package io.camunda.tasklist.webapp.security;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.camunda.tasklist.data.conditionals.OpenSearchCondition;
import io.camunda.tasklist.os.RetryOpenSearchClient;
import io.camunda.tasklist.schema.indices.TasklistWebSessionIndex;
import io.camunda.tasklist.webapp.security.sso.TokenAuthentication;
import jakarta.annotation.PostConstruct;
import jakarta.annotation.PreDestroy;
import jakarta.servlet.http.HttpServletRequest;
import java.time.Duration;
import java.time.Instant;
import java.util.Base64;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import org.opensearch.client.opensearch.core.SearchRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.context.annotation.Conditional;
import org.springframework.core.convert.TypeDescriptor;
import org.springframework.core.convert.support.GenericConversionService;
import org.springframework.core.serializer.support.DeserializingConverter;
import org.springframework.core.serializer.support.SerializingConverter;
import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.session.MapSession;
import org.springframework.session.Session;
import org.springframework.session.SessionRepository;
import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
import org.springframework.stereotype.Component;

@Conditional({OpenSearchCondition.class})
@ConditionalOnExpression("${camunda.tasklist.persistent.sessions.enabled:false} or ${camunda.tasklist.persistentSessionsEnabled:false}")
@Component
@EnableSpringHttpSession
/* loaded from: input_file:io/camunda/tasklist/webapp/security/OpenSearchSessionRepository.class */
public class OpenSearchSessionRepository implements SessionRepository<OpenSearchSession> {
    public static final int DELETE_EXPIRED_SESSIONS_DELAY = 1800000;
    public static final String POLLING_HEADER = "x-is-polling";
    private static final Logger LOGGER = LoggerFactory.getLogger(OpenSearchSessionRepository.class);

    @Autowired
    @Qualifier("sessionThreadPoolScheduler")
    public ThreadPoolTaskScheduler taskScheduler;

    @Autowired
    private RetryOpenSearchClient retryOpenSearchClient;

    @Autowired
    private GenericConversionService conversionService;

    @Autowired
    private TasklistWebSessionIndex tasklistWebSessionIndex;

    @Autowired
    private HttpServletRequest request;

    @Autowired
    @Qualifier("tasklistObjectMapper")
    private ObjectMapper objectMapper;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/camunda/tasklist/webapp/security/OpenSearchSessionRepository$OpenSearchSession.class */
    public static class OpenSearchSession implements Session {
        private final MapSession delegate;
        private boolean changed;
        private boolean polling = false;

        public OpenSearchSession(String str) {
            this.delegate = new MapSession(str);
        }

        boolean isChanged() {
            return this.changed;
        }

        void clearChangeFlag() {
            this.changed = false;
        }

        public String getId() {
            return this.delegate.getId();
        }

        public String changeSessionId() {
            String changeSessionId = this.delegate.changeSessionId();
            this.changed = true;
            return changeSessionId;
        }

        public OpenSearchSession setId(String str) {
            this.delegate.setId(str);
            return this;
        }

        public <T> T getAttribute(String str) {
            return (T) this.delegate.getAttribute(str);
        }

        public Set<String> getAttributeNames() {
            return this.delegate.getAttributeNames();
        }

        public void setAttribute(String str, Object obj) {
            this.delegate.setAttribute(str, obj);
            this.changed = true;
        }

        public void removeAttribute(String str) {
            this.delegate.removeAttribute(str);
            this.changed = true;
        }

        public Instant getCreationTime() {
            return this.delegate.getCreationTime();
        }

        public void setCreationTime(Instant instant) {
            this.delegate.setCreationTime(instant);
            this.changed = true;
        }

        public int hashCode() {
            return Objects.hash(getId());
        }

        public void setLastAccessedTime(Instant instant) {
            if (this.polling) {
                return;
            }
            this.delegate.setLastAccessedTime(instant);
            this.changed = true;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return Objects.equals(getId(), ((OpenSearchSession) obj).getId());
        }

        public Instant getLastAccessedTime() {
            return this.delegate.getLastAccessedTime();
        }

        public void setMaxInactiveInterval(Duration duration) {
            this.delegate.setMaxInactiveInterval(duration);
            this.changed = true;
        }

