package org.keycloak.services.managers;

import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.common.util.ServerCookie;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.RestartLoginCookie;
import org.keycloak.services.util.CookieHelper;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.RootAuthenticationSessionModel;
import org.keycloak.sessions.StickySessionEncoderProvider;
import org.keycloak.utils.LockObjectsForModification;

/* loaded from: input_file:org/keycloak/services/managers/AuthenticationSessionManager.class */
public class AuthenticationSessionManager {
    public static final String AUTH_SESSION_ID = "AUTH_SESSION_ID";
    public static final int AUTH_SESSION_COOKIE_LIMIT = 3;
    private static final Logger log = Logger.getLogger(AuthenticationSessionManager.class);
    private final KeycloakSession session;

    public AuthenticationSessionManager(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public RootAuthenticationSessionModel createAuthenticationSession(RealmModel realmModel, boolean z) {
        RootAuthenticationSessionModel createRootAuthenticationSession = this.session.authenticationSessions().createRootAuthenticationSession(realmModel);
        if (z) {
            setAuthSessionCookie(createRootAuthenticationSession.getId(), realmModel);
        }
        return createRootAuthenticationSession;
    }

    public RootAuthenticationSessionModel getCurrentRootAuthenticationSession(RealmModel realmModel) {
        return (RootAuthenticationSessionModel) getAuthSessionCookies(realmModel).stream().map(str -> {
            AuthSessionId decodeAuthSessionId = decodeAuthSessionId(str);
            RootAuthenticationSessionModel rootAuthenticationSession = this.session.authenticationSessions().getRootAuthenticationSession(realmModel, decodeAuthSessionId.getDecodedId());
            if (rootAuthenticationSession == null) {
                return null;
            }
            reencodeAuthSessionCookie(str, decodeAuthSessionId, realmModel);
            return rootAuthenticationSession;
        }).filter(rootAuthenticationSessionModel -> {
            return Objects.nonNull(rootAuthenticationSessionModel);
        }).findFirst().orElse(null);
    }

    public UserSessionModel getUserSessionFromAuthCookie(RealmModel realmModel) {
        return (UserSessionModel) getAuthSessionCookies(realmModel).stream().map(str -> {
            AuthSessionId decodeAuthSessionId = decodeAuthSessionId(str);
            String decodedId = decodeAuthSessionId.getDecodedId();
            UserSessionModel userSessionModel = (UserSessionModel) LockObjectsForModification.lockUserSessionsForModification(this.session, () -> {
                return this.session.sessions().getUserSession(realmModel, decodedId);
            });
            if (userSessionModel == null) {
                return null;
            }
            reencodeAuthSessionCookie(str, decodeAuthSessionId, realmModel);
            return userSessionModel;
        }).filter(userSessionModel -> {
            return Objects.nonNull(userSessionModel);
        }).findFirst().orElse(null);
    }

    public AuthenticationSessionModel getCurrentAuthenticationSession(RealmModel realmModel, ClientModel clientModel, String str) {
        return (AuthenticationSessionModel) getAuthSessionCookies(realmModel).stream().map(str2 -> {
            AuthSessionId decodeAuthSessionId = decodeAuthSessionId(str2);
            AuthenticationSessionModel authenticationSessionByIdAndClient = getAuthenticationSessionByIdAndClient(realmModel, decodeAuthSessionId.getDecodedId(), clientModel, str);
            if (authenticationSessionByIdAndClient == null) {
                return null;
            }
            reencodeAuthSessionCookie(str2, decodeAuthSessionId, realmModel);
            return authenticationSessionByIdAndClient;
        }).filter(authenticationSessionModel -> {
            return Objects.nonNull(authenticationSessionModel);
        }).findFirst().orElse(null);
    }

