package io.camunda.tasklist.webapp.security;

import io.camunda.tasklist.data.conditionals.ElasticSearchCondition;
import io.camunda.tasklist.es.RetryElasticsearchClient;
import io.camunda.tasklist.schema.indices.TasklistWebSessionIndex;
import io.camunda.tasklist.webapp.security.sso.TokenAuthentication;
import jakarta.annotation.PostConstruct;
import jakarta.annotation.PreDestroy;
import jakarta.servlet.http.HttpServletRequest;
import java.time.Duration;
import java.time.Instant;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import org.elasticsearch.action.search.SearchRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.context.annotation.Conditional;
import org.springframework.core.convert.TypeDescriptor;
import org.springframework.core.convert.support.GenericConversionService;
import org.springframework.core.serializer.support.DeserializingConverter;
import org.springframework.core.serializer.support.SerializingConverter;
import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.session.MapSession;
import org.springframework.session.Session;
import org.springframework.session.SessionRepository;
import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
import org.springframework.stereotype.Component;

@Conditional({ElasticSearchCondition.class})
@ConditionalOnExpression("${camunda.tasklist.persistent.sessions.enabled:false} or ${camunda.tasklist.persistentSessionsEnabled:false}")
@Component
@EnableSpringHttpSession
/* loaded from: input_file:io/camunda/tasklist/webapp/security/ElasticsearchSessionRepository.class */
public class ElasticsearchSessionRepository implements SessionRepository<ElasticsearchSession> {
    public static final int DELETE_EXPIRED_SESSIONS_DELAY = 1800000;
    public static final String POLLING_HEADER = "x-is-polling";
    private static final Logger LOGGER = LoggerFactory.getLogger(ElasticsearchSessionRepository.class);

    @Autowired
    @Qualifier("sessionThreadPoolScheduler")
    public ThreadPoolTaskScheduler taskScheduler;

    @Autowired
    private RetryElasticsearchClient retryElasticsearchClient;

    @Autowired
    private GenericConversionService conversionService;

    @Autowired
    private TasklistWebSessionIndex tasklistWebSessionIndex;

    @Autowired
    private HttpServletRequest request;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/camunda/tasklist/webapp/security/ElasticsearchSessionRepository$ElasticsearchSession.class */
    public static class ElasticsearchSession implements Session {
        private final MapSession delegate;
        private boolean changed;
        private boolean polling = false;

        public ElasticsearchSession(String str) {
            this.delegate = new MapSession(str);
        }

        boolean isChanged() {
            return this.changed;
        }

        void clearChangeFlag() {
            this.changed = false;
        }

        public String getId() {
            return this.delegate.getId();
        }

        public String changeSessionId() {
            String changeSessionId = this.delegate.changeSessionId();
            this.changed = true;
            return changeSessionId;
        }

        public ElasticsearchSession setId(String str) {
            this.delegate.setId(str);
            return this;
        }

        public <T> T getAttribute(String str) {
            return (T) this.delegate.getAttribute(str);
        }

        public Set<String> getAttributeNames() {
            return this.delegate.getAttributeNames();
        }

        public void setAttribute(String str, Object obj) {
            this.delegate.setAttribute(str, obj);
            this.changed = true;
        }

        public void removeAttribute(String str) {
            this.delegate.removeAttribute(str);
            this.changed = true;
        }

        public Instant getCreationTime() {
            return this.delegate.getCreationTime();
        }

        public void setCreationTime(Instant instant) {
            this.delegate.setCreationTime(instant);
            this.changed = true;
        }

        public int hashCode() {
            return Objects.hash(getId());
        }

        public void setLastAccessedTime(Instant instant) {
            if (this.polling) {
                return;
            }
            this.delegate.setLastAccessedTime(instant);
            this.changed = true;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return Objects.equals(getId(), ((ElasticsearchSession) obj).getId());
        }

        public Instant getLastAccessedTime() {
            return this.delegate.getLastAccessedTime();
        }

        public void setMaxInactiveInterval(Duration duration) {
            this.delegate.setMaxInactiveInterval(duration);
            this.changed = true;
        }

        public Duration getMaxInactiveInterval() {
            return this.delegate.getMaxInactiveInterval();
        }

