package sk.eset.era.g2webconsole.server.modules.authorization;

import com.google.gwt.user.server.Base64Utils;
import java.io.IOException;
import java.security.DigestException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sk.eset.era.commons.common.Version;
import sk.eset.era.commons.common.constants.SessionManagementConstants;
import sk.eset.era.commons.common.model.exceptions.SessionCreationFailedException;
import sk.eset.era.commons.common.model.exceptions.SessionNotValidException;
import sk.eset.era.commons.common.model.objects.SessionStateInfo;
import sk.eset.era.commons.server.model.objects.UuidProtobuf;
import sk.eset.era.g2webconsole.common.model.exceptions.EraRequestHandlingException;
import sk.eset.era.g2webconsole.server.modules.ModuleFactory;
import sk.eset.era.g2webconsole.server.modules.ServerModuleHelper;
import sk.eset.era.g2webconsole.server.modules.SessionFactory;
import sk.eset.era.g2webconsole.server.modules.authorization.AuthorizationAttackDetector;
import sk.eset.era.g2webconsole.server.modules.connection.EraServerConnection;
import sk.eset.era.g2webconsole.server.modules.connection.EraServerConnectionWithDemo;
import sk.eset.era.g2webconsole.server.modules.connection.exceptions.MessageParsingErrorException;
import sk.eset.era.g2webconsole.server.modules.connection.exceptions.SynchronousCallTimeout;
import sk.eset.era.g2webconsole.server.modules.connection.rpc.RpcException;
import sk.eset.era.g2webconsole.server.modules.connection.rpc.sessionmanagement.KeepaliveRequest;
import sk.eset.era.g2webconsole.server.modules.localize.Locale;
import sk.eset.era.g2webconsole.server.modules.logger.IsLogItem;
import sk.eset.era.g2webconsole.server.modules.monitor.MonitorThreadLocal;
import sk.eset.era.g2webconsole.server.modules.monitor.RequestInfo;
import sk.eset.era.g2webconsole.server.modules.reports.ReportsTracingThreadLocal;

/* loaded from: input_file:WEB-INF/lib/commons-0.0.1-SNAPSHOT.jar:sk/eset/era/g2webconsole/server/modules/authorization/ServerSideSessionDataManager.class */
public class ServerSideSessionDataManager {
    private static final int SESSION_ID_LENGTH = 16;
    private static final int SESSION_ID_ENCODED_LENGTH_BASE64 = 24;
    private static final int SESSION_ID_ENCODED_LENGTH_HEXA = 32;
    public static final int SESSION_ID_ENCODED_LENGTH = 32;
    private final Map<String, Session> activeSessions;
    private final Map<String, String> activeSessionsByIntegrationId;
    private final Timer timeoutTimer;
    private final ModuleFactory moduleFactory;
    private final SessionFactory sessionFactory;
    static final /* synthetic */ boolean $assertionsDisabled;
    private final ReentrantReadWriteLock sessionsList = new ReentrantReadWriteLock(true);
    private AuthorizationAttackDetector authorizationAttackDetector = null;
    private final SecureRandom randomGenerator = new SecureRandom();

    /* loaded from: input_file:WEB-INF/lib/commons-0.0.1-SNAPSHOT.jar:sk/eset/era/g2webconsole/server/modules/authorization/ServerSideSessionDataManager$EcaSessionImpl.class */
    static class EcaSessionImpl extends SessionImpl {
        private final AtomicBoolean validOnIds;
        private final AtomicBoolean isValidating;

