package sk.eset.era.g2webconsole.server.modules.authorization;

import com.aventrix.jnanoid.jnanoid.NanoIdUtils;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.time.Duration;
import java.time.Instant;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.inject.Inject;
import javax.inject.Provider;
import javax.inject.Singleton;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sk.eset.era.commons.common.constants.Locale;
import sk.eset.era.commons.common.constants.SessionManagementConstants;
import sk.eset.era.commons.common.constants.Version;
import sk.eset.era.commons.common.model.exceptions.SessionCreationFailedException;
import sk.eset.era.commons.common.model.exceptions.SessionNotValidException;
import sk.eset.era.commons.common.model.objects.SessionStateInfo;
import sk.eset.era.commons.server.model.objects.UuidProtobuf;
import sk.eset.era.g2webconsole.common.model.exceptions.EraRequestHandlingException;
import sk.eset.era.g2webconsole.server.modules.Timers;
import sk.eset.era.g2webconsole.server.modules.authorization.AuthorizationAttackDetector;
import sk.eset.era.g2webconsole.server.modules.authorization.SessionID;
import sk.eset.era.g2webconsole.server.modules.authorization.UserLogger;
import sk.eset.era.g2webconsole.server.modules.connection.EraServerConnection;
import sk.eset.era.g2webconsole.server.modules.connection.exceptions.MessageParsingErrorException;
import sk.eset.era.g2webconsole.server.modules.connection.exceptions.SynchronousCallTimeout;
import sk.eset.era.g2webconsole.server.modules.connection.rpc.RpcException;
import sk.eset.era.g2webconsole.server.modules.connection.rpc.sessionmanagement.KeepaliveRequest;
import sk.eset.era.g2webconsole.server.modules.execution.Scheduled;
import sk.eset.era.g2webconsole.server.modules.monitor.MonitorModule;
import sk.eset.era.g2webconsole.server.modules.openid.IdentityServer;
import sk.eset.phoenix.common.http.EraCookie;
import sk.eset.phoenix.common.logger.Logger;
import sk.eset.phoenix.common.monitor.MonitorThreadLocal;
import sk.eset.phoenix.common.monitor.RequestInfo;
import sk.eset.phoenix.common.reports.ReportsTracingThreadLocal;
import sk.eset.phoenix.common.security.OriginHash;

@Singleton
/* loaded from: input_file:WEB-INF/lib/commons-0.0.1-SNAPSHOT.jar:sk/eset/era/g2webconsole/server/modules/authorization/ServerSideSessionDataManager.class */
public class ServerSideSessionDataManager {
    private final Timer timeoutTimer;
    private final SessionFactory sessionFactory;
    private final SecuritySettings securitySettings;
    private final MonitorModule monitor;
    private final Timers timers;
    private final Scheduled scheduled;
    private final IdentityServer identityServer;
    private final AuthorizationAttackDetector authorizationAttackDetector;
    private final Provider<OriginHash> hashProvider;
    private final UserLogger.Factory userLoggerFactory;
    private final Logger logger;
    private static final Session PLACEHOLDER_SESSION = new Session() { // from class: sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.1
        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void init() {
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public AuthorizationAttackDetector.FailureReason isInvalid(String str, HttpServletRequest httpServletRequest) {
            return AuthorizationAttackDetector.FailureReason.INVALID_ID;
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public ServerSideSessionData getData() {
            return null;
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public String getLocale() {
            return null;
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public String getOpenID_sub() {
            return null;
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void setOpenID_id_token(String str) {
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void setOpenID_access_token(String str, Long l, String str2) {
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void close() {
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public SessionStateInfo closeIfExpired() {
            return null;
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public SessionStateInfo resetSessionTimeout() {
            return null;
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public SessionStateInfo readRemainingSessionTimeoutAndSessionState() {
            return null;
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void newWindowOpened() {
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void onWindowClosed() {
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void updateMonitoring(RequestInfo requestInfo) {
        }
    };
    private final ReentrantReadWriteLock sessionsList = new ReentrantReadWriteLock(true);
    private final Map<String, Session> activeSessions = new HashMap();
    private final Map<String, String> activeSessionsByIntegrationId = new HashMap();
    private final Map<String, String> activeSessionByIntuneLoginID = new HashMap();
    private final SecureRandom randomGenerator = new SecureRandom();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/commons-0.0.1-SNAPSHOT.jar:sk/eset/era/g2webconsole/server/modules/authorization/ServerSideSessionDataManager$EcaSessionImpl.class */
    public static class EcaSessionImpl extends SessionImpl {
        private static final long INACTIVITY_CHECK_PERIOD = 33000;
        private static final Duration INACTIVITY_TIMEOUT = Duration.ofMinutes(5);
        private final AtomicBoolean validOnIds;
        private final AtomicBoolean isValidating;
        private Instant lastActivity;
        private final AtomicBoolean lastWindowClosed;
        private final IdentityServer identityServer;

