package org.eclipse.kura.internal.rest.auth;

import java.security.Principal;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.ws.rs.container.ContainerRequestContext;
import org.eclipse.kura.audit.AuditContext;
import org.eclipse.kura.util.useradmin.UserAdminHelper;

/* loaded from: input_file:org/eclipse/kura/internal/rest/auth/RestSessionHelper.class */
public class RestSessionHelper {
    private final UserAdminHelper userAdminHelper;

    public RestSessionHelper(UserAdminHelper userAdminHelper) {
        this.userAdminHelper = userAdminHelper;
    }

    public HttpSession createNewAuthenticatedSession(HttpServletRequest httpServletRequest, String str) {
        Optional<HttpSession> existingSession = getExistingSession(httpServletRequest);
        if (existingSession.isPresent()) {
            existingSession.get().invalidate();
        }
        HttpSession session = httpServletRequest.getSession(true);
        session.setAttribute(SessionAttributes.AUTORIZED_USER.getValue(), str);
        updateLastActivity(session);
        Optional credentialsHash = this.userAdminHelper.getCredentialsHash(str);
        if (credentialsHash.isPresent()) {
            session.setAttribute(SessionAttributes.CREDENTIALS_HASH.getValue(), credentialsHash.get());
        }
        getOrCreateXsrfToken(session);
        AuditContext.currentOrInternal().getProperties().put("session.id", session.getId());
        return session;
    }

    public void lockSession(HttpSession httpSession) {
        httpSession.setAttribute(SessionAttributes.LOCKED.getValue(), true);
    }

    public void unlockSession(HttpSession httpSession) {
        httpSession.setAttribute(SessionAttributes.LOCKED.getValue(), false);
    }

    public boolean isSessionLocked(HttpSession httpSession) {
        return Objects.equals(true, httpSession.getAttribute(SessionAttributes.LOCKED.getValue()));
    }

    public void updateLastActivity(HttpSession httpSession) {
        httpSession.setAttribute(SessionAttributes.LAST_ACTIVITY.getValue(), Long.valueOf(System.nanoTime()));
    }

    public Optional<Principal> getPrincipalFromSession(HttpSession httpSession) {
        Object attribute = httpSession.getAttribute(SessionAttributes.AUTORIZED_USER.getValue());
        return !(attribute instanceof String) ? Optional.empty() : Optional.of(principalForIdentity((String) attribute));
    }

    public boolean credentialsChanged(HttpSession httpSession, String str) {
        return !Objects.equals(httpSession.getAttribute(SessionAttributes.CREDENTIALS_HASH.getValue()), this.userAdminHelper.getCredentialsHash(str).orElse(null));
    }

    public Optional<Principal> getCurrentPrincipal(ContainerRequestContext containerRequestContext) {
        return Optional.ofNullable(containerRequestContext.getSecurityContext()).flatMap(securityContext -> {
            return Optional.ofNullable(securityContext.getUserPrincipal());
        });
    }

    public boolean isSessionExpired(HttpSession httpSession, int i) {
        long nanoTime = System.nanoTime();
        if (httpSession.isNew()) {
            return false;
        }
        long lastActivity = nanoTime - getLastActivity(httpSession);
        if (i <= 0 || lastActivity <= TimeUnit.SECONDS.toNanos(i)) {
            return false;
        }
        httpSession.invalidate();
        return true;
    }

    public Optional<String> getXsrfToken(HttpSession httpSession) {
        return Optional.ofNullable(httpSession.getAttribute(SessionAttributes.XSRF_TOKEN.getValue())).flatMap(obj -> {
            return obj instanceof String ? Optional.of((String) obj) : Optional.empty();
        });
    }

    public String getOrCreateXsrfToken(HttpSession httpSession) {
        Optional<String> xsrfToken = getXsrfToken(httpSession);
        if (xsrfToken.isPresent()) {
            return xsrfToken.get();
        }
        String uuid = UUID.randomUUID().toString();
        httpSession.setAttribute(SessionAttributes.XSRF_TOKEN.getValue(), uuid);
        return uuid;
    }

    public boolean isXsrfTokenValid(HttpServletRequest httpServletRequest) {
        return checkXsrfToken(Optional.ofNullable(httpServletRequest.getHeader("X-XSRF-Token")), httpServletRequest);
    }

    public boolean checkXsrfToken(Optional<String> optional, HttpServletRequest httpServletRequest) {
        Optional<HttpSession> existingSession = getExistingSession(httpServletRequest);
        if (optional.isPresent() && existingSession.isPresent()) {
            return Objects.equals(optional, getXsrfToken(existingSession.get()));
        }
        return false;
    }

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Optional<HttpSession> existingSession = getExistingSession(httpServletRequest);
        if (existingSession.isPresent()) {
            existingSession.get().invalidate();
            for (Cookie cookie : httpServletRequest.getCookies()) {
                cookie.setMaxAge(0);
                cookie.setValue((String) null);
                cookie.setPath("/");
                httpServletResponse.addCookie(cookie);
            }
        }
    }

    public Optional<HttpSession> getExistingSession(HttpServletRequest httpServletRequest) {
        return Optional.ofNullable(httpServletRequest.getSession(false));
    }

    private static Principal principalForIdentity(String str) {
        return () -> {
            return str;
        };
    }

    private static long getLastActivity(HttpSession httpSession) {
        Object attribute = httpSession.getAttribute(SessionAttributes.LAST_ACTIVITY.getValue());
        if (attribute instanceof Long) {
            return ((Long) attribute).longValue();
        }
        return 0L;
    }
}
