package de.acosix.alfresco.keycloak.share.web;

import de.acosix.alfresco.keycloak.share.config.KeycloakAuthenticationConfigElement;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.keycloak.adapters.spi.SessionIdMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.extensions.config.ConfigService;

/* loaded from: input_file:de/acosix/alfresco/keycloak/share/web/DefaultSessionIdMapper.class */
public class DefaultSessionIdMapper implements SessionIdMapper, InitializingBean {
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultSessionIdMapper.class);
    private static final int DEFAULT_SESSION_COUNT_LIMIT = 1000;
    protected ConfigService configService;
    protected Set<String> sessionUsedOrder;
    protected final ReentrantReadWriteLock lock = new ReentrantReadWriteLock(true);
    protected final Map<String, String> ssoToSession = new HashMap();
    protected final Map<String, String> sessionToSso = new HashMap();
    protected final Map<String, Set<String>> principalToSession = new HashMap();
    protected final Map<String, String> sessionToPrincipal = new HashMap();
    protected int sessionCountLimit = DEFAULT_SESSION_COUNT_LIMIT;

    public void afterPropertiesSet() {
        Integer sessionMapperLimit;
        if (this.configService != null && (sessionMapperLimit = this.configService.getConfig("Keycloak").getConfigElement(KeycloakAuthenticationConfigElement.NAME).getSessionMapperLimit()) != null) {
            this.sessionCountLimit = sessionMapperLimit.intValue();
        }
        if (this.sessionCountLimit <= 0) {
            LOGGER.warn("Session count limit is set to {} - session ID mapper will not restrict size of internal data structures (this can cause OOMEs)", Integer.valueOf(this.sessionCountLimit));
        } else {
            this.sessionUsedOrder = new LinkedHashSet();
        }
    }

    public void setConfigService(ConfigService configService) {
        this.configService = configService;
    }

    public void setSessionCountLimit(int i) {
        this.sessionCountLimit = i;
    }

    public boolean hasSession(String str) {
        this.lock.readLock().lock();
        try {
            LOGGER.debug("Checking hasSession for {}", str);
            boolean z = this.sessionToSso.containsKey(str) || this.sessionToPrincipal.containsKey(str);
            LOGGER.debug("Session {}", z ? "is mapped" : "is not mapped");
            if (z && this.sessionCountLimit > 0) {
                synchronized (this.sessionUsedOrder) {
                    this.sessionUsedOrder.remove(str);
                    this.sessionUsedOrder.add(str);
                }
            }
            return z;
        } finally {
            this.lock.readLock().unlock();
        }
    }

    public void clear() {
        this.lock.writeLock().lock();
        try {
            LOGGER.info("Clearing all mappings");
            this.ssoToSession.clear();
            this.sessionToSso.clear();
            this.principalToSession.clear();
            this.sessionToPrincipal.clear();
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    public Set<String> getUserSessions(String str) {
        Set<String> emptySet;
        this.lock.readLock().lock();
        try {
            LOGGER.debug("Retrieving user sessions for {}", str);
            Set<String> set = this.principalToSession.get(str);
            if (set != null) {
                emptySet = new HashSet();
                emptySet.addAll(set);
            } else {
                emptySet = Collections.emptySet();
            }
            LOGGER.debug("Principal {} is mapped to sessions {}", str, emptySet);
            return emptySet;
        } finally {
            this.lock.readLock().unlock();
        }
    }

    public String getSessionFromSSO(String str) {
        this.lock.readLock().lock();
        try {
            return this.ssoToSession.get(str);
        } finally {
            this.lock.readLock().unlock();
        }
    }

    public void map(String str, String str2, String str3) {
        this.lock.writeLock().lock();
        try {
            LOGGER.debug("Adding mapping ({}, {},  {})", new Object[]{str, str2, str3});
            if (str != null) {
                this.ssoToSession.put(str, str3);
                this.sessionToSso.put(str3, str);
            }
            if (str2 != null) {
                this.principalToSession.compute(str2, (str4, set) -> {
                    if (set == null) {
                        set = new HashSet();
                    }
                    set.add(str3);
                    return set;
                });
                this.sessionToPrincipal.put(str3, str2);
            }
            if (this.sessionCountLimit > 0 && str != null && str2 != null) {
                synchronized (this.sessionUsedOrder) {
                    this.sessionUsedOrder.add(str3);
                    int size = this.sessionUsedOrder.size() - this.sessionCountLimit;
                    if (size == 1) {
                        removeSession(this.sessionUsedOrder.iterator().next());
                    } else if (size > 0) {
                        new ArrayList(this.sessionUsedOrder).subList(0, size).forEach(this::removeSession);
                    }
                }
            }
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    public void removeSession(String str) {
        this.lock.writeLock().lock();
        try {
            LOGGER.debug("Removing session {}", str);
            String remove = this.sessionToSso.remove(str);
            if (remove != null) {
                this.ssoToSession.remove(remove);
            }
            String remove2 = this.sessionToPrincipal.remove(str);
            if (remove2 != null) {
                this.principalToSession.computeIfPresent(remove2, (str2, set) -> {
                    set.remove(str);
                    if (set.isEmpty()) {
                        set = null;
                    }
                    return set;
                });
            }
            if (this.sessionCountLimit > 0) {
                synchronized (this.sessionUsedOrder) {
                    this.sessionUsedOrder.remove(str);
                }
            }
        } finally {
            this.lock.writeLock().unlock();
        }
    }
}
