package org.keycloak.adapters.saml;

import java.io.IOException;
import java.security.Principal;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpSession;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
import org.apache.catalina.realm.GenericPrincipal;
import org.jboss.logging.Logger;
import org.keycloak.adapters.saml.SamlSessionStore;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.adapters.spi.SessionIdMapperUpdater;
import org.keycloak.adapters.tomcat.CatalinaUserSessionManagement;
import org.keycloak.adapters.tomcat.PrincipalFactory;
import org.keycloak.common.util.KeycloakUriBuilder;

/* loaded from: input_file:org/keycloak/adapters/saml/CatalinaSamlSessionStore.class */
public class CatalinaSamlSessionStore implements SamlSessionStore {
    protected static Logger log = Logger.getLogger(SamlSessionStore.class);
    public static final String SAML_REDIRECT_URI = "SAML_REDIRECT_URI";
    private final CatalinaUserSessionManagement sessionManagement;
    protected final PrincipalFactory principalFactory;
    private final SessionIdMapper idMapper;
    private final SessionIdMapperUpdater idMapperUpdater;
    protected final Request request;
    protected final AbstractSamlAuthenticatorValve valve;
    protected final HttpFacade facade;
    protected final SamlDeployment deployment;

    public CatalinaSamlSessionStore(CatalinaUserSessionManagement catalinaUserSessionManagement, PrincipalFactory principalFactory, SessionIdMapper sessionIdMapper, SessionIdMapperUpdater sessionIdMapperUpdater, Request request, AbstractSamlAuthenticatorValve abstractSamlAuthenticatorValve, HttpFacade httpFacade, SamlDeployment samlDeployment) {
        this.sessionManagement = catalinaUserSessionManagement;
        this.principalFactory = principalFactory;
        this.idMapper = sessionIdMapper;
        this.idMapperUpdater = sessionIdMapperUpdater;
        this.request = request;
        this.valve = abstractSamlAuthenticatorValve;
        this.facade = httpFacade;
        this.deployment = samlDeployment;
    }

    public void setCurrentAction(SamlSessionStore.CurrentAction currentAction) {
        if (currentAction == SamlSessionStore.CurrentAction.NONE && this.request.getSession(false) == null) {
            return;
        }
        this.request.getSession().setAttribute("SAML_CURRENT_ACTION", currentAction);
    }

    public boolean isLoggingIn() {
        HttpSession session = this.request.getSession(false);
        return session != null && ((SamlSessionStore.CurrentAction) session.getAttribute("SAML_CURRENT_ACTION")) == SamlSessionStore.CurrentAction.LOGGING_IN;
    }

    public boolean isLoggingOut() {
        HttpSession session = this.request.getSession(false);
        return session != null && ((SamlSessionStore.CurrentAction) session.getAttribute("SAML_CURRENT_ACTION")) == SamlSessionStore.CurrentAction.LOGGING_OUT;
    }

    public void logoutAccount() {
        Session sessionInternal = this.request.getSessionInternal(false);
        if (sessionInternal == null) {
            return;
        }
        HttpSession session = sessionInternal.getSession();
        LinkedList linkedList = new LinkedList();
        if (session != null) {
            SamlSession samlSession = (SamlSession) session.getAttribute(SamlSession.class.getName());
            if (samlSession != null) {
                if (samlSession.getSessionIndex() != null) {
                    linkedList.add(session.getId());
                    this.idMapperUpdater.removeSession(this.idMapper, session.getId());
                }
                session.removeAttribute(SamlSession.class.getName());
            }
            session.removeAttribute(SAML_REDIRECT_URI);
        }
        sessionInternal.setPrincipal((Principal) null);
        sessionInternal.setAuthType((String) null);
        logoutSessionIds(linkedList);
    }

    public void logoutByPrincipal(String str) {
        Set userSessions = this.idMapper.getUserSessions(str);
        if (userSessions != null) {
            LinkedList linkedList = new LinkedList();
            linkedList.addAll(userSessions);
            logoutSessionIds(linkedList);
            Iterator<String> it = linkedList.iterator();
            while (it.hasNext()) {
                this.idMapperUpdater.removeSession(this.idMapper, it.next());
            }
        }
    }

