate2 = authenticate(sSOAgentRequest);
            if (authenticate2 == null) {
                if (this.debug <= 0) {
                    return null;
                }
                log(new StringBuffer().append("There is no associated principal for SSO Session '").append(sessionId).append("'").toString());
                return null;
            }
            if (this.debug > 0) {
                log(new StringBuffer().append("Principal checked for SSO Session '").append(sessionId).append("' : ").append(authenticate2).toString());
            }
            register(sessionId, authenticate2, "JOSSO");
            SingleSignOnEntry accessSession2 = accessSession(sSOAgentRequest.getRequester(), lookup(sessionId), sessionId);
            if (accessSession2 != null) {
                propagateSecurityContext(sSOAgentRequest, accessSession2.principal);
            }
            return accessSession2;
        } catch (Exception e2) {
            log(new StringBuffer().append("Error processing JOSSO Agent request : ").append(e2.getMessage()).toString());
            if (this.debug <= 0) {
                return null;
            }
            log(new StringBuffer().append("Exception recieved while processing JOSSO Agent request : ").append(e2.getMessage()).toString(), e2);
            return null;
        }
    }

    protected void propagateSecurityContext(SSOAgentRequest sSOAgentRequest, Principal principal) {
        throw new UnsupportedOperationException("No support for alternative mechanisms for security context propagation");
    }

    protected String resolveAssertion(String str, String str2) {
        try {
            if (this.debug > 0) {
                log(new StringBuffer().append("Dereferencing assertion for id '").append(str2).append("'").toString());
            }
            return this.ip.resolveAuthenticationAssertion(str, str2);
        } catch (AssertionNotValidException e) {
            if (this.debug <= 0) {
                return null;
            }
            log("Invalid Assertion");
            return null;
        } catch (Exception e2) {
            log(e2.getMessage() != null ? e2.getMessage() : e2.toString(), e2);
            return null;
        }
    }

    protected SingleSignOnEntry accessSession(String str, SingleSignOnEntry singleSignOnEntry, String str2) {
        if (singleSignOnEntry == null) {
            return singleSignOnEntry;
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - singleSignOnEntry.lastAccessTime < getSessionAccessMinInterval()) {
            this._l2CacheHits++;
            return singleSignOnEntry;
        }
        try {
            if (this.debug > 0) {
                log(new StringBuffer().append("Notifying keep-alive event for session '").append(str2).append("'").toString());
            }
            this.sm.accessSession(str, str2);
            singleSignOnEntry.lastAccessTime = currentTimeMillis;
            return singleSignOnEntry;
        } catch (NoSuchSessionException e) {
            if (this.debug > 0) {
                log("SSO Session is no longer valid");
            }
            deregister(singleSignOnEntry.ssoId);
            return null;
        } catch (Exception e2) {
            log(e2.getMessage() != null ? e2.getMessage() : e2.toString(), e2);
            deregister(singleSignOnEntry.ssoId);
            return null;
        }
    }

    protected void accessSession(String str, String str2) throws SSOSessionException {
        try {
            if (this.debug > 0) {
                log(new StringBuffer().append("Notifying keep-alive event for session '").append(str2).append("'").toString());
            }
            this.sm.accessSession(str, str2);
        } catch (NoSuchSessionException e) {
            if (this.debug > 0) {
                log("SSO Session is no longer valid");
            }
            throw e;
        } catch (Exception e2) {
            log(e2.getMessage() != null ? e2.getMessage() : e2.toString(), e2);
            throw new SSOSessionException(e2.getMessage() != null ? e2.getMessage() : e2.toString(), e2);
        }
    }

    protected abstract void sendCustomAuthentication(SSOAgentRequest sSOAgentRequest) throws IOException;

    protected abstract Principal authenticate(SSOAgentRequest sSOAgentRequest);

    protected abstract boolean isAuthenticationAlwaysRequired();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract void log(String str);

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract void log(String str, Throwable th);

    @Override // org.josso.agent.SSOAgent
    public void stop() {
        if (this.debug > 0) {
            log("Agent Stopped");
        }
    }

    @Override // org.josso.agent.LocalSessionListener
    public void localSessionEvent(LocalSessionEvent localSessionEvent) {
        if (LocalSession.LOCAL_SESSION_DESTROYED_EVENT.equals(localSessionEvent.getType())) {
            LocalSession localSession = localSessionEvent.getLocalSession();
            if (this.debug > 0) {
                log(new StringBuffer().append("Local session destroyed on ").append(localSession).toString());
            }
            localSessionDestroyedEvent(localSession);
        }
    }

    @Override // org.josso.agent.SSOAgent
    public void setConfiguration(SSOAgentConfiguration sSOAgentConfiguration) {
        this._cfg = sSOAgentConfiguration;
    }

    @Override // org.josso.agent.SSOAgent
    public SSOAgentConfiguration getConfiguration() {
        return this._cfg;
    }

    protected void localSessionDestroyedEvent(LocalSession localSession) {
        String str;
        synchronized (this.reverse) {
            str = (String) this.reverse.get(localSession.getId());
        }
        if (str == null) {
            return;
        }
        deregister(str);
    }

    protected void associateLocalSession(String str, LocalSession localSession) {
        SingleSignOnEntry lookup = lookup(str);
        if (lookup != null) {
            lookup.addSession(localSession);
        }
        synchronized (this.reverse) {
            this.reverse.put(localSession.getId(), str);
        }
    }

    protected void deregister(String str) {
        SingleSignOnEntry singleSignOnEntry;
        synchronized (this.cache) {
            singleSignOnEntry = (SingleSignOnEntry) this.cache.remove(str);
        }
        if (singleSignOnEntry == null) {
            return;
        }
        LocalSession[] findSessions = singleSignOnEntry.findSessions();
        for (int i = 0; i < findSessions.length; i++) {
            synchronized (this.reverse) {
                this.reverse.remove(findSessions[i].getId());
            }
            findSessions[i].exipre();
        }
    }

    protected void register(String str, Principal principal, String str2) {
        synchronized (this.cache) {
            this.cache.put(str, new SingleSignOnEntry(str, principal, str2));
        }
    }

    protected SingleSignOnEntry lookup(String str) {
        SingleSignOnEntry singleSignOnEntry;
        synchronized (this.cache) {
            singleSignOnEntry = (SingleSignOnEntry) this.cache.get(str);
        }
        return singleSignOnEntry;
    }

    public int getDebug() {
        return this.debug;
    }

    public void setDebug(int i) {
        this.debug = i;
    }

    public long getRequestCount() {
        return this._requestCount;
    }

    public long getL1CacheHits() {
        return this._l1CacheHits;
    }

    public long getL2CacheHits() {
        return this._l2CacheHits;
    }

    public boolean isStateOnClient() {
        return this._isStateOnClient;
    }

    public void setIsStateOnClient(boolean z) {
        this._isStateOnClient = z;
    }
}
