package com.nimbusds.sessionstore.impl;

import com.nimbusds.common.id.InvalidIdentifierException;
import com.nimbusds.common.id.SID;
import com.nimbusds.common.infinispan.InvalidationCacheModeDetector;
import com.nimbusds.common.monitor.MonitorRegistries;
import com.nimbusds.common.store.StoreException;
import com.nimbusds.infinispan.persistence.common.workarounds.EntryCountResolver;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.oauth2.sdk.id.Subject;
import com.nimbusds.sessionstore.AbstractSubjectSessionStore;
import com.nimbusds.sessionstore.Configuration;
import com.nimbusds.sessionstore.SIDCollisionException;
import com.nimbusds.sessionstore.SessionQuotaException;
import com.nimbusds.sessionstore.SubjectAuthentication;
import com.nimbusds.sessionstore.SubjectSession;
import com.nimbusds.sessionstore.impl.externalizers.ExternalizerRegistration;
import com.nimbusds.sessionstore.notifications.NotificationListeners;
import java.time.Instant;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.Timer;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Consumer;
import javax.crypto.SecretKey;
import net.jcip.annotations.ThreadSafe;
import net.minidev.json.JSONObject;
import org.apache.commons.lang3.tuple.ImmutablePair;
import org.infinispan.Cache;
import org.infinispan.commons.util.CloseableIterator;
import org.infinispan.container.entries.CacheEntry;
import org.infinispan.context.Flag;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.notifications.Listener;
import org.infinispan.notifications.cachelistener.annotation.CacheEntryExpired;
import org.infinispan.notifications.cachelistener.event.CacheEntryExpiredEvent;

@Listener
@ThreadSafe
/* loaded from: input_file:com/nimbusds/sessionstore/impl/InfinispanSubjectSessionStore.class */
public class InfinispanSubjectSessionStore extends AbstractSubjectSessionStore {
    public static final String SESSION_MAP_NAME = "sessionStore.sessionMap";
    public static final String SUBJECT_MAP_NAME = "sessionStore.subjectMap";
    private final Cache<String, SubjectSession> sessionMap;
    private final Cache<SubjectKey, String> subjectMap;
    private final boolean invalidationMode;
    private final SIDGenerator sidGenerator;
    private final NotificationDispatcher notificationDispatcher;
    private final TimeResolver timeResolver;
    private final EntryCountResolver sessionCountResolver;
    private Timer orphanedSubjectKeyReaperTimer;
    private final SessionMeters meters;

    public InfinispanSubjectSessionStore(Configuration configuration, SecretKey secretKey, EmbeddedCacheManager embeddedCacheManager) {
        super(configuration);
        this.timeResolver = new TimeResolver(this.config);
        this.meters = new SessionMeters();
        ExternalizerRegistration.register(embeddedCacheManager);
        this.sidGenerator = new SIDGenerator(secretKey);
        this.notificationDispatcher = new NotificationDispatcher(this.sidGenerator);
        this.sessionMap = embeddedCacheManager.getCache(SESSION_MAP_NAME);
        this.subjectMap = embeddedCacheManager.getCache(SUBJECT_MAP_NAME);
        ExternalizerRegistration.ensureClassesAreMarshallable(embeddedCacheManager);
        this.invalidationMode = InvalidationCacheModeDetector.detect(new Cache[]{this.sessionMap, this.subjectMap});
        this.sessionCountResolver = new EntryCountResolver(this.sessionMap);
        this.sessionMap.addListener(this);
        Loggers.MAIN_LOG.info("[SS0211] Subject session map entry count strategy: {}", this.sessionCountResolver.getStrategy());
        initOrphanedSubjectKeyReaper();
        registerGauges();
    }

    private void initOrphanedSubjectKeyReaper() {
        this.orphanedSubjectKeyReaperTimer = new Timer("orphaned-sub-key-reaper-timer", true);
        OrphanedSubjectKeyPurgeTask orphanedSubjectKeyPurgeTask = new OrphanedSubjectKeyPurgeTask(this);
        int i = this.sessionMap.getCacheConfiguration().persistence().stores().size() > 0 ? 300000 : 1800000;
        this.orphanedSubjectKeyReaperTimer.schedule(orphanedSubjectKeyPurgeTask, i, i);
        Loggers.MAIN_LOG.info("[SS0207] Scheduled task to remove orphaned subject keys every {} ms", Integer.valueOf(i));
    }

