package org.opensaml.storage.impl.client;

import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.KeyException;
import java.util.HashMap;
import java.util.Map;
import java.util.TimerTask;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.json.Json;
import javax.json.JsonException;
import javax.json.JsonObject;
import javax.json.JsonValue;
import javax.json.stream.JsonGenerator;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import net.shibboleth.utilities.java.support.annotation.constraint.Live;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.net.CookieManager;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.security.DataExpiredException;
import net.shibboleth.utilities.java.support.security.DataSealer;
import net.shibboleth.utilities.java.support.security.DataSealerException;
import net.shibboleth.utilities.java.support.security.DataSealerKeyStrategy;
import org.opensaml.storage.AbstractMapBackedStorageService;
import org.opensaml.storage.MutableStorageRecord;
import org.opensaml.storage.StorageCapabilitiesEx;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opensaml/storage/impl/client/ClientStorageService.class */
public class ClientStorageService extends AbstractMapBackedStorageService implements Filter, StorageCapabilitiesEx {

    @Nonnull
    protected static final String LOCK_ATTRIBUTE = "org.opensaml.storage.impl.client.ClientStorageService.lock";

    @Nonnull
    protected static final String STORAGE_ATTRIBUTE = "org.opensaml.storage.impl.client.ClientStorageService.store";

    @NotEmpty
    @Nonnull
    private static final String DEFAULT_STORAGE_NAME = "shib_idp_client_ss";

    @NonnullAfterInit
    private HttpServletRequest httpServletRequest;

    @NonnullAfterInit
    private CookieManager cookieManager;

    @NonnullAfterInit
    private DataSealer dataSealer;

    @Nullable
    private DataSealerKeyStrategy keyStrategy;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ClientStorageService.class);

    @NotEmpty
    @Nonnull
    private String storageName = DEFAULT_STORAGE_NAME;

    @NotEmpty
    @Nonnull
    private Map<ClientStorageSource, Integer> capabilityMap = new HashMap(2);

    /* loaded from: input_file:org/opensaml/storage/impl/client/ClientStorageService$ClientStorageServiceStore.class */
    public class ClientStorageServiceStore {

        @NonnullElements
        @Nonnull
        private final Map<String, Map<String, MutableStorageRecord>> contextMap = new HashMap();

        @Nonnull
        private final ClientStorageSource source;
        private boolean dirty;

        /* JADX WARN: Multi-variable type inference failed */
        ClientStorageServiceStore(@NotEmpty @Nullable String str, @Nonnull ClientStorageSource clientStorageSource) {
            this.source = (ClientStorageSource) Constraint.isNotNull(clientStorageSource, "Data source cannot be null");
            if (str == null) {
                return;
            }
            try {
                JsonObject read = Json.createReader(new StringReader(str)).read();
                if (!(read instanceof JsonObject)) {
                    throw new JsonException("Found invalid data structure while parsing context map");
                }
                for (Map.Entry entry : read.entrySet()) {
                    if (((JsonValue) entry.getValue()).getValueType() != JsonValue.ValueType.OBJECT) {
                        throw new JsonException("Found invalid data structure while parsing context map");
                    }
                    Map<String, MutableStorageRecord> map = this.contextMap.get(entry);
                    if (map == null) {
                        map = new HashMap();
                        this.contextMap.put(entry.getKey(), map);
                    }
                    for (Map.Entry entry2 : ((JsonObject) entry.getValue()).entrySet()) {
                        JsonObject jsonObject = (JsonObject) entry2.getValue();
                        Long l = null;
                        if (jsonObject.containsKey("x")) {
                            l = Long.valueOf(jsonObject.getJsonNumber("x").longValueExact());
                        }
                        map.put(entry2.getKey(), new MutableStorageRecord(jsonObject.getString("v"), l));
                    }
                }
                setDirty(false);
            } catch (ArithmeticException | ClassCastException | NullPointerException | JsonException e) {
                this.contextMap.clear();
                setDirty(true);
                ClientStorageService.this.log.error("{} Found invalid data structure while parsing context map", ClientStorageService.this.getLogPrefix(), e);
            }
        }

        @NonnullElements
        @Live
        @Nonnull
        Map<String, Map<String, MutableStorageRecord>> getContextMap() {
            return this.contextMap;
        }

