package org.apache.knox.gateway.pac4j.session;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter;
import org.apache.knox.gateway.services.security.CryptoService;
import org.apache.knox.gateway.services.security.EncryptionResult;
import org.apache.knox.gateway.util.Urls;
import org.pac4j.core.context.ContextHelper;
import org.pac4j.core.context.Cookie;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.util.JavaSerializationHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/knox/gateway/pac4j/session/KnoxSessionStore.class */
public class KnoxSessionStore<C extends WebContext> implements SessionStore<C> {
    private static final Logger logger = LoggerFactory.getLogger(KnoxSessionStore.class);
    public static final String PAC4J_PASSWORD = "pac4j.password";
    public static final String PAC4J_SESSION_PREFIX = "pac4j.session.";
    private final JavaSerializationHelper javaSerializationHelper;
    private final CryptoService cryptoService;
    private final String clusterName;
    private final String domainSuffix;
    final Map<String, String> sessionStoreConfigs;

    public KnoxSessionStore(CryptoService cryptoService, String str, String str2) {
        this(cryptoService, str, str2, new HashMap());
    }

    public KnoxSessionStore(CryptoService cryptoService, String str, String str2, Map<String, String> map) {
        this.javaSerializationHelper = new JavaSerializationHelper();
        this.cryptoService = cryptoService;
        this.clusterName = str;
        this.domainSuffix = str2;
        this.sessionStoreConfigs = map;
    }

    public String getOrCreateSessionId(WebContext webContext) {
        return null;
    }

    private Serializable uncompressDecryptBase64(String str) {
        if (str == null || str.isEmpty()) {
            return null;
        }
        EncryptionResult fromByteArray = EncryptionResult.fromByteArray(Base64.decodeBase64(str));
        byte[] decryptForCluster = this.cryptoService.decryptForCluster(this.clusterName, PAC4J_PASSWORD, fromByteArray.cipher, fromByteArray.iv, fromByteArray.salt);
        if (decryptForCluster == null) {
            return null;
        }
        try {
            return this.javaSerializationHelper.deserializeFromBytes(unCompress(decryptForCluster));
        } catch (IOException e) {
            throw new TechnicalException(e);
        }
    }

    public Optional<Object> get(WebContext webContext, String str) {
        Cookie cookie = ContextHelper.getCookie(webContext, PAC4J_SESSION_PREFIX + str);
        Serializable serializable = null;
        if (cookie != null) {
            serializable = uncompressDecryptBase64(cookie.getValue());
        }
        logger.debug("Get from session: {} = {}", str, serializable);
        return Optional.ofNullable(serializable);
    }

    private String compressEncryptBase64(Object obj) {
        if (obj == null || obj.equals("")) {
            return null;
        }
        if ((obj instanceof Map) && ((Map) obj).isEmpty()) {
            return null;
        }
        try {
            byte[] compress = compress(this.javaSerializationHelper.serializeToBytes((Serializable) obj));
            if (compress.length > 3000) {
                logger.warn("Cookie too big, it might not be properly set");
            }
            return Base64.encodeBase64String(this.cryptoService.encryptForCluster(this.clusterName, PAC4J_PASSWORD, compress).toByteAray());
        } catch (IOException e) {
            throw new TechnicalException(e);
        }
    }

    public void set(WebContext webContext, String str, Object obj) {
        Cookie cookie;
        Object obj2 = obj;
        if (obj == null) {
            cookie = new Cookie(PAC4J_SESSION_PREFIX + str, (String) null);
        } else {
            if (str.contentEquals("pac4jUserProfiles")) {
                obj2 = clearUserProfile(obj);
            }
            logger.debug("Save in session: {} = {}", str, obj2);
            cookie = new Cookie(PAC4J_SESSION_PREFIX + str, compressEncryptBase64(obj2));
        }
        try {
            String domainName = Urls.getDomainName(webContext.getFullRequestURL(), this.domainSuffix);
            if (domainName == null) {
                domainName = webContext.getServerName();
            }
            cookie.setDomain(domainName);
            cookie.setHttpOnly(true);
            cookie.setSecure(ContextHelper.isHttpsOrSecure(webContext));
            if (webContext.getPath() != null && webContext.getPath().contains(Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER)) {
                cookie.setPath(((JEEContext) webContext).getNativeRequest().getRequestURI().split("websso/pac4jCallback")[0]);
            }
            webContext.addResponseCookie(cookie);
        } catch (Exception e) {
            throw new TechnicalException(e);
        }
    }