        EcaSessionImpl(ServerSideSessionData serverSideSessionData, IdentityServer identityServer, Timer timer, Runnable runnable) {
            super(serverSideSessionData, timer, runnable);
            this.validOnIds = new AtomicBoolean(true);
            this.isValidating = new AtomicBoolean(false);
            this.lastWindowClosed = new AtomicBoolean(false);
            this.identityServer = identityServer;
            identityServer.onSessionCreated(serverSideSessionData);
            this.lastActivity = Instant.now();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.SessionImpl, sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void init() {
            TimerTask timerTask = new TimerTask() { // from class: sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.EcaSessionImpl.1
                @Override // java.util.TimerTask, java.lang.Runnable
                public void run() {
                    if (EcaSessionImpl.this.isValidUntil().isBefore(Instant.now()) || EcaSessionImpl.this.lastWindowClosed.get()) {
                        try {
                            EcaSessionImpl.this.close();
                        } catch (Exception e) {
                            EcaSessionImpl.this.data.log().warn("Timer task failed: " + e.getMessage(), new Object[0]);
                        }
                    }
                }
            };
            this.timeoutTimer.scheduleAtFixedRate(timerTask, INACTIVITY_CHECK_PERIOD, INACTIVITY_CHECK_PERIOD);
            List<Runnable> list = this.cleanups;
            timerTask.getClass();
            list.add(timerTask::cancel);
            scheduleBackgroundTasks();
        }

        Instant isValidUntil() {
            return this.lastActivity.plus((TemporalAmount) INACTIVITY_TIMEOUT);
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.SessionImpl, sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void close() {
            this.identityServer.onSessionClosed(this.data);
            super.close();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.SessionImpl, sk.eset.era.g2webconsole.server.modules.authorization.Session
        public SessionStateInfo closeIfExpired() {
            throw new IllegalStateException("Method closeIfExpired is not implemented in cloud");
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.SessionImpl, sk.eset.era.g2webconsole.server.modules.authorization.Session
        public SessionStateInfo resetSessionTimeout() {
            if (!this.validOnIds.get()) {
                return getExpiredSessionState();
            }
            prolongSession();
            synchronized (this) {
                this.identityServer.keepAlive(this.data, () -> {
                    this.validOnIds.set(false);
                });
            }
            return sessionStateInfo();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.SessionImpl, sk.eset.era.g2webconsole.server.modules.authorization.Session
        public SessionStateInfo readRemainingSessionTimeoutAndSessionState() {
            if (!this.validOnIds.get()) {
                return getExpiredSessionState();
            }
            if (this.isValidating.get()) {
                return sessionStateInfo();
            }
            try {
                this.isValidating.set(true);
                if (this.identityServer.isSessionValid(this.data)) {
                    prolongSession();
                    return sessionStateInfo();
                }
                this.data.log().info("Session is no more valid on IDS - client should auto-logout", new Object[0]);
                this.validOnIds.set(false);
                return getExpiredSessionState();
            } finally {
                this.isValidating.set(false);
            }
        }

        void prolongSession() {
            this.lastActivity = Instant.now();
            this.lastWindowClosed.set(false);
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.SessionImpl
        void scheduleNewTimeout(boolean z) {
            if (z) {
                this.lastWindowClosed.set(true);
            } else {
                prolongSession();
            }
        }

        SessionStateInfo sessionStateInfo() {
            return createSessionStateInfo(0L, false);
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.SessionImpl, sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void updateMonitoring(RequestInfo requestInfo) {
            requestInfo.setUser(this.data.getEcaInstanceId(), this.data.getUserLogName());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/commons-0.0.1-SNAPSHOT.jar:sk/eset/era/g2webconsole/server/modules/authorization/ServerSideSessionDataManager$SessionIds.class */
    public static class SessionIds {
        final String id;
        final String idHttpOnly;
        final String integrationId;

        private SessionIds(String str, String str2, String str3) {
            this.id = str;
            this.idHttpOnly = str2;
            this.integrationId = str3;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/commons-0.0.1-SNAPSHOT.jar:sk/eset/era/g2webconsole/server/modules/authorization/ServerSideSessionDataManager$SessionImpl.class */
    public static class SessionImpl implements Session {
        protected final ServerSideSessionData data;
        protected final Timer timeoutTimer;
        protected final List<Runnable> cleanups;
        private final Runnable removeFromSessionsList;
        private TimerTaskReadable timeoutTimerTask;

