package sk.eset.era.g2webconsole.server.modules.authorization;

import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.concurrent.ExecutorService;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Supplier;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sk.eset.era.commons.common.constants.Version;
import sk.eset.era.commons.common.model.exceptions.AddressBlockedException;
import sk.eset.era.commons.common.model.exceptions.LoginExpiredException;
import sk.eset.era.commons.common.model.exceptions.LoginFailedException;
import sk.eset.era.commons.common.model.exceptions.LoginRequired2FAException;
import sk.eset.era.commons.common.model.exceptions.SessionCreationFailedException;
import sk.eset.era.commons.common.model.exceptions.SessionNotValidException;
import sk.eset.era.commons.common.model.exceptions.VersionsMismatchException;
import sk.eset.era.commons.common.model.objects.SessionStateInfo;
import sk.eset.era.commons.common.tools.CommonUtils;
import sk.eset.era.g2webconsole.common.model.exceptions.EraRequestHandlingException;
import sk.eset.era.g2webconsole.server.modules.ModuleFactory;
import sk.eset.era.g2webconsole.server.modules.authorization.AuthorizationAttackDetector;
import sk.eset.era.g2webconsole.server.modules.authorization.AuthorizationModule;
import sk.eset.era.g2webconsole.server.modules.authorization.EraServerConnectionError;
import sk.eset.era.g2webconsole.server.modules.authorization.UserLogger;
import sk.eset.era.g2webconsole.server.modules.config.UserDefaultSettings;
import sk.eset.era.g2webconsole.server.modules.connection.ConnectionSettings;
import sk.eset.era.g2webconsole.server.modules.connection.EraServerConnection;
import sk.eset.era.g2webconsole.server.modules.connection.EraServerConnectionState;
import sk.eset.era.g2webconsole.server.modules.connection.ProtocolStackBuilderImpl;
import sk.eset.era.g2webconsole.server.modules.connection.exceptions.CertificateProblemException;
import sk.eset.era.g2webconsole.server.modules.connection.exceptions.MessageParsingErrorException;
import sk.eset.era.g2webconsole.server.modules.connection.exceptions.SynchronousCallTimeout;
import sk.eset.era.g2webconsole.server.modules.connection.rpc.RpcException;
import sk.eset.era.g2webconsole.server.modules.connection.rpc.notifications.NotifyReportGenerationRateChangedRequestHandler;
import sk.eset.era.g2webconsole.server.modules.connection.rpc.notifications.NotifyUpdateFinishedRequestHandler;
import sk.eset.era.g2webconsole.server.modules.connection.rpc.notifications.NotifyUserChangedRequestHandler;
import sk.eset.era.g2webconsole.server.modules.execution.Scheduled;
import sk.eset.phoenix.common.http.EraCookie;
import sk.eset.phoenix.common.localize.Locales;
import sk.eset.phoenix.common.logger.Logger;
import sk.eset.phoenix.common.monitor.MonitorThreadLocal;
import sk.eset.phoenix.common.monitor.RequestInfo;

@Singleton
/* loaded from: input_file:WEB-INF/lib/commons-0.0.1-SNAPSHOT.jar:sk/eset/era/g2webconsole/server/modules/authorization/ServerSideSessionManager.class */
public class ServerSideSessionManager {
    private static final String SESSION_CREATION_FAILED_EVENT_MESSAGE_ID = "session_creation_failed";
    private static final String CHANGE_PASSWORD_FAILED_EVENT_MESSAGE_ID = "change_unauthenticated_native_user_password_failed";
    private final Locales locales;
    private final AuthorizationModule authorizationModule;
    private final ServerSideSessionDataManager serverSideSessionDataManager;
    private final AuthorizationAttackDetector authorizationAttackDetector;
    private final ExecutorService backgroundExecutor;
    private final Scheduled scheduled;
    private final UserDefaultSettings userDefaultSettings;
    private final ConnectionSettings connectionSettings;
    private final UserLogger.Factory userLoggerFactory;