    public void setAuthSessionCookie(String str, RealmModel realmModel) {
        String realmCookiePath = AuthenticationManager.getRealmCookiePath(realmModel, this.session.getContext().getUri());
        boolean isRequired = realmModel.getSslRequired().isRequired(this.session.getContext().getConnection());
        String encodeSessionId = this.session.getProvider(StickySessionEncoderProvider.class).encodeSessionId(str);
        CookieHelper.addCookie(AUTH_SESSION_ID, encodeSessionId, realmCookiePath, null, null, -1, isRequired, true, ServerCookie.SameSiteAttributeValue.NONE, this.session);
        log.debugf("Set AUTH_SESSION_ID cookie with value %s", encodeSessionId);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthSessionId decodeAuthSessionId(String str) {
        log.debugf("Found AUTH_SESSION_ID cookie with value %s", str);
        StickySessionEncoderProvider provider = this.session.getProvider(StickySessionEncoderProvider.class);
        String decodeSessionId = provider.decodeSessionId(str);
        return new AuthSessionId(decodeSessionId, provider.encodeSessionId(decodeSessionId));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void reencodeAuthSessionCookie(String str, AuthSessionId authSessionId, RealmModel realmModel) {
        if (str.equals(authSessionId.getEncodedId())) {
            return;
        }
        log.debugf("Route changed. Will update authentication session cookie. Old: '%s', New: '%s'", str, authSessionId.getEncodedId());
        setAuthSessionCookie(authSessionId.getDecodedId(), realmModel);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<String> getAuthSessionCookies(final RealmModel realmModel) {
        Set<String> cookieValue = CookieHelper.getCookieValue(this.session, AUTH_SESSION_ID);
        if (cookieValue.size() > 1) {
            AuthenticationManager.expireOldAuthSessionCookie(realmModel, this.session.getContext().getUri(), this.session);
        }
        List list = (List) cookieValue.stream().limit(3L).collect(Collectors.toList());
        if (list.isEmpty()) {
            log.debugf("Not found AUTH_SESSION_ID cookie", new Object[0]);
        }
        return (List) list.stream().filter(new Predicate<String>() { // from class: org.keycloak.services.managers.AuthenticationSessionManager.1
            @Override // java.util.function.Predicate
            public boolean test(String str) {
                return AuthenticationSessionManager.this.session.authenticationSessions().getRootAuthenticationSession(realmModel, AuthenticationSessionManager.this.session.getProvider(StickySessionEncoderProvider.class).decodeSessionId(str)) != null;
            }
        }).collect(Collectors.toList());
    }

    public void removeAuthenticationSession(RealmModel realmModel, AuthenticationSessionModel authenticationSessionModel, boolean z) {
        RootAuthenticationSessionModel parentSession = authenticationSessionModel.getParentSession();
        log.debugf("Removing authSession '%s'. Expire restart cookie: %b", parentSession.getId(), Boolean.valueOf(z));
        this.session.authenticationSessions().removeRootAuthenticationSession(realmModel, parentSession);
        if (z) {
            RestartLoginCookie.expireRestartCookie(realmModel, this.session.getContext().getUri(), this.session);
        }
    }

    public void removeTabIdInAuthenticationSession(RealmModel realmModel, AuthenticationSessionModel authenticationSessionModel) {
        RootAuthenticationSessionModel parentSession = authenticationSessionModel.getParentSession();
        parentSession.removeAuthenticationSessionByTabId(authenticationSessionModel.getTabId());
        if (parentSession.getAuthenticationSessions().isEmpty()) {
            removeAuthenticationSession(realmModel, authenticationSessionModel, false);
        }
    }

    public UserSessionModel getUserSession(AuthenticationSessionModel authenticationSessionModel) {
        return (UserSessionModel) LockObjectsForModification.lockUserSessionsForModification(this.session, () -> {
            return this.session.sessions().getUserSession(authenticationSessionModel.getRealm(), authenticationSessionModel.getParentSession().getId());
        });
    }

    public AuthenticationSessionModel getAuthenticationSessionByIdAndClient(RealmModel realmModel, String str, ClientModel clientModel, String str2) {
        RootAuthenticationSessionModel rootAuthenticationSession = this.session.authenticationSessions().getRootAuthenticationSession(realmModel, str);
        if (rootAuthenticationSession == null) {
            return null;
        }
        return rootAuthenticationSession.getAuthenticationSession(clientModel, str2);
    }
}
