package net.sf.acegisecurity.providers;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpSession;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationTrustResolver;
import net.sf.acegisecurity.AuthenticationTrustResolverImpl;
import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.ui.WebAuthenticationDetails;
import net.sf.acegisecurity.ui.session.HttpSessionDestroyedEvent;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener;

/* loaded from: input_file:net/sf/acegisecurity/providers/ConcurrentSessionControllerImpl.class */
public class ConcurrentSessionControllerImpl implements ConcurrentSessionController, ApplicationListener, ApplicationContextAware {
    private ApplicationContext applicationContext;
    protected Map principalsToSessions = new HashMap();
    protected Map sessionsToPrincipals = new HashMap();
    protected Set sessionSet = new HashSet();
    private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
    private int maxSessions = 1;

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }

    public ApplicationContext getApplicationContext() {
        return this.applicationContext;
    }

    public void setMaxSessions(int i) {
        this.maxSessions = i;
    }

    public int getMaxSessions() {
        return this.maxSessions;
    }

    public void setTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
        this.trustResolver = authenticationTrustResolver;
    }

    public AuthenticationTrustResolver getTrustResolver() {
        return this.trustResolver;
    }

    @Override // net.sf.acegisecurity.providers.ConcurrentSessionController
    public void afterAuthentication(Authentication authentication, Authentication authentication2) throws ConcurrentLoginException {
        enforceConcurrentLogins(authentication2);
        if (authentication.getDetails() instanceof WebAuthenticationDetails) {
            addSession(determineSessionPrincipal(authentication2), ((WebAuthenticationDetails) authentication.getDetails()).getSessionId());
        }
    }

    @Override // net.sf.acegisecurity.providers.ConcurrentSessionController
    public void beforeAuthentication(Authentication authentication) throws ConcurrentLoginException {
        enforceConcurrentLogins(authentication);
    }

    public void onApplicationEvent(ApplicationEvent applicationEvent) {
        if (applicationEvent instanceof HttpSessionDestroyedEvent) {
            removeSession(((HttpSession) applicationEvent.getSource()).getId());
        }
    }

    protected boolean isActiveSession(Object obj, String str) {
        Set set = (Set) this.principalsToSessions.get(obj);
        if (set == null) {
            return false;
        }
        return set.contains(str);
    }

    protected void addSession(Object obj, String str) {
        Set set = (Set) this.principalsToSessions.get(obj);
        if (set == null) {
            set = new HashSet();
            this.principalsToSessions.put(obj, set);
        }
        set.add(str);
        this.sessionsToPrincipals.put(str, obj);
    }

    protected int countSessions(Object obj) {
        Set set = (Set) this.principalsToSessions.get(obj);
        if (set == null) {
            return 0;
        }
        return set.size();
    }

    protected Object determineSessionPrincipal(Authentication authentication) {
        return authentication.getPrincipal() instanceof UserDetails ? ((UserDetails) authentication.getPrincipal()).getUsername() : authentication.getPrincipal().toString();
    }

    protected void enforceConcurrentLogins(Authentication authentication) throws ConcurrentLoginException {
        if (this.maxSessions >= 1 && !this.trustResolver.isAnonymous(authentication) && (authentication.getDetails() instanceof WebAuthenticationDetails)) {
            String sessionId = ((WebAuthenticationDetails) authentication.getDetails()).getSessionId();
            Object determineSessionPrincipal = determineSessionPrincipal(authentication);
            if (isActiveSession(determineSessionPrincipal, sessionId) || this.maxSessions != countSessions(determineSessionPrincipal)) {
                return;
            }
            publishViolationEvent(authentication);
            throw new ConcurrentLoginException(new StringBuffer().append(determineSessionPrincipal).append(" has reached the maximum concurrent logins").toString());
        }
    }

    protected void publishViolationEvent(Authentication authentication) {
        getApplicationContext().publishEvent(new ConcurrentSessionViolationEvent(authentication));
    }

    protected void removeSession(String str) {
        Object obj = this.sessionsToPrincipals.get(str);
        if (obj != null) {
            Set set = (Set) this.principalsToSessions.get(obj);
            set.remove(str);
            if (set.isEmpty()) {
                this.principalsToSessions.remove(obj);
            }
            this.sessionsToPrincipals.remove(str);
        }
    }
}