        EcaSessionImpl(ServerSideSessionData serverSideSessionData, ModuleFactory moduleFactory, Timer timer, Runnable runnable, boolean z) {
            super(serverSideSessionData, moduleFactory, timer, runnable, z);
            this.validOnIds = new AtomicBoolean(true);
            this.isValidating = new AtomicBoolean(false);
            moduleFactory.getIdentityServer().onSessionCreated(serverSideSessionData);
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.SessionImpl, sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void close() {
            this.moduleFactory.getIdentityServer().onSessionClosed(this.data);
            super.close();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.SessionImpl, sk.eset.era.g2webconsole.server.modules.authorization.Session
        public SessionStateInfo resetSessionTimeout() {
            if (!this.validOnIds.get()) {
                return getExpiredSessionState();
            }
            SessionStateInfo resetSessionTimeout = super.resetSessionTimeout();
            synchronized (this) {
                this.moduleFactory.getIdentityServer().keepAlive(this.data, () -> {
                    this.validOnIds.set(false);
                });
            }
            return resetSessionTimeout;
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.SessionImpl, sk.eset.era.g2webconsole.server.modules.authorization.Session
        public SessionStateInfo readRemainingSessionTimeoutAndSessionState() {
            if (!this.validOnIds.get()) {
                return getExpiredSessionState();
            }
            if (this.isValidating.get()) {
                return super.readRemainingSessionTimeoutAndSessionState();
            }
            try {
                this.isValidating.set(true);
                if (this.moduleFactory.getIdentityServer().isSessionValid(this.data)) {
                    return super.readRemainingSessionTimeoutAndSessionState();
                }
                this.validOnIds.set(false);
                return getExpiredSessionState();
            } finally {
                this.isValidating.set(false);
            }
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.SessionImpl, sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void updateMonitoring(RequestInfo requestInfo) {
            requestInfo.setUser(this.data.getEcaInstanceId(), this.data.getUserSessionData().clientUserSessionData.getUserLogName());
        }
    }

    /* loaded from: input_file:WEB-INF/lib/commons-0.0.1-SNAPSHOT.jar:sk/eset/era/g2webconsole/server/modules/authorization/ServerSideSessionDataManager$SessionIdEncoding.class */
    public enum SessionIdEncoding {
        BASE64,
        HEXA
    }

    /* loaded from: input_file:WEB-INF/lib/commons-0.0.1-SNAPSHOT.jar:sk/eset/era/g2webconsole/server/modules/authorization/ServerSideSessionDataManager$SessionImpl.class */
    private static class SessionImpl implements Session {
        protected final ServerSideSessionData data;
        protected final ModuleFactory moduleFactory;
        private final Timer timeoutTimer;
        private final Runnable removeFromSessionsList;
        private final boolean isAllowedIpChange;
        static final /* synthetic */ boolean $assertionsDisabled;

