package org.opensaml.storage.impl.client;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.security.KeyException;
import java.time.Duration;
import java.util.HashMap;
import java.util.Map;
import java.util.TimerTask;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.shared.annotation.constraint.Live;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.logic.ConstraintViolationException;
import net.shibboleth.shared.net.CookieManager;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.NonnullSupplier;
import net.shibboleth.shared.primitive.StringSupport;
import net.shibboleth.shared.security.DataExpiredException;
import net.shibboleth.shared.security.DataSealer;
import net.shibboleth.shared.security.DataSealerException;
import net.shibboleth.shared.security.DataSealerKeyStrategy;
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.opensaml.storage.AbstractMapBackedStorageService;
import org.opensaml.storage.MutableStorageRecord;
import org.opensaml.storage.StorageCapabilities;
import org.opensaml.storage.impl.client.ClientStorageServiceStore;
import org.opensaml.storage.impl.client.JSONClientStorageServiceStore;
import org.slf4j.Logger;

/* loaded from: input_file:opensaml-storage-impl-5.0.0.jar:org/opensaml/storage/impl/client/ClientStorageService.class */
public class ClientStorageService extends AbstractMapBackedStorageService implements Filter, StorageCapabilities {

    @Nonnull
    protected static final String LOCK_ATTRIBUTE = "org.opensaml.storage.impl.client.ClientStorageService.lock";

    @Nonnull
    protected static final String STORAGE_ATTRIBUTE = "org.opensaml.storage.impl.client.ClientStorageService.store";

    @Nonnull
    @NotEmpty
    private static final String DEFAULT_STORAGE_NAME = "shib_idp_client_ss";

    @NonnullAfterInit
    private NonnullSupplier<HttpServletRequest> httpServletRequestSupplier;

    @NonnullAfterInit
    private CookieManager cookieManager;

    @NonnullAfterInit
    private DataSealer dataSealer;

    @Nullable
    private DataSealerKeyStrategy keyStrategy;

    @Nonnull
    private ClientStorageServiceStore.Factory storeFactory;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) ClientStorageService.class);

    @Nonnull
    @NotEmpty
    private String storageName = DEFAULT_STORAGE_NAME;

    @Nonnull
    @NotEmpty
    private Map<ClientStorageSource, Integer> capabilityMap = new HashMap(2);

    /* loaded from: input_file:opensaml-storage-impl-5.0.0.jar:org/opensaml/storage/impl/client/ClientStorageService$ClientStorageSource.class */
    public enum ClientStorageSource {
        COOKIE,
        HTML_LOCAL_STORAGE
    }

    public ClientStorageService() {
        this.capabilityMap.put(ClientStorageSource.COOKIE, 4096);
        this.capabilityMap.put(ClientStorageSource.HTML_LOCAL_STORAGE, Integer.valueOf(PKIFailureInfo.badCertTemplate));
        this.storeFactory = new JSONClientStorageServiceStore.JSONClientStorageServiceStoreFactory();
    }

    @Override // org.opensaml.storage.AbstractStorageService
    public synchronized void setCleanupInterval(@Nullable Duration duration) {
        super.setCleanupInterval(Duration.ZERO);
    }

    public void setCapabilityMap(@Nonnull Map<ClientStorageSource, Integer> map) {
        checkSetterPreconditions();
        Constraint.isNotNull(map, "Capability map cannot be null");
        for (Map.Entry<ClientStorageSource, Integer> entry : map.entrySet()) {
            if (entry.getKey() != null && entry.getValue() != null) {
                this.capabilityMap.put(entry.getKey(), entry.getValue());
            }
        }
    }

    @Override // org.opensaml.storage.StorageCapabilities
    public boolean isServerSide() {
        return false;
    }

    @Override // org.opensaml.storage.StorageCapabilities
    public boolean isClustered() {
        return true;
    }

    public void setHttpServletRequestSupplier(@Nonnull NonnullSupplier<HttpServletRequest> nonnullSupplier) {
        checkSetterPreconditions();
        this.httpServletRequestSupplier = (NonnullSupplier) Constraint.isNotNull(nonnullSupplier, "HttpServletRequest cannot be null");
    }

    @Nonnull
    private HttpServletRequest getHttpServletRequest() {
        return this.httpServletRequestSupplier.get();
    }

    @NonnullAfterInit
    public CookieManager getCookieManager() {
        return this.cookieManager;
    }

    public void setCookieManager(@Nonnull CookieManager cookieManager) {
        checkSetterPreconditions();
        this.cookieManager = (CookieManager) Constraint.isNotNull(cookieManager, "CookieManager cannot be null");
    }

