package com.sun.identity.session.util;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.hash.Hashing;
import com.google.inject.Key;
import com.google.inject.name.Names;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.dpro.session.SessionException;
import com.iplanet.dpro.session.SessionID;
import com.iplanet.dpro.session.service.InternalSession;
import com.iplanet.dpro.session.share.SessionBundle;
import com.iplanet.services.naming.WebtopNaming;
import com.iplanet.services.util.Crypt;
import com.iplanet.services.util.I18n;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.iplanet.ums.IUMSConstants;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.security.DecodeAction;
import com.sun.identity.security.EncodeAction;
import com.sun.identity.shared.Constants;
import com.sun.identity.shared.debug.Debug;
import java.net.InetAddress;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.AccessController;
import java.time.Duration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import javax.servlet.http.HttpServletRequest;
import org.forgerock.openam.sdk.org.forgerock.guice.core.InjectorHolder;
import org.forgerock.openam.session.SessionConstants;
import org.forgerock.openam.utils.ClientUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/session/util/SessionUtils.class */
public class SessionUtils {
    public static final short QUERY = 0;
    public static final short SLASH = 1;
    public static final short SEMICOLON = 2;
    private static Debug debug = Debug.getInstance("amSessionUtils");
    private static Set trustedSources = null;
    private static final String httpClientIPHeader = SystemProperties.get(Constants.CLIENT_IP_ADDR_HEADER, "proxy-ip");
    private static final boolean SESSION_ENCRYPTION = Boolean.valueOf(SystemProperties.get(Constants.SESSION_REPOSITORY_ENCRYPTION, "false")).booleanValue();
    private static final boolean SESSION_STORAGE_KEY_HASH = Boolean.valueOf(SystemProperties.get("com.sun.identity.session.repository.enableHash", "false")).booleanValue();
    static final Cache<String, String> key2encrypt = CacheBuilder.newBuilder().expireAfterAccess(Duration.ofMinutes(15)).maximumSize(64000).build();
    static final Cache<String, String> encrypt2key = CacheBuilder.newBuilder().expireAfterAccess(Duration.ofMinutes(15)).maximumSize(64000).build();

    public static String getSessionId(HttpServletRequest httpServletRequest) {
        String sessionID = new SessionID(httpServletRequest).toString();
        if (sessionID.length() == 0) {
            sessionID = null;
        }
        return sessionID;
    }

    public static InetAddress getClientAddress(HttpServletRequest httpServletRequest) throws Exception {
        return InetAddress.getByName(ClientUtils.getClientIPAddress(httpServletRequest));
    }

    private static Set getTrustedSourceList() throws SessionException {
        HashSet hashSet = new HashSet();
        try {
            String str = SystemProperties.get(Constants.TRUSTED_SOURCE_LIST);
            if (str != null) {
                StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
                while (stringTokenizer.hasMoreTokens()) {
                    hashSet.add(InetAddress.getByName(stringTokenizer.nextToken()));
                }
            } else {
                Set<String> platformServerList = WebtopNaming.getPlatformServerList();
                if (platformServerList == null) {
                    throw new SessionException(SessionBundle.rbName, "emptyTrustedSourceList", null);
                }
                Iterator<String> it = platformServerList.iterator();
                while (it.hasNext()) {
                    try {
                        hashSet.add(InetAddress.getByName(new URL(it.next()).getHost()));
                    } catch (Exception e) {
                        debug.error("SessionUtils.getTrustedSourceList : Validating Host exception", e);
                    }
                }
            }
            return hashSet;
        } catch (Exception e2) {
            throw new SessionException(e2);
        }
    }

    public static boolean isTrustedSource(InetAddress inetAddress) throws SessionException {
        if (trustedSources == null) {
            trustedSources = getTrustedSourceList();
        }
        return trustedSources.contains(inetAddress);
    }

    public static String getEncryptedStorageKey(SessionID sessionID) throws Exception {
        if (sessionID == null) {
            throw new SessionException("SessionUtils.getEncryptedStorageKey: StorageKey is null");
        }
        return SESSION_STORAGE_KEY_HASH ? Hashing.sha256().hashString(sessionID.getExtension().getStorageKey(), StandardCharsets.UTF_8).toString() : getEncrypted(sessionID.getExtension().getStorageKey());
    }