        private SessionImpl(ServerSideSessionData serverSideSessionData, ModuleFactory moduleFactory, Timer timer, Runnable runnable, boolean z) {
            this.data = serverSideSessionData;
            this.moduleFactory = moduleFactory;
            this.timeoutTimer = timer;
            this.removeFromSessionsList = runnable;
            this.isAllowedIpChange = z;
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void init() {
            scheduleTimeoutTimer(false);
            this.data.setKeepaliveTimerTask(scheduleKeepaliveTimer(this.data.getSessionManagementConstants().getSessionTimeoutServerSynchronizationPeriod()));
            this.data.setDataMiner(new ServerSideDataMiner(this.moduleFactory, this.data));
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public AuthorizationAttackDetector.FailureReason isInvalid(String str, HttpServletRequest httpServletRequest, AuthorizationAttackDetector.RemoteAddress remoteAddress) {
            if (this.data == null) {
                return AuthorizationAttackDetector.FailureReason.INVALID_ID;
            }
            if (!this.isAllowedIpChange) {
                if (remoteAddress == null) {
                    if (this.data.getRemoteAddress() != null) {
                        return AuthorizationAttackDetector.FailureReason.WRONG_ADDRESS;
                    }
                } else if (!remoteAddress.equals(this.data.getRemoteAddress())) {
                    return AuthorizationAttackDetector.FailureReason.WRONG_ADDRESS;
                }
            }
            if (!this.data.getUseCookies()) {
                afterValidation();
                return null;
            }
            Cookie[] cookies = httpServletRequest.getCookies();
            String cookieValue = EraCookie.getCookieValue(SessionManagementConstants.SESSION_ID_COOKIE_NAME, cookies);
            String cookieValue2 = EraCookie.getCookieValue(SessionManagementConstants.SESSION_ID_HTTP_ONLY_COOKIE_NAME, cookies);
            if (cookieValue == null || cookieValue2 == null) {
                return AuthorizationAttackDetector.FailureReason.NO_COOKIE_FOR_SESSION_ID;
            }
            if (!str.equals(cookieValue)) {
                return AuthorizationAttackDetector.FailureReason.OTHER;
            }
            if (!this.data.getSessionIDHttpOnly().equals(cookieValue2)) {
                return AuthorizationAttackDetector.FailureReason.INVALID_ID;
            }
            this.data.getModuleFactory().getRpcCallsModule().setLogPath(EraCookie.getCookieValue(SessionManagementConstants.RPC_CALLS_LOG_COOKIE_NAME, cookies));
            this.data.getModuleFactory().getRpcCallsModule().setSimulatedFailingRequests(EraCookie.getCookieValue(SessionManagementConstants.SIMULATED_FAILING_REQUESTS_COOKIE_NAME, cookies));
            this.data.getModuleFactory().getRpcCallsModule().setPendingSimulationEnabled(Boolean.parseBoolean(EraCookie.getCookieValue(SessionManagementConstants.ENABLE_PENDING_SIMULATION_COOKIE_NAME, cookies)));
            afterValidation();
            return null;
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public ServerSideSessionData getData() {
            return this.data;
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public String getLocale() {
            return this.data.getUserSessionData().clientUserSessionData.getLocale();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public String getOpenID_sub() {
            return this.data.getOpenID_sub();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void setOpenID_id_token(String str) {
            this.data.setOpenID_id_token(str);
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void close() {
            this.removeFromSessionsList.run();
            this.moduleFactory.getUserActivityLoggingManager().onSessionClosed(this.data.getSessionID());
            this.data.cancelTasks();
            closeConnection();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public SessionStateInfo closeIfExpired() {
            SessionStateInfo readRemainingSessionTimeoutAndSessionState = readRemainingSessionTimeoutAndSessionState();
            if (readRemainingSessionTimeoutAndSessionState.getRemainingSessionTimeout() > this.data.getSessionManagementConstants().getSessionTimeoutEnding()) {
                return readRemainingSessionTimeoutAndSessionState;
            }
            this.moduleFactory.log(IsLogItem.Type.INFO, "session_expired");
            close();
            return readRemainingSessionTimeoutAndSessionState;
        }

        private void scheduleNewTimeout(boolean z) {
            scheduleTimeoutTimer(z);
            this.timeoutTimer.purge();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public synchronized SessionStateInfo resetSessionTimeout() {
            scheduleNewTimeout(false);
            return getSessionState();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public SessionStateInfo readRemainingSessionTimeoutAndSessionState() {
            return getSessionState();
        }

        private SessionStateInfo getSessionState() {
            return createSessionStateInfo(getRemainingSessionTimeout(), false);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public SessionStateInfo getExpiredSessionState() {
            return createSessionStateInfo(0L, true);
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public synchronized void newWindowOpened() {
            scheduleNewTimeout(false);
            this.data.increaseNumOpenedWindows();
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public synchronized void onWindowClosed() {
            if (this.data.decreaseNumOpenedWindows() <= 0) {
                this.moduleFactory.log(IsLogItem.Type.INFO, this.data.getUserSessionData().clientUserSessionData.getUserLogName(), "session_closed_by_window", this.data.getRemoteAddress(), this.data.getRemoteUser());
                scheduleNewTimeout(true);
            }
        }