        private SessionImpl(ServerSideSessionData serverSideSessionData, Timer timer, Runnable runnable) {
            this.cleanups = new ArrayList();
            this.data = serverSideSessionData;
            this.timeoutTimer = timer;
            this.removeFromSessionsList = runnable;
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void init() {
            scheduleTimeoutTimer(false);
            this.cleanups.add(() -> {
                if (this.timeoutTimerTask != null) {
                    this.timeoutTimerTask.cancel();
                    this.timeoutTimerTask = null;
                }
            });
            scheduleBackgroundTasks();
        }

        protected void scheduleBackgroundTasks() {
            TimerTask scheduleKeepaliveTimer = scheduleKeepaliveTimer(this.data.getSessionManagementConstants().getSessionTimeoutServerSynchronizationPeriod());
            List<Runnable> list = this.cleanups;
            scheduleKeepaliveTimer.getClass();
            list.add(scheduleKeepaliveTimer::cancel);
            ServerSideDataMiner serverSideDataMiner = new ServerSideDataMiner(this.data);
            List<Runnable> list2 = this.cleanups;
            serverSideDataMiner.getClass();
            list2.add(serverSideDataMiner::cancel);
            ServerSideSessionData serverSideSessionData = this.data;
            serverSideDataMiner.getClass();
            serverSideSessionData.setDataMinerReschedule(serverSideDataMiner::scheduleManager);
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public AuthorizationAttackDetector.FailureReason isInvalid(String str, HttpServletRequest httpServletRequest) {
            if (this.data == null) {
                return AuthorizationAttackDetector.FailureReason.INVALID_ID;
            }
            AuthorizationAttackDetector.ClientRequestProperties createFromReq = AuthorizationAttackDetector.ClientRequestProperties.createFromReq(httpServletRequest);
            if (!this.data.isAllowedIpChange() && !Objects.equals(createFromReq, this.data.getClientRequestProperties())) {
                if (!Objects.equals(createFromReq.getRemoteAddress(), this.data.getClientRequestProperties().getRemoteAddress())) {
                    return AuthorizationAttackDetector.FailureReason.WRONG_ADDRESS;
                }
                if (!Objects.equals(createFromReq.getUserAgent(), this.data.getClientRequestProperties().getUserAgent())) {
                    return AuthorizationAttackDetector.FailureReason.WRONG_USER_AGENT;
                }
                if (!Objects.equals(createFromReq.getAcceptLanguage(), this.data.getClientRequestProperties().getAcceptLanguage())) {
                    return AuthorizationAttackDetector.FailureReason.WRONG_ACCEPT_LANGUAGE;
                }
            }
            if (createFromReq.getRemoteAddress() != null) {
                this.data.addUsedClientRequestProperties(createFromReq);
            }
            if (!this.data.getUseCookies()) {
                afterValidation();
                return null;
            }
            Cookie[] cookies = httpServletRequest.getCookies();
            String cookieValue = EraCookie.getCookieValue(SessionManagementConstants.SESSION_ID_COOKIE_NAME, cookies);
            String cookieValue2 = EraCookie.getCookieValue(SessionManagementConstants.SESSION_ID_HTTP_ONLY_COOKIE_NAME, cookies);
            if (cookieValue == null || cookieValue2 == null) {
                return AuthorizationAttackDetector.FailureReason.NO_COOKIE_FOR_SESSION_ID;
            }
            if (!str.equals(cookieValue)) {
                return AuthorizationAttackDetector.FailureReason.OTHER;
            }
            if (!this.data.getSessionIDHttpOnly().equals(cookieValue2)) {
                return AuthorizationAttackDetector.FailureReason.INVALID_ID;
            }
            this.data.getModuleFactory().getRpcCallsModule().setLogPath(EraCookie.getCookieValue(SessionManagementConstants.RPC_CALLS_LOG_COOKIE_NAME, cookies));
            this.data.getModuleFactory().getRpcCallsModule().setSimulatedFailingRequests(EraCookie.getCookieValue(SessionManagementConstants.SIMULATED_FAILING_REQUESTS_COOKIE_NAME, cookies));
            this.data.getModuleFactory().getRpcCallsModule().setPendingSimulationEnabled(Boolean.parseBoolean(EraCookie.getCookieValue(SessionManagementConstants.ENABLE_PENDING_SIMULATION_COOKIE_NAME, cookies)));
            afterValidation();
            return null;
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public ServerSideSessionData getData() {
            return this.data;
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public String getLocale() {
            return this.data.getUserSessionData().clientUserSessionData.getLocale();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public String getOpenID_sub() {
            return this.data.getOpenID_sub();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void setOpenID_id_token(String str) {
            this.data.setOpenID_id_token(str);
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void setOpenID_access_token(String str, Long l, String str2) {
            this.data.setOpenID_access_token(str, l, str2);
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void close() {
            this.removeFromSessionsList.run();
            this.cleanups.forEach((v0) -> {
                v0.run();
            });
            this.cleanups.clear();
            this.data.cancelTasks();
            closeConnection();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public SessionStateInfo closeIfExpired() {
            SessionStateInfo readRemainingSessionTimeoutAndSessionState = readRemainingSessionTimeoutAndSessionState();
            if (readRemainingSessionTimeoutAndSessionState.getRemainingSessionTimeout() > this.data.getSessionManagementConstants().getSessionTimeoutEnding()) {
                return readRemainingSessionTimeoutAndSessionState;
            }
            this.data.log().info("session_expired", new Object[0]);
            close();
            return readRemainingSessionTimeoutAndSessionState;
        }