    @Inject
    ServerSideSessionManager(ModuleFactory moduleFactory, Scheduled scheduled, ServerSideSessionDataManager serverSideSessionDataManager, UserDefaultSettings userDefaultSettings, ConnectionSettings connectionSettings, Locales locales, AuthorizationModule authorizationModule, AuthorizationAttackDetector authorizationAttackDetector, UserLogger.Factory factory) {
        this.backgroundExecutor = moduleFactory.getBackendRequestsExecutor();
        this.scheduled = scheduled;
        this.userDefaultSettings = userDefaultSettings;
        this.connectionSettings = connectionSettings;
        this.locales = locales;
        this.authorizationModule = authorizationModule;
        this.authorizationAttackDetector = authorizationAttackDetector;
        this.serverSideSessionDataManager = serverSideSessionDataManager;
        this.userLoggerFactory = factory;
        this.authorizationAttackDetector.startCleanupTimer();
    }

    public ServerSideSessionData validateSession(String str, HttpServletRequest httpServletRequest) throws SessionNotValidException, AddressBlockedException {
        checkAddressBlocking(httpServletRequest);
        return this.serverSideSessionDataManager.getSession(str, httpServletRequest).getData();
    }

    public Session getSession(String str, HttpServletRequest httpServletRequest) throws SessionNotValidException, AddressBlockedException {
        checkAddressBlocking(httpServletRequest);
        return this.serverSideSessionDataManager.getSession(str, httpServletRequest);
    }

    @Deprecated
    public ServerSideSessionData validateSessionByIntegrationId(String str, HttpServletRequest httpServletRequest) throws SessionNotValidException, AddressBlockedException {
        checkAddressBlocking(httpServletRequest);
        return this.serverSideSessionDataManager.validateSessionByIntegrationId(str, httpServletRequest);
    }

    public ServerSideSessionData getSessionDataByIntuneLoginId(String str, HttpServletRequest httpServletRequest) throws SessionNotValidException, AddressBlockedException {
        checkAddressBlocking(httpServletRequest);
        return this.serverSideSessionDataManager.getSessionDataByIntuneLoginId(str, httpServletRequest);
    }

    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v14, types: [java.lang.Runnable, sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionManager$1SessionClosed] */
    public ServerSideSessionData createSession(String str, String str2, String str3, boolean z, String str4, boolean z2, String str5, boolean z3, String str6, boolean z4, String str7, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z5, boolean z6, ConnectionSettings.SocketLayerConnectionSettings socketLayerConnectionSettings, String str8) throws EraServerConnectionError, LoginFailedException, LoginExpiredException, LoginRequired2FAException, SessionCreationFailedException, AddressBlockedException, EraRequestHandlingException, VersionsMismatchException {
        final AuthorizationAttackDetector.ClientRequestProperties createFromReq = AuthorizationAttackDetector.ClientRequestProperties.createFromReq(httpServletRequest);
        final String str9 = str != null ? str : "";
        final UserLogger create = this.userLoggerFactory.create(str9);
        checkAddressBlocking(createFromReq, create, SESSION_CREATION_FAILED_EVENT_MESSAGE_ID, "Login (creating session) failed. Reason: address is blocked.");
        checkVersion(str7, create, createFromReq);
        if (str6 == null || !this.locales.isSupported(str6)) {
            str6 = this.userDefaultSettings.getDefaultLocale();
        }
        ?? r0 = new Runnable() { // from class: sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionManager.1SessionClosed
            private boolean callbackCalled = false;
            private String sessionID = null;

            @Override // java.lang.Runnable
            public void run() {
                boolean z7 = false;
                synchronized (this) {
                    this.callbackCalled = true;
                    if (this.sessionID != null) {
                        z7 = true;
                    }
                }
                if (z7) {
                    try {
                        ServerSideSessionManager.this.serverSideSessionDataManager.closeSession(this.sessionID);
                    } catch (SessionNotValidException e) {
                    }
                }
            }