        @Override // sk.eset.era.g2webconsole.server.modules.authorization.Session
        public void updateMonitoring(RequestInfo requestInfo) {
        }

        private synchronized void afterValidation() {
            if (this.data.getSessionManagementConstants().getAutologoutEnabled()) {
                return;
            }
            scheduleNewTimeout(false);
        }

        private void scheduleTimeoutTimer(boolean z) {
            long sessionTimeoutAfterClose = z ? this.data.getSessionManagementConstants().getSessionTimeoutAfterClose() : this.data.getSessionManagementConstants().getAutologoutEnabled() ? this.data.getSessionManagementConstants().getSessionTimeout() + this.data.getSessionManagementConstants().getSessionTimeoutWebServerOffset() : this.data.getSessionManagementConstants().getSessionTimeoutNoAutologout();
            TimerTaskReadable timerTaskReadable = new TimerTaskReadable(sessionTimeoutAfterClose) { // from class: sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.SessionImpl.1
                @Override // java.util.TimerTask, java.lang.Runnable
                public void run() {
                    try {
                        SessionImpl.this.moduleFactory.log(IsLogItem.Type.INFO, "session_expired");
                        SessionImpl.this.close();
                    } catch (Exception e) {
                        SessionImpl.this.moduleFactory.log(IsLogItem.Type.TRACE, "Timer task failed: " + e.getMessage());
                    }
                }
            };
            this.data.setTimeoutTimerTask(timerTaskReadable);
            this.timeoutTimer.schedule(timerTaskReadable, sessionTimeoutAfterClose);
        }

        private TimerTask scheduleKeepaliveTimer(long j) {
            TimerTask timerTask = new TimerTask() { // from class: sk.eset.era.g2webconsole.server.modules.authorization.ServerSideSessionDataManager.SessionImpl.2
                @Override // java.util.TimerTask, java.lang.Runnable
                public void run() {
                    try {
                        SessionImpl.this.sendKeepalive();
                    } catch (Exception e) {
                        SessionImpl.this.moduleFactory.log(IsLogItem.Type.TRACE, "KeepAlive timer failed: " + e.getMessage());
                    }
                }
            };
            this.timeoutTimer.schedule(timerTask, j, j);
            return timerTask;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void sendKeepalive() {
            KeepaliveRequest keepaliveRequest = new KeepaliveRequest();
            try {
                this.data.prepareRequest(keepaliveRequest);
                keepaliveRequest.sendTo();
            } catch (IOException e) {
                this.moduleFactory.log(IsLogItem.Type.TRACE, this.data.getRemoteUser(), "Keepalive request failed. Reason: '" + e.getMessage() + "'", new Object[0]);
            }
        }

        private void closeConnection() {
            try {
                if (this.data.getEraServerConnection() == null) {
                    return;
                }
                this.data.getEraServerConnection().closeConnection(null);
                this.moduleFactory.log(IsLogItem.Type.INFO, "connection_closed");
            } catch (IOException e) {
                String localizedMessageOrUnknownForLogging = ServerModuleHelper.getLocalizedMessageOrUnknownForLogging(e, this.data.getModuleFactory().getLocalizationModule());
                this.moduleFactory.log(IsLogItem.Type.WARN, this.data.getUserSessionData().clientUserSessionData.getUserLogName(), "connection_close_failed", this.data.getRemoteAddress(), this.data.getRemoteUser(), localizedMessageOrUnknownForLogging);
                this.moduleFactory.log(IsLogItem.Type.TRACE, this.data.getUserSessionData().clientUserSessionData.getUserLogName(), "Failed to close connection. Reason: " + localizedMessageOrUnknownForLogging, new Object[0]);
                if (!$assertionsDisabled) {
                    throw new AssertionError();
                }
            }
        }

        long getRemainingSessionTimeout() {
            return Math.max(this.data.getTimeoutTimerTask().getRemainingTime() - this.data.getSessionManagementConstants().getSessionTimeoutWebServerOffset(), 0L);
        }

