package oracle.kv.impl.rep.login;

import java.io.IOException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.TimeUnit;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import oracle.kv.Consistency;
import oracle.kv.Depth;
import oracle.kv.Direction;
import oracle.kv.Durability;
import oracle.kv.FaultException;
import oracle.kv.KVSecurityException;
import oracle.kv.KVStore;
import oracle.kv.Key;
import oracle.kv.KeyRange;
import oracle.kv.KeyValueVersion;
import oracle.kv.Operation;
import oracle.kv.OperationExecutionException;
import oracle.kv.OperationFactory;
import oracle.kv.ReturnValueVersion;
import oracle.kv.Value;
import oracle.kv.ValueVersion;
import oracle.kv.impl.admin.param.RepNodeParams;
import oracle.kv.impl.api.RequestDispatcher;
import oracle.kv.impl.api.TopologyManager;
import oracle.kv.impl.param.ParameterState;
import oracle.kv.impl.param.ParameterUtils;
import oracle.kv.impl.rep.RepNodeService;
import oracle.kv.impl.security.ExecutionContext;
import oracle.kv.impl.security.SessionAccessException;
import oracle.kv.impl.security.UserVerifier;
import oracle.kv.impl.security.login.LoginSession;
import oracle.kv.impl.security.login.LoginToken;
import oracle.kv.impl.security.login.SessionId;
import oracle.kv.impl.security.login.SessionManager;
import oracle.kv.impl.security.login.TokenResolver;
import oracle.kv.impl.topo.RepGroupId;
import oracle.kv.impl.topo.RepGroupMap;
import oracle.kv.impl.topo.RepNodeId;
import oracle.kv.impl.topo.Topology;

/* loaded from: input_file:oracle/kv/impl/rep/login/KVSessionManager.class */
public class KVSessionManager implements SessionManager, TokenResolver {
    public static final int SESSION_ID_BYTES = 16;
    public static final String INTERNAL_SESSION_KEY = "sess";
    public static final String INTERNAL_SESSION_DATA_KEY = "data";
    public static final String INTERNAL_SESSION_EXPIRE_KEY = "expire";
    private static final int UPDATE_SUBJECT_MAX_RETRIES = 5;
    private static final int ITERATE_BATCH_SIZE = 100;
    private static final SecureRandom secureRandom = new SecureRandom();
    private final RequestDispatcher dispatcher;
    private final RepNodeParams rnParams;
    private final byte[] idPrefix;
    private final int nSIDRandomBytes;
    private final UserVerifier userVerifier;
    private final Logger logger;
    private final long sessLookupRequestTimeoutMs = getParamMillis(ParameterState.RN_SESS_LOOKUP_REQUEST_TIMEOUT);
    private final long sessLookupConsistencyLimitMs = getParamMillis(ParameterState.RN_SESS_LOOKUP_CONSISTENCY_LIMIT);
    private final long sessLookupConsistencyTimeoutMs = getParamMillis(ParameterState.RN_SESS_LOOKUP_CONSISTENCY_TIMEOUT);
    private final long sessLogoutRequestTimeoutMs = getParamMillis(ParameterState.RN_SESS_LOGOUT_REQUEST_TIMEOUT);
    private volatile KVStore kvstore;
    private final RepNodeService.KVStoreCreator creator;
    private int nShardsEstimate;
    private Timer sessCleanupTimer;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:oracle/kv/impl/rep/login/KVSessionManager$SessionConflictException.class */
    public static class SessionConflictException extends Exception {
        private SessionConflictException(String str) {
            super(str);
        }
    }

    public KVSessionManager(RequestDispatcher requestDispatcher, RepNodeParams repNodeParams, byte[] bArr, int i, UserVerifier userVerifier, Logger logger, RepNodeService.KVStoreCreator kVStoreCreator) {
        this.dispatcher = requestDispatcher;
        this.rnParams = repNodeParams;
        this.idPrefix = Arrays.copyOf(bArr, bArr.length);
        this.nSIDRandomBytes = i;
        this.userVerifier = userVerifier;
        this.logger = logger;
        this.creator = kVStoreCreator;
    }

    public void start() {
        initializeKVStore();
    }

    public void stop() {
        disableKVStore();
    }

    public boolean isReady() {
        return this.kvstore != null || initializeKVStore();
    }