            public void setSessionID(String str10) {
                boolean z7 = false;
                synchronized (this) {
                    this.sessionID = str10;
                    if (this.callbackCalled) {
                        z7 = true;
                    }
                }
                if (z7) {
                    try {
                        ServerSideSessionManager.this.serverSideSessionDataManager.closeSession(str10);
                    } catch (SessionNotValidException e) {
                        create.warn("connection_close_failed_session_not_valid", createFromReq.toString(), str9);
                        create.trace("Failed to close connection4. Reason: Session '" + str10 + "' is not valid", new Object[0]);
                    }
                }
            }
        };
        String remoteAddress = createFromReq.getRemoteAddress();
        if (this.userDefaultSettings.getConnectionReverseLookup() && remoteAddress != null && remoteAddress.matches(CommonUtils.getIpValidationPattern())) {
            try {
                remoteAddress = InetAddress.getByName(remoteAddress).getHostName();
            } catch (UnknownHostException e) {
            }
        }
        RequestInfo.Dependency dependency = new RequestInfo.Dependency("OpenConnection");
        EraServerConnection createEraServerConnection = createEraServerConnection(create, r0, null);
        BiConsumer biConsumer = (num, str10) -> {
            create.warn(SESSION_CREATION_FAILED_EVENT_MESSAGE_ID, createFromReq.toString(), num);
            create.trace(str10, new Object[0]);
            closeConnectionNoThrow(createEraServerConnection);
        };
        try {
            try {
                ConnectionSettings.SocketLayerConnectionSettings socketLayerConnectionSettings2 = this.connectionSettings.getSocketLayerConnectionSettings();
                ConnectionSettings.SocketLayerConnectionSettings socketLayerConnectionSettings3 = new ConnectionSettings.SocketLayerConnectionSettings(socketLayerConnectionSettings);
                if (socketLayerConnectionSettings2.getHost() != null) {
                    socketLayerConnectionSettings3.setHost(socketLayerConnectionSettings2.getHost());
                }
                if (socketLayerConnectionSettings2.getPort() != null) {
                    socketLayerConnectionSettings3.setPort(socketLayerConnectionSettings2.getPort());
                }
                createEraServerConnection.openConnection(socketLayerConnectionSettings3, z5);
                if (MonitorThreadLocal.getRequestInfo() != null) {
                    dependency.end = System.nanoTime();
                    MonitorThreadLocal.getRequestInfo().addDependency(dependency);
                }
                EraServerConnectionState waitForStateChange = createEraServerConnection.waitForStateChange(EraServerConnectionState.CONNECTING, ConnectionSettings.defaultEraServerConnectionSettings().getConnectingTimeout());
                if (waitForStateChange != EraServerConnectionState.CONNECTED && waitForStateChange != EraServerConnectionState.INITIALIZED) {
                    biConsumer.accept(3, "Login failed. Reason: Connection failed '" + waitForStateChange + "'");
                    throw new EraServerConnectionError(EraServerConnectionError.Reason.CONNECTION_FAILED_WITH_STATE, waitForStateChange);
                }
                String cookieValue = EraCookie.getCookieValue(ServerSideSessionDataManager.getDeviceIdCookieName(str9, create), httpServletRequest.getCookies());
                boolean z7 = (str4 != null || z2 || str5 != null || z3 || cookieValue == null || cookieValue.isEmpty()) ? false : true;
                try {
                    AuthorizationModule.LoginResult login = this.authorizationModule.login(createEraServerConnection, str, str2, str3, z, z7 ? cookieValue : str4, z2, str5, z3, str6, createFromReq.getUserAgent(), remoteAddress, httpServletRequest.getRemotePort());
                    if (login.getUserUuid() == null || login.getUserUuid().getUuid().length() == 0) {
                        this.authorizationAttackDetector.onLoginVerificationFailure(createFromReq.getRemoteAddress());
                        biConsumer.accept(10, "Login failed. Reason: Session not created successfully.");
                        throw new LoginFailedException();
                    }
                    try {
                        Session createSession = this.serverSideSessionDataManager.createSession(z4, createEraServerConnection, httpServletRequest, httpServletResponse, login.getUserUuid(), login.getDeviceId(), login.getMicroserviceServerUuid(), str6, str9, z6, str8);
                        ServerSideSessionData data = createSession.getData();
                        if (data == null || data.getSessionID() == null) {
