package org.keycloak.services.managers;

import org.jboss.logging.Logger;
import org.keycloak.common.util.Time;
import org.keycloak.cookie.CookieProvider;
import org.keycloak.cookie.CookieType;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.SessionExpiration;
import org.keycloak.protocol.RestartLoginCookie;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.RootAuthenticationSessionModel;
import org.keycloak.sessions.StickySessionEncoderProvider;

/* loaded from: input_file:org/keycloak/services/managers/AuthenticationSessionManager.class */
public class AuthenticationSessionManager {
    private static final Logger log = Logger.getLogger(AuthenticationSessionManager.class);
    private final KeycloakSession session;

    public AuthenticationSessionManager(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public RootAuthenticationSessionModel createAuthenticationSession(RealmModel realmModel, boolean z) {
        RootAuthenticationSessionModel createRootAuthenticationSession = this.session.authenticationSessions().createRootAuthenticationSession(realmModel);
        if (z) {
            setAuthSessionCookie(createRootAuthenticationSession.getId());
        }
        return createRootAuthenticationSession;
    }

    public RootAuthenticationSessionModel getCurrentRootAuthenticationSession(RealmModel realmModel) {
        String authSessionCookies = getAuthSessionCookies(realmModel);
        if (authSessionCookies == null) {
            return null;
        }
        AuthSessionId decodeAuthSessionId = decodeAuthSessionId(authSessionCookies);
        RootAuthenticationSessionModel rootAuthenticationSession = this.session.authenticationSessions().getRootAuthenticationSession(realmModel, decodeAuthSessionId.getDecodedId());
        if (rootAuthenticationSession == null) {
            return null;
        }
        reencodeAuthSessionCookie(authSessionCookies, decodeAuthSessionId, realmModel);
        return rootAuthenticationSession;
    }

    public AuthenticationSessionModel getCurrentAuthenticationSession(RealmModel realmModel, ClientModel clientModel, String str) {
        String authSessionCookies = getAuthSessionCookies(realmModel);
        if (authSessionCookies == null) {
            return null;
        }
        AuthSessionId decodeAuthSessionId = decodeAuthSessionId(authSessionCookies);
        AuthenticationSessionModel authenticationSessionByIdAndClient = getAuthenticationSessionByIdAndClient(realmModel, decodeAuthSessionId.getDecodedId(), clientModel, str);
        if (authenticationSessionByIdAndClient == null) {
            return null;
        }
        reencodeAuthSessionCookie(authSessionCookies, decodeAuthSessionId, realmModel);
        return authenticationSessionByIdAndClient;
    }

    public void setAuthSessionCookie(String str) {
        String encodeSessionId = this.session.getProvider(StickySessionEncoderProvider.class).encodeSessionId(str);
        this.session.getProvider(CookieProvider.class).set(CookieType.AUTH_SESSION_ID, encodeSessionId);
        log.debugf("Set AUTH_SESSION_ID cookie with value %s", encodeSessionId);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthSessionId decodeAuthSessionId(String str) {
        log.debugf("Found AUTH_SESSION_ID cookie with value %s", str);
        StickySessionEncoderProvider provider = this.session.getProvider(StickySessionEncoderProvider.class);
        String decodeSessionId = provider.decodeSessionId(str);
        return new AuthSessionId(decodeSessionId, provider.encodeSessionId(decodeSessionId));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void reencodeAuthSessionCookie(String str, AuthSessionId authSessionId, RealmModel realmModel) {
        if (str.equals(authSessionId.getEncodedId())) {
            return;
        }
        log.debugf("Route changed. Will update authentication session cookie. Old: '%s', New: '%s'", str, authSessionId.getEncodedId());
        setAuthSessionCookie(authSessionId.getDecodedId());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getAuthSessionCookies(RealmModel realmModel) {
        String str = this.session.getProvider(CookieProvider.class).get(CookieType.AUTH_SESSION_ID);
        if (str == null || str.isEmpty()) {
            return null;
        }
        if (this.session.authenticationSessions().getRootAuthenticationSession(realmModel, this.session.getProvider(StickySessionEncoderProvider.class).decodeSessionId(str)) != null) {
            return str;
        }
        return null;
    }

    public void removeAuthenticationSession(RealmModel realmModel, AuthenticationSessionModel authenticationSessionModel, boolean z) {
        RootAuthenticationSessionModel parentSession = authenticationSessionModel.getParentSession();
        log.debugf("Removing root authSession '%s'. Expire restart cookie: %b", parentSession.getId(), Boolean.valueOf(z));
        this.session.authenticationSessions().removeRootAuthenticationSession(realmModel, parentSession);
        if (z) {
            RestartLoginCookie.expireRestartCookie(this.session);
            this.session.getProvider(LoginFormsProvider.class).setDetachedAuthSession();
        }
    }

    public boolean removeTabIdInAuthenticationSession(RealmModel realmModel, AuthenticationSessionModel authenticationSessionModel) {
        RootAuthenticationSessionModel parentSession = authenticationSessionModel.getParentSession();
        parentSession.removeAuthenticationSessionByTabId(authenticationSessionModel.getTabId());
        if (!parentSession.getAuthenticationSessions().isEmpty()) {
            return false;
        }
        removeAuthenticationSession(realmModel, authenticationSessionModel, true);
        return true;
    }

    public void updateAuthenticationSessionAfterSuccessfulAuthentication(RealmModel realmModel, AuthenticationSessionModel authenticationSessionModel) {
        if (removeTabIdInAuthenticationSession(realmModel, authenticationSessionModel)) {
            return;
        }
        if (realmModel.getSsoSessionIdleTimeout() < SessionExpiration.getAuthSessionLifespan(realmModel) && realmModel.getSsoSessionMaxLifespan() < SessionExpiration.getAuthSessionLifespan(realmModel)) {
            removeAuthenticationSession(realmModel, authenticationSessionModel, true);
            return;
        }
        RootAuthenticationSessionModel parentSession = authenticationSessionModel.getParentSession();
        int accessCodeLifespan = realmModel.getAccessCodeLifespan();
        parentSession.setTimestamp((Time.currentTime() - SessionExpiration.getAuthSessionLifespan(realmModel)) + accessCodeLifespan);
        log.tracef("Removed authentication session of root session '%s' with tabId '%s'. But there are remaining tabs in the root session. Root authentication session will expire in %d seconds", parentSession.getId(), authenticationSessionModel.getTabId(), Integer.valueOf(accessCodeLifespan));
    }

    public UserSessionModel getUserSession(AuthenticationSessionModel authenticationSessionModel) {
        return this.session.sessions().getUserSession(authenticationSessionModel.getRealm(), authenticationSessionModel.getParentSession().getId());
    }

    public AuthenticationSessionModel getAuthenticationSessionByIdAndClient(RealmModel realmModel, String str, ClientModel clientModel, String str2) {
        RootAuthenticationSessionModel rootAuthenticationSession = this.session.authenticationSessions().getRootAuthenticationSession(realmModel, str);
        if (rootAuthenticationSession == null) {
            return null;
        }
        return rootAuthenticationSession.getAuthenticationSession(clientModel, str2);
    }
}
