package com.predic8.membrane.core.interceptor.session;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.predic8.membrane.annot.MCAttribute;
import com.predic8.membrane.core.Router;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.HeaderField;
import com.predic8.membrane.core.http.HeaderName;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2Util;
import com.predic8.membrane.core.proxies.Proxy;
import com.predic8.membrane.core.proxies.RuleKey;
import com.predic8.membrane.core.proxies.SSLableProxy;
import java.time.Duration;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.time.temporal.TemporalAmount;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.pool2.impl.BaseObjectPoolConfig;
import org.apache.derby.iapi.services.classfile.VMDescriptor;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-6.0.2.jar:com/predic8/membrane/core/interceptor/session/SessionManager.class */
public abstract class SessionManager {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SessionManager.class);
    public static final String SESSION_VALUE_SEPARATOR = ",";
    public static final String VALUE_TO_EXPIRE_SESSION_IN_BROWSER = "Expires=Thu, 01 Jan 1970 00:00:00 GMT";
    public static final String SESSION = "SESSION";
    public static final String SESSION_COOKIE_ORIGINAL = "SESSION_COOKIE_ORIGINAL";
    protected String domain;
    protected String issuer;
    protected String usernameKeyName = "username";
    protected long expiresAfterSeconds = 900;
    protected boolean httpOnly = false;
    protected String sameSite = null;
    protected boolean ttlExpiryRefreshOnAccess = true;
    protected boolean secure = false;
    protected boolean sessionCookie = false;
    protected final Cache<String, String> cookieExpireCache = CacheBuilder.newBuilder().maximumSize(BaseObjectPoolConfig.DEFAULT_EVICTOR_SHUTDOWN_TIMEOUT_MILLIS).expireAfterWrite(Duration.ofSeconds(10)).build();

    private void initIssuer(Exchange exchange) {
        this.issuer = OAuth2Util.getPublicURL(exchange);
        RuleKey key = exchange.getProxy().getKey();
        if (!key.isPathRegExp() && key.getPath() != null) {
            this.issuer += key.getPath();
        }
        normalizePublicURL();
    }

    private void normalizePublicURL() {
        if (this.issuer.endsWith("/")) {
            return;
        }
        this.issuer += "/";
    }

    public abstract void init(Router router) throws Exception;

    protected abstract Map<String, Object> cookieValueToAttributes(String str);

    protected abstract Map<Session, String> getCookieValues(Session... sessionArr);

    public abstract List<String> getInvalidCookies(Exchange exchange, String str);

    public static List<HeaderField> getCookieHeaderFields(Exchange exchange) {
        return exchange.getRequest().getHeader().getValues(new HeaderName("Cookie"));
    }

    protected abstract boolean isValidCookieForThisSessionManager(String str);

    protected abstract boolean cookieRenewalNeeded(String str);

    public void postProcess(Exchange exchange) {
        synchronized (this) {
            if (this.issuer == null) {
                initIssuer(exchange);
            }
        }
        getSessionFromExchange(exchange).ifPresent(session -> {
            try {
                createDefaultResponseIfNeeded(exchange);
                handleSetCookieHeaderForResponse(exchange, session);
            } catch (Exception e) {
                throw new RuntimeException("The newly created session could not be persisted in the Set-Cookie header", e);
            }
        });
    }

    private void createDefaultResponseIfNeeded(Exchange exchange) {
        if (exchange.getResponse() == null) {
            exchange.setResponse(Response.ok().build());
        }
    }