        void scheduleNewTimeout(boolean z) {
            scheduleTimeoutTimer(z);
            this.timeoutTimer.purge();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public synchronized SessionStateInfo resetSessionTimeout() {
            scheduleNewTimeout(false);
            return getSessionState();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public SessionStateInfo readRemainingSessionTimeoutAndSessionState() {
            return getSessionState();
        }

        private SessionStateInfo getSessionState() {
            return createSessionStateInfo(getRemainingSessionTimeout(), false);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public SessionStateInfo getExpiredSessionState() {
            return createSessionStateInfo(0L, true);
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public synchronized void newWindowOpened() {
            scheduleNewTimeout(false);
            this.data.increaseNumOpenedWindows();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public synchronized void onWindowClosed() {
            if (this.data.decreaseNumOpenedWindows() <= 0) {
                this.data.log().info("session_closed_by_window", this.data.getLogRequest(), this.data.getRemoteUser());
                scheduleNewTimeout(true);
            }
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void updateMonitoring(RequestInfo requestInfo) {
        }

        private synchronized void afterValidation() {
            if (this.data.getSessionManagementConstants().getAutologoutEnabled()) {
                return;
            }
            scheduleNewTimeout(false);
        }

        private void scheduleTimeoutTimer(boolean z) {
            long sessionTimeoutAfterClose = z ? this.data.getSessionManagementConstants().getSessionTimeoutAfterClose() : this.data.getSessionManagementConstants().getAutologoutEnabled() ? this.data.getSessionManagementConstants().getSessionTimeout() + this.data.getSessionManagementConstants().getSessionTimeoutWebServerOffset() : this.data.getSessionManagementConstants().getSessionTimeoutNoAutologout();
            if (this.timeoutTimerTask != null) {
                this.timeoutTimerTask.cancel();
            }
            this.timeoutTimerTask = new TimerTaskReadable(sessionTimeoutAfterClose) { // from class: sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.SessionImpl.1
                @Override // java.util.TimerTask, java.lang.Runnable
                public void run() {
                    try {
                        SessionImpl.this.data.log().info("session_expired", new Object[0]);
                        SessionImpl.this.close();
                    } catch (Exception e) {
                        SessionImpl.this.data.log().trace("Timer task failed: " + e.getMessage(), new Object[0]);
                    }
                }
            };
            this.timeoutTimer.schedule(this.timeoutTimerTask, sessionTimeoutAfterClose);
        }

        private TimerTask scheduleKeepaliveTimer(long j) {
            TimerTask timerTask = new TimerTask() { // from class: sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.SessionImpl.2
                @Override // java.util.TimerTask, java.lang.Runnable
                public void run() {
                    try {
                        SessionImpl.this.sendKeepalive();
                    } catch (Exception e) {
                        SessionImpl.this.data.log().trace("KeepAlive timer failed: " + e.getMessage(), new Object[0]);
                    }
                }
            };
            this.timeoutTimer.schedule(timerTask, j, j);
            return timerTask;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void sendKeepalive() {
            KeepaliveRequest keepaliveRequest = new KeepaliveRequest();
            try {
                this.data.prepareRequest(keepaliveRequest);
                keepaliveRequest.sendTo();
            } catch (IOException e) {
                this.data.log().trace("Keepalive request failed. Reason: '" + e.getMessage() + "'", new Object[0]);
            }
        }

        private void closeConnection() {
            try {
                if (this.data.getEraServerConnection() == null) {
                    return;
                }
                this.data.getEraServerConnection().closeConnection(null);
                this.data.log().info("connection_closed", new Object[0]);
            } catch (IOException e) {
                this.data.log().warn("connection_close_failed", this.data.getLogRequest(), this.data.getRemoteUser(), e.getMessage());
            }
        }

        private long getRemainingSessionTimeout() {
            return Math.max(this.timeoutTimerTask.getRemainingTime() - this.data.getSessionManagementConstants().getSessionTimeoutWebServerOffset(), 0L);
        }

