package org.apache.ranger.biz;

import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.CopyOnWriteArraySet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.common.DateUtil;
import org.apache.ranger.common.HTTPUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.StringUtil;
import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXAuthSession;
import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.entity.XXPortalUserRole;
import org.apache.ranger.entity.XXUser;
import org.apache.ranger.security.context.RangerContextHolder;
import org.apache.ranger.security.context.RangerSecurityContext;
import org.apache.ranger.security.listener.RangerHttpSessionListener;
import org.apache.ranger.security.web.filter.RangerSecurityContextFormationFilter;
import org.apache.ranger.service.AuthSessionService;
import org.apache.ranger.util.RestUtil;
import org.apache.ranger.view.VXAuthSession;
import org.apache.ranger.view.VXAuthSessionList;
import org.apache.ranger.view.VXLong;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@Transactional
@Component
/* loaded from: input_file:WEB-INF/classes/org/apache/ranger/biz/SessionMgr.class */
public class SessionMgr {

    @Autowired
    RESTErrorUtil restErrorUtil;

    @Autowired
    RangerDaoManager daoManager;

    @Autowired
    XUserMgr xUserMgr;

    @Autowired
    AuthSessionService authSessionService;

    @Autowired
    HTTPUtil httpUtil;

    @Autowired
    StringUtil stringUtil;
    static final Logger logger = Logger.getLogger(SessionMgr.class);
    private static final Long SESSION_UPDATE_INTERVAL_IN_MILLIS = 1800000L;

    public SessionMgr() {
        logger.debug("SessionManager created");
    }

    public UserSessionBase processSuccessLogin(int i, String str) {
        return processSuccessLogin(i, str, null);
    }

    public UserSessionBase processSuccessLogin(int i, String str, HttpServletRequest httpServletRequest) {
        boolean z = true;
        UserSessionBase userSessionBase = null;
        RangerSecurityContext securityContext = RangerContextHolder.getSecurityContext();
        if (securityContext != null) {
            userSessionBase = securityContext.getUserSession();
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        WebAuthenticationDetails webAuthenticationDetails = (WebAuthenticationDetails) authentication.getDetails();
        String name = authentication.getName();
        if (userSessionBase != null && validateUserSession(userSessionBase, name)) {
            z = false;
        }
        if (z) {
            getSSOSpnegoAuthCheckForAPI(name, httpServletRequest);
            XXPortalUser findByLoginId = this.daoManager.getXXPortalUser().findByLoginId(name);
            if (findByLoginId == null) {
                logger.error("Error getting user for loginId=" + name, new Exception());
                return null;
            }
            XXAuthSession xXAuthSession = new XXAuthSession();
            xXAuthSession.setLoginId(name);
            xXAuthSession.setUserId(findByLoginId.getId());
            xXAuthSession.setAuthTime(DateUtil.getUTCDate());
            xXAuthSession.setAuthStatus(1);
            xXAuthSession.setAuthType(i);
            if (webAuthenticationDetails != null) {
                xXAuthSession.setExtSessionId(webAuthenticationDetails.getSessionId());
                xXAuthSession.setRequestIP(webAuthenticationDetails.getRemoteAddress());
            }
            if (str != null) {
                xXAuthSession.setRequestUserAgent(str);
            }
            xXAuthSession.setDeviceType(this.httpUtil.getDeviceType(str));
            HttpSession session = httpServletRequest.getSession();
            if (session != null && session.getAttribute("auditLoginId") == null) {
                synchronized (session) {
                    if (session.getAttribute("auditLoginId") == null) {
                        if (PropertiesUtil.getBooleanProperty("ranger.downloadpolicy.session.log.enabled", false)) {
                            xXAuthSession = storeAuthSession(xXAuthSession);
                            session.setAttribute("auditLoginId", xXAuthSession.getId());
                        } else if (!StringUtils.isEmpty(httpServletRequest.getRequestURI()) && !httpServletRequest.getRequestURI().contains("/secure/policies/download/") && !httpServletRequest.getRequestURI().contains("/secure/download/")) {
                            xXAuthSession = storeAuthSession(xXAuthSession);
                            session.setAttribute("auditLoginId", xXAuthSession.getId());
                        } else if (StringUtils.isEmpty(httpServletRequest.getRequestURI())) {
                            xXAuthSession = storeAuthSession(xXAuthSession);
                            session.setAttribute("auditLoginId", xXAuthSession.getId());
                        }
                    }
                }
            }
            userSessionBase = new UserSessionBase();
            userSessionBase.setXXPortalUser(findByLoginId);
            userSessionBase.setXXAuthSession(xXAuthSession);
            if (httpServletRequest.getAttribute("spnegoEnabled") != null && ((Boolean) httpServletRequest.getAttribute("spnegoEnabled")).booleanValue()) {
                userSessionBase.setSpnegoEnabled(true);
            }
            resetUserSessionForProfiles(userSessionBase);
            resetUserModulePermission(userSessionBase);
            Calendar calendar = Calendar.getInstance();
            if (webAuthenticationDetails != null) {
                logger.info("Login Success: loginId=" + name + ", sessionId=" + xXAuthSession.getId() + ", sessionId=" + webAuthenticationDetails.getSessionId() + ", requestId=" + webAuthenticationDetails.getRemoteAddress() + ", epoch=" + calendar.getTimeInMillis());
            } else {
                logger.info("Login Success: loginId=" + name + ", sessionId=" + xXAuthSession.getId() + ", details is null, epoch=" + calendar.getTimeInMillis());
            }
        }
        return userSessionBase;
    }