                            biConsumer.accept(16, "Login failed. Reason: Session ID not generated.");
                            throw new SessionCreationFailedException();
                        }
                        data.setLoginClientRequestProperties(createFromReq);
                        r0.setSessionID(data.getSessionID());
                        registerRpcProcessors(createEraServerConnection, createSession);
                        createEraServerConnection.startReceivedRequestsWorkerThread();
                        data.getModuleFactory().getSecurityModule().loadWebconsoleSettings(data);
                        create.info("session_created", createFromReq.toString(), str9);
                        return data;
                    } catch (SessionCreationFailedException e2) {
                        biConsumer.accept(11, "Login failed during session creation. Reason: Session ID not generated: '" + e2.getMessage() + "'");
                        throw e2;
                    } catch (MessageParsingErrorException e3) {
                        biConsumer.accept(15, "Login failed during session creation. Reason: Message parsing error: '" + e3.getMessage() + "'");
                        throw new EraServerConnectionError(EraServerConnectionError.Reason.COMMUNICATION_ERROR);
                    } catch (SynchronousCallTimeout e4) {
                        biConsumer.accept(12, "Login failed during session creation. Reason: Request timeout: '" + e4.getMessage() + "'");
                        throw new EraServerConnectionError(EraServerConnectionError.Reason.TIMEOUT);
                    } catch (IOException e5) {
                        biConsumer.accept(13, "Login failed during session creation. Reason: Communication error: '" + e5.getMessage() + "'");
                        throw new EraServerConnectionError(EraServerConnectionError.Reason.COMMUNICATION_ERROR);
                    } catch (RpcException e6) {
                        create.warn("session_creation_failed_localized", createFromReq.toString(), e6.getLocalizedMessage(), 14);
                        create.trace("Login failed during session creation. Reason: '" + e6.getLocalizedMessage() + "'", new Object[0]);
                        closeConnectionNoThrow(createEraServerConnection);
                        throw new EraRequestHandlingException(e6.getLocalizedMessage());
                    }
                } catch (IOException e7) {
                    biConsumer.accept(7, "Login failed. Reason: Communication error: '" + e7.getMessage() + "'");
                    throw new EraServerConnectionError(EraServerConnectionError.Reason.COMMUNICATION_ERROR);
                } catch (LoginExpiredException e8) {
                    biConsumer.accept(9, "Login failed. Reason: user has to change password.");
                    throw e8;
                } catch (LoginFailedException e9) {
                    biConsumer.accept(8, "Login failed. Reason: name/password pair not authorized.");
                    this.authorizationAttackDetector.onLoginVerificationFailure(createFromReq.toString());
                    throw e9;
                } catch (LoginRequired2FAException e10) {
                    if (z7) {
                        this.serverSideSessionDataManager.deleteResponseDeviceIdHttpOnlyCookie(httpServletRequest, httpServletResponse, str9, create);
                    }
                    biConsumer.accept(9, "Login failed. Reason: 2FA requested.");
                    throw e10;
                } catch (EraRequestHandlingException e11) {
                    biConsumer.accept(4, "Login failed. Reason: '" + e11.getMessage() + "'");
                    throw e11;
                } catch (CertificateProblemException e12) {
                    biConsumer.accept(6, "Login failed. Reason: Certificate error: '" + e12.getMessage() + "'");
                    throw new EraServerConnectionError(EraServerConnectionError.Reason.CERTIFICATE_ERROR);
                } catch (SynchronousCallTimeout e13) {
                    biConsumer.accept(5, "Login failed. Reason: Request timeout: '" + e13.getMessage() + "'");
                    throw new EraServerConnectionError(EraServerConnectionError.Reason.TIMEOUT);
                }
            } catch (IOException e14) {
                biConsumer.accept(2, "Login failed. Reason: Unable to open connection: '" + e14.getMessage() + "'");
                throw new EraServerConnectionError(EraServerConnectionError.Reason.CANNOT_OPEN_CONNECTION);
            }
        } catch (Throwable th) {
            if (MonitorThreadLocal.getRequestInfo() != null) {
                dependency.end = System.nanoTime();
                MonitorThreadLocal.getRequestInfo().addDependency(dependency);
            }
            throw th;
        }
    }