    public SIDGenerator getSIDGenerator() {
        return this.sidGenerator;
    }

    private void registerGauges() {
        EntryCountResolver entryCountResolver = this.sessionCountResolver;
        entryCountResolver.getClass();
        MonitorRegistries.register("sessionStore.numSessions", entryCountResolver::getCount);
    }

    private void registerSubject(Subject subject, SID sid) throws SessionQuotaException {
        registerSubject(subject, sid, 0L);
    }

    private void registerSubject(Subject subject, SID sid, long j) throws SessionQuotaException {
        if (j > 100) {
            Loggers.SESSION_LOG.error("[SS0230]" + ("Too many concurrent new session requests (DoS attack?): sub=" + subject));
            throw new RuntimeException();
        }
        HashSet hashSet = new HashSet();
        for (int i = 1; i <= this.config.quotaPerSubject; i++) {
            SubjectKey subjectKey = new SubjectKey(subject, i);
            Base64URL extractValue = this.sidGenerator.extractValue(sid);
            if (this.invalidationMode) {
                this.subjectMap.get(subjectKey);
            }
            String str = (String) this.subjectMap.putIfAbsent(subjectKey, extractValue.toString());
            if (str == null) {
                Loggers.SESSION_LOG.debug("[SS0208] Registered subject: subject={} slot={} sid_key={}", subject, Integer.valueOf(i), extractValue);
                return;
            }
            hashSet.add(new Base64URL(str));
        }
        switch (this.config.onQuotaExhaustion) {
            case DENY_LOGIN:
                throw new SessionQuotaException(subject, this.config.quotaPerSubject);
            case CLOSE_OLD_SESSION:
                HashMap hashMap = new HashMap();
                getForSIDKeySet(hashSet, entry -> {
                });
                Map.Entry entry2 = null;
                for (Map.Entry entry3 : hashMap.entrySet()) {
                    if (entry2 == null) {
                        entry2 = entry3;
                    } else if (((SubjectSession) entry3.getValue()).getCreationTime().isBefore(((SubjectSession) entry2.getValue()).getCreationTime())) {
                        entry2 = entry3;
                    }
                }
                if (entry2 != null) {
                    Loggers.SESSION_LOG.debug("[SS0209] Found and closed old session: sid_key={} : {}", entry2.getKey(), Boolean.valueOf(remove((Base64URL) entry2.getKey(), false) != null));
                }
                registerSubject(subject, sid, j + 1);
                return;
            default:
                return;
        }
    }

    private boolean unregisterSubject(Subject subject, Base64URL base64URL) {
        for (int i = 1; i <= this.config.quotaPerSubject; i++) {
            SubjectKey subjectKey = new SubjectKey(subject, i);
            if (this.invalidationMode) {
                if (this.subjectMap.get(subjectKey) != null) {
                    this.subjectMap.remove(subjectKey);
                    Loggers.SESSION_LOG.info("[SS0210] Unregistered subject: subject={} slot={} sid_key={}", subject, Integer.valueOf(i), base64URL);
                    return true;
                }
            } else if (this.subjectMap.remove(subjectKey, base64URL.toString())) {
                Loggers.SESSION_LOG.info("[SS0210] Unregistered subject: subject={} slot={} sid_key={}", subject, Integer.valueOf(i), base64URL);
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void purgeOrphanedSubjectKeys() {
        CloseableIterator it = this.subjectMap.entrySet().iterator();
        AtomicInteger atomicInteger = new AtomicInteger();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            String str = (String) entry.getValue();
            if (this.sessionMap.get(str) == null) {
                it.remove();
                Loggers.SESSION_LOG.info("[SS0210] Unregistered subject (orphaned reaper): subject={} slot={} sid_key={}", ((SubjectKey) entry.getKey()).getSubject(), Integer.valueOf(((SubjectKey) entry.getKey()).getSessionNumber()), str);
                atomicInteger.incrementAndGet();
            }
        }
        Loggers.SESSION_LOG.debug("[SS0233] Purged {} orphaned subject keys", Integer.valueOf(atomicInteger.get()));
    }

