package com.google.gerrit.httpd;

import com.google.common.cache.Cache;
import com.google.gerrit.common.TimeUtil;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.gerrit.server.config.ConfigUtil;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.ioutil.BasicSerialization;
import com.google.inject.Inject;
import com.google.inject.assistedinject.Assisted;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.security.SecureRandom;
import java.util.concurrent.TimeUnit;
import org.eclipse.jgit.lib.Config;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/google/gerrit/httpd/WebSessionManager.class */
public class WebSessionManager {
    private static final Logger log = LoggerFactory.getLogger(WebSessionManager.class);
    public static final String CACHE_NAME = "web_sessions";
    private final long sessionMaxAgeMillis;
    private final SecureRandom prng = new SecureRandom();
    private final Cache<String, Val> self;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/google/gerrit/httpd/WebSessionManager$Key.class */
    public static final class Key {
        private transient String token;

        /* JADX INFO: Access modifiers changed from: package-private */
        public Key(String str) {
            this.token = str;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public String getToken() {
            return this.token;
        }

        public int hashCode() {
            return this.token.hashCode();
        }

        public boolean equals(Object obj) {
            return (obj instanceof Key) && this.token.equals(((Key) obj).token);
        }
    }

    /* loaded from: input_file:com/google/gerrit/httpd/WebSessionManager$Val.class */
    public static final class Val implements Serializable {
        static final long serialVersionUID = 2;
        private transient Account.Id accountId;
        private transient long refreshCookieAt;
        private transient boolean persistentCookie;
        private transient ExternalId.Key externalId;
        private transient long expiresAt;
        private transient String sessionId;
        private transient String auth;

        /* JADX INFO: Access modifiers changed from: package-private */
        public Val(Account.Id id, long j, boolean z, ExternalId.Key key, long j2, String str, String str2) {
            this.accountId = id;
            this.refreshCookieAt = j;
            this.persistentCookie = z;
            this.externalId = key;
            this.expiresAt = j2;
            this.sessionId = str;
            this.auth = str2;
        }

        public long getExpiresAt() {
            return this.expiresAt;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Account.Id getAccountId() {
            return this.accountId;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ExternalId.Key getExternalId() {
            return this.externalId;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public String getSessionId() {
            return this.sessionId;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public String getAuth() {
            return this.auth;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean needsCookieRefresh() {
            return this.refreshCookieAt <= TimeUtil.nowMs();
        }

        boolean isPersistentCookie() {
            return this.persistentCookie;
        }

        private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
            BasicSerialization.writeVarInt32(objectOutputStream, 1);
            BasicSerialization.writeVarInt32(objectOutputStream, this.accountId.get());
            BasicSerialization.writeVarInt32(objectOutputStream, 2);
            BasicSerialization.writeFixInt64(objectOutputStream, this.refreshCookieAt);
            BasicSerialization.writeVarInt32(objectOutputStream, 3);
            BasicSerialization.writeVarInt32(objectOutputStream, this.persistentCookie ? 1 : 0);
            if (this.externalId != null) {
                BasicSerialization.writeVarInt32(objectOutputStream, 4);
                BasicSerialization.writeString(objectOutputStream, this.externalId.toString());
            }
            if (this.sessionId != null) {
                BasicSerialization.writeVarInt32(objectOutputStream, 5);
                BasicSerialization.writeString(objectOutputStream, this.sessionId);
            }
            BasicSerialization.writeVarInt32(objectOutputStream, 6);
            BasicSerialization.writeFixInt64(objectOutputStream, this.expiresAt);
            if (this.auth != null) {
                BasicSerialization.writeVarInt32(objectOutputStream, 7);
                BasicSerialization.writeString(objectOutputStream, this.auth);
            }
            BasicSerialization.writeVarInt32(objectOutputStream, 0);
        }

