package org.keycloak.adapters.saml.elytron;

import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.jboss.logging.Logger;
import org.keycloak.adapters.saml.SamlDeployment;
import org.keycloak.adapters.saml.SamlSession;
import org.keycloak.adapters.saml.SamlSessionStore;
import org.keycloak.adapters.saml.SamlUtil;
import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.adapters.spi.SessionIdMapperUpdater;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.wildfly.security.http.HttpScope;
import org.wildfly.security.http.Scope;

/* loaded from: input_file:org/keycloak/adapters/saml/elytron/ElytronSamlSessionStore.class */
public class ElytronSamlSessionStore implements SamlSessionStore, ElytronTokeStore {
    protected static Logger log = Logger.getLogger(SamlSessionStore.class);
    public static final String SAML_REDIRECT_URI = "SAML_REDIRECT_URI";
    private final SessionIdMapper idMapper;
    private final SessionIdMapperUpdater idMapperUpdater;
    protected final SamlDeployment deployment;
    private final ElytronHttpFacade exchange;

    public ElytronSamlSessionStore(ElytronHttpFacade elytronHttpFacade, SessionIdMapper sessionIdMapper, SessionIdMapperUpdater sessionIdMapperUpdater, SamlDeployment samlDeployment) {
        this.exchange = elytronHttpFacade;
        this.idMapper = sessionIdMapper;
        this.idMapperUpdater = sessionIdMapperUpdater;
        this.deployment = samlDeployment;
    }

    public void setCurrentAction(SamlSessionStore.CurrentAction currentAction) {
        if (currentAction != SamlSessionStore.CurrentAction.NONE || this.exchange.getScope(Scope.SESSION).exists()) {
            this.exchange.getScope(Scope.SESSION).setAttachment("SAML_CURRENT_ACTION", currentAction);
        }
    }

    public boolean isLoggingIn() {
        HttpScope scope = this.exchange.getScope(Scope.SESSION);
        return scope.exists() && ((SamlSessionStore.CurrentAction) scope.getAttachment("SAML_CURRENT_ACTION")) == SamlSessionStore.CurrentAction.LOGGING_IN;
    }

    public boolean isLoggingOut() {
        HttpScope scope = this.exchange.getScope(Scope.SESSION);
        return scope.exists() && ((SamlSessionStore.CurrentAction) scope.getAttachment("SAML_CURRENT_ACTION")) == SamlSessionStore.CurrentAction.LOGGING_OUT;
    }

    public void logoutAccount() {
        HttpScope session = getSession(false);
        if (session.exists()) {
            log.debug("Logging out - current account");
            SamlSession samlSession = (SamlSession) session.getAttachment(SamlSession.class.getName());
            if (samlSession != null) {
                if (samlSession.getSessionIndex() != null) {
                    this.idMapperUpdater.removeSession(this.idMapper, session.getID());
                }
                session.setAttachment(SamlSession.class.getName(), (Object) null);
            }
            session.setAttachment(SAML_REDIRECT_URI, (Object) null);
        }
    }

    public void logoutByPrincipal(String str) {
        Set userSessions = this.idMapper.getUserSessions(str);
        if (userSessions != null) {
            log.debugf("Logging out - by principal: %s", userSessions);
            LinkedList linkedList = new LinkedList();
            linkedList.addAll(userSessions);
            logoutSessionIds(linkedList);
            Iterator<String> it = linkedList.iterator();
            while (it.hasNext()) {
                this.idMapperUpdater.removeSession(this.idMapper, it.next());
            }
        }
    }

    public void logoutBySsoId(List<String> list) {
        if (list == null) {
            return;
        }
        log.debugf("Logging out - by session IDs: %s", list);
        LinkedList linkedList = new LinkedList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String sessionFromSSO = this.idMapper.getSessionFromSSO(it.next());
            if (sessionFromSSO != null) {
                linkedList.add(sessionFromSSO);
                this.idMapperUpdater.removeSession(this.idMapper, sessionFromSSO);
            }
        }
        logoutSessionIds(linkedList);
    }

    protected void logoutSessionIds(List<String> list) {
        list.forEach(str -> {
            HttpScope scope = this.exchange.getScope(Scope.SESSION, str);
            if (scope.exists()) {
                log.debugf("Invalidating session %s", str);
                scope.setAttachment(SamlSession.class.getName(), (Object) null);
                scope.invalidate();
            }
        });
    }

    public boolean isLoggedIn() {
        HttpScope session = getSession(false);
        if (!session.exists()) {
            log.debug("session was null, returning null");
            return false;
        }
        if (!this.idMapper.hasSession(session.getID()) && !this.idMapperUpdater.refreshMapping(this.idMapper, session.getID())) {
            log.debugf("Session %s has expired on some other node", session.getID());
            session.setAttachment(SamlSession.class.getName(), (Object) null);
            return false;
        }
        SamlSession validateSamlSession = SamlUtil.validateSamlSession(session.getAttachment(SamlSession.class.getName()), this.deployment);
        if (validateSamlSession == null) {
            return false;
        }
        this.exchange.authenticationComplete(validateSamlSession);
        restoreRequest();
        return true;
    }

    public void saveAccount(SamlSession samlSession) {
        HttpScope session = getSession(true);
        session.setAttachment(SamlSession.class.getName(), samlSession);
        this.idMapperUpdater.map(this.idMapper, samlSession.getSessionIndex(), samlSession.getPrincipal().getSamlSubject(), changeSessionId(session));
    }

    protected String changeSessionId(HttpScope httpScope) {
        if (!this.deployment.turnOffChangeSessionIdOnLogin() && (!httpScope.supportsChangeID() || !httpScope.changeID())) {
            log.debug("Session ID cannot be changed although turnOffChangeSessionIdOnLogin is set to false");
        }
        return httpScope.getID();
    }

    public SamlSession getAccount() {
        return (SamlSession) getSession(true).getAttachment(SamlSession.class.getName());
    }

    public String getRedirectUri() {
        String str = (String) this.exchange.getScope(Scope.SESSION).getAttachment(SAML_REDIRECT_URI);
        if (str != null) {
            return str;
        }
        String path = this.exchange.getURI().getPath();
        String substring = path.substring(0, path.indexOf(this.exchange.getRequest().getRelativePath()));
        if (!substring.isEmpty()) {
            substring = substring + "/";
        }
        return SamlUtil.getRedirectTo(this.exchange, substring, KeycloakUriBuilder.fromUri(path).replacePath(substring).build(new Object[0]).toString());
    }

    public void saveRequest() {
        this.exchange.suspendRequest();
        HttpScope scope = this.exchange.getScope(Scope.SESSION);
        if (!scope.exists()) {
            scope.create();
        }
        scope.setAttachment(SAML_REDIRECT_URI, this.exchange.getRequest().getURI());
    }

    public boolean restoreRequest() {
        return this.exchange.restoreRequest();
    }

    protected HttpScope getSession(boolean z) {
        HttpScope scope = this.exchange.getScope(Scope.SESSION);
        if (!scope.exists() && z) {
            scope.create();
        }
        return scope;
    }

    @Override // org.keycloak.adapters.saml.elytron.ElytronTokeStore
    public void logout(boolean z) {
        logoutAccount();
    }
}