        public Duration getMaxInactiveInterval() {
            return this.delegate.getMaxInactiveInterval();
        }

        public String toString() {
            return String.format("OpenSearchSession: %s ", getId());
        }

        public boolean isExpired() {
            return this.delegate.isExpired();
        }

        public boolean containsAuthentication() {
            return getAuthentication() != null;
        }

        public boolean isAuthenticated() {
            Authentication authentication = getAuthentication();
            if (authentication != null) {
                try {
                    if (authentication.isAuthenticated()) {
                        return true;
                    }
                } catch (InsufficientAuthenticationException e) {
                    return false;
                }
            }
            return false;
        }

        private Authentication getAuthentication() {
            SecurityContext securityContext = (SecurityContext) this.delegate.getAttribute("SPRING_SECURITY_CONTEXT");
            return securityContext != null ? securityContext.getAuthentication() : null;
        }

        public boolean isPolling() {
            return this.polling;
        }

        public OpenSearchSession setPolling(boolean z) {
            this.polling = z;
            return this;
        }
    }

    @PostConstruct
    private void setUp() {
        LOGGER.debug("Persistent sessions in OpenSearch enabled");
        setupConverter();
        startExpiredSessionCheck();
    }

    @PreDestroy
    private void tearDown() {
        LOGGER.debug("Shutdown OpenSearchSessionRepository");
    }

    private void setupConverter() {
        this.conversionService.addConverter(Object.class, byte[].class, new SerializingConverter());
        this.conversionService.addConverter(byte[].class, Object.class, new DeserializingConverter());
    }

    private void startExpiredSessionCheck() {
        this.taskScheduler.scheduleAtFixedRate(this::removedExpiredSessions, 1800000L);
    }

    private void removedExpiredSessions() {
        LOGGER.debug("Check for expired sessions");
        SearchRequest.Builder builder = new SearchRequest.Builder();
        builder.index(this.tasklistWebSessionIndex.getFullQualifiedName(), new String[0]);
        this.retryOpenSearchClient.doWithEachSearchResult(builder, hit -> {
            Map<String, Object> map = (Map) this.objectMapper.convertValue(hit.source(), new TypeReference<Map<String, Object>>(this) { // from class: io.camunda.tasklist.webapp.security.OpenSearchSessionRepository.1
            });
            Optional<OpenSearchSession> documentToSession = documentToSession(map);
            if (!documentToSession.isPresent()) {
                deleteById(getSessionIdFrom(map));
                return;
            }
            OpenSearchSession openSearchSession = documentToSession.get();
            LOGGER.debug("Check if session {} is expired: {}", openSearchSession, Boolean.valueOf(openSearchSession.isExpired()));
            if (openSearchSession.isExpired()) {
                deleteById(openSearchSession.getId());
            }
        });
    }

    private boolean shouldDeleteSession(OpenSearchSession openSearchSession) {
        return openSearchSession.isExpired() || (openSearchSession.containsAuthentication() && !openSearchSession.isAuthenticated());
    }

    /* renamed from: createSession, reason: merged with bridge method [inline-methods] */
    public OpenSearchSession m31createSession() {
        OpenSearchSession openSearchSession = new OpenSearchSession(UUID.randomUUID().toString().replace("-", ""));
        LOGGER.debug("Create session {} with maxInactiveInterval {} s", openSearchSession, openSearchSession.getMaxInactiveInterval());
        return openSearchSession;
    }

    public void save(OpenSearchSession openSearchSession) {
        LOGGER.debug("Save session {}", openSearchSession);
        if (shouldDeleteSession(openSearchSession)) {
            deleteById(openSearchSession.getId());
        } else if (openSearchSession.isChanged()) {
            LOGGER.debug("Session {} changed, save in OpenSearch.", openSearchSession);
            this.retryOpenSearchClient.createOrUpdateDocument(this.tasklistWebSessionIndex.getFullQualifiedName(), openSearchSession.getId(), sessionToDocument(openSearchSession));
            openSearchSession.clearChangeFlag();
        }
    }