        @Nonnull
        public ClientStorageSource getSource() {
            return this.source;
        }

        boolean isDirty() {
            return this.dirty;
        }

        void setDirty(boolean z) {
            this.dirty = z;
        }

        @Nullable
        ClientStorageServiceOperation save() throws IOException {
            if (!isDirty()) {
                ClientStorageService.this.log.trace("{} Storage state has not been modified, save operation skipped", ClientStorageService.this.getLogPrefix());
                return null;
            }
            if (this.contextMap.isEmpty()) {
                ClientStorageService.this.log.trace("{} Data is empty", ClientStorageService.this.getLogPrefix());
                return new ClientStorageServiceOperation(ClientStorageService.this.getId(), ClientStorageService.this.getStorageName(), null, this.source);
            }
            long j = 0;
            long currentTimeMillis = System.currentTimeMillis();
            boolean z = true;
            try {
                StringWriter stringWriter = new StringWriter(128);
                JsonGenerator createGenerator = Json.createGenerator(stringWriter);
                createGenerator.writeStartObject();
                for (Map.Entry<String, Map<String, MutableStorageRecord>> entry : this.contextMap.entrySet()) {
                    if (!entry.getValue().isEmpty()) {
                        createGenerator.writeStartObject(entry.getKey());
                        for (Map.Entry<String, MutableStorageRecord> entry2 : entry.getValue().entrySet()) {
                            MutableStorageRecord value = entry2.getValue();
                            Long expiration = value.getExpiration();
                            if (expiration == null || expiration.longValue() > currentTimeMillis) {
                                z = false;
                                createGenerator.writeStartObject(entry2.getKey()).write("v", value.getValue());
                                if (expiration != null) {
                                    createGenerator.write("x", value.getExpiration().longValue());
                                    j = Math.max(j, expiration.longValue());
                                }
                                createGenerator.writeEnd();
                            }
                        }
                        createGenerator.writeEnd();
                    }
                }
                createGenerator.writeEnd().close();
                if (z) {
                    ClientStorageService.this.log.trace("{} Data is empty", ClientStorageService.this.getLogPrefix());
                    return new ClientStorageServiceOperation(ClientStorageService.this.getId(), ClientStorageService.this.getStorageName(), null, this.source);
                }
                String stringWriter2 = stringWriter.toString();
                ClientStorageService.this.log.trace("{} Size of data before encryption is {}", ClientStorageService.this.getLogPrefix(), Integer.valueOf(stringWriter2.length()));
                ClientStorageService.this.log.trace("{} Data before encryption is {}", ClientStorageService.this.getLogPrefix(), stringWriter2);
                try {
                    String wrap = ClientStorageService.this.dataSealer.wrap(stringWriter2, j > 0 ? j : System.currentTimeMillis() + 86400000);
                    ClientStorageService.this.log.trace("{} Size of data after encryption is {}", ClientStorageService.this.getLogPrefix(), Integer.valueOf(wrap.length()));
                    setDirty(false);
                    return new ClientStorageServiceOperation(ClientStorageService.this.getId(), ClientStorageService.this.getStorageName(), wrap, this.source);
                } catch (DataSealerException e) {
                    throw new IOException(e);
                }
            } catch (JsonException e2) {
                throw new IOException((Throwable) e2);
            }
        }
    }

    /* loaded from: input_file:org/opensaml/storage/impl/client/ClientStorageService$ClientStorageSource.class */
    public enum ClientStorageSource {
        COOKIE,
        HTML_LOCAL_STORAGE
    }

    public ClientStorageService() {
        this.capabilityMap.put(ClientStorageSource.COOKIE, 4096);
        this.capabilityMap.put(ClientStorageSource.HTML_LOCAL_STORAGE, 1048576);
    }

    @Override // org.opensaml.storage.AbstractStorageService
    public synchronized void setCleanupInterval(long j) {
        super.setCleanupInterval(0L);
    }

    public void setCapabilityMap(@NonnullElements @Nonnull Map<ClientStorageSource, Integer> map) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        Constraint.isNotNull(map, "Capability map cannot be null");
        for (Map.Entry<ClientStorageSource, Integer> entry : map.entrySet()) {
            if (entry.getKey() != null && entry.getValue() != null) {
                this.capabilityMap.put(entry.getKey(), entry.getValue());
            }
        }
    }

    @Override // org.opensaml.storage.StorageCapabilitiesEx
    public boolean isServerSide() {
        return false;
    }