        SessionStateInfo createSessionStateInfo(long j, boolean z) {
            return new SessionStateInfo(j, this.data.getModuleFactory().getSecurityModule().getUserAccessRightsSequenceNumber(), this.data.getUserSessionData().clientUserSessionData.getEraServerModulesUpdateGuard(), this.data.getUserSessionData().clientUserSessionData.getReportGenRate(), z, this.data.getGroupTreeCache().getNewCompaniesCount() + "", this.data.getEfdeLicenseComposite(), this.data.getEdtdLicenseComposite(), this.data.getEiAgentLicenseComposite(), this.data.getHasMspLicense(), this.data.getEILink());
        }

        static {
            $assertionsDisabled = !ServerSideSessionDataManager.class.desiredAssertionStatus();
        }
    }

    public ServerSideSessionDataManager(SessionFactory sessionFactory, ModuleFactory moduleFactory) {
        this.randomGenerator.nextBytes(new byte[1]);
        this.activeSessions = new HashMap();
        this.activeSessionsByIntegrationId = new HashMap();
        this.timeoutTimer = moduleFactory.createTimer("Session timeout timer");
        this.sessionFactory = sessionFactory;
        this.moduleFactory = moduleFactory;
    }

    public static String generateSessionID(ModuleFactory moduleFactory, SecureRandom secureRandom, String str, SessionIdEncoding sessionIdEncoding) throws SessionCreationFailedException {
        byte[] bArr = new byte[16];
        secureRandom.nextBytes(bArr);
        byte[] bArr2 = new byte[16];
        new SecureRandom().nextBytes(bArr2);
        for (int i = 0; i < 16; i++) {
            int i2 = i;
            bArr[i2] = (byte) (bArr[i2] ^ bArr2[(16 - i) - 1]);
        }
        if (str != null) {
            byte[] bArr3 = new byte[16];
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                messageDigest.update(str.getBytes());
                messageDigest.digest(bArr3, 0, 16);
                for (int i3 = 0; i3 < 16; i3++) {
                    int i4 = i3;
                    bArr[i4] = (byte) (bArr[i4] ^ bArr3[i3]);
                }
            } catch (DigestException | NoSuchAlgorithmException e) {
                moduleFactory.log(IsLogItem.Type.TRACE, str, "Cannot create instance of MD5 digest. '" + e.getMessage() + "'", new Object[0]);
                throw new SessionCreationFailedException();
            }
        }
        try {
            byte[] bArr4 = new byte[16];
            MessageDigest messageDigest2 = MessageDigest.getInstance("MD5");
            int hashCode = new Object().hashCode();
            messageDigest2.update(new byte[]{(byte) ((hashCode >>> 0) & 255), (byte) ((hashCode >>> 8) & 255), (byte) ((hashCode >>> 16) & 255), (byte) ((hashCode >>> 24) & 255)});
            messageDigest2.digest(bArr4, 0, 16);
            for (int i5 = 0; i5 < 16; i5++) {
                int i6 = i5;
                bArr[i6] = (byte) (bArr[i6] ^ bArr4[i5]);
            }
            byte[] bArr5 = new byte[16];
            try {
                MessageDigest messageDigest3 = MessageDigest.getInstance("MD5");
                messageDigest3.update(bArr);
                messageDigest3.digest(bArr5, 0, 16);
                switch (sessionIdEncoding) {
                    case BASE64:
                        return Base64Utils.toBase64(bArr5).replace('=', '-').replace('$', '.');
                    case HEXA:
                        char[] charArray = "0123456789ABCDEF".toCharArray();
                        char[] cArr = new char[bArr5.length * 2];
                        for (int i7 = 0; i7 < bArr5.length; i7++) {
                            cArr[i7 * 2] = charArray[(bArr5[i7] >>> 4) & 15];
                            cArr[(i7 * 2) + 1] = charArray[bArr5[i7] & 15];
                        }
                        return new String(cArr);
                    default:
                        if ($assertionsDisabled) {
                            return Base64Utils.toBase64(bArr5);
                        }
                        throw new AssertionError();
                }
            } catch (DigestException | NoSuchAlgorithmException e2) {
                moduleFactory.log(IsLogItem.Type.TRACE, str, "Cannot create instance of MD5 digest. '" + e2.getMessage() + "'", new Object[0]);
                throw new SessionCreationFailedException();
            }
        } catch (DigestException | NoSuchAlgorithmException e3) {
            moduleFactory.log(IsLogItem.Type.TRACE, str, "Cannot create instance of MD5 digest. '" + e3.getMessage() + "'", new Object[0]);
            throw new SessionCreationFailedException();
        }
    }