        SessionStateInfo createSessionStateInfo(long j, boolean z) {
            return new SessionStateInfo(j, this.data.getModuleFactory().getSecurityModule().getUserAccessRightsSequenceNumber(), this.data.getUserSessionData().clientUserSessionData.getEraServerModulesUpdateGuard(), this.data.getUserSessionData().clientUserSessionData.getReportGenRate(), z, this.data.getEfdeLicenseComposite(), this.data.getEdtdLicenseComposite(), this.data.getEdtdOfflineLicenseComposite(), this.data.getEiAgentLicenseComposite(), this.data.getEILink(), this.data.getHasEiFeatureLicense(), this.data.getHasVulnerabilityManagementFeatureLicense());
        }
    }

    @Inject
    ServerSideSessionDataManager(SessionFactory sessionFactory, SecuritySettings securitySettings, MonitorModule monitorModule, Timers timers, Scheduled scheduled, IdentityServer identityServer, AuthorizationAttackDetector authorizationAttackDetector, Provider<OriginHash> provider, UserLogger.Factory factory, Logger logger) {
        this.sessionFactory = sessionFactory;
        this.securitySettings = securitySettings;
        this.monitor = monitorModule;
        this.timers = timers;
        this.scheduled = scheduled;
        this.identityServer = identityServer;
        this.authorizationAttackDetector = authorizationAttackDetector;
        this.hashProvider = provider;
        this.userLoggerFactory = factory;
        this.logger = logger;
        this.randomGenerator.nextBytes(new byte[1]);
        this.timeoutTimer = timers.createTimer("Session timeout timer");
    }

    private String generateUniqueSessionID(String str) throws SessionCreationFailedException {
        for (int i = 0; i < 10; i++) {
            String generateSessionID = SessionID.generateSessionID(this.logger, this.randomGenerator, str, SessionID.SessionIdEncoding.BASE64);
            if (!this.activeSessions.containsKey(generateSessionID)) {
                return generateSessionID;
            }
        }
        this.logger.warn("Could not generate unique session ID (after 10 tries).", new Object[0]);
        throw new SessionCreationFailedException();
    }

    private String generateUniqueIntuneLoginID() {
        for (int i = 0; i < 10; i++) {
            String randomNanoId = NanoIdUtils.randomNanoId();
            if (!this.activeSessionByIntuneLoginID.containsKey(randomNanoId)) {
                return randomNanoId;
            }
        }
        this.logger.warn("Could not generate unique intuneLogin ID (after 10 tries).", new Object[0]);
        return "";
    }

    private String generateUniqueIntegrationId(String str) throws SessionCreationFailedException {
        for (int i = 0; i < 10; i++) {
            String generateSessionID = SessionID.generateSessionID(this.logger, this.randomGenerator, str, SessionID.SessionIdEncoding.HEXA);
            if (!this.activeSessionsByIntegrationId.containsKey(generateSessionID)) {
                return generateSessionID;
            }
        }
        this.logger.warn("Could not generate unique config files ID (after 10 tries).", new Object[0]);
        throw new SessionCreationFailedException();
    }

    public String createIntuneLoginID(ServerSideSessionData serverSideSessionData) {
        synchronized (this.activeSessionByIntuneLoginID) {
            String intuneLoginID = serverSideSessionData.getIntuneLoginID();
            if (intuneLoginID != null && !intuneLoginID.trim().isEmpty()) {
                return intuneLoginID;
            }
            String generateUniqueIntuneLoginID = generateUniqueIntuneLoginID();
            if (generateUniqueIntuneLoginID.isEmpty()) {
                return "";
            }
            serverSideSessionData.setIntuneLoginID(generateUniqueIntuneLoginID);
            this.activeSessionByIntuneLoginID.put(generateUniqueIntuneLoginID, serverSideSessionData.getSessionID());
            return generateUniqueIntuneLoginID;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Session getSession(String str, HttpServletRequest httpServletRequest) throws SessionNotValidException {
        String hash = this.hashProvider.get().hash();
        if (ReportsTracingThreadLocal.getTracingContext() != null) {
            ReportsTracingThreadLocal.getTracingContext().setRequestClientPath(hash);
        }
        return updateMonitoring(getValidSession(str, httpServletRequest), hash);
    }

