package pl.sparkbit.security.service.impl;

import java.beans.ConstructorProperties;
import java.time.Clock;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Optional;
import javax.annotation.PostConstruct;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import pl.sparkbit.security.Security;
import pl.sparkbit.security.callbacks.LoginResponseAdditionalDataCallback;
import pl.sparkbit.security.config.SecurityProperties;
import pl.sparkbit.security.dao.SessionDao;
import pl.sparkbit.security.domain.NewSessionData;
import pl.sparkbit.security.domain.RestUserDetails;
import pl.sparkbit.security.domain.Session;
import pl.sparkbit.security.hooks.LoginHook;
import pl.sparkbit.security.hooks.LogoutHook;
import pl.sparkbit.security.login.LoginUserDetails;
import pl.sparkbit.security.password.encoder.AuthTokenHasher;
import pl.sparkbit.security.service.ExtraAuthnCheckService;
import pl.sparkbit.security.service.SessionService;
import pl.sparkbit.security.util.SecureRandomStringGenerator;

@Service
/* loaded from: input_file:pl/sparkbit/security/service/impl/SessionServiceImpl.class */
public class SessionServiceImpl implements SessionService {
    private static final Logger log = LoggerFactory.getLogger(SessionServiceImpl.class);
    private static final int AUTH_TOKEN_LENGTH = 32;
    private final SessionDao sessionDao;
    private final AuthTokenHasher authTokenHasher;
    private final Clock clock;
    private final Security security;
    private final SecureRandomStringGenerator secureRandomStringGenerator;
    private final SecurityProperties configuration;
    private final ObjectProvider<LoginHook> loginHook;
    private final ObjectProvider<LogoutHook> logoutHook;
    private final ObjectProvider<LoginResponseAdditionalDataCallback> additionalDataCallback;
    private final ObjectProvider<ExtraAuthnCheckService> extraAuthnCheckService;

    @PostConstruct
    private void setup() {
        if (this.configuration.getExtraAuthnCheck().getEnabled().booleanValue() && this.extraAuthnCheckService.getIfAvailable() == null) {
            throw new RuntimeException("No defined bean " + ExtraAuthnCheckService.class.getSimpleName());
        }
    }

    @Override // pl.sparkbit.security.service.SessionService
    public boolean isSessionExpirationEnabled() {
        return this.configuration.getSessionExpiration().getEnabled().booleanValue();
    }

    @Override // pl.sparkbit.security.service.SessionService
    @Transactional
    public NewSessionData startNewSession(String str) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Assert.notNull(authentication, "Can't create session for unauthenticated user");
        Assert.isInstanceOf(LoginUserDetails.class, authentication.getPrincipal(), "New session can be started only from login endpoint");
        String userId = ((LoginUserDetails) authentication.getPrincipal()).getUserId();
        if (str != null && !str.isEmpty()) {
            maybeDeleteOldSession(str, userId);
        }
        String base58String = this.secureRandomStringGenerator.base58String(AUTH_TOKEN_LENGTH);
        Session build = Session.builder().authTokenHash(this.authTokenHasher.hash(base58String)).userId(userId).creationTimestamp(this.clock.instant()).expirationTimestamp(getExpirationTimestamp()).build();
        this.sessionDao.insertSession(build);
        if (this.configuration.getExtraAuthnCheck().getEnabled().booleanValue()) {
            this.sessionDao.updateExtraAuthnCheckRequired(build.getAuthTokenHash(), true);
            ExtraAuthnCheckService extraAuthnCheckService = (ExtraAuthnCheckService) this.extraAuthnCheckService.getIfAvailable();
            if (extraAuthnCheckService == null) {
                throw new RuntimeException("Missing bean " + ExtraAuthnCheckService.class.getSimpleName());
            }
            extraAuthnCheckService.initiateExtraAuthnCheck(userId);
        } else {
            this.loginHook.ifAvailable(loginHook -> {
                loginHook.doAfterSuccessfulLogin(userId);
            });
        }
        NewSessionData.NewSessionDataBuilder userId2 = NewSessionData.builder().authToken(base58String).userId(userId);
        if (!this.configuration.getExtraAuthnCheck().getEnabled().booleanValue()) {
            this.additionalDataCallback.ifAvailable(loginResponseAdditionalDataCallback -> {
                userId2.additionalData(loginResponseAdditionalDataCallback.getAdditionalData());
            });
        }
        return userId2.build();
    }

    @Override // pl.sparkbit.security.service.SessionService
    @Transactional
    public void endSession() {
        RestUserDetails currentUserDetails = this.security.currentUserDetails();
        this.sessionDao.deleteSession(currentUserDetails.getAuthTokenHash(), this.clock.instant());
        SecurityContextHolder.clearContext();
        this.logoutHook.ifAvailable(logoutHook -> {
            logoutHook.doAfterSuccessfulLogout(currentUserDetails.getUserId());
        });
    }

    @Override // pl.sparkbit.security.service.SessionService
    @Transactional
    public void endAllSessionsForUser(String str) {
        this.sessionDao.deleteSessions(str, this.clock.instant());
    }

    @Override // pl.sparkbit.security.service.SessionService
    @Transactional
    public Instant updateAndGetSessionExpirationTimestamp(String str) {
        Instant expirationTimestamp = getExpirationTimestamp();
        this.sessionDao.updateSessionExpirationTimestamp(this.authTokenHasher.hash(str), expirationTimestamp);
        return expirationTimestamp;
    }

    private void maybeDeleteOldSession(String str, String str2) {
        Optional<Session> selectSession = this.sessionDao.selectSession(this.authTokenHasher.hash(str));
        if (!selectSession.isPresent()) {
            log.info("Login request with auth token that is not present in database");
        } else if (!selectSession.get().getUserId().equals(str2)) {
            log.info("Login request from user {} with auth token from another user {}", str2, selectSession.get().getUserId());
        } else {
            log.info("Login request with auth token provided - should never happened for correctly implemented clients. Invalidating old session for user {}", str2);
            this.sessionDao.deleteSession(str, this.clock.instant());
        }
    }

    private Instant getExpirationTimestamp() {
        if (isSessionExpirationEnabled()) {
            return this.clock.instant().plus((TemporalAmount) this.configuration.getSessionExpiration().getDuration());
        }
        return null;
    }

    @ConstructorProperties({"sessionDao", "authTokenHasher", "clock", "security", "secureRandomStringGenerator", "configuration", "loginHook", "logoutHook", "additionalDataCallback", "extraAuthnCheckService"})
    public SessionServiceImpl(SessionDao sessionDao, AuthTokenHasher authTokenHasher, Clock clock, Security security, SecureRandomStringGenerator secureRandomStringGenerator, SecurityProperties securityProperties, ObjectProvider<LoginHook> objectProvider, ObjectProvider<LogoutHook> objectProvider2, ObjectProvider<LoginResponseAdditionalDataCallback> objectProvider3, ObjectProvider<ExtraAuthnCheckService> objectProvider4) {
        this.sessionDao = sessionDao;
        this.authTokenHasher = authTokenHasher;
        this.clock = clock;
        this.security = security;
        this.secureRandomStringGenerator = secureRandomStringGenerator;
        this.configuration = securityProperties;
        this.loginHook = objectProvider;
        this.logoutHook = objectProvider2;
        this.additionalDataCallback = objectProvider3;
        this.extraAuthnCheckService = objectProvider4;
    }
}