    private String generateUniqueSessionID(String str) throws SessionCreationFailedException {
        for (int i = 0; i < 10; i++) {
            String generateSessionID = generateSessionID(this.moduleFactory, this.randomGenerator, str, SessionIdEncoding.BASE64);
            if (!this.activeSessions.containsKey(generateSessionID)) {
                return generateSessionID;
            }
        }
        this.moduleFactory.log(IsLogItem.Type.TRACE, str, "Could not generate unique session ID (after 10 tries).", new Object[0]);
        throw new SessionCreationFailedException();
    }

    private String generateUniqueIntegrationId(String str) throws SessionCreationFailedException {
        for (int i = 0; i < 10; i++) {
            String generateSessionID = generateSessionID(this.moduleFactory, this.randomGenerator, str, SessionIdEncoding.HEXA);
            if (!this.activeSessionsByIntegrationId.containsKey(generateSessionID)) {
                return generateSessionID;
            }
        }
        this.moduleFactory.log(IsLogItem.Type.TRACE, str, "Could not generate unique config files ID (after 10 tries).", new Object[0]);
        throw new SessionCreationFailedException();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Session getSession(String str, HttpServletRequest httpServletRequest) throws SessionNotValidException {
        String header = httpServletRequest.getHeader("Origin-Hash");
        if (ReportsTracingThreadLocal.getTracingContext() != null) {
            ReportsTracingThreadLocal.getTracingContext().setRequestClientPath(header);
        }
        return updateMonitoring(getValidSession(str, httpServletRequest), header);
    }

    Session updateMonitoring(Session session, String str) {
        if (session != null && MonitorThreadLocal.getRequestInfo() != null) {
            session.updateMonitoring(MonitorThreadLocal.getRequestInfo());
            MonitorThreadLocal.getRequestInfo().setRequestClientPath(str);
        }
        return session;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerSideSessionData validateSessionByIntegrationId(String str, HttpServletRequest httpServletRequest) throws SessionNotValidException {
        this.sessionsList.readLock().lock();
        try {
            String str2 = this.activeSessionsByIntegrationId.get(str);
            this.sessionsList.readLock().unlock();
            if (str2 != null) {
                return getValidSession(str2, httpServletRequest).getData();
            }
            this.authorizationAttackDetector.onSessionVerificationFailure(str, this.authorizationAttackDetector.getRemoteAddress(httpServletRequest), AuthorizationAttackDetector.FailureReason.INVALID_ID);
            throw new SessionNotValidException();
        } catch (Throwable th) {
            this.sessionsList.readLock().unlock();
            throw th;
        }
    }

    private Session getValidSession(String str, HttpServletRequest httpServletRequest) throws SessionNotValidException {
        if (str == null) {
            this.moduleFactory.log(IsLogItem.Type.TRACE, "Error get Session data : SessionId empty");
            return invalidSession();
        }
        AuthorizationAttackDetector.RemoteAddress remoteAddress = this.authorizationAttackDetector.getRemoteAddress(httpServletRequest);
        this.sessionsList.readLock().lock();
        try {
            Session session = this.activeSessions.get(str);
            AuthorizationAttackDetector.FailureReason isInvalid = session == null ? AuthorizationAttackDetector.FailureReason.INVALID_ID : session.isInvalid(str, httpServletRequest, remoteAddress);
            if (isInvalid == null) {
                return session;
            }
            this.authorizationAttackDetector.onSessionVerificationFailure(str, remoteAddress, isInvalid);
            return invalidSession();
        } finally {
            this.sessionsList.readLock().unlock();
        }
    }