    Session updateMonitoring(Session session, String str) {
        if (session != null && MonitorThreadLocal.getRequestInfo() != null) {
            session.updateMonitoring(MonitorThreadLocal.getRequestInfo());
            MonitorThreadLocal.getRequestInfo().setRequestClientPath(str);
        }
        return session;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerSideSessionData validateSessionByIntegrationId(String str, HttpServletRequest httpServletRequest) throws SessionNotValidException {
        this.sessionsList.readLock().lock();
        try {
            String str2 = this.activeSessionsByIntegrationId.get(str);
            this.sessionsList.readLock().unlock();
            if (str2 == null) {
                this.authorizationAttackDetector.onSessionVerificationFailure(str, AuthorizationAttackDetector.ClientRequestProperties.createFromReq(httpServletRequest), AuthorizationAttackDetector.FailureReason.INVALID_ID);
                throw new SessionNotValidException();
            }
            Session validSession = getValidSession(str2, httpServletRequest);
            if (validSession != null) {
                return validSession.getData();
            }
            return null;
        } catch (Throwable th) {
            this.sessionsList.readLock().unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerSideSessionData getSessionDataByIntuneLoginId(String str, HttpServletRequest httpServletRequest) throws SessionNotValidException {
        String str2;
        synchronized (this.activeSessionByIntuneLoginID) {
            str2 = this.activeSessionByIntuneLoginID.get(str);
            if (str2 != null) {
                this.activeSessionByIntuneLoginID.remove(str);
            }
        }
        if (str2 == null) {
            this.authorizationAttackDetector.onSessionVerificationFailure(str, AuthorizationAttackDetector.ClientRequestProperties.createFromReq(httpServletRequest), AuthorizationAttackDetector.FailureReason.INVALID_ID);
            throw new SessionNotValidException();
        }
        Session validSession = getValidSession(str2, httpServletRequest);
        if (validSession == null) {
            return null;
        }
        ServerSideSessionData data = validSession.getData();
        synchronized (this.activeSessionByIntuneLoginID) {
            data.setIntuneLoginID("");
        }
        return data;
    }

    private Session getValidSession(String str, HttpServletRequest httpServletRequest) throws SessionNotValidException {
        if (str == null) {
            this.logger.trace("Error get Session data : SessionId empty", new Object[0]);
            return invalidSession();
        }
        this.sessionsList.readLock().lock();
        try {
            Session session = this.activeSessions.get(str);
            AuthorizationAttackDetector.FailureReason isInvalid = session == null ? AuthorizationAttackDetector.FailureReason.INVALID_ID : session.isInvalid(str, httpServletRequest);
            if (isInvalid == null) {
                return session;
            }
            this.authorizationAttackDetector.onSessionVerificationFailure(str, AuthorizationAttackDetector.ClientRequestProperties.createFromReq(httpServletRequest), isInvalid);
            return invalidSession();
        } finally {
            this.sessionsList.readLock().unlock();
        }
    }

    private static Session invalidSession() throws SessionNotValidException {
        throw new SessionNotValidException();
    }

    private void setResponseSessionIdHttpOnlyCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Logger logger) {
        boolean isSecure = httpServletRequest.isSecure();
        logger.trace("Setting HTTP Only session cookie, secure:", Boolean.valueOf(isSecure));
        httpServletResponse.addHeader("Set-Cookie", String.format("%s=%s; %s; HttpOnly" + (isSecure ? "; Secure" : ""), SessionManagementConstants.SESSION_ID_HTTP_ONLY_COOKIE_NAME, str, SessionManagementConstants.SESSION_COOKIE_ATTRIBUTES));
    }

    private void setResponseDeviceIdHttpOnlyCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, Logger logger) {
        if (str == null || str.isEmpty()) {
            return;
        }
        boolean isSecure = httpServletRequest.isSecure();
        logger.trace("Setting HTTP Only device id cookie, secure:", Boolean.valueOf(isSecure));
        httpServletResponse.addHeader("Set-Cookie", String.format("%s=%s; %s; Expires=%s; HttpOnly" + (isSecure ? "; Secure" : ""), getDeviceIdCookieName(str2, logger), str, SessionManagementConstants.SESSION_COOKIE_ATTRIBUTES, DateTimeFormatter.RFC_1123_DATE_TIME.format(OffsetDateTime.now(ZoneOffset.UTC).plus((TemporalAmount) Duration.ofDays(7L)))));
    }