    public static String getEncrypted(final String str) {
        if (str != null && SESSION_ENCRYPTION) {
            try {
                return key2encrypt.get(str, new Callable<String>() { // from class: com.sun.identity.session.util.SessionUtils.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public String call() throws Exception {
                        String run = new EncodeAction(str, Crypt.getEncryptor()).run();
                        SessionUtils.encrypt2key.put(run, str);
                        return run;
                    }
                });
            } catch (ExecutionException e) {
                throw new RuntimeException(e);
            }
        }
        return str;
    }

    public static String getDecrypted(final String str) {
        if (str != null && SESSION_ENCRYPTION) {
            try {
                return encrypt2key.get(str, new Callable<String>() { // from class: com.sun.identity.session.util.SessionUtils.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public String call() throws Exception {
                        String run = new DecodeAction(str, Crypt.getEncryptor()).run();
                        SessionUtils.key2encrypt.put(str, run);
                        return run;
                    }
                });
            } catch (ExecutionException e) {
                throw new RuntimeException(e);
            }
        }
        return str;
    }

    public static SSOToken getAdminToken() throws SSOException {
        SSOToken sSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        if (sSOToken == null) {
            throw new SSOException(I18n.getInstance("amSDK").getResBundleName(), IUMSConstants.NULL_TOKEN, null);
        }
        return sSOToken;
    }

    public static boolean isAdmin(SSOToken sSOToken, SSOToken sSOToken2) {
        if (sSOToken2 == null) {
            debug.error("SessionUtils.isAdmin(): user token is null");
            return false;
        }
        if (sSOToken == null) {
            debug.error("SessionUtils.isAdmin(): admin token is null");
            return false;
        }
        boolean z = false;
        try {
            String name = sSOToken2.getPrincipal().getName();
            try {
                String name2 = sSOToken.getPrincipal().getName();
                if (name.equalsIgnoreCase(name2)) {
                    z = true;
                }
                if (debug.messageEnabled()) {
                    debug.message("SessionUtils.isAdmin(): returns " + z + " for user principal: " + name + " against admin principal: " + name2);
                }
                return z;
            } catch (SSOException e) {
                debug.error("SessionUtils.isAdmin(): admin token fails to get principal");
                return false;
            }
        } catch (SSOException e2) {
            debug.error("SessionUtils.isAdmin(): user token failsto get principal");
            return false;
        }
    }

    public static void checkPermissionToSetProperty(SSOToken sSOToken, String str, String str2) throws SessionException {
        Debug debug2 = (Debug) InjectorHolder.getInstance(Key.get(Debug.class, Names.named(SessionConstants.SESSION_DEBUG)));
        if (InternalSession.isProtectedProperty(str)) {
            if (sSOToken == null) {
                if (debug2.warningEnabled()) {
                    debug2.warning("SessionUtils.checkPermissionToSetProperty(): Attempt to set protected property without client token [" + str + "=" + str2 + "]");
                }
                throw new SessionException(SessionBundle.getString("protectedPropertyNoClientToken") + " " + str);
            }
            try {
                if (!SSOTokenManager.getInstance().isValidToken(sSOToken)) {
                    if (debug2.warningEnabled()) {
                        debug2.warning("SessionUtils.checkPermissionToSetProperty(): Attempt to set protected property with invalid client token [" + str + "=" + str2 + "]");
                    }
                    throw new SessionException(SessionBundle.getString("protectedPropertyInvalidClientToken") + " " + str);
                }
                try {
                    if (isAdmin(getAdminToken(), sSOToken)) {
                        return;
                    }
                    debug2.error("SessionUtils.checkPermissionToSetProperty(): Client does not have permission to set protected property" + str + "=" + str2 + "]");
                    throw new SessionException(SessionBundle.getString("protectedPropertyNoPermission") + " " + str);
                } catch (SSOException e) {
                    debug2.error("SessionUtils.checkPermissionToSetProperty(): Cannot get Admin Token for validation to set protected property [" + str + "=" + str2 + "]");
                    throw new SessionException(SessionBundle.getString("protectedPropertyNoAdminToken") + " " + str);
                }
            } catch (SSOException e2) {
                debug2.error("SessionUtils.checkPermissionToSetProperty(): Cannot get instance of SSOTokenManager.");
                throw new SessionException(SessionBundle.getString("protectedPropertyNoSSOTokenMgrInstance") + " " + str);
            }
        }
    }
}