    private static Session invalidSession() throws SessionNotValidException {
        throw new SessionNotValidException();
    }

    private void setResponseSessionIdHttpOnlyCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        boolean isSecure = httpServletRequest.isSecure();
        this.moduleFactory.log(IsLogItem.Type.TRACE, str2, "Setting HTTP Only session cookie, secure=" + isSecure, new Object[0]);
        httpServletResponse.addHeader("Set-Cookie", String.format("%s=%s; SameSite=Strict; HttpOnly" + (isSecure ? "; Secure" : ""), SessionManagementConstants.SESSION_ID_HTTP_ONLY_COOKIE_NAME, str));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Session createSession(boolean z, EraServerConnection eraServerConnection, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UuidProtobuf.Uuid uuid, String str, String str2, boolean z2, String str3) throws SessionCreationFailedException, EraRequestHandlingException, SynchronousCallTimeout, IOException, RpcException, MessageParsingErrorException {
        SessionImpl sessionImpl;
        AuthorizationAttackDetector.RemoteAddress remoteAddress = this.authorizationAttackDetector.getRemoteAddress(httpServletRequest);
        this.sessionsList.writeLock().lock();
        try {
            ServerSideSessionData createSessionData = createSessionData(httpServletRequest, eraServerConnection, z, str2, uuid, str, z2, remoteAddress);
            if (Version.IS_CLOUD) {
                createSessionData.setUser_session_id(str3);
                sessionImpl = new EcaSessionImpl(createSessionData, this.moduleFactory, this.timeoutTimer, () -> {
                    removeFromSessionsList(createSessionData);
                }, this.authorizationAttackDetector.isAllowedIpChange());
            } else {
                sessionImpl = new SessionImpl(createSessionData, this.moduleFactory, this.timeoutTimer, () -> {
                    removeFromSessionsList(createSessionData);
                }, this.authorizationAttackDetector.isAllowedIpChange());
            }
            sessionImpl.init();
            this.activeSessions.put(createSessionData.getSessionID(), sessionImpl);
            this.activeSessionsByIntegrationId.put(createSessionData.getUserSessionData().clientUserSessionData.getIntegrationId(), createSessionData.getSessionID());
            this.authorizationAttackDetector.onSessionCreated(createSessionData.getSessionID(), remoteAddress);
            this.sessionsList.writeLock().unlock();
            if (z) {
                setResponseSessionIdHttpOnlyCookie(httpServletRequest, httpServletResponse, createSessionData.getSessionIDHttpOnly(), str2);
            }
            return sessionImpl;
        } catch (Throwable th) {
            this.sessionsList.writeLock().unlock();
            throw th;
        }
    }