    public void deleteResponseDeviceIdHttpOnlyCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Logger logger) {
        boolean isSecure = httpServletRequest.isSecure();
        logger.trace("Setting HTTP Only device id cookie, secure:", Boolean.valueOf(isSecure));
        httpServletResponse.addHeader("Set-Cookie", String.format("%s=%s; %s; Max-Age=0; HttpOnly" + (isSecure ? "; Secure" : ""), getDeviceIdCookieName(str, logger), "", SessionManagementConstants.SESSION_COOKIE_ATTRIBUTES));
    }

    public static String getDeviceIdCookieName(String str, Logger logger) {
        try {
            byte[] digest = MessageDigest.getInstance("MD5").digest(str.getBytes());
            StringBuilder sb = new StringBuilder();
            for (byte b : digest) {
                sb.append(String.format("%02x", Byte.valueOf(b)));
            }
            return SessionManagementConstants.DEVICE_ID_HTTP_ONLY_COOKIE_NAME_PREFIX + "-" + ((Object) sb);
        } catch (NoSuchAlgorithmException e) {
            logger.error("Cannot create MD5 digest for user name: " + str, new Object[0]);
            return SessionManagementConstants.DEVICE_ID_HTTP_ONLY_COOKIE_NAME_PREFIX;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Session createSession(boolean z, EraServerConnection eraServerConnection, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UuidProtobuf.Uuid uuid, String str, String str2, String str3, String str4, boolean z2, String str5) throws SessionCreationFailedException, EraRequestHandlingException, SynchronousCallTimeout, IOException, RpcException, MessageParsingErrorException {
        AuthorizationAttackDetector.ClientRequestProperties createFromReq = AuthorizationAttackDetector.ClientRequestProperties.createFromReq(httpServletRequest);
        this.sessionsList.writeLock().lock();
        try {
            SessionIds generateIds = generateIds(createFromReq.getRemoteAddress(), z);
            this.activeSessions.put(generateIds.id, PLACEHOLDER_SESSION);
            this.activeSessionsByIntegrationId.put(generateIds.integrationId, generateIds.id);
            this.sessionsList.writeLock().unlock();
            try {
                Session initSession = initSession(z, eraServerConnection, httpServletRequest, uuid, str3, str4, z2, str5, generateIds, str2);
                this.sessionsList.writeLock().lock();
                try {
                    this.activeSessions.put(generateIds.id, initSession);
                    this.sessionsList.writeLock().unlock();
                    this.authorizationAttackDetector.onSessionCreated(generateIds.id, createFromReq);
                    if (z) {
                        setResponseSessionIdHttpOnlyCookie(httpServletRequest, httpServletResponse, initSession.getData().getSessionIDHttpOnly(), initSession.getData().log());
                        setResponseDeviceIdHttpOnlyCookie(httpServletRequest, httpServletResponse, str, str4, initSession.getData().log());
                    }
                    return initSession;
                } finally {
                    this.sessionsList.writeLock().unlock();
                }
            } catch (Exception e) {
                this.sessionsList.writeLock().lock();
                try {
                    this.activeSessions.remove(generateIds.id);
                    this.activeSessionsByIntegrationId.remove(generateIds.integrationId);
                    this.sessionsList.writeLock().unlock();
                    throw e;
                } finally {
                }
            }
        } finally {
        }
    }

    protected Session initSession(boolean z, EraServerConnection eraServerConnection, HttpServletRequest httpServletRequest, UuidProtobuf.Uuid uuid, String str, String str2, boolean z2, String str3, SessionIds sessionIds, String str4) throws EraRequestHandlingException, IOException, RpcException, MessageParsingErrorException {
        SessionImpl sessionImpl;
        ServerSideSessionData createSessionData = createSessionData(sessionIds, httpServletRequest, eraServerConnection, z, str2, uuid, str, z2, str4);
        if (Version.IS_CLOUD) {
            createSessionData.setUser_session_id(str3);
            sessionImpl = new EcaSessionImpl(createSessionData, this.identityServer, this.timeoutTimer, () -> {
                removeFromSessionsList(createSessionData);
            });
        } else {
            sessionImpl = new SessionImpl(createSessionData, this.timeoutTimer, () -> {
                removeFromSessionsList(createSessionData);
            });
        }
        sessionImpl.init();
        return sessionImpl;
    }

    private SessionIds generateIds(String str, boolean z) throws SessionCreationFailedException {
        String generateUniqueSessionID = generateUniqueSessionID(str);
        waitForNewGeneratorSeed();
        String str2 = null;
        if (z) {
            str2 = generateUniqueSessionID(str);
        }
        waitForNewGeneratorSeed();
        return new SessionIds(generateUniqueSessionID, str2, generateUniqueIntegrationId(str));
    }