    private void getSSOSpnegoAuthCheckForAPI(String str, HttpServletRequest httpServletRequest) {
        RangerSecurityContext securityContext = RangerContextHolder.getSecurityContext();
        UserSessionBase userSession = securityContext != null ? securityContext.getUserSession() : null;
        boolean booleanValue = userSession != null ? userSession.isSSOEnabled().booleanValue() : PropertiesUtil.getBooleanProperty("ranger.sso.enabled", false);
        if (this.daoManager.getXXPortalUser().findByLoginId(str) == null) {
            if ((httpServletRequest.getAttribute("spnegoEnabled") == null || !((Boolean) httpServletRequest.getAttribute("spnegoEnabled")).booleanValue()) && !booleanValue) {
                return;
            }
            if (logger.isDebugEnabled()) {
                logger.debug("User : " + str + " doesn't exist in Ranger DB So creating user as it's SSO or Spnego authenticated");
            }
            this.xUserMgr.createServiceConfigUser(str);
        }
    }

    public void resetUserModulePermission(UserSessionBase userSessionBase) {
        XXUser findByUserName = this.daoManager.getXXUser().findByUserName(userSessionBase.getLoginId());
        if (findByUserName == null) {
            logger.error("No XUser found with username: " + userSessionBase.getLoginId() + "So Permission is not set for the user");
            return;
        }
        CopyOnWriteArraySet<String> copyOnWriteArraySet = new CopyOnWriteArraySet<>(this.daoManager.getXXModuleDef().findAccessibleModulesByUserId(userSessionBase.getUserId(), findByUserName.getId()));
        UserSessionBase.RangerUserPermission rangerUserPermission = userSessionBase.getRangerUserPermission();
        if (rangerUserPermission == null) {
            rangerUserPermission = new UserSessionBase.RangerUserPermission();
        }
        rangerUserPermission.setUserPermissions(copyOnWriteArraySet);
        rangerUserPermission.setLastUpdatedTime(Long.valueOf(Calendar.getInstance().getTimeInMillis()));
        userSessionBase.setRangerUserPermission(rangerUserPermission);
        logger.info("UserSession Updated to set new Permissions to User: " + userSessionBase.getLoginId());
    }

    public void resetUserSessionForProfiles(UserSessionBase userSessionBase) {
        if (userSessionBase == null) {
            return;
        }
        userSessionBase.setXXPortalUser(this.daoManager.getXXPortalUser().findByLoginId(userSessionBase.getLoginId()));
        setUserRoles(userSessionBase);
    }