        private void readObject(ObjectInputStream objectInputStream) throws IOException {
            while (true) {
                int readVarInt32 = BasicSerialization.readVarInt32(objectInputStream);
                switch (readVarInt32) {
                    case 0:
                        if (this.expiresAt == 0) {
                            this.expiresAt = this.refreshCookieAt + TimeUnit.HOURS.toMillis(2L);
                            return;
                        }
                        return;
                    case 1:
                        this.accountId = new Account.Id(BasicSerialization.readVarInt32(objectInputStream));
                        break;
                    case 2:
                        this.refreshCookieAt = BasicSerialization.readFixInt64(objectInputStream);
                        break;
                    case 3:
                        this.persistentCookie = BasicSerialization.readVarInt32(objectInputStream) != 0;
                        break;
                    case 4:
                        this.externalId = ExternalId.Key.parse(BasicSerialization.readString(objectInputStream));
                        break;
                    case 5:
                        this.sessionId = BasicSerialization.readString(objectInputStream);
                        break;
                    case 6:
                        this.expiresAt = BasicSerialization.readFixInt64(objectInputStream);
                        break;
                    case 7:
                        this.auth = BasicSerialization.readString(objectInputStream);
                        break;
                    default:
                        throw new IOException("Unknown tag found in object: " + readVarInt32);
                }
            }
        }
    }

    @Inject
    WebSessionManager(@GerritServerConfig Config config, @Assisted Cache<String, Val> cache) {
        this.self = cache;
        this.sessionMaxAgeMillis = TimeUnit.SECONDS.toMillis(ConfigUtil.getTimeUnit(config, "cache", "web_sessions", "maxAge", TimeUnit.SECONDS.convert(CacheBasedWebSession.MAX_AGE_MINUTES, TimeUnit.MINUTES), TimeUnit.SECONDS));
        if (this.sessionMaxAgeMillis < TimeUnit.MINUTES.toMillis(5L)) {
            log.warn(String.format("cache.%s.maxAge is set to %d milliseconds; it should be at least 5 minutes.", "web_sessions", Long.valueOf(this.sessionMaxAgeMillis)));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Key createKey(Account.Id id) {
        return new Key(newUniqueToken(id));
    }

    private String newUniqueToken(Account.Id id) {
        try {
            byte[] bArr = new byte[20];
            this.prng.nextBytes(bArr);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(23);
            BasicSerialization.writeVarInt32(byteArrayOutputStream, 2);
            BasicSerialization.writeVarInt32(byteArrayOutputStream, id.get());
            BasicSerialization.writeBytes(byteArrayOutputStream, bArr);
            return CookieBase64.encode(byteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            throw new RuntimeException("Cannot produce new account cookie", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Val createVal(Key key, Val val) {
        return createVal(key, val.getAccountId(), val.isPersistentCookie(), val.getExternalId(), val.sessionId, val.auth);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Val createVal(Key key, Account.Id id, boolean z, ExternalId.Key key2, String str, String str2) {
        long min = Math.min(this.sessionMaxAgeMillis >>> 1, TimeUnit.MILLISECONDS.convert(1L, TimeUnit.HOURS));
        long nowMs = TimeUtil.nowMs();
        long j = nowMs + min;
        long j2 = nowMs + this.sessionMaxAgeMillis;
        if (str == null) {
            str = newUniqueToken(id);
        }
        if (str2 == null) {
            str2 = newUniqueToken(id);
        }
        Val val = new Val(id, j, z, key2, j2, str, str2);
        this.self.put(key.token, val);
        return val;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getCookieAge(Val val) {
        if (val.isPersistentCookie()) {
            return (int) TimeUnit.MILLISECONDS.toSeconds(this.sessionMaxAgeMillis);
        }
        return -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Val get(Key key) {
        Val ifPresent = this.self.getIfPresent(key.token);
        if (ifPresent == null || ifPresent.expiresAt > TimeUtil.nowMs()) {
            return ifPresent;
        }
        this.self.invalidate(key.token);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void destroy(Key key) {
        this.self.invalidate(key.token);
    }
}