    private void handleSetCookieHeaderForResponse(Exchange exchange, Session session) throws Exception {
        Optional ofNullable = Optional.ofNullable(exchange.getProperty(SESSION_COOKIE_ORIGINAL));
        if (!ofNullable.isEmpty() || session.isDirty) {
            if (this.ttlExpiryRefreshOnAccess || session.isDirty() || ofNullable.isEmpty() || cookieRenewalNeeded(ofNullable.get().toString())) {
                String cookieValue = getCookieValue(session);
                if (!this.ttlExpiryRefreshOnAccess && ofNullable.isPresent() && ofNullable.get().toString().trim().equals(cookieValue)) {
                    return;
                }
                setCookieForCurrentSession(exchange, cookieValue);
                setCookieForExpiredSessions(exchange, cookieValue);
                dropRedundantCookieHeaders(exchange);
                cacheSetCookie(exchange, cookieValue);
            }
        }
    }

    private void cacheSetCookie(Exchange exchange, String str) {
        Optional<HeaderField> findFirst = getAllRelevantSetCookieHeaders(exchange).filter(headerField -> {
            return headerField.getValue().contains(str);
        }).findFirst();
        if (findFirst.isPresent()) {
            synchronized (this.cookieExpireCache) {
                this.cookieExpireCache.put(str, findFirst.get().getValue());
            }
        }
    }

    private void dropRedundantCookieHeaders(Exchange exchange) {
        removeRedundantExpireCookieIfRefreshed(exchange, (Map) getAllRelevantSetCookieHeaders(exchange).map((v0) -> {
            return v0.getValue();
        }).map(str -> {
            return new AbstractMap.SimpleEntry(str.split("=true")[0], Arrays.asList(str));
        }).collect(Collectors.toMap(simpleEntry -> {
            return (String) simpleEntry.getKey();
        }, simpleEntry2 -> {
            return (List) simpleEntry2.getValue();
        }, (list, list2) -> {
            return (List) Stream.concat(list.stream(), list2.stream()).collect(Collectors.toList());
        })));
    }

    private Stream<HeaderField> getAllRelevantSetCookieHeaders(Exchange exchange) {
        return Arrays.stream(exchange.getResponse().getHeader().getAllHeaderFields()).filter(headerField -> {
            return headerField.getHeaderName().toString().contains("Set-Cookie");
        }).filter(headerField2 -> {
            return headerField2.getValue().contains("=true");
        }).filter(headerField3 -> {
            return isValidCookieForThisSessionManager((String) Arrays.stream(headerField3.getValue().split(VMDescriptor.ENDCLASS)).filter(str -> {
                return str.contains("=true");
            }).findFirst().get());
        });
    }

    private void removeRefreshIfNoChangeInExpireTime(Exchange exchange, Map<String, List<String>> map) {
        synchronized (this.cookieExpireCache) {
            map.entrySet().stream().toList().stream().filter(entry -> {
                return this.cookieExpireCache.getIfPresent(((String) entry.getKey()) + "=true") != null;
            }).forEach(entry2 -> {
                ((List) entry2.getValue()).forEach(str -> {
                    if (str.equals(this.cookieExpireCache.getIfPresent(((String) entry2.getKey()) + "=true"))) {
                        ((List) map.get(entry2.getKey())).remove(entry2.getValue());
                        exchange.getResponse().getHeader().remove(getAllRelevantSetCookieHeaders(exchange).filter(headerField -> {
                            return headerField.getValue().contains(str);
                        }).findFirst().get());
                    }
                });
            });
        }
    }

    private void removeRedundantExpireCookieIfRefreshed(Exchange exchange, Map<String, List<String>> map) {
        map.entrySet().stream().toList().stream().filter(entry -> {
            return ((List) entry.getValue()).size() > 1;
        }).filter(entry2 -> {
            return ((List) entry2.getValue()).stream().filter(str -> {
                return str.contains(VALUE_TO_EXPIRE_SESSION_IN_BROWSER);
            }).count() == 1;
        }).forEach(entry3 -> {
            ((List) map.get(entry3.getKey())).remove(entry3.getValue());
            exchange.getResponse().getHeader().remove(getAllRelevantSetCookieHeaders(exchange).filter(headerField -> {
                return headerField.getValue().contains(VALUE_TO_EXPIRE_SESSION_IN_BROWSER);
            }).findFirst().get());
        });
    }