    private static byte[] compress(byte[] bArr) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length);
        Throwable th = null;
        try {
            GZIPOutputStream gZIPOutputStream = new GZIPOutputStream(byteArrayOutputStream);
            Throwable th2 = null;
            try {
                try {
                    gZIPOutputStream.write(bArr);
                    if (gZIPOutputStream != null) {
                        if (0 != 0) {
                            try {
                                gZIPOutputStream.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            gZIPOutputStream.close();
                        }
                    }
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    if (byteArrayOutputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayOutputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            byteArrayOutputStream.close();
                        }
                    }
                    return byteArray;
                } finally {
                }
            } catch (Throwable th5) {
                if (gZIPOutputStream != null) {
                    if (th2 != null) {
                        try {
                            gZIPOutputStream.close();
                        } catch (Throwable th6) {
                            th2.addSuppressed(th6);
                        }
                    } else {
                        gZIPOutputStream.close();
                    }
                }
                throw th5;
            }
        } catch (Throwable th7) {
            if (byteArrayOutputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    byteArrayOutputStream.close();
                }
            }
            throw th7;
        }
    }

    private static byte[] unCompress(byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Throwable th = null;
        try {
            GZIPInputStream gZIPInputStream = new GZIPInputStream(byteArrayInputStream);
            Throwable th2 = null;
            try {
                try {
                    byte[] byteArray = IOUtils.toByteArray(gZIPInputStream);
                    if (gZIPInputStream != null) {
                        if (0 != 0) {
                            try {
                                gZIPInputStream.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            gZIPInputStream.close();
                        }
                    }
                    return byteArray;
                } finally {
                }
            } catch (Throwable th4) {
                if (gZIPInputStream != null) {
                    if (th2 != null) {
                        try {
                            gZIPInputStream.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        gZIPInputStream.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (byteArrayInputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
        }
    }

    private Object clearUserProfile(Object obj) {
        if (!(obj instanceof Map)) {
            CommonProfile commonProfile = (CommonProfile) obj;
            commonProfile.removeLoginData();
            return commonProfile;
        }
        Map map = (Map) obj;
        map.forEach((str, commonProfile2) -> {
            commonProfile2.removeLoginData();
        });
        if (this.sessionStoreConfigs != null) {
            if (this.sessionStoreConfigs.getOrDefault(Pac4jDispatcherFilter.PAC4J_SESSION_STORE_EXCLUDE_GROUPS, "true").equalsIgnoreCase("true")) {
                map.forEach((str2, commonProfile3) -> {
                    commonProfile3.removeAttribute("groups");
                });
            }
            if (this.sessionStoreConfigs.getOrDefault(Pac4jDispatcherFilter.PAC4J_SESSION_STORE_EXCLUDE_ROLES, "true").equalsIgnoreCase("true")) {
                map.forEach((str3, commonProfile4) -> {
                    commonProfile4.removeAttribute("roles");
                });
            }
            if (this.sessionStoreConfigs.getOrDefault(Pac4jDispatcherFilter.PAC4J_SESSION_STORE_EXCLUDE_PERMISSIONS, "true").equalsIgnoreCase("true")) {
                map.forEach((str4, commonProfile5) -> {
                    commonProfile5.removeAttribute("permissions");
                });
            }
        }
        return map;
    }

    public Optional<SessionStore<C>> buildFromTrackableSession(WebContext webContext, Object obj) {
        return Optional.empty();
    }

    public boolean destroySession(WebContext webContext) {
        return false;
    }

    public Optional getTrackableSession(WebContext webContext) {
        return Optional.empty();
    }

    public boolean renewSession(WebContext webContext) {
        return false;
    }
}