    @Override // org.opensaml.storage.StorageCapabilitiesEx
    public boolean isClustered() {
        return true;
    }

    public void setHttpServletRequest(@Nonnull HttpServletRequest httpServletRequest) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.httpServletRequest = (HttpServletRequest) Constraint.isNotNull(httpServletRequest, "HttpServletRequest cannot be null");
    }

    @NonnullAfterInit
    public CookieManager getCookieManager() {
        return this.cookieManager;
    }

    public void setCookieManager(@Nonnull CookieManager cookieManager) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.cookieManager = (CookieManager) Constraint.isNotNull(cookieManager, "CookieManager cannot be null");
    }

    @NotEmpty
    @Nonnull
    public String getStorageName() {
        return this.storageName;
    }

    public void setStorageName(@NotEmpty @Nonnull String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.storageName = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Storage name cannot be null or empty");
    }

    public void setDataSealer(@Nonnull DataSealer dataSealer) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.dataSealer = (DataSealer) Constraint.isNotNull(dataSealer, "DataSealer cannot be null");
    }

    public void setKeyStrategy(@Nullable DataSealerKeyStrategy dataSealerKeyStrategy) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.keyStrategy = dataSealerKeyStrategy;
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        filterChain.doFilter(servletRequest, servletResponse);
    }

    @Override // org.opensaml.storage.AbstractStorageService, org.opensaml.storage.StorageCapabilities
    public int getContextSize() {
        return this.capabilityMap.get(getSource()).intValue();
    }

    @Override // org.opensaml.storage.AbstractStorageService, org.opensaml.storage.StorageCapabilities
    public int getKeySize() {
        return this.capabilityMap.get(getSource()).intValue();
    }

    @Override // org.opensaml.storage.AbstractStorageService, org.opensaml.storage.StorageCapabilities
    public long getValueSize() {
        return this.capabilityMap.get(getSource()).intValue();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.storage.AbstractStorageService, net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent, net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.httpServletRequest == null) {
            throw new ComponentInitializationException("HttpServletRequest must be set");
        }
        if (this.dataSealer == null || this.cookieManager == null) {
            throw new ComponentInitializationException("DataSealer and CookieManager must be set");
        }
    }

    @Override // org.opensaml.storage.AbstractStorageService
    @Nullable
    protected TimerTask getCleanupTask() {
        return null;
    }

    @Override // org.opensaml.storage.AbstractMapBackedStorageService
    @Nonnull
    protected ReadWriteLock getLock() {
        HttpSession httpSession = (HttpSession) Constraint.isNotNull(this.httpServletRequest.getSession(), "HttpSession cannot be null");
        Object attribute = httpSession.getAttribute("org.opensaml.storage.impl.client.ClientStorageService.lock." + this.storageName);
        if (attribute == null || !(attribute instanceof ReadWriteLock)) {
            synchronized (this) {
                attribute = httpSession.getAttribute("org.opensaml.storage.impl.client.ClientStorageService.lock." + this.storageName);
                if (attribute == null) {
                    attribute = new ReentrantReadWriteLock();
                    httpSession.setAttribute("org.opensaml.storage.impl.client.ClientStorageService.lock." + this.storageName, attribute);
                }
            }
        }
        return (ReadWriteLock) attribute;
    }

    @Override // org.opensaml.storage.AbstractMapBackedStorageService
    @NonnullElements
    @Live
    @Nonnull
    protected Map<String, Map<String, MutableStorageRecord>> getContextMap() {
        return ((ClientStorageServiceStore) Constraint.isNotNull(((HttpSession) Constraint.isNotNull(this.httpServletRequest.getSession(), "HttpSession cannot be null")).getAttribute("org.opensaml.storage.impl.client.ClientStorageService.store." + this.storageName), "Storage object was not present in session")).getContextMap();
    }

    @Override // org.opensaml.storage.AbstractMapBackedStorageService
    protected void setDirty() {
        Object attribute = ((HttpSession) Constraint.isNotNull(this.httpServletRequest.getSession(), "HttpSession cannot be null")).getAttribute("org.opensaml.storage.impl.client.ClientStorageService.store." + this.storageName);
        if (attribute == null || !(attribute instanceof ClientStorageServiceStore)) {
            return;
        }
        ((ClientStorageServiceStore) attribute).setDirty(true);
    }