    private ServerSideSessionData createSessionData(HttpServletRequest httpServletRequest, EraServerConnection eraServerConnection, boolean z, String str, UuidProtobuf.Uuid uuid, String str2, boolean z2, AuthorizationAttackDetector.RemoteAddress remoteAddress) throws SessionCreationFailedException, EraRequestHandlingException, IOException, RpcException, MessageParsingErrorException {
        String generateUniqueSessionID = generateUniqueSessionID(remoteAddress.getRemoteAddress());
        waitForNewGeneratorSeed();
        String str3 = null;
        if (z) {
            str3 = generateUniqueSessionID(remoteAddress.getRemoteAddress());
        }
        waitForNewGeneratorSeed();
        String generateUniqueIntegrationId = generateUniqueIntegrationId(remoteAddress.getRemoteAddress());
        if (str2 == null) {
            str2 = "";
        }
        if (str2.length() == 0) {
            str2 = Locale.DEFAULT_LOCALE;
            this.moduleFactory.log(IsLogItem.Type.INFO, str, "session_creation_no_locale", new Object[0]);
            this.moduleFactory.log(IsLogItem.Type.TRACE, str, "No locale for the logged in user. Using default '" + str2 + "'.", new Object[0]);
        } else {
            this.moduleFactory.log(IsLogItem.Type.INFO, str, "session_creation_locale", str2);
            this.moduleFactory.log(IsLogItem.Type.TRACE, str, "Locale set to '" + str2 + "'.", new Object[0]);
        }
        ServerSideSessionData serverSideSessionData = new ServerSideSessionData(generateUniqueSessionID, str3, str, this.sessionFactory.createSessionModuleFactory(str2), generateUniqueIntegrationId, eraServerConnection);
        serverSideSessionData.getUserSessionData().clientUserSessionData.setLocale(str2);
        serverSideSessionData.setUseCookies(z);
        serverSideSessionData.setRemoteAddress(remoteAddress.getRemoteAddress());
        serverSideSessionData.setRemotePort(httpServletRequest.getRemotePort());
        serverSideSessionData.setRemoteUser(httpServletRequest.getRemoteUser());
        if (z2) {
            serverSideSessionData.increaseNumOpenedWindows();
        }
        serverSideSessionData.setUserUuid(uuid);
        serverSideSessionData.readUserSessionData(str);
        if (Version.IS_DEMO && (eraServerConnection instanceof EraServerConnectionWithDemo)) {
            serverSideSessionData.getUserSessionData().clientUserSessionData.setDemoTimeOffset(((EraServerConnectionWithDemo) eraServerConnection).getTimeOffset(str2));
        }
        return serverSideSessionData;
    }

    private void waitForNewGeneratorSeed() {
        try {
            Thread.sleep(10L);
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SessionStateInfo closeSessionIfExpired(Session session) {
        return session.closeIfExpired();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void closeSession(String str) throws SessionNotValidException {
        this.sessionsList.readLock().lock();
        try {
            Session session = this.activeSessions.get(str);
            if (session == null) {
                throw new SessionNotValidException();
            }
            session.close();
        } finally {
            this.sessionsList.readLock().unlock();
        }
    }

    private void removeFromSessionsList(ServerSideSessionData serverSideSessionData) {
        this.sessionsList.writeLock().lock();
        try {
            this.moduleFactory.log(IsLogItem.Type.INFO, serverSideSessionData.getUserSessionData().clientUserSessionData.getUserLogName(), "session_closed", serverSideSessionData.getRemoteAddress(), serverSideSessionData.getRemoteUser());
            this.activeSessions.remove(serverSideSessionData.getSessionID());
            this.activeSessionsByIntegrationId.remove(serverSideSessionData.getUserSessionData().clientUserSessionData.getIntegrationId());
            this.authorizationAttackDetector.onSessionClosed(serverSideSessionData.getSessionID());
        } finally {
            this.sessionsList.writeLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void closeSession(Session session) {
        session.close();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void closeAllSessions() {
        this.sessionsList.writeLock().lock();
        try {
            this.moduleFactory.log(IsLogItem.Type.INFO, "", "session_close_all", Integer.valueOf(this.activeSessions.size()));
            this.timeoutTimer.cancel();
            ArrayList arrayList = new ArrayList(this.activeSessions.values());
            this.activeSessions.clear();
            this.activeSessionsByIntegrationId.clear();
            arrayList.forEach((v0) -> {
                v0.close();
            });
            this.moduleFactory.getIdentityServer().close();
        } finally {
            this.sessionsList.writeLock().unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SessionStateInfo getRemainingSessionTimeoutAndSessionState(Session session) {
        return session.readRemainingSessionTimeoutAndSessionState();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SessionStateInfo resetSessionTimeout(Session session) {
        return session.resetSessionTimeout();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void newWindowOpened(Session session) {
        session.newWindowOpened();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setActiveSessionsListener(AuthorizationAttackDetector authorizationAttackDetector) {
        this.authorizationAttackDetector = authorizationAttackDetector;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void onWindowClosed(Session session) {
        session.onWindowClosed();
    }

    static {
        $assertionsDisabled = !ServerSideSessionDataManager.class.desiredAssertionStatus();
    }
}