    private ServerSideSessionData createSessionData(SessionIds sessionIds, HttpServletRequest httpServletRequest, EraServerConnection eraServerConnection, boolean z, String str, UuidProtobuf.Uuid uuid, String str2, boolean z2, String str3) throws EraRequestHandlingException, IOException, RpcException, MessageParsingErrorException {
        if (str2 == null) {
            str2 = "";
        }
        UserLogger create = this.userLoggerFactory.create(str);
        if (str2.length() == 0) {
            str2 = Locale.DEFAULT_LOCALE;
            create.info("session_creation_no_locale", new Object[0]);
            create.trace("No locale for the logged in user. Using default '" + str2 + "'.", new Object[0]);
        } else {
            create.info("session_creation_locale", str2);
        }
        ServerSideSessionData serverSideSessionData = new ServerSideSessionData(sessionIds.id, sessionIds.idHttpOnly, str, this.securitySettings, this.timers, this.scheduled, this.monitor, this.sessionFactory.createSessionModuleFactory(str2), sessionIds.integrationId, eraServerConnection, create);
        serverSideSessionData.getUserSessionData().clientUserSessionData.setLocale(str2);
        serverSideSessionData.setUseCookies(z);
        serverSideSessionData.setMicroserviceServerUuid(str3);
        serverSideSessionData.setClientRequestProperties(AuthorizationAttackDetector.ClientRequestProperties.createFromReq(httpServletRequest));
        serverSideSessionData.setRemoteUser(httpServletRequest.getRemoteUser());
        if (z2) {
            serverSideSessionData.increaseNumOpenedWindows();
        }
        serverSideSessionData.setUserUuid(uuid);
        serverSideSessionData.readUserSessionData(str);
        return serverSideSessionData;
    }

    private void waitForNewGeneratorSeed() {
        try {
            Thread.sleep(10L);
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SessionStateInfo closeSessionIfExpired(Session session) {
        return session.closeIfExpired();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void closeSession(String str) throws SessionNotValidException {
        this.sessionsList.readLock().lock();
        try {
            Session session = this.activeSessions.get(str);
            if (session == null) {
                throw new SessionNotValidException();
            }
            session.close();
        } finally {
            this.sessionsList.readLock().unlock();
        }
    }

    private void removeFromSessionsList(ServerSideSessionData serverSideSessionData) {
        synchronized (this.activeSessionByIntuneLoginID) {
            String intuneLoginID = serverSideSessionData.getIntuneLoginID();
            if (intuneLoginID != null && !intuneLoginID.trim().isEmpty()) {
                this.activeSessionByIntuneLoginID.remove(intuneLoginID);
            }
            serverSideSessionData.setIntuneLoginID("");
        }
        this.sessionsList.writeLock().lock();
        try {
            serverSideSessionData.log().info("session_closed", serverSideSessionData.getLogRequest(), serverSideSessionData.getRemoteUser());
            this.activeSessions.remove(serverSideSessionData.getSessionID());
            this.activeSessionsByIntegrationId.remove(serverSideSessionData.getUserSessionData().clientUserSessionData.getIntegrationId());
            this.authorizationAttackDetector.onSessionClosed(serverSideSessionData.getSessionID());
            this.sessionsList.writeLock().unlock();
        } catch (Throwable th) {
            this.sessionsList.writeLock().unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void closeSession(Session session) {
        session.close();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void closeAllSessions() {
        synchronized (this.activeSessionByIntuneLoginID) {
            this.activeSessionByIntuneLoginID.clear();
        }
        this.sessionsList.writeLock().lock();
        try {
            this.logger.info("session_close_all", Integer.valueOf(this.activeSessions.size()));
            this.timeoutTimer.cancel();
            ArrayList arrayList = new ArrayList(this.activeSessions.values());
            this.activeSessions.clear();
            this.activeSessionsByIntegrationId.clear();
            this.sessionsList.writeLock().unlock();
            arrayList.forEach((v0) -> {
                v0.close();
            });
            this.identityServer.close();
        } catch (Throwable th) {
            this.sessionsList.writeLock().unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SessionStateInfo getRemainingSessionTimeoutAndSessionState(Session session) {
        return session.readRemainingSessionTimeoutAndSessionState();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SessionStateInfo resetSessionTimeout(Session session) {
        return session.resetSessionTimeout();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void newWindowOpened(Session session) {
        session.newWindowOpened();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void onWindowClosed(Session session) {
        session.onWindowClosed();
    }
}