    @Override // oracle.kv.impl.security.login.SessionManager
    public LoginSession createSession(Subject subject, String str, long j) throws SessionAccessException {
        Throwable faultException;
        if (!isReady()) {
            throw new SessionAccessException("KVStore is not yet ready");
        }
        Throwable th = null;
        for (int i = 1; i <= this.nShardsEstimate; i++) {
            byte[] bArr = new byte[this.nSIDRandomBytes];
            byte[] bArr2 = new byte[this.nSIDRandomBytes + this.idPrefix.length];
            secureRandom.nextBytes(bArr);
            System.arraycopy(this.idPrefix, 0, bArr2, 0, this.idPrefix.length);
            System.arraycopy(bArr, 0, bArr2, this.idPrefix.length, this.nSIDRandomBytes);
            LoginSession loginSession = new LoginSession(new LoginSession.Id(bArr2), subject, str, true);
            loginSession.setExpireTime(j);
            try {
                createKVSession(loginSession);
                return loginSession;
            } catch (FaultException e) {
                faultException = e;
                th = faultException;
            } catch (KVSecurityException e2) {
                faultException = e2;
                th = faultException;
            } catch (SessionConflictException e3) {
                this.logger.info("Encountered a SessionConflictException");
                faultException = new FaultException((Throwable) e3, true);
                th = faultException;
            }
        }
        if (th != null) {
            throw new SessionAccessException(th, true);
        }
        throw new IllegalStateException("failed to create session, but without cause");
    }

    @Override // oracle.kv.impl.security.login.SessionManager
    public LoginSession lookupSession(LoginSession.Id id) throws SessionAccessException {
        if (!isReady()) {
            throw new SessionAccessException("Persistent access not available");
        }
        try {
            KVSession lookupKVSession = lookupKVSession(id, false);
            if (lookupKVSession == null) {
                return null;
            }
            return lookupKVSession.makeLoginSession();
        } catch (FaultException e) {
            throw new SessionAccessException((Throwable) e, true);
        } catch (KVSecurityException e2) {
            throw new SessionAccessException((Throwable) e2, true);
        }
    }

    @Override // oracle.kv.impl.security.login.SessionManager
    public LoginSession updateSessionExpiration(LoginSession.Id id, long j) throws SessionAccessException {
        if (!isReady()) {
            throw new SessionAccessException("Persistent access not available");
        }
        try {
            return updateKVSessionExpire(id, j);
        } catch (FaultException e) {
            this.logger.info("Failed to update the session: " + e.getMessage());
            throw new SessionAccessException((Throwable) e, true);
        } catch (KVSecurityException e2) {
            this.logger.info("Failed to update the session: " + e2);
            throw new SessionAccessException((Throwable) e2, true);
        }
    }

    @Override // oracle.kv.impl.security.login.SessionManager
    public List<LoginSession.Id> lookupSessionByUser(String str) {
        if (!isReady()) {
            throw new SessionAccessException("Persistent access not available");
        }
        try {
            return lookupKVSessionByUser(str);
        } catch (FaultException e) {
            this.logger.info("Failed to look up user sessions: " + e.getMessage());
            throw new SessionAccessException((Throwable) e, true);
        } catch (KVSecurityException e2) {
            this.logger.info("Failed to look up user sessions: " + e2);
            throw new SessionAccessException((Throwable) e2, true);
        }
    }

    @Override // oracle.kv.impl.security.login.SessionManager
    public void updateSessionSubject(LoginSession.Id id, Subject subject) throws SessionAccessException, IllegalArgumentException {
        if (!isReady()) {
            throw new SessionAccessException("Persistent access not available");
        }
        if (isMaster()) {
            try {
                updateKVSessionSubject(id, subject);
            } catch (FaultException e) {
                this.logger.info("Failed to update the session subject: " + e.getMessage());
                throw new SessionAccessException((Throwable) e, true);
            } catch (KVSecurityException e2) {
                this.logger.info("Failed to update the session subject: " + e2);
                throw new SessionAccessException((Throwable) e2, true);
            }
        }
    }