    /* renamed from: findById, reason: merged with bridge method [inline-methods] */
    public OpenSearchSession m30findById(String str) {
        Map<String, Object> map;
        LOGGER.debug("Retrieve session {} from OpenSearch", str);
        try {
            map = this.retryOpenSearchClient.getDocument(this.tasklistWebSessionIndex.getFullQualifiedName(), str);
        } catch (Exception e) {
            map = null;
        }
        if (map == null) {
            return null;
        }
        Optional<OpenSearchSession> documentToSession = documentToSession(map);
        if (documentToSession.isEmpty()) {
            deleteById(getSessionIdFrom(map));
            return null;
        }
        OpenSearchSession openSearchSession = documentToSession.get();
        if (!shouldDeleteSession(openSearchSession)) {
            return openSearchSession;
        }
        deleteById(openSearchSession.getId());
        return null;
    }

    public void deleteById(String str) {
        LOGGER.debug("Delete session {}", str);
        executeAsyncOpenSearchRequest(() -> {
            this.retryOpenSearchClient.deleteDocument(this.tasklistWebSessionIndex.getFullQualifiedName(), str);
        });
    }

    private byte[] serialize(Object obj) {
        return (byte[]) this.conversionService.convert(obj, TypeDescriptor.valueOf(Object.class), TypeDescriptor.valueOf(byte[].class));
    }

    private Object deserialize(byte[] bArr) {
        return this.conversionService.convert(bArr, TypeDescriptor.valueOf(byte[].class), TypeDescriptor.valueOf(Object.class));
    }

    private Map<String, Object> sessionToDocument(OpenSearchSession openSearchSession) {
        HashMap hashMap = new HashMap();
        openSearchSession.getAttributeNames().forEach(str -> {
            hashMap.put(str, serialize(openSearchSession.getAttribute(str)));
        });
        return Map.of(TokenAuthentication.ORGANIZATION_ID, openSearchSession.getId(), "creationTime", Long.valueOf(openSearchSession.getCreationTime().toEpochMilli()), "lastAccessedTime", Long.valueOf(openSearchSession.getLastAccessedTime().toEpochMilli()), "maxInactiveIntervalInSeconds", Long.valueOf(openSearchSession.getMaxInactiveInterval().getSeconds()), "attributes", hashMap);
    }

    private String getSessionIdFrom(Map<String, Object> map) {
        return (String) map.get(TokenAuthentication.ORGANIZATION_ID);
    }

    private Instant getInstantFor(Object obj) {
        if (obj != null && (obj instanceof Long)) {
            return Instant.ofEpochMilli(((Long) obj).longValue());
        }
        return null;
    }

    private Duration getDurationFor(Object obj) {
        if (obj != null && (obj instanceof Integer)) {
            return Duration.ofSeconds(((Integer) obj).intValue());
        }
        return null;
    }

    private Optional<OpenSearchSession> documentToSession(Map<String, Object> map) {
        try {
            OpenSearchSession openSearchSession = new OpenSearchSession(getSessionIdFrom(map));
            openSearchSession.setLastAccessedTime(getInstantFor(map.get("lastAccessedTime")));
            try {
                if (this.request != null && this.request.getHeader("x-is-polling") != null && !this.request.getHeader("x-is-polling").equals(true)) {
                    openSearchSession.setPolling(true);
                }
            } catch (Exception e) {
                LOGGER.debug("Expected Exception: is not possible to access request as currently this is not on a request context");
            }
            openSearchSession.setCreationTime(getInstantFor(map.get("creationTime")));
            openSearchSession.setMaxInactiveInterval(getDurationFor(map.get("maxInactiveIntervalInSeconds")));
            Object obj = map.get("attributes");
            if (obj != null && obj.getClass().isInstance(new LinkedHashMap())) {
                Map map2 = (Map) map.get("attributes");
                map2.keySet().forEach(str -> {
                    openSearchSession.setAttribute(str, deserialize(Base64.getDecoder().decode((String) map2.get(str))));
                });
            }
            return Optional.of(openSearchSession);
        } catch (Exception e2) {
            LOGGER.error("Could not restore session.", e2);
            return Optional.empty();
        }
    }

    private void executeAsyncOpenSearchRequest(Runnable runnable) {
        this.taskScheduler.execute(runnable);
    }
}