    private void setUserRoles(UserSessionBase userSessionBase) {
        ArrayList arrayList = new ArrayList();
        Iterator<XXPortalUserRole> it = this.daoManager.getXXPortalUserRole().findByUserId(userSessionBase.getUserId()).iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getUserRole());
        }
        if (arrayList.contains(RangerConstants.ROLE_SYS_ADMIN)) {
            userSessionBase.setUserAdmin(true);
            userSessionBase.setKeyAdmin(false);
        } else if (arrayList.contains(RangerConstants.ROLE_KEY_ADMIN)) {
            userSessionBase.setKeyAdmin(true);
            userSessionBase.setUserAdmin(false);
        } else if (arrayList.size() == 1 && arrayList.get(0).equals(RangerConstants.ROLE_USER)) {
            userSessionBase.setKeyAdmin(false);
            userSessionBase.setUserAdmin(false);
        }
        userSessionBase.setUserRoleList(arrayList);
    }

    public XXAuthSession processFailureLogin(int i, int i2, String str, String str2, String str3) {
        XXAuthSession xXAuthSession = new XXAuthSession();
        xXAuthSession.setLoginId(str);
        xXAuthSession.setUserId(null);
        xXAuthSession.setAuthTime(DateUtil.getUTCDate());
        xXAuthSession.setAuthStatus(i);
        xXAuthSession.setAuthType(i2);
        xXAuthSession.setDeviceType(0);
        xXAuthSession.setExtSessionId(str3);
        xXAuthSession.setRequestIP(str2);
        xXAuthSession.setRequestUserAgent(null);
        return storeAuthSession(xXAuthSession);
    }

    protected boolean validateUserSession(UserSessionBase userSessionBase, String str) {
        if (str.equalsIgnoreCase(userSessionBase.getXXPortalUser().getLoginId())) {
            return true;
        }
        logger.info("loginId doesn't match loginId from HTTPSession. Will create new session. loginId=" + str + ", userSession=" + userSessionBase, new Exception());
        return false;
    }

    @Transactional(readOnly = false, propagation = Propagation.REQUIRES_NEW)
    protected XXAuthSession storeAuthSession(XXAuthSession xXAuthSession) {
        return this.daoManager.getXXAuthSession().create(xXAuthSession);
    }

    public UserSessionBase processStandaloneSuccessLogin(int i, String str) {
        String name = SecurityContextHolder.getContext().getAuthentication().getName();
        XXPortalUser findByLoginId = this.daoManager.getXXPortalUser().findByLoginId(name);
        if (findByLoginId == null) {
            logger.error("Error getting user for loginId=" + name, new Exception());
            return null;
        }
        XXAuthSession xXAuthSession = new XXAuthSession();
        xXAuthSession.setLoginId(name);
        xXAuthSession.setUserId(findByLoginId.getId());
        xXAuthSession.setAuthTime(DateUtil.getUTCDate());
        xXAuthSession.setAuthStatus(1);
        xXAuthSession.setAuthType(i);
        xXAuthSession.setDeviceType(0);
        xXAuthSession.setExtSessionId(null);
        xXAuthSession.setRequestIP(str);
        xXAuthSession.setRequestUserAgent(null);
        XXAuthSession storeAuthSession = storeAuthSession(xXAuthSession);
        UserSessionBase userSessionBase = new UserSessionBase();
        userSessionBase.setXXPortalUser(findByLoginId);
        userSessionBase.setXXAuthSession(storeAuthSession);
        RangerSecurityContext rangerSecurityContext = new RangerSecurityContext();
        rangerSecurityContext.setUserSession(userSessionBase);
        RangerContextHolder.setSecurityContext(rangerSecurityContext);
        resetUserSessionForProfiles(userSessionBase);
        resetUserModulePermission(userSessionBase);
        return userSessionBase;
    }

    public VXAuthSessionList searchAuthSessions(SearchCriteria searchCriteria) {
        if (searchCriteria == null) {
            searchCriteria = new SearchCriteria();
        }
        if (searchCriteria.getParamList() != null && searchCriteria.getParamList().size() > 0) {
            int clientTimeOffset = RestUtil.getClientTimeOffset();
            DateUtil dateUtil = new DateUtil();
            if (searchCriteria.getParamList().containsKey("startDate")) {
                searchCriteria.getParamList().put("startDate", dateUtil.addTimeOffset(dateUtil.getDateFromGivenDate((Date) searchCriteria.getParamList().get("startDate"), 0, 0, 0, 0), clientTimeOffset));
            }
            if (searchCriteria.getParamList().containsKey("endDate")) {
                searchCriteria.getParamList().put("endDate", dateUtil.addTimeOffset(dateUtil.getDateFromGivenDate((Date) searchCriteria.getParamList().get("endDate"), 0, 23, 59, 59), clientTimeOffset));
            }
        }
        return this.authSessionService.search(searchCriteria);
    }