    @Override // oracle.kv.impl.security.login.SessionManager
    public void logoutSession(LoginSession.Id id) throws SessionAccessException {
        if (!isReady()) {
            throw new SessionAccessException("Persistent access not available");
        }
        try {
            logoutKVSession(id);
        } catch (FaultException e) {
            this.logger.info("Failed to log out session: " + e.getMessage());
            throw new SessionAccessException((Throwable) e, true);
        } catch (KVSecurityException e2) {
            this.logger.info("Failed to update the session subject: " + e2);
            throw new SessionAccessException((Throwable) e2, true);
        }
    }

    @Override // oracle.kv.impl.security.login.TokenResolver
    public Subject resolve(LoginToken loginToken) throws SessionAccessException {
        if (!isReady()) {
            this.logger.info("KVSessionManager: unable to resolve tokens before  topology information is available");
            throw new SessionAccessException("Persistent access not available");
        }
        this.logger.fine("KVSessionManager: attempt to resolve " + loginToken);
        SessionId sessionId = loginToken.getSessionId();
        if (sessionId.getIdValueScope() != SessionId.IdScope.PERSISTENT) {
            this.logger.info("KVSessionManager: unable to resolve non-persistent tokens");
            throw new UnsupportedOperationException("KVSessionManager: Attempt to resolve non-persistent token");
        }
        try {
            KVSession lookupKVSession = lookupKVSession(new LoginSession.Id(sessionId.getIdValue()), false);
            if (lookupKVSession == null) {
                this.logger.info("KVSessionManager: session does not exist");
                return null;
            }
            LoginSession makeLoginSession = lookupKVSession.makeLoginSession();
            if (!makeLoginSession.isExpired()) {
                return this.userVerifier.verifyUser(makeLoginSession.getSubject());
            }
            this.logger.info("KVSessionManager: session is expired");
            return null;
        } catch (FaultException e) {
            this.logger.info("KVSessionManager: exception while attempting to access session info for token resolve: " + e.getMessage());
            throw new SessionAccessException((Throwable) e, true);
        } catch (KVSecurityException e2) {
            this.logger.info("KVSessionManager: exception while attempting to access session info for token resolve: " + e2);
            throw new SessionAccessException((Throwable) e2, true);
        }
    }

    private boolean isMaster() {
        RepNodeId repNodeId = (RepNodeId) this.dispatcher.getDispatcherId();
        return this.dispatcher.getRepGroupStateTable().getGroupState(new RepGroupId(repNodeId.getGroupId())).getMaster().getRepNodeId().equals(repNodeId);
    }

    private synchronized boolean initializeKVStore() {
        if (this.kvstore != null) {
            return true;
        }
        this.kvstore = this.creator.getKVStore();
        if (this.kvstore == null) {
            return false;
        }
        scheduleSessionCleanup();
        this.nShardsEstimate = estimateNShards(this.dispatcher);
        return true;
    }

    private void disableKVStore() {
        if (this.sessCleanupTimer != null) {
            try {
                this.sessCleanupTimer.cancel();
            } catch (IllegalStateException e) {
            }
        }
    }