    private void checkVersion(String str, Logger logger, AuthorizationAttackDetector.ClientRequestProperties clientRequestProperties) throws VersionsMismatchException {
        if (Version.getBuildVersion().equals(str)) {
            return;
        }
        logger.warn(SESSION_CREATION_FAILED_EVENT_MESSAGE_ID, clientRequestProperties.toString(), 17);
        logger.warn("Login or Password change failed. Reason: Client and server versions differ: client version=" + str + ", server version=" + Version.getBuildVersion(), new Object[0]);
        throw new VersionsMismatchException();
    }

    public void changeUnauthenticatedNativeUserPassword(String str, String str2, String str3, String str4, boolean z, String str5, String str6, String str7, HttpServletRequest httpServletRequest, boolean z2) throws EraServerConnectionError, LoginFailedException, LoginRequired2FAException, AddressBlockedException, EraRequestHandlingException, VersionsMismatchException {
        AuthorizationAttackDetector.ClientRequestProperties createFromReq = AuthorizationAttackDetector.ClientRequestProperties.createFromReq(httpServletRequest);
        UserLogger create = this.userLoggerFactory.create(str);
        checkAddressBlocking(createFromReq, create, CHANGE_PASSWORD_FAILED_EVENT_MESSAGE_ID, "Change unauthenticated native user password failed. Reason: address is blocked.");
        checkVersion(str7, create, createFromReq);
        Consumer consumer = str8 -> {
            create.warn(CHANGE_PASSWORD_FAILED_EVENT_MESSAGE_ID, createFromReq.toString());
            create.trace(str8, new Object[0]);
        };
        EraServerConnection createEraServerConnection = createEraServerConnection(create, null, null);
        try {
            createEraServerConnection.openConnection(this.connectionSettings.getSocketLayerConnectionSettings(), z2);
            try {
                EraServerConnectionState waitForStateChange = createEraServerConnection.waitForStateChange(EraServerConnectionState.CONNECTING, ConnectionSettings.defaultEraServerConnectionSettings().getConnectingTimeout());
                if (waitForStateChange != EraServerConnectionState.CONNECTED && waitForStateChange != EraServerConnectionState.INITIALIZED) {
                    consumer.accept("Change unauthenticated native user password failed. Reason: Connection failed '" + waitForStateChange + "'");
                    throw new EraServerConnectionError(EraServerConnectionError.Reason.CONNECTION_FAILED_WITH_STATE, waitForStateChange);
                }
                try {
                    try {
                        try {
                            this.authorizationModule.changeUnauthenticatedNativeUserPassword(createEraServerConnection, str, str2, str3, str4, z, str5, str6);
                            create.info("change_unauthenticated_native_user_password_completed", createFromReq.toString(), str);
                            closeConnectionNoThrow(createEraServerConnection);
                        } catch (SynchronousCallTimeout e) {
                            consumer.accept("Change unauthenticated native user password failed. Reason: Request timeout: '" + e.getMessage() + "'");
                            throw new EraServerConnectionError(EraServerConnectionError.Reason.TIMEOUT);
                        }
                    } catch (CertificateProblemException e2) {
                        consumer.accept("Change unauthenticated native user password failed. Reason: Certificate error: '" + e2.getMessage() + "'");
                        throw new EraServerConnectionError(EraServerConnectionError.Reason.CERTIFICATE_ERROR);
                    } catch (IOException e3) {
                        consumer.accept("Change unauthenticated native user password failed. Reason: Communication error: '" + e3.getMessage() + "'");
                        throw new EraServerConnectionError(EraServerConnectionError.Reason.COMMUNICATION_ERROR);
                    }
                } catch (LoginFailedException e4) {
                    consumer.accept("Change unauthenticated native user password failed. Reason: name/password pair not authorized.");
                    this.authorizationAttackDetector.onLoginVerificationFailure(createFromReq.getRemoteAddress());
                    throw e4;
                } catch (LoginRequired2FAException e5) {
                    consumer.accept("Change unauthenticated native user password failed. Reason: 2FA requested.");
                    this.authorizationAttackDetector.onLoginVerificationFailure(createFromReq.getRemoteAddress());
                    throw e5;
                }
            } catch (Throwable th) {
                closeConnectionNoThrow(createEraServerConnection);
                throw th;
            }
        } catch (IOException e6) {
            consumer.accept("Change unauthenticated native user password failed. Reason: Unable to open connection: '" + e6.getMessage() + "'");
            throw new EraServerConnectionError(EraServerConnectionError.Reason.CANNOT_OPEN_CONNECTION);
        }
    }