    @Nonnull
    @NotEmpty
    public String getStorageName() {
        return this.storageName;
    }

    public void setStorageName(@Nonnull @NotEmpty String str) {
        checkSetterPreconditions();
        this.storageName = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Storage name cannot be null or empty");
    }

    @NonnullAfterInit
    public DataSealer getDataSealer() {
        return this.dataSealer;
    }

    public void setDataSealer(@Nonnull DataSealer dataSealer) {
        checkSetterPreconditions();
        this.dataSealer = (DataSealer) Constraint.isNotNull(dataSealer, "DataSealer cannot be null");
    }

    public void setKeyStrategy(@Nullable DataSealerKeyStrategy dataSealerKeyStrategy) {
        checkSetterPreconditions();
        this.keyStrategy = dataSealerKeyStrategy;
    }

    public void setClientStorageServiceStoreFactory(@Nonnull ClientStorageServiceStore.Factory factory) {
        checkSetterPreconditions();
        this.storeFactory = (ClientStorageServiceStore.Factory) Constraint.isNotNull(factory, "Factory cannot be null");
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        filterChain.doFilter(servletRequest, servletResponse);
    }

    @Override // org.opensaml.storage.AbstractStorageService, org.opensaml.storage.StorageCapabilities
    public int getContextSize() {
        try {
            return this.capabilityMap.get(getSource()).intValue();
        } catch (IOException e) {
            return this.capabilityMap.get(ClientStorageSource.COOKIE).intValue();
        }
    }

    @Override // org.opensaml.storage.AbstractStorageService, org.opensaml.storage.StorageCapabilities
    public int getKeySize() {
        return getContextSize();
    }

    @Override // org.opensaml.storage.AbstractStorageService, org.opensaml.storage.StorageCapabilities
    public long getValueSize() {
        return getContextSize();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.storage.AbstractStorageService, net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent, net.shibboleth.shared.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.httpServletRequestSupplier == null) {
            throw new ComponentInitializationException("HttpServletRequestSupplier must be set");
        }
        if (this.dataSealer == null || this.cookieManager == null) {
            throw new ComponentInitializationException("DataSealer and CookieManager must be set");
        }
    }

    @Override // org.opensaml.storage.AbstractStorageService
    @Nullable
    protected TimerTask getCleanupTask() {
        return null;
    }

    @Override // org.opensaml.storage.AbstractMapBackedStorageService
    @Nonnull
    protected ReadWriteLock getLock() {
        HttpSession httpSession = (HttpSession) Constraint.isNotNull(getHttpServletRequest().getSession(), "HttpSession cannot be null");
        Object attribute = httpSession.getAttribute("org.opensaml.storage.impl.client.ClientStorageService.lock." + this.storageName);
        if (attribute == null || !(attribute instanceof ReadWriteLock)) {
            synchronized (this) {
                attribute = httpSession.getAttribute("org.opensaml.storage.impl.client.ClientStorageService.lock." + this.storageName);
                if (attribute == null) {
                    attribute = new ReentrantReadWriteLock();
                    httpSession.setAttribute("org.opensaml.storage.impl.client.ClientStorageService.lock." + this.storageName, attribute);
                }
            }
        }
        return (ReadWriteLock) attribute;
    }

    @Override // org.opensaml.storage.AbstractMapBackedStorageService
    @Nonnull
    @Live
    protected Map<String, Map<String, MutableStorageRecord<?>>> getContextMap() throws IOException {
        try {
            return ((ClientStorageServiceStore) Constraint.isNotNull(((HttpSession) Constraint.isNotNull(getHttpServletRequest().getSession(), "HttpSession cannot be null")).getAttribute("org.opensaml.storage.impl.client.ClientStorageService.store." + this.storageName), "Storage object was not present in session")).getContextMap();
        } catch (ConstraintViolationException e) {
            throw new IOException(e);
        }
    }

    @Override // org.opensaml.storage.AbstractMapBackedStorageService
    protected void setDirty() throws IOException {
        try {
            Object attribute = ((HttpSession) Constraint.isNotNull(getHttpServletRequest().getSession(), "HttpSession cannot be null")).getAttribute("org.opensaml.storage.impl.client.ClientStorageService.store." + this.storageName);
            if (attribute != null && (attribute instanceof ClientStorageServiceStore)) {
                ((ClientStorageServiceStore) attribute).setDirty(true);
            }
        } catch (ConstraintViolationException e) {
            throw new IOException(e);
        }
    }