    @CacheEntryExpired
    public void subjectSessionExpired(CacheEntryExpiredEvent<String, SubjectSession> cacheEntryExpiredEvent) {
        if (cacheEntryExpiredEvent == null || cacheEntryExpiredEvent.getKey() == null || cacheEntryExpiredEvent.getValue() == null) {
            Loggers.SESSION_LOG.trace("[SS0231] Received incomplete subject session expiration event: {}", cacheEntryExpiredEvent);
            return;
        }
        Subject subject = ((SubjectSession) cacheEntryExpiredEvent.getValue()).getSubject();
        Base64URL base64URL = new Base64URL((String) cacheEntryExpiredEvent.getKey());
        Loggers.SESSION_LOG.debug("[SS0234] Received subject session expiration event: subject={} sid_key={}", subject, base64URL);
        this.meters.sessionExpirations.mark();
        unregisterSubject(subject, base64URL);
    }

    private void applyTimeDefaults(SubjectSession subjectSession) {
        if (subjectSession.getMaxLifetime() == 0) {
            subjectSession.setMaxLifetime(this.timeResolver.resolveMaxLifetimeMinutes(subjectSession));
        }
        if (subjectSession.getAuthLifetime() == 0) {
            subjectSession.setAuthLifetime(this.timeResolver.resolveAuthLifetimeMinutes(subjectSession));
        }
        if (subjectSession.getMaxIdleTime() == 0) {
            subjectSession.setMaxIdleTime(this.timeResolver.resolveMaxIdleTimeMinutes(subjectSession));
        }
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public Map.Entry<SID, SubjectSession> add(SubjectSession subjectSession) throws SessionQuotaException {
        try {
            return add(SIDGenerator.generateValue(), subjectSession);
        } catch (SIDCollisionException e) {
            throw new StoreException(e.getMessage(), e);
        }
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public Map.Entry<SID, SubjectSession> add(Base64URL base64URL, SubjectSession subjectSession) throws SIDCollisionException, SessionQuotaException {
        registerSubject(subjectSession.getSubject(), this.sidGenerator.m5applyHMAC(base64URL));
        applyTimeDefaults(subjectSession);
        Loggers.SESSION_LOG.debug("[SS0200] Preparing to add session (with defaults applied): {}", subjectSession.toJSONObject());
        SID m5applyHMAC = this.sidGenerator.m5applyHMAC(base64URL);
        long computeRemainingMinutes = TimeResolver.computeRemainingMinutes(subjectSession.getCreationTime(), Instant.now(), subjectSession.getMaxLifetime());
        if (this.invalidationMode) {
            this.sessionMap.get(base64URL.toString());
        }
        if (this.sessionMap.putIfAbsent(base64URL.toString(), subjectSession, subjectSession.getMaxLifetime(), TimeUnit.MINUTES, computeRemainingMinutes, TimeUnit.MINUTES) != null) {
            unregisterSubject(subjectSession.getSubject(), base64URL);
            throw new SIDCollisionException(m5applyHMAC);
        }
        if (computeRemainingMinutes == 0) {
            Loggers.SESSION_LOG.warn("[SS0205] Session not added, already expired: subject={} sid_key={}", subjectSession.getSubject(), base64URL);
            unregisterSubject(subjectSession.getSubject(), base64URL);
            return new ImmutablePair(m5applyHMAC, subjectSession);
        }
        Loggers.SESSION_LOG.info("[SS0201] Added new session: subject={} sid_key={}", subjectSession.getSubject(), base64URL);
        if (Loggers.SESSION_LOG.isTraceEnabled()) {
            CacheEntry cacheEntry = this.sessionMap.getAdvancedCache().getCacheEntry(base64URL);
            if (cacheEntry != null) {
                Loggers.SESSION_LOG.trace("[SS0202] Cache entry lifetime: {}", Long.valueOf(cacheEntry.getLifespan()));
                Loggers.SESSION_LOG.trace("[SS0203] Cache entry max idle: {}", Long.valueOf(cacheEntry.getMaxIdle()));
            } else {
                Loggers.SESSION_LOG.trace("[SS0204] No cache entry effectively added");
            }
        }
        this.meters.newSessions.mark();
        this.notificationDispatcher.dispatchSessionAddNotification(m5applyHMAC, subjectSession);
        return new ImmutablePair(m5applyHMAC, subjectSession);
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public SubjectSession get(SID sid) {
        try {
            SubjectSession subjectSession = (SubjectSession) this.sessionMap.get(this.sidGenerator.validateAndExtractValue(sid).toString());
            if (subjectSession == null) {
                return null;
            }
            this.meters.sessionRetrievals.mark();
            return subjectSession;
        } catch (InvalidIdentifierException e) {
            Loggers.SESSION_LOG.info("[SS0220] Invalid SID HMAC: {}", sid);
            return null;
        }
    }