    private void createKVSession(LoginSession loginSession) throws SessionConflictException, FaultException {
        byte[] serializeSession = serializeSession(new KVSession(loginSession));
        List<String> prepareMajorKey = prepareMajorKey(loginSession.getId());
        OperationFactory operationFactory = this.kvstore.getOperationFactory();
        Operation createPutIfAbsent = operationFactory.createPutIfAbsent(makeDataKey(prepareMajorKey), Value.createValue(serializeSession), ReturnValueVersion.Choice.NONE, true);
        Operation createPutIfAbsent2 = operationFactory.createPutIfAbsent(makeExpireKey(prepareMajorKey, loginSession.getExpireTime()), Value.EMPTY_VALUE, ReturnValueVersion.Choice.NONE, true);
        ArrayList arrayList = new ArrayList();
        arrayList.add(createPutIfAbsent);
        arrayList.add(createPutIfAbsent2);
        try {
            this.kvstore.execute(arrayList);
        } catch (OperationExecutionException e) {
            dumpKVSessionKeys("Attempting to create session", loginSession.getId().getValue());
            throw new SessionConflictException("confict with existing session");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v21, types: [oracle.kv.Consistency] */
    private KVSession lookupKVSession(LoginSession.Id id, boolean z) throws FaultException {
        ValueVersion valueVersion = this.kvstore.get(makeDataKey(prepareMajorKey(id)), z ? Consistency.ABSOLUTE : new Consistency.Time(this.sessLookupConsistencyLimitMs, TimeUnit.MILLISECONDS, this.sessLookupConsistencyTimeoutMs, TimeUnit.MILLISECONDS), this.sessLookupRequestTimeoutMs, TimeUnit.MILLISECONDS);
        if (valueVersion == null) {
            dumpKVSessionKeys("Attempting to lookup session", id.getValue());
            return null;
        }
        try {
            return KVSession.fromByteArray(valueVersion.getValue().getValue());
        } catch (IOException e) {
            this.logger.info("IO exception deserializing KVSession: " + e);
            return null;
        }
    }

    private List<LoginSession.Id> lookupKVSessionByUser(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<KeyValueVersion> storeIterator = this.kvstore.storeIterator(Direction.UNORDERED, 100, makeSessionParentKey(), (KeyRange) null, Depth.DESCENDANTS_ONLY, Consistency.ABSOLUTE, 10L, TimeUnit.SECONDS);
            while (storeIterator.hasNext()) {
                KeyValueVersion next = storeIterator.next();
                List<String> minorPath = next.getKey().getMinorPath();
                if (minorPath.size() == 1 && minorPath.get(0).equals(INTERNAL_SESSION_DATA_KEY)) {
                    KVSession fromByteArray = KVSession.fromByteArray(next.getValue().getValue());
                    if (str.equals(fromByteArray.getUserName())) {
                        arrayList.add(new LoginSession.Id(fromByteArray.getSessionId()));
                    }
                }
            }
            return arrayList;
        } catch (IOException e) {
            this.logger.info("IO exception deserializing KVSession: " + e);
            throw new FaultException((Throwable) e, true);
        } catch (KVSecurityException e2) {
            this.logger.info("Security error during session lookup by user: " + e2);
            throw new SessionAccessException((Throwable) e2, true);
        }
    }

    private LoginSession updateKVSessionExpire(LoginSession.Id id, long j) throws FaultException {
        KVSession lookupKVSession = lookupKVSession(id, true);
        long sessionExpire = lookupKVSession.getSessionExpire();
        if (j == sessionExpire) {
            return lookupKVSession.makeLoginSession();
        }
        lookupKVSession.setSessionExpire(j);
        KVSession updateKVSession = updateKVSession(id, lookupKVSession, sessionExpire);
        if (updateKVSession != null) {
            return updateKVSession.makeLoginSession();
        }
        return null;
    }

    private void updateKVSessionSubject(LoginSession.Id id, Subject subject) throws FaultException {
        KVSession lookupKVSession = lookupKVSession(id, true);
        if (lookupKVSession == null) {
            return;
        }
        String[] subjectRoles = ExecutionContext.getSubjectRoles(subject);
        int i = 0;
        while (lookupKVSession != null && !checkRolesEquals(subjectRoles, lookupKVSession.getUserRoles())) {
            if (i > 5) {
                throw new SessionAccessException("Failed to update session subject");
            }
            i++;
            lookupKVSession.setUserRoles(subjectRoles);
            lookupKVSession = updateKVSession(id, lookupKVSession, lookupKVSession.getSessionExpire());
        }
    }