    private EraServerConnection createEraServerConnection(Logger logger, Runnable runnable, Consumer<Boolean> consumer) {
        return new EraServerConnection(logger, this.scheduled, this.backgroundExecutor, new ProtocolStackBuilderImpl(this.connectionSettings.getSSLLayerSettings(), logger), ConnectionSettings.defaultEraServerConnectionSettings(), runnable, consumer);
    }

    private void checkAddressBlocking(AuthorizationAttackDetector.ClientRequestProperties clientRequestProperties, Logger logger, String str, String str2) throws AddressBlockedException {
        if (this.authorizationAttackDetector.isBlockedLogin(clientRequestProperties)) {
            logger.warn(str, clientRequestProperties.toString(), 1);
            logger.trace(str2, new Object[0]);
            if (!this.authorizationAttackDetector.isBlocked(clientRequestProperties)) {
                throw new AddressBlockedException(AddressBlockedException.BlockType.LOGIN);
            }
            throw new AddressBlockedException(AddressBlockedException.BlockType.SESSION_ID);
        }
    }

    private void checkAddressBlocking(HttpServletRequest httpServletRequest) throws AddressBlockedException {
        if (this.authorizationAttackDetector.isBlocked(AuthorizationAttackDetector.ClientRequestProperties.createFromReq(httpServletRequest))) {
            throw new AddressBlockedException(AddressBlockedException.BlockType.SESSION_ID);
        }
    }

    private void closeConnectionNoThrow(EraServerConnection eraServerConnection) {
        try {
            eraServerConnection.closeConnection(null);
        } catch (IOException e) {
        }
    }

    private void registerRpcProcessors(EraServerConnection eraServerConnection, Session session) {
        session.getClass();
        Supplier supplier = session::getData;
        eraServerConnection.registerRpcRequestHandler(new NotifyUserChangedRequestHandler(supplier));
        eraServerConnection.registerRpcRequestHandler(new NotifyUpdateFinishedRequestHandler(supplier));
        eraServerConnection.registerRpcRequestHandler(new NotifyReportGenerationRateChangedRequestHandler(supplier));
    }

    public void newWindowOpened(Session session) {
        this.serverSideSessionDataManager.newWindowOpened(session);
    }

    public void closeSession(Session session) {
        this.serverSideSessionDataManager.closeSession(session);
    }

    public SessionStateInfo closeSessionIfExpired(Session session) {
        return this.serverSideSessionDataManager.closeSessionIfExpired(session);
    }

    public void closeAllSessions() {
        this.authorizationAttackDetector.stopCleanupTimer();
        this.serverSideSessionDataManager.closeAllSessions();
    }

    public SessionStateInfo authGetRemainingSessionTimeout(Session session) {
        return this.serverSideSessionDataManager.getRemainingSessionTimeoutAndSessionState(session);
    }

    public SessionStateInfo resetSessionTimeout(Session session) {
        return this.serverSideSessionDataManager.resetSessionTimeout(session);
    }

    public void onWindowClosed(Session session) {
        this.serverSideSessionDataManager.onWindowClosed(session);
    }

    public void onSessionVerificationFailure(String str, AuthorizationAttackDetector.ClientRequestProperties clientRequestProperties, AuthorizationAttackDetector.FailureReason failureReason) {
        this.authorizationAttackDetector.onSessionVerificationFailure(str, clientRequestProperties, failureReason);
    }

    public boolean isBlocked(AuthorizationAttackDetector.ClientRequestProperties clientRequestProperties) {
        return this.authorizationAttackDetector.isBlocked(clientRequestProperties);
    }

    public String createIntuneLoginID(ServerSideSessionData serverSideSessionData) {
        return this.serverSideSessionDataManager.createIntuneLoginID(serverSideSessionData);
    }
}