    public VXLong countAuthSessions(SearchCriteria searchCriteria) {
        return this.authSessionService.getSearchCount(searchCriteria, AuthSessionService.AUTH_SESSION_SEARCH_FLDS);
    }

    public VXAuthSession getAuthSession(Long l) {
        return this.authSessionService.readResource(l);
    }

    public VXAuthSession getAuthSessionBySessionId(String str) {
        if (this.stringUtil.isEmpty(str)) {
            throw this.restErrorUtil.createRESTException("Please provide the auth session id.", MessageEnums.INVALID_INPUT_DATA);
        }
        XXAuthSession authSessionBySessionId = this.daoManager.getXXAuthSession().getAuthSessionBySessionId(str);
        if (authSessionBySessionId == null) {
            throw this.restErrorUtil.createRESTException("Please provide a valid session id.", MessageEnums.INVALID_INPUT_DATA);
        }
        return this.authSessionService.populateViewBean(authSessionBySessionId);
    }

    public boolean isValidXAUser(String str) {
        if (this.daoManager.getXXPortalUser().findByLoginId(str) == null) {
            logger.error("Error getting user for loginId=" + str);
            return false;
        }
        logger.info(str + " is a valid user");
        return true;
    }

    public CopyOnWriteArrayList<UserSessionBase> getActiveSessionsOnServer() {
        CopyOnWriteArrayList<HttpSession> activeSessionOnServer = RangerHttpSessionListener.getActiveSessionOnServer();
        CopyOnWriteArrayList<UserSessionBase> copyOnWriteArrayList = new CopyOnWriteArrayList<>();
        if (CollectionUtils.isEmpty(activeSessionOnServer)) {
            return copyOnWriteArrayList;
        }
        Iterator<HttpSession> it = activeSessionOnServer.iterator();
        while (it.hasNext()) {
            HttpSession next = it.next();
            if (next.getAttribute(RangerSecurityContextFormationFilter.AKA_SC_SESSION_KEY) != null) {
                RangerSecurityContext rangerSecurityContext = (RangerSecurityContext) next.getAttribute(RangerSecurityContextFormationFilter.AKA_SC_SESSION_KEY);
                if (rangerSecurityContext.getUserSession() != null) {
                    copyOnWriteArrayList.add(rangerSecurityContext.getUserSession());
                }
            }
        }
        return copyOnWriteArrayList;
    }

    public Set<UserSessionBase> getActiveUserSessionsForPortalUserId(Long l) {
        CopyOnWriteArrayList<UserSessionBase> activeSessionsOnServer = getActiveSessionsOnServer();
        if (CollectionUtils.isEmpty(activeSessionsOnServer)) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Iterator<UserSessionBase> it = activeSessionsOnServer.iterator();
        while (it.hasNext()) {
            UserSessionBase next = it.next();
            if (next.getUserId().equals(l)) {
                hashSet.add(next);
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("No Session Found with portalUserId: " + l);
        }
        return hashSet;
    }

    public Set<UserSessionBase> getActiveUserSessionsForXUserId(Long l) {
        XXPortalUser findByXUserId = this.daoManager.getXXPortalUser().findByXUserId(l);
        if (findByXUserId != null) {
            return getActiveUserSessionsForPortalUserId(findByXUserId.getId());
        }
        if (!logger.isDebugEnabled()) {
            return null;
        }
        logger.debug("Could not find corresponding portalUser for xUserId" + l);
        return null;
    }

    public synchronized void refreshPermissionsIfNeeded(UserSessionBase userSessionBase) {
        if (userSessionBase != null) {
            Long lastUpdatedTime = userSessionBase.getRangerUserPermission() != null ? userSessionBase.getRangerUserPermission().getLastUpdatedTime() : null;
            if (lastUpdatedTime == null || Calendar.getInstance().getTimeInMillis() - lastUpdatedTime.longValue() > SESSION_UPDATE_INTERVAL_IN_MILLIS.longValue()) {
                resetUserModulePermission(userSessionBase);
            }
        }
    }
}
