package org.flowable.app.security;

import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.Date;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.flowable.app.idm.service.PersistentTokenService;
import org.flowable.idm.api.IdmIdentityService;
import org.flowable.idm.api.Token;
import org.flowable.idm.api.User;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.security.web.authentication.rememberme.CookieTheftException;
import org.springframework.security.web.authentication.rememberme.InvalidCookieException;
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.ReflectionUtils;

@Service
/* loaded from: input_file:org/flowable/app/security/CustomPersistentRememberMeServices.class */
public class CustomPersistentRememberMeServices extends AbstractRememberMeServices implements CustomRememberMeService {
    private static final Logger LOGGER = LoggerFactory.getLogger(CustomPersistentRememberMeServices.class);

    @Autowired
    private PersistentTokenService persistentTokenService;

    @Autowired
    private CustomUserDetailService customUserDetailService;

    @Autowired
    private IdmIdentityService identityService;
    private final int tokenMaxAgeInSeconds;
    private final long tokenMaxAgeInMilliseconds;
    private final long tokenRefreshDurationInMilliseconds;

    @Autowired
    public CustomPersistentRememberMeServices(Environment environment, org.springframework.security.core.userdetails.UserDetailsService userDetailsService) {
        super(environment.getProperty("security.rememberme.key"), userDetailsService);
        setAlwaysRemember(true);
        Integer num = (Integer) environment.getProperty("security.cookie.max-age", Integer.class);
        if (num != null) {
            LOGGER.info("Cookie max-age set to {} seconds", num);
        } else {
            num = 2678400;
        }
        this.tokenMaxAgeInSeconds = num.intValue();
        this.tokenMaxAgeInMilliseconds = num.longValue() * 1000;
        Integer num2 = (Integer) environment.getProperty("security.cookie.refresh-age", Integer.class);
        if (num2 != null) {
            LOGGER.info("Cookie refresh age set to {} seconds", num2);
        } else {
            num2 = 86400;
        }
        this.tokenRefreshDurationInMilliseconds = num2.longValue() * 1000;
        setCookieName("FLOWABLE_REMEMBER_ME");
    }

    protected void onLoginSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        LOGGER.debug("Creating new persistent login for user {}", authentication.getName());
        addCookie(createAndInsertPersistentToken(((FlowableAppUser) authentication.getPrincipal()).getUserObject(), httpServletRequest.getRemoteAddr(), httpServletRequest.getHeader("User-Agent")), httpServletRequest, httpServletResponse);
    }

    @Transactional
    protected UserDetails processAutoLoginCookie(String[] strArr, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Token persistentToken = getPersistentToken(strArr);
        if (new Date().getTime() - persistentToken.getTokenDate().getTime() > this.tokenRefreshDurationInMilliseconds) {
            try {
                persistentToken = this.persistentTokenService.createToken((User) this.identityService.createUserQuery().userId(persistentToken.getUserId()).singleResult(), httpServletRequest.getRemoteAddr(), httpServletRequest.getHeader("User-Agent"));
                addCookie(persistentToken, httpServletRequest, httpServletResponse);
            } catch (DataAccessException e) {
                LOGGER.error("Failed to update token: ", e);
                throw new RememberMeAuthenticationException("Autologin failed due to data access problem: " + e.getMessage());
            }
        }
        return this.customUserDetailService.loadByUserId(persistentToken.getUserId());
    }

    @Transactional
    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        String extractRememberMeCookie = extractRememberMeCookie(httpServletRequest);
        if (extractRememberMeCookie != null && extractRememberMeCookie.length() != 0) {
            try {
                this.persistentTokenService.delete(getPersistentToken(decodeCookie(extractRememberMeCookie)));
            } catch (RememberMeAuthenticationException e) {
                LOGGER.debug("No persistent token found, so no token could be deleted");
            } catch (InvalidCookieException e2) {
                LOGGER.info("Invalid cookie, no persistent token could be deleted");
            }
        }
        super.logout(httpServletRequest, httpServletResponse, authentication);
    }

    private Token getPersistentToken(String[] strArr) {
        if (strArr.length != 2) {
            throw new InvalidCookieException("Cookie token did not contain 2 tokens, but contained '" + Arrays.asList(strArr) + "'");
        }
        String str = strArr[0];
        String str2 = strArr[1];
        Token persistentToken = this.persistentTokenService.getPersistentToken(str);
        if (persistentToken == null) {
            throw new RememberMeAuthenticationException("No persistent token found for series id: " + str);
        }
        if (!str2.equals(persistentToken.getTokenValue())) {
            persistentToken = this.persistentTokenService.getPersistentToken(str, true);
            if (!str2.equals(persistentToken.getTokenValue())) {
                this.persistentTokenService.delete(persistentToken);
                throw new CookieTheftException("Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.");
            }
        }
        if (new Date().getTime() - persistentToken.getTokenDate().getTime() > this.tokenMaxAgeInMilliseconds) {
            throw new RememberMeAuthenticationException("Remember-me login has expired");
        }
        return persistentToken;
    }

    private void addCookie(Token token, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        setCookie(new String[]{token.getId(), token.getTokenValue()}, this.tokenMaxAgeInSeconds, httpServletRequest, httpServletResponse);
    }

    protected void setCookie(String[] strArr, int i, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(getCookieName(), encodeCookie(strArr));
        cookie.setMaxAge(i);
        cookie.setPath("/");
        cookie.setSecure(httpServletRequest.isSecure());
        Method findMethod = ReflectionUtils.findMethod(Cookie.class, "setHttpOnly", new Class[]{Boolean.TYPE});
        if (findMethod != null) {
            ReflectionUtils.invokeMethod(findMethod, cookie, new Object[]{Boolean.TRUE});
        } else if (this.logger.isDebugEnabled()) {
            this.logger.debug("Note: Cookie will not be marked as HttpOnly because you are not using Servlet 3.0 (Cookie#setHttpOnly(boolean) was not found).");
        }
        httpServletResponse.addCookie(cookie);
    }

    @Override // org.flowable.app.security.CustomRememberMeService
    public Token createAndInsertPersistentToken(User user, String str, String str2) {
        return this.persistentTokenService.createToken(user, str, str2);
    }
}