    @Nonnull
    ClientStorageSource getSource() {
        Lock readLock = getLock().readLock();
        try {
            readLock.lock();
            Object attribute = ((HttpSession) Constraint.isNotNull(this.httpServletRequest.getSession(), "HttpSession cannot be null")).getAttribute("org.opensaml.storage.impl.client.ClientStorageService.store." + this.storageName);
            if (attribute == null || !(attribute instanceof ClientStorageServiceStore)) {
                ClientStorageSource clientStorageSource = ClientStorageSource.COOKIE;
                readLock.unlock();
                return clientStorageSource;
            }
            ClientStorageSource source = ((ClientStorageServiceStore) attribute).getSource();
            readLock.unlock();
            return source;
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isLoaded() {
        Lock readLock = getLock().readLock();
        try {
            readLock.lock();
            boolean z = ((HttpSession) Constraint.isNotNull(this.httpServletRequest.getSession(), "HttpSession cannot be null")).getAttribute("org.opensaml.storage.impl.client.ClientStorageService.store." + this.storageName) instanceof ClientStorageServiceStore;
            readLock.unlock();
            return z;
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void load(@NotEmpty @Nullable String str, @Nonnull ClientStorageSource clientStorageSource) {
        ClientStorageServiceStore clientStorageServiceStore;
        if (str != null) {
            this.log.trace("{} Loading storage state into session", getLogPrefix());
            try {
                StringBuffer stringBuffer = new StringBuffer();
                String unwrap = this.dataSealer.unwrap(str, stringBuffer);
                this.log.trace("{} Data after decryption: {}", getLogPrefix(), unwrap);
                clientStorageServiceStore = new ClientStorageServiceStore(unwrap, clientStorageSource);
                if (this.keyStrategy != null) {
                    try {
                        if (!this.keyStrategy.getDefaultKey().getFirst().equals(stringBuffer.toString())) {
                            clientStorageServiceStore.setDirty(true);
                        }
                    } catch (KeyException e) {
                        this.log.error("{} Exception while accessing default key during stale key detection", getLogPrefix(), e);
                    }
                }
                this.log.debug("{} Successfully decrypted and loaded storage state from client", getLogPrefix());
            } catch (DataExpiredException e2) {
                this.log.debug("{} Secured data or key has expired", getLogPrefix());
                clientStorageServiceStore = new ClientStorageServiceStore(null, clientStorageSource);
                clientStorageServiceStore.setDirty(true);
            } catch (DataSealerException e3) {
                this.log.error("{} Exception unwrapping secured data", getLogPrefix(), e3);
                clientStorageServiceStore = new ClientStorageServiceStore(null, clientStorageSource);
                clientStorageServiceStore.setDirty(true);
            }
        } else {
            this.log.trace("{} Initializing empty storage state into session", getLogPrefix());
            clientStorageServiceStore = new ClientStorageServiceStore(null, clientStorageSource);
        }
        Lock writeLock = getLock().writeLock();
        try {
            writeLock.lock();
            ((HttpSession) Constraint.isNotNull(this.httpServletRequest.getSession(), "HttpSession cannot be null")).setAttribute("org.opensaml.storage.impl.client.ClientStorageService.store." + this.storageName, clientStorageServiceStore);
            writeLock.unlock();
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nullable
    public ClientStorageServiceOperation save() {
        this.log.trace("{} Preserving storage state from session", getLogPrefix());
        Lock writeLock = getLock().writeLock();
        try {
            writeLock.lock();
            Object attribute = ((HttpSession) Constraint.isNotNull(this.httpServletRequest.getSession(), "HttpSession cannot be null")).getAttribute("org.opensaml.storage.impl.client.ClientStorageService.store." + this.storageName);
            if (attribute == null || !(attribute instanceof ClientStorageServiceStore)) {
                this.log.error("{} No storage object found in session", getLogPrefix());
                writeLock.unlock();
                return null;
            }
            try {
                ClientStorageServiceOperation save = ((ClientStorageServiceStore) attribute).save();
                writeLock.unlock();
                return save;
            } catch (IOException e) {
                this.log.error("{} Error while serializing storage data", getLogPrefix(), e);
                writeLock.unlock();
                return null;
            }
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @NotEmpty
    @Nonnull
    public String getLogPrefix() {
        return "StorageService " + getId() + ":";
    }
}