    private boolean cookieIsAlreadySet(Exchange exchange, String str) {
        return ((String) Optional.ofNullable(getCookieHeader(exchange)).orElseGet(String::new)).contains(str);
    }

    private void setCookieForCurrentSession(Exchange exchange, String str) {
        if (str.length() > 4093) {
            log.warn("Cookie is larger than 4093 bytes, this will not work some browsers.");
        }
        exchange.getResponse().getHeader().add("Set-Cookie", str + ";" + String.join(VMDescriptor.ENDCLASS, createCookieAttributes(exchange)));
    }

    private void setCookieForExpiredSessions(Exchange exchange, String str) {
        cookiesToExpire(exchange, str).forEach(str2 -> {
            exchange.getResponse().getHeader().add("Set-Cookie", str2);
        });
    }

    private List<String> cookiesToExpire(Exchange exchange, String str) {
        if (getCookieHeader(exchange) != null) {
            return expireCookies(exchange, getInvalidCookies(exchange, this.ttlExpiryRefreshOnAccess ? UUID.randomUUID().toString() : str));
        }
        return new ArrayList();
    }

    private String getCookieValue(Session session) throws Exception {
        return getCookieValues(session).values().stream().findFirst().orElseThrow(Exception::new) + "=true";
    }

    private List<String> expireCookies(Exchange exchange, List<String> list) {
        return (List) list.stream().map(str -> {
            return str + ";" + String.join(VMDescriptor.ENDCLASS, createInvalidationAttributes(exchange));
        }).collect(Collectors.toList());
    }

    protected Session getSessionInternal(Exchange exchange) {
        exchange.setProperty(SESSION_COOKIE_ORIGINAL, null);
        if (getCookieHeader(exchange) == null) {
            return new Session(this.usernameKeyName, new HashMap());
        }
        Map<String, Map<String, Object>> convertValidCookiesToAttributes = convertValidCookiesToAttributes(exchange);
        Session session = new Session(this.usernameKeyName, mergeCookies(new ArrayList(convertValidCookiesToAttributes.values())));
        if (convertValidCookiesToAttributes.size() == 1) {
            exchange.setProperty(SESSION_COOKIE_ORIGINAL, convertValidCookiesToAttributes.keySet().iterator().next());
        }
        return session;
    }

    private Map<String, Object> mergeCookies(List<Map<String, Object>> list) {
        return (Map) list.stream().flatMap(map -> {
            return map.entrySet().stream();
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }, (obj, obj2) -> {
            return obj.equals(obj2) ? obj : String.valueOf(obj) + "," + String.valueOf(obj2);
        }));
    }

    private Map<String, Map<String, Object>> convertValidCookiesToAttributes(Exchange exchange) {
        return (Map) getCookies(exchange).filter(this::isValidCookieForThisSessionManager).collect(Collectors.toMap(str -> {
            return str;
        }, this::cookieValueToAttributes, (map, map2) -> {
            return map;
        }));
    }

    @NotNull
    public Session getSession(Exchange exchange) {
        return getSessionFromExchange(exchange).orElseGet(() -> {
            return getSessionFromManager(exchange);
        });
    }

    private Session getSessionFromManager(Exchange exchange) {
        exchange.setProperty("SESSION", getSessionInternal(exchange));
        return getSessionFromExchange(exchange).get();
    }

    private Optional<Session> getSessionFromExchange(Exchange exchange) {
        return Optional.ofNullable((Session) exchange.getProperty("SESSION"));
    }