    private boolean checkRolesEquals(String[] strArr, String[] strArr2) {
        if (strArr.length != strArr2.length) {
            return false;
        }
        List asList = Arrays.asList(strArr);
        for (String str : strArr2) {
            if (!asList.contains(str)) {
                return false;
            }
        }
        return true;
    }

    private KVSession updateKVSession(LoginSession.Id id, KVSession kVSession, long j) throws FaultException {
        byte[] serializeSession = serializeSession(kVSession);
        long sessionExpire = kVSession.getSessionExpire();
        List<String> prepareMajorKey = prepareMajorKey(kVSession.getSessionId());
        OperationFactory operationFactory = this.kvstore.getOperationFactory();
        Operation createPutIfPresent = operationFactory.createPutIfPresent(makeDataKey(prepareMajorKey), Value.createValue(serializeSession), ReturnValueVersion.Choice.NONE, true);
        ArrayList arrayList = new ArrayList();
        arrayList.add(createPutIfPresent);
        if (j != sessionExpire) {
            Operation createPutIfAbsent = operationFactory.createPutIfAbsent(makeExpireKey(prepareMajorKey, sessionExpire), Value.EMPTY_VALUE, ReturnValueVersion.Choice.NONE, true);
            arrayList.add(operationFactory.createDelete(makeExpireKey(prepareMajorKey, j), ReturnValueVersion.Choice.NONE, true));
            arrayList.add(createPutIfAbsent);
        }
        try {
            this.kvstore.execute(arrayList);
            return kVSession;
        } catch (OperationExecutionException e) {
            dumpKVSessionKeys(j != sessionExpire ? "Attempting to change expire time from " + j + " to " + sessionExpire : "Attempting to update session subject", kVSession.getSessionId());
            KVSession lookupKVSession = lookupKVSession(id, true);
            if (lookupKVSession == null || lookupKVSession.getSessionExpire() == j) {
                return null;
            }
            return lookupKVSession;
        }
    }

    private void logoutKVSession(LoginSession.Id id) throws FaultException {
        this.kvstore.multiDelete(makeMajorKey(prepareMajorKey(id)), null, Depth.DESCENDANTS_ONLY, Durability.COMMIT_SYNC, this.sessLogoutRequestTimeoutMs, TimeUnit.MILLISECONDS);
    }

    private void scheduleSessionCleanup() {
        if (this.kvstore == null) {
            return;
        }
        if (this.sessCleanupTimer != null) {
            this.sessCleanupTimer.cancel();
            this.sessCleanupTimer = null;
        }
        long currentTimeMillis = System.currentTimeMillis();
        long size = this.dispatcher.getTopologyManager().getTopology().getSortedRepNodes().size() * 3600 * 1000;
        long nextDouble = currentTimeMillis + ((long) (new Random().nextDouble() * size));
        this.sessCleanupTimer = new Timer(true);
        this.sessCleanupTimer.schedule(new TimerTask() { // from class: oracle.kv.impl.rep.login.KVSessionManager.1
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                KVSessionManager.this.purgeExpiredKVSessions();
            }
        }, nextDouble - currentTimeMillis, size);
        this.logger.info("session cleanup task scheduled to run in " + ((nextDouble - currentTimeMillis) / 1000) + " seconds, with period of " + (size / 1000) + " seconds");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void purgeExpiredKVSessions() {
        long currentTimeMillis = System.currentTimeMillis() - 120000;
        try {
            Iterator<Key> storeKeysIterator = this.kvstore.storeKeysIterator(Direction.UNORDERED, 100, makeSessionParentKey(), (KeyRange) null, Depth.DESCENDANTS_ONLY, new Consistency.Time(60L, TimeUnit.SECONDS, 0L, TimeUnit.SECONDS), 10L, TimeUnit.SECONDS);
            while (storeKeysIterator.hasNext()) {
                Key next = storeKeysIterator.next();
                List<String> minorPath = next.getMinorPath();
                List<String> majorPath = next.getMajorPath();
                if (minorPath.size() == 2 && minorPath.get(0).equals(INTERNAL_SESSION_EXPIRE_KEY)) {
                    try {
                        if (decodeExpireTime(minorPath.get(1)) < currentTimeMillis) {
                            this.logger.fine("Deleting expired session");
                            deleteKVSession(Key.createKey(majorPath));
                        }
                    } catch (NumberFormatException e) {
                        this.logger.info("Error parsing session expire time: " + e);
                    }
                }
            }
        } catch (FaultException e2) {
            this.logger.info("Fault during session cleanup: " + e2.getMessage());
        } catch (KVSecurityException e3) {
            this.logger.info("Security error during session cleanup: " + e3);
        }
    }

