package com.ibm.mfp.security.checks.base;

import com.ibm.mfp.server.registration.external.model.AuthenticatedUser;
import com.ibm.mfp.server.security.external.checks.AuthorizationResponse;
import com.ibm.mfp.server.security.external.checks.SecurityCheckConfiguration;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/ibm/mfp/security/checks/base/UserAuthenticationSecurityCheck.class */
public abstract class UserAuthenticationSecurityCheck extends CredentialsValidationSecurityCheck {
    private static final String REMEMBERED_ATTTRIBUTE = "rememberedAt";
    private static final Logger logger = Logger.getLogger(UserAuthenticationSecurityCheck.class.getName());
    protected AuthenticatedUser user;

    @Override // com.ibm.mfp.security.checks.base.CredentialsValidationSecurityCheck
    public SecurityCheckConfiguration createConfiguration(Properties properties) {
        return new UserAuthenticationSecurityCheckConfig(properties);
    }

    @Override // com.ibm.mfp.security.checks.base.CredentialsValidationSecurityCheck
    public void authorize(Set<String> set, Map<String, Object> map, HttpServletRequest httpServletRequest, AuthorizationResponse authorizationResponse) {
        if (getState().equals("expired") && map == null) {
            this.user = getRememberedMe();
            if (this.user != null) {
                setState("success");
            }
        }
        super.authorize(set, map, httpServletRequest, authorizationResponse);
        if (authorizationResponse.getType() == AuthorizationResponse.ResponseType.SUCCESS) {
            if (map != null) {
                this.user = activateCreateUser();
                this.registrationContext.setRegisteredUser(this.user);
                if (rememberCreatedUser()) {
                    rememberMe();
                }
            }
            this.authorizationContext.setActiveUser(this.user);
            authorizationResponse.addSuccess(set, getExpiresAt(), getName(), "user", this.user);
        }
    }

    public void logout() {
        forgetMe();
    }

    protected void rememberMe() {
        if (getRememberMeDuration() > 0) {
            this.registrationContext.getRegisteredPublicAttributes().put(REMEMBERED_ATTTRIBUTE, Long.valueOf(System.currentTimeMillis()));
        }
    }

    protected void forgetMe() {
        if (getRememberMeDuration() > 0) {
            this.registrationContext.getRegisteredPublicAttributes().delete(REMEMBERED_ATTTRIBUTE);
        }
    }

    protected AuthenticatedUser getRememberedMe() {
        Long l;
        if (getRememberMeDuration() <= 0 || (l = (Long) this.registrationContext.getRegisteredPublicAttributes().get(REMEMBERED_ATTTRIBUTE)) == null || l.longValue() + (getRememberMeDuration() * 1000) < System.currentTimeMillis()) {
            return null;
        }
        return this.registrationContext.getRegisteredUser();
    }

    protected int getRememberMeDuration() {
        return ((UserAuthenticationSecurityCheckConfig) this.config).rememberMeDurationSec;
    }

    private AuthenticatedUser activateCreateUser() {
        AuthenticatedUser createUser = createUser();
        if (createUser != null) {
            return createUser;
        }
        logger.severe("createUser method must not return null");
        throw new RuntimeException("UserAuthenticationSecurityCheck must create a non-null user");
    }

    protected abstract AuthenticatedUser createUser();

    protected boolean rememberCreatedUser() {
        return true;
    }
}