        public String toString() {
            return String.format("ElasticsearchSession: %s ", getId());
        }

        public boolean isExpired() {
            return this.delegate.isExpired();
        }

        public boolean containsAuthentication() {
            return getAuthentication() != null;
        }

        public boolean isAuthenticated() {
            Authentication authentication = getAuthentication();
            if (authentication != null) {
                try {
                    if (authentication.isAuthenticated()) {
                        return true;
                    }
                } catch (InsufficientAuthenticationException e) {
                    return false;
                }
            }
            return false;
        }

        private Authentication getAuthentication() {
            SecurityContext securityContext = (SecurityContext) this.delegate.getAttribute("SPRING_SECURITY_CONTEXT");
            return securityContext != null ? securityContext.getAuthentication() : null;
        }

        public boolean isPolling() {
            return this.polling;
        }

        public ElasticsearchSession setPolling(boolean z) {
            this.polling = z;
            return this;
        }
    }

    @PostConstruct
    private void setUp() {
        LOGGER.debug("Persistent sessions in Elasticsearch enabled");
        setupConverter();
        startExpiredSessionCheck();
    }

    @PreDestroy
    private void tearDown() {
        LOGGER.debug("Shutdown ElasticsearchSessionRepository");
    }

    private void setupConverter() {
        this.conversionService.addConverter(Object.class, byte[].class, new SerializingConverter());
        this.conversionService.addConverter(byte[].class, Object.class, new DeserializingConverter());
    }

    private void startExpiredSessionCheck() {
        this.taskScheduler.scheduleAtFixedRate(this::removedExpiredSessions, 1800000L);
    }

    private void removedExpiredSessions() {
        LOGGER.debug("Check for expired sessions");
        this.retryElasticsearchClient.doWithEachSearchResult(new SearchRequest(new String[]{this.tasklistWebSessionIndex.getFullQualifiedName()}), searchHit -> {
            Map<String, Object> sourceAsMap = searchHit.getSourceAsMap();
            Optional<ElasticsearchSession> documentToSession = documentToSession(sourceAsMap);
            if (!documentToSession.isPresent()) {
                deleteById(getSessionIdFrom(sourceAsMap));
                return;
            }
            ElasticsearchSession elasticsearchSession = documentToSession.get();
            LOGGER.debug("Check if session {} is expired: {}", elasticsearchSession, Boolean.valueOf(elasticsearchSession.isExpired()));
            if (elasticsearchSession.isExpired()) {
                deleteById(elasticsearchSession.getId());
            }
        });
    }

    private boolean shouldDeleteSession(ElasticsearchSession elasticsearchSession) {
        return elasticsearchSession.isExpired() || (elasticsearchSession.containsAuthentication() && !elasticsearchSession.isAuthenticated());
    }

    /* renamed from: createSession, reason: merged with bridge method [inline-methods] */
    public ElasticsearchSession m28createSession() {
        ElasticsearchSession elasticsearchSession = new ElasticsearchSession(UUID.randomUUID().toString().replace("-", ""));
        LOGGER.debug("Create session {} with maxInactiveInterval {} s", elasticsearchSession, elasticsearchSession.getMaxInactiveInterval());
        return elasticsearchSession;
    }

    public void save(ElasticsearchSession elasticsearchSession) {
        LOGGER.debug("Save session {}", elasticsearchSession);
        if (shouldDeleteSession(elasticsearchSession)) {
            deleteById(elasticsearchSession.getId());
        } else if (elasticsearchSession.isChanged()) {
            LOGGER.debug("Session {} changed, save in Elasticsearch.", elasticsearchSession);
            this.retryElasticsearchClient.createOrUpdateDocument(this.tasklistWebSessionIndex.getFullQualifiedName(), elasticsearchSession.getId(), sessionToDocument(elasticsearchSession));
            elasticsearchSession.clearChangeFlag();
        }
    }