    public List<String> createCookieAttributes(Exchange exchange) {
        String[] strArr = new String[7];
        strArr[0] = this.sessionCookie ? null : "Max-Age=" + this.expiresAfterSeconds;
        strArr[1] = this.sessionCookie ? null : "Expires=" + DateTimeFormatter.RFC_1123_DATE_TIME.format(OffsetDateTime.now(ZoneOffset.UTC).plus((TemporalAmount) Duration.ofSeconds(this.expiresAfterSeconds)));
        strArr[2] = "Path=/";
        strArr[3] = needsSecureAttribute(exchange) ? "Secure" : null;
        strArr[4] = this.domain != null ? "Domain=" + this.domain + "; " : null;
        strArr[5] = this.httpOnly ? "HttpOnly" : null;
        strArr[6] = this.sameSite != null ? "SameSite=" + this.sameSite : null;
        return (List) Stream.of((Object[]) strArr).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }

    private boolean needsSecureAttribute(Exchange exchange) {
        Proxy proxy = exchange.getProxy();
        return proxy instanceof SSLableProxy ? ((SSLableProxy) proxy).isInboundSSL() || this.secure : this.secure;
    }

    public List<String> createInvalidationAttributes(Exchange exchange) {
        String[] strArr = new String[6];
        strArr[0] = VALUE_TO_EXPIRE_SESSION_IN_BROWSER;
        strArr[1] = "Path=/";
        strArr[2] = needsSecureAttribute(exchange) ? "Secure" : null;
        strArr[3] = this.domain != null ? "Domain=" + this.domain + "; " : null;
        strArr[4] = this.httpOnly ? "HttpOnly" : null;
        strArr[5] = this.sameSite != null ? "SameSite=" + this.sameSite : null;
        return (List) Stream.of((Object[]) strArr).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }

    protected Stream<String> getCookies(Exchange exchange) {
        return exchange.getRequest().getHeader().getValues(new HeaderName("Cookie")).stream().map(headerField -> {
            return headerField.getValue().split(VMDescriptor.ENDCLASS);
        }).flatMap((v0) -> {
            return Arrays.stream(v0);
        }).map((v0) -> {
            return v0.trim();
        });
    }

    public void removeSession(Exchange exchange) {
        expireCookies(exchange, getInvalidCookies(exchange, UUID.randomUUID().toString())).forEach(str -> {
            exchange.getResponse().getHeader().add("Set-Cookie", str);
        });
    }

    public long getExpiresAfterSeconds() {
        return this.expiresAfterSeconds;
    }

    @MCAttribute
    public void setExpiresAfterSeconds(long j) {
        this.expiresAfterSeconds = j;
    }

    public String getDomain() {
        return this.domain;
    }

    @MCAttribute
    public void setDomain(String str) {
        this.domain = str;
    }

    protected String getCookieHeader(Exchange exchange) {
        return (String) getCookies(exchange).collect(Collectors.joining(VMDescriptor.ENDCLASS));
    }

    public boolean isHttpOnly() {
        return this.httpOnly;
    }

    @MCAttribute
    public void setHttpOnly(boolean z) {
        this.httpOnly = z;
    }

    public String getSameSite() {
        return this.sameSite;
    }

    @MCAttribute
    public void setSameSite(String str) {
        this.sameSite = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] getAllCookieKeys(Exchange exchange) {
        return getCookieHeader(exchange).split(Pattern.quote(VMDescriptor.ENDCLASS));
    }

    public String getIssuer() {
        return this.issuer;
    }

    @MCAttribute
    public void setIssuer(String str) {
        this.issuer = str;
    }

    public boolean isTtlExpiryRefreshOnAccess() {
        return this.ttlExpiryRefreshOnAccess;
    }

    @MCAttribute
    public void setTtlExpiryRefreshOnAccess(boolean z) {
        this.ttlExpiryRefreshOnAccess = z;
    }

    public boolean isSecure() {
        return this.secure;
    }

    @MCAttribute
    public SessionManager setSecure(boolean z) {
        this.secure = z;
        return this;
    }

    public boolean isSessionCookie() {
        return this.sessionCookie;
    }

    @MCAttribute
    public SessionManager setSessionCookie(boolean z) {
        this.sessionCookie = z;
        return this;
    }
}