    private void deleteKVSession(Key key) {
        try {
            if (this.kvstore.multiDelete(key, null, Depth.DESCENDANTS_ONLY, Durability.COMMIT_SYNC, 10L, TimeUnit.SECONDS) < 1) {
                this.logger.info("No KV entries deleted as part of session deletion");
            }
        } catch (FaultException e) {
            this.logger.info("Error encountered while deleting session: " + e.getMessage());
        } catch (KVSecurityException e2) {
            throw new SessionAccessException((Throwable) e2, true);
        }
    }

    private void dumpKVSessionKeys(String str, byte[] bArr) {
        try {
            StringBuilder sb = new StringBuilder();
            boolean z = true;
            for (Key key : this.kvstore.multiGetKeys(makeMajorKey(prepareMajorKey(bArr)), (KeyRange) null, Depth.DESCENDANTS_ONLY)) {
                if (z) {
                    z = false;
                } else {
                    sb.append(", ");
                }
                sb.append(key.getMinorPath());
            }
            this.logger.info("KVSessionManager: " + str + " keys found  were " + sb.toString());
        } catch (Exception e) {
            this.logger.info("KVSessionManager: encountered exception " + e + " while attempting to diagnose: " + str);
        }
    }

    private byte[] serializeSession(KVSession kVSession) throws FaultException {
        try {
            return kVSession.toByteArray();
        } catch (IOException e) {
            this.logger.info("IO error serializing session: " + e);
            throw new FaultException((Throwable) e, true);
        }
    }

    private static List<String> prepareMajorKey(LoginSession.Id id) {
        return prepareMajorKey(id.getValue());
    }

    private static List<String> prepareMajorKey(byte[] bArr) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("");
        arrayList.add("");
        arrayList.add(INTERNAL_SESSION_KEY);
        arrayList.add(encodeId(bArr));
        return arrayList;
    }

    private static String encodeId(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            sb.append(Integer.toHexString(b & 255));
        }
        return sb.toString();
    }

    private static Key makeMajorKey(List<String> list) {
        return Key.createKey(list);
    }

    private static Key makeDataKey(List<String> list) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(INTERNAL_SESSION_DATA_KEY);
        return Key.createKey(list, arrayList);
    }

    private static Key makeSessionParentKey() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("");
        arrayList.add("");
        arrayList.add(INTERNAL_SESSION_KEY);
        return Key.createKey(arrayList);
    }

    private static Key makeExpireKey(List<String> list, long j) {
        String encodeExpireTime = encodeExpireTime(j);
        ArrayList arrayList = new ArrayList();
        arrayList.add(INTERNAL_SESSION_EXPIRE_KEY);
        arrayList.add(encodeExpireTime);
        return Key.createKey(list, arrayList);
    }

    private static String encodeExpireTime(long j) {
        return Long.toHexString(j);
    }

    private static long decodeExpireTime(String str) throws NumberFormatException {
        return Long.valueOf(str, 16).longValue();
    }

    private static int estimateNShards(RequestDispatcher requestDispatcher) {
        Topology topology;
        TopologyManager topologyManager = requestDispatcher.getTopologyManager();
        if (topologyManager == null || (topology = topologyManager.getTopology()) == null) {
            return 1;
        }
        RepGroupMap repGroupMap = topology.getRepGroupMap();
        if (repGroupMap.size() <= 1) {
            return 1;
        }
        return repGroupMap.size();
    }

    private long getParamMillis(String str) {
        return ParameterUtils.getDurationMillis(this.rnParams.getMap(), str);
    }
}