    public void logoutBySsoId(List<String> list) {
        if (list == null) {
            return;
        }
        LinkedList linkedList = new LinkedList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String sessionFromSSO = this.idMapper.getSessionFromSSO(it.next());
            if (sessionFromSSO != null) {
                linkedList.add(sessionFromSSO);
                this.idMapperUpdater.removeSession(this.idMapper, sessionFromSSO);
            }
        }
        logoutSessionIds(linkedList);
    }

    protected void logoutSessionIds(List<String> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        this.sessionManagement.logoutHttpSessions(this.request.getContext().getManager(), list);
    }

    public boolean isLoggedIn() {
        Session sessionInternal = this.request.getSessionInternal(false);
        if (sessionInternal == null) {
            log.debug("session was null, returning null");
            return false;
        }
        SamlSession validateSamlSession = SamlUtil.validateSamlSession(sessionInternal.getSession().getAttribute(SamlSession.class.getName()), this.deployment);
        if (validateSamlSession == null) {
            return false;
        }
        Principal principal = (GenericPrincipal) sessionInternal.getPrincipal();
        if (principal == null) {
            principal = this.principalFactory.createPrincipal(this.request.getContext().getRealm(), validateSamlSession.getPrincipal(), validateSamlSession.getRoles());
            sessionInternal.setPrincipal(principal);
            sessionInternal.setAuthType("KEYCLOAK-SAML");
        } else if (validateSamlSession.getPrincipal().getName().equals(principal.getName())) {
            if (!principal.getUserPrincipal().getName().equals(validateSamlSession.getPrincipal().getName())) {
                throw new RuntimeException("Unknown State");
            }
            log.debug("************principal already in");
            if (log.isDebugEnabled()) {
                for (String str : principal.getRoles()) {
                    log.debug("principal role: " + str);
                }
            }
        }
        this.request.setUserPrincipal(principal);
        this.request.setAuthType("KEYCLOAK-SAML");
        restoreRequest();
        return true;
    }

    public void saveAccount(SamlSession samlSession) {
        Session sessionInternal = this.request.getSessionInternal(true);
        sessionInternal.getSession().setAttribute(SamlSession.class.getName(), samlSession);
        Principal principal = (GenericPrincipal) sessionInternal.getPrincipal();
        if (principal == null) {
            principal = this.principalFactory.createPrincipal(this.request.getContext().getRealm(), samlSession.getPrincipal(), samlSession.getRoles());
            sessionInternal.setPrincipal(principal);
            sessionInternal.setAuthType("KEYCLOAK-SAML");
        }
        this.request.setUserPrincipal(principal);
        this.request.setAuthType("KEYCLOAK-SAML");
        this.idMapperUpdater.map(this.idMapper, samlSession.getSessionIndex(), samlSession.getPrincipal().getSamlSubject(), changeSessionId(sessionInternal));
    }

    protected String changeSessionId(Session session) {
        return session.getId();
    }

    public SamlSession getAccount() {
        return (SamlSession) getSession(true).getAttribute(SamlSession.class.getName());
    }

    public String getRedirectUri() {
        String str = (String) getSession(true).getAttribute(SAML_REDIRECT_URI);
        if (str != null) {
            return str;
        }
        String contextPath = this.request.getContextPath();
        return SamlUtil.getRedirectTo(this.facade, contextPath, KeycloakUriBuilder.fromUri(this.request.getRequestURL().toString()).replacePath(contextPath).build(new Object[0]).toString());
    }

    public void saveRequest() {
        try {
            this.valve.keycloakSaveRequest(this.request);
            getSession(true).setAttribute(SAML_REDIRECT_URI, this.facade.getRequest().getURI());
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public boolean restoreRequest() {
        getSession(true).removeAttribute(SAML_REDIRECT_URI);
        return this.valve.keycloakRestoreRequest(this.request);
    }

    protected HttpSession getSession(boolean z) {
        Session sessionInternal = this.request.getSessionInternal(z);
        if (sessionInternal == null) {
            return null;
        }
        return sessionInternal.getSession();
    }
}