    @Nullable
    ClientStorageSource getSource() throws IOException {
        Lock readLock = getLock().readLock();
        try {
            try {
                readLock.lock();
                Object attribute = ((HttpSession) Constraint.isNotNull(getHttpServletRequest().getSession(), "HttpSession cannot be null")).getAttribute("org.opensaml.storage.impl.client.ClientStorageService.store." + this.storageName);
                if (attribute == null || !(attribute instanceof ClientStorageServiceStore)) {
                    ClientStorageSource clientStorageSource = ClientStorageSource.COOKIE;
                    readLock.unlock();
                    return clientStorageSource;
                }
                ClientStorageSource source = ((ClientStorageServiceStore) attribute).getSource();
                readLock.unlock();
                return source;
            } catch (ConstraintViolationException e) {
                throw new IOException(e);
            }
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isLoaded() throws IOException {
        Lock readLock = getLock().readLock();
        try {
            try {
                readLock.lock();
                boolean z = ((HttpSession) Constraint.isNotNull(getHttpServletRequest().getSession(), "HttpSession cannot be null")).getAttribute("org.opensaml.storage.impl.client.ClientStorageService.store." + this.storageName) instanceof ClientStorageServiceStore;
                readLock.unlock();
                return z;
            } catch (ConstraintViolationException e) {
                throw new IOException(e);
            }
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void load(@NotEmpty @Nullable String str, @Nonnull ClientStorageSource clientStorageSource) {
        ClientStorageServiceStore load;
        if (str != null) {
            this.log.trace("{} Loading storage state into session", getLogPrefix());
            try {
                StringBuffer stringBuffer = new StringBuffer();
                String unwrap = this.dataSealer.unwrap(str, stringBuffer);
                this.log.trace("{} Data after decryption: {}", getLogPrefix(), unwrap);
                load = this.storeFactory.load(unwrap, clientStorageSource);
                if (this.keyStrategy != null) {
                    try {
                        if (!this.keyStrategy.getDefaultKeyRecord().name().equals(stringBuffer.toString())) {
                            load.setDirty(true);
                        }
                    } catch (KeyException e) {
                        this.log.error("{} Exception while accessing default key during stale key detection", getLogPrefix(), e);
                    }
                }
                this.log.debug("{} Successfully decrypted and loaded storage state from client", getLogPrefix());
            } catch (DataExpiredException e2) {
                this.log.debug("{} Secured data or key has expired", getLogPrefix());
                load = this.storeFactory.load(null, clientStorageSource);
                load.setDirty(true);
            } catch (DataSealerException e3) {
                this.log.error("{} Exception unwrapping secured data", getLogPrefix(), e3);
                load = this.storeFactory.load(null, clientStorageSource);
                load.setDirty(true);
            }
        } else {
            this.log.trace("{} Initializing empty storage state into session", getLogPrefix());
            load = this.storeFactory.load(null, clientStorageSource);
        }
        Lock writeLock = getLock().writeLock();
        try {
            writeLock.lock();
            ((HttpSession) Constraint.isNotNull(getHttpServletRequest().getSession(), "HttpSession cannot be null")).setAttribute("org.opensaml.storage.impl.client.ClientStorageService.store." + this.storageName, load);
            writeLock.unlock();
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nullable
    public ClientStorageServiceOperation save() {
        this.log.trace("{} Preserving storage state from session", getLogPrefix());
        Lock writeLock = getLock().writeLock();
        try {
            writeLock.lock();
            Object attribute = ((HttpSession) Constraint.isNotNull(getHttpServletRequest().getSession(), "HttpSession cannot be null")).getAttribute("org.opensaml.storage.impl.client.ClientStorageService.store." + this.storageName);
            if (attribute == null || !(attribute instanceof ClientStorageServiceStore)) {
                this.log.error("{} No storage object found in session", getLogPrefix());
                writeLock.unlock();
                return null;
            }
            try {
                ClientStorageServiceOperation save = ((ClientStorageServiceStore) attribute).save(this);
                writeLock.unlock();
                return save;
            } catch (IOException e) {
                this.log.error("{} Error while serializing storage data", getLogPrefix(), e);
                writeLock.unlock();
                return null;
            }
        } catch (Throwable th) {
            writeLock.unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    @NotEmpty
    public String getLogPrefix() {
        return "StorageService " + getId() + ":";
    }
}
