package io.gravitee.am.gateway.handler.common.vertx.web.handler.impl;

import io.gravitee.am.common.exception.jwt.ExpiredJWTException;
import io.gravitee.am.common.exception.jwt.PrematureJWTException;
import io.gravitee.am.gateway.handler.common.certificate.CertificateManager;
import io.gravitee.am.gateway.handler.common.jwt.JWTService;
import io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User;
import io.gravitee.am.model.oidc.Client;
import io.gravitee.am.model.safe.ClientProperties;
import io.gravitee.am.service.UserService;
import io.reactivex.rxjava3.core.Single;
import io.vertx.core.Handler;
import io.vertx.rxjava3.core.http.Cookie;
import io.vertx.rxjava3.ext.web.RoutingContext;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import java.util.function.Predicate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.util.StringUtils;

/* loaded from: input_file:io/gravitee/am/gateway/handler/common/vertx/web/handler/impl/CookieSessionHandler.class */
public class CookieSessionHandler implements Handler<RoutingContext> {
    private static final String DEFAULT_SESSION_COOKIE_NAME = "GRAVITEE_IO_AM_SESSION";
    private static final Logger logger = LoggerFactory.getLogger(CookieSessionHandler.class);
    static final String USER_ID_KEY = "userId";
    private final JWTService jwtService;
    private final CertificateManager certificateManager;
    private final UserService userService;

    @Value("${http.cookie.session.name:GRAVITEE_IO_AM_SESSION}")
    private String cookieName;

    @Value("${http.cookie.session.timeout:1800000}")
    private long timeout;

    @Value("${http.cookie.session.persistent:true}")
    private boolean persistent;

    public CookieSessionHandler(JWTService jWTService, CertificateManager certificateManager, UserService userService) {
        this.jwtService = jWTService;
        this.certificateManager = certificateManager;
        this.userService = userService;
    }

    public CookieSessionHandler(JWTService jWTService, CertificateManager certificateManager, UserService userService, String str, long j) {
        this(jWTService, certificateManager, userService);
        this.cookieName = str;
        this.timeout = j;
    }

    public void handle(RoutingContext routingContext) {
        if (logger.isDebugEnabled()) {
            String absoluteURI = routingContext.request().absoluteURI();
            if (!absoluteURI.startsWith("https:")) {
                logger.debug("Using session cookies without https could make you susceptible to session hijacking: {}", absoluteURI);
            }
        }
        Cookie cookie = routingContext.getCookie(this.cookieName);
        CookieSession cookieSession = new CookieSession(this.jwtService, this.certificateManager, this.timeout);
        registerSession(routingContext, cookieSession);
        Single just = Single.just(cookieSession);
        if (cookie != null) {
            just = cookieSession.setValue(cookie.getValue()).flatMap(cookieSession2 -> {
                String str = (String) cookieSession2.get(USER_ID_KEY);
                return !StringUtils.isEmpty(str) ? this.userService.findById(str).doOnSuccess(user -> {
                    routingContext.getDelegate().setUser(new User(user));
                }).flatMap(user2 -> {
                    return this.userService.enhance(user2).toMaybe();
                }).map(user3 -> {
                    return cookieSession2;
                }).switchIfEmpty(cleanupSession(cookieSession2)).onErrorResumeNext(th -> {
                    return cleanupSession(cookieSession2);
                }) : Single.just(cookieSession2);
            });
        }
        Objects.requireNonNull(routingContext);
        just.doFinally(routingContext::next).subscribe(cookieSession3 -> {
            logger.trace("Session restored successfully");
        }, th -> {
            Throwable cause = th.getCause();
            if ((cause instanceof PrematureJWTException) || (th instanceof ExpiredJWTException)) {
                logger.info("Unable to restore the session: {}", cause.getMessage());
            } else {
                logger.warn("Unable to restore the session: {}", cause.getMessage());
            }
        });
    }

    private Single<CookieSession> cleanupSession(CookieSession cookieSession) {
        return Single.defer(() -> {
            cookieSession.setValue(null);
            return Single.just(cookieSession);
        });
    }

    private void registerSession(RoutingContext routingContext, CookieSession cookieSession) {
        routingContext.getDelegate().setSession(cookieSession);
        routingContext.addHeadersEndHandler(r7 -> {
            flush(routingContext, cookieSession);
        });
    }

    private void flush(RoutingContext routingContext, CookieSession cookieSession) {
        if (cookieSession.isDestroyed()) {
            routingContext.addCookie(Cookie.cookie(this.cookieName, "").setMaxAge(0L));
            return;
        }
        int statusCode = routingContext.response().getStatusCode();
        if (statusCode < 200 || statusCode >= 400) {
            return;
        }
        writeSessionCookie(routingContext, cookieSession);
    }

    private void writeSessionCookie(RoutingContext routingContext, CookieSession cookieSession) {
        io.vertx.ext.auth.User user = routingContext.getDelegate().user();
        if (user instanceof User) {
            cookieSession.putUserId(((User) user).getUser().getId());
        }
        Cookie cookie = Cookie.cookie(this.cookieName, cookieSession.value());
        if (this.timeout >= 0 && persistentSession(routingContext).booleanValue()) {
            cookie.setMaxAge(TimeUnit.MILLISECONDS.toSeconds(this.timeout));
        }
        routingContext.addCookie(cookie);
    }

    private Boolean persistentSession(RoutingContext routingContext) {
        Object obj = routingContext.get("client");
        if (Objects.nonNull(obj)) {
            return (Boolean) Optional.ofNullable(obj instanceof Client ? ((Client) obj).getCookieSettings() : obj instanceof ClientProperties ? ((ClientProperties) obj).getCookieSettings() : null).filter(Predicate.not((v0) -> {
                return v0.isInherited();
            })).map((v0) -> {
                return v0.getSession();
            }).map((v0) -> {
                return v0.isPersistent();
            }).orElse(Boolean.valueOf(this.persistent));
        }
        return Boolean.valueOf(this.persistent);
    }
}