    private void getForSIDKeySet(Set<Base64URL> set, Consumer<Map.Entry<Base64URL, SubjectSession>> consumer) {
        for (Base64URL base64URL : set) {
            SubjectSession subjectSession = (SubjectSession) this.sessionMap.get(base64URL.toString());
            if (subjectSession != null) {
                consumer.accept(new ImmutablePair(base64URL, subjectSession));
            }
        }
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public void get(Set<SID> set, Consumer<Map.Entry<SID, SubjectSession>> consumer) {
        HashSet hashSet = new HashSet();
        Iterator<SID> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(this.sidGenerator.extractValue(it.next()));
        }
        getForSIDKeySet(hashSet, entry -> {
            consumer.accept(new ImmutablePair(this.sidGenerator.m5applyHMAC((Base64URL) entry.getKey()), entry.getValue()));
        });
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public void get(Subject subject, Consumer<Map.Entry<SID, SubjectSession>> consumer) {
        SubjectSession subjectSession;
        for (int i = 1; i <= this.config.quotaPerSubject; i++) {
            String str = (String) this.subjectMap.get(new SubjectKey(subject, i));
            if (str != null && (subjectSession = (SubjectSession) this.sessionMap.get(str)) != null) {
                consumer.accept(new ImmutablePair(this.sidGenerator.m5applyHMAC(new Base64URL(str)), subjectSession));
            }
        }
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public void getAll(Consumer<Map.Entry<SID, SubjectSession>> consumer) {
        CloseableIterator it = this.sessionMap.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            consumer.accept(new ImmutablePair(this.sidGenerator.m5applyHMAC(new Base64URL((String) entry.getKey())), entry.getValue()));
        }
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public boolean hasSession(Subject subject) {
        for (int i = 1; i <= this.config.quotaPerSubject; i++) {
            if (this.subjectMap.get(new SubjectKey(subject, i)) != null) {
                return true;
            }
        }
        return false;
    }