    /* renamed from: findById, reason: merged with bridge method [inline-methods] */
    public ElasticsearchSession m27findById(String str) {
        Map<String, Object> map;
        LOGGER.debug("Retrieve session {} from Elasticsearch", str);
        try {
            map = this.retryElasticsearchClient.getDocument(this.tasklistWebSessionIndex.getFullQualifiedName(), str);
        } catch (Exception e) {
            map = null;
        }
        if (map == null) {
            return null;
        }
        Optional<ElasticsearchSession> documentToSession = documentToSession(map);
        if (documentToSession.isEmpty()) {
            deleteById(getSessionIdFrom(map));
            return null;
        }
        ElasticsearchSession elasticsearchSession = documentToSession.get();
        if (!shouldDeleteSession(elasticsearchSession)) {
            return elasticsearchSession;
        }
        deleteById(elasticsearchSession.getId());
        return null;
    }

    public void deleteById(String str) {
        LOGGER.debug("Delete session {}", str);
        executeAsyncElasticsearchRequest(() -> {
            this.retryElasticsearchClient.deleteDocument(this.tasklistWebSessionIndex.getFullQualifiedName(), str);
        });
    }

    private byte[] serialize(Object obj) {
        return (byte[]) this.conversionService.convert(obj, TypeDescriptor.valueOf(Object.class), TypeDescriptor.valueOf(byte[].class));
    }

    private Object deserialize(byte[] bArr) {
        return this.conversionService.convert(bArr, TypeDescriptor.valueOf(byte[].class), TypeDescriptor.valueOf(Object.class));
    }

    private Map<String, Object> sessionToDocument(ElasticsearchSession elasticsearchSession) {
        HashMap hashMap = new HashMap();
        elasticsearchSession.getAttributeNames().forEach(str -> {
            hashMap.put(str, serialize(elasticsearchSession.getAttribute(str)));
        });
        return Map.of(TokenAuthentication.ORGANIZATION_ID, elasticsearchSession.getId(), "creationTime", Long.valueOf(elasticsearchSession.getCreationTime().toEpochMilli()), "lastAccessedTime", Long.valueOf(elasticsearchSession.getLastAccessedTime().toEpochMilli()), "maxInactiveIntervalInSeconds", Long.valueOf(elasticsearchSession.getMaxInactiveInterval().getSeconds()), "attributes", hashMap);
    }

    private String getSessionIdFrom(Map<String, Object> map) {
        return (String) map.get(TokenAuthentication.ORGANIZATION_ID);
    }

    private Instant getInstantFor(Object obj) {
        if (obj != null && (obj instanceof Long)) {
            return Instant.ofEpochMilli(((Long) obj).longValue());
        }
        return null;
    }

    private Duration getDurationFor(Object obj) {
        if (obj != null && (obj instanceof Integer)) {
            return Duration.ofSeconds(((Integer) obj).intValue());
        }
        return null;
    }

    private Optional<ElasticsearchSession> documentToSession(Map<String, Object> map) {
        try {
            ElasticsearchSession elasticsearchSession = new ElasticsearchSession(getSessionIdFrom(map));
            elasticsearchSession.setLastAccessedTime(getInstantFor(map.get("lastAccessedTime")));
            try {
                if (this.request != null && this.request.getHeader("x-is-polling") != null && !this.request.getHeader("x-is-polling").equals(true)) {
                    elasticsearchSession.setPolling(true);
                }
            } catch (Exception e) {
                LOGGER.debug("Expected Exception: is not possible to access request as currently this is not on a request context");
            }
            elasticsearchSession.setCreationTime(getInstantFor(map.get("creationTime")));
            elasticsearchSession.setMaxInactiveInterval(getDurationFor(map.get("maxInactiveIntervalInSeconds")));
            Object obj = map.get("attributes");
            if (obj != null && obj.getClass().isInstance(new HashMap())) {
                Map map2 = (Map) map.get("attributes");
                map2.keySet().forEach(str -> {
                    elasticsearchSession.setAttribute(str, deserialize(Base64.getDecoder().decode((String) map2.get(str))));
                });
            }
            return Optional.of(elasticsearchSession);
        } catch (Exception e2) {
            LOGGER.error("Could not restore session.", e2);
            return Optional.empty();
        }
    }

    private void executeAsyncElasticsearchRequest(Runnable runnable) {
        this.taskScheduler.execute(runnable);
    }
}