    private void replace(Base64URL base64URL, SubjectSession subjectSession) {
        this.sessionMap.getAdvancedCache().withFlags(new Flag[]{Flag.IGNORE_RETURN_VALUES}).replace(base64URL.toString(), subjectSession, subjectSession.getMaxLifetime(), TimeUnit.MINUTES, subjectSession.getMaxIdleTime(), TimeUnit.MINUTES);
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public boolean updateSubjectAuthentication(SID sid, SubjectAuthentication subjectAuthentication) {
        try {
            Base64URL validateAndExtractValue = this.sidGenerator.validateAndExtractValue(sid);
            SubjectSession subjectSession = (SubjectSession) this.sessionMap.get(validateAndExtractValue.toString());
            if (subjectSession == null || !subjectSession.getSubject().equals(subjectAuthentication.getSubject())) {
                return false;
            }
            subjectSession.updateSubjectAuthentication(subjectAuthentication);
            replace(validateAndExtractValue, subjectSession);
            this.meters.sessionAuthUpdates.mark();
            return true;
        } catch (InvalidIdentifierException e) {
            Loggers.SESSION_LOG.info("[SS0221] Invalid SID HMAC: {}", sid);
            return false;
        }
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public boolean updateData(SID sid, JSONObject jSONObject) {
        try {
            Base64URL validateAndExtractValue = this.sidGenerator.validateAndExtractValue(sid);
            SubjectSession subjectSession = (SubjectSession) this.sessionMap.get(validateAndExtractValue.toString());
            if (subjectSession == null) {
                return false;
            }
            subjectSession.setData(jSONObject);
            replace(validateAndExtractValue, subjectSession);
            this.meters.sessionDataUpdates.mark();
            return true;
        } catch (InvalidIdentifierException e) {
            Loggers.SESSION_LOG.info("[SS0222] Invalid SID HMAC: {}", sid);
            return false;
        }
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public boolean updateClaims(SID sid, JSONObject jSONObject) {
        try {
            Base64URL validateAndExtractValue = this.sidGenerator.validateAndExtractValue(sid);
            SubjectSession subjectSession = (SubjectSession) this.sessionMap.get(validateAndExtractValue.toString());
            if (subjectSession == null) {
                return false;
            }
            subjectSession.setClaims(jSONObject);
            replace(validateAndExtractValue, subjectSession);
            this.meters.sessionDataUpdates.mark();
            return true;
        } catch (InvalidIdentifierException e) {
            Loggers.SESSION_LOG.info("[SS0223] Invalid SID HMAC: {}", sid);
            return false;
        }
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public SubjectSession remove(SID sid) {
        try {
            return remove(this.sidGenerator.validateAndExtractValue(sid), false);
        } catch (InvalidIdentifierException e) {
            Loggers.SESSION_LOG.info("[SS0224] Invalid SID HMAC: {}", sid);
            return null;
        }
    }

    private SubjectSession remove(Base64URL base64URL, boolean z) {
        SubjectSession subjectSession;
        if (this.invalidationMode) {
            subjectSession = (SubjectSession) this.sessionMap.get(base64URL.toString());
            if (subjectSession != null) {
                this.sessionMap.remove(base64URL.toString());
            }
        } else {
            subjectSession = (SubjectSession) this.sessionMap.remove(base64URL.toString());
        }
        if (subjectSession == null) {
            return null;
        }
        unregisterSubject(subjectSession.getSubject(), base64URL);
        if (z) {
            this.meters.sessionExpirations.mark();
        } else {
            this.meters.sessionClosures.mark();
        }
        this.notificationDispatcher.dispatchSessionRemoveNotification(base64URL, subjectSession);
        return subjectSession;
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public void remove(Subject subject, Consumer<Map.Entry<SID, SubjectSession>> consumer) {
        get(subject, entry -> {
            if (remove((SID) entry.getKey()) != null) {
                consumer.accept(entry);
            }
        });
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public void removeAll(Consumer<Map.Entry<SID, SubjectSession>> consumer) {
        CloseableIterator it = this.sessionMap.keySet().iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            SubjectSession remove = remove(new Base64URL(str), false);
            if (remove != null) {
                consumer.accept(new ImmutablePair(this.sidGenerator.m5applyHMAC(new Base64URL(str)), remove));
            }
        }
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public void getSubjects(Consumer<Subject> consumer) {
        HashSet hashSet = new HashSet();
        CloseableIterator it = this.subjectMap.keySet().iterator();
        while (it.hasNext()) {
            Subject subject = ((SubjectKey) it.next()).getSubject();
            if (!hashSet.contains(subject)) {
                consumer.accept(subject);
                hashSet.add(subject);
            }
        }
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public int countSessions(Subject subject) {
        int i = 0;
        for (int i2 = 1; i2 <= this.config.quotaPerSubject; i2++) {
            if (this.subjectMap.containsKey(new SubjectKey(subject, i2))) {
                i++;
            }
        }
        return i;
    }

    public int countInMemorySessions() {
        return this.sessionMap.getAdvancedCache().withFlags(new Flag[]{Flag.SKIP_CACHE_LOAD}).size();
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public int countSessions() {
        return this.sessionCountResolver.getCount();
    }

    @Override // com.nimbusds.sessionstore.SubjectSessionStore
    public NotificationListeners getNotificationListeners() {
        return this.notificationDispatcher;
    }
}
