package org.graylog2.shared.security;

import com.google.common.collect.ImmutableMap;
import java.util.Optional;
import javax.annotation.Nullable;
import javax.inject.Inject;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.graylog.schema.SessionFields;
import org.graylog2.audit.AuditActor;
import org.graylog2.audit.AuditEventSender;
import org.graylog2.audit.AuditEventTypes;
import org.graylog2.plugin.database.users.User;
import org.graylog2.shared.users.UserService;
import org.graylog2.users.UserImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/shared/security/SessionCreator.class */
public class SessionCreator {
    private static final Logger log = LoggerFactory.getLogger(SessionCreator.class);
    private final UserService userService;
    private final AuditEventSender auditEventSender;

    @Inject
    public SessionCreator(UserService userService, AuditEventSender auditEventSender) {
        this.userService = userService;
        this.auditEventSender = auditEventSender;
    }

    /* JADX WARN: Type inference failed for: r12v1, types: [java.lang.Throwable, org.graylog2.shared.security.AuthenticationServiceUnavailableException] */
    public Optional<Session> create(@Nullable String str, String str2, ActorAwareAuthenticationToken actorAwareAuthenticationToken) throws AuthenticationServiceUnavailableException {
        Subject buildSubject = new Subject.Builder().sessionId((String) StringUtils.defaultIfBlank(str, (CharSequence) null)).host(str2).buildSubject();
        ThreadContext.bind(buildSubject);
        try {
            Session session = buildSubject.getSession();
            buildSubject.login(actorAwareAuthenticationToken);
            User loadById = this.userService.loadById(buildSubject.getPrincipal().toString());
            if (loadById != null) {
                session.setTimeout(loadById.getSessionTimeoutMs());
                session.setAttribute("username", loadById.getName());
            } else {
                session.setTimeout(UserImpl.DEFAULT_SESSION_TIMEOUT_MS);
            }
            session.touch();
            SecurityUtils.getSecurityManager().getSubjectDAO().save(buildSubject);
            this.auditEventSender.success(AuditActor.user(loadById.getName()), AuditEventTypes.SESSION_CREATE, ImmutableMap.of(SessionFields.SESSION_ID, session.getId(), "remote_address", str2));
            return Optional.of(session);
        } catch (AuthenticationServiceUnavailableException e) {
            log.info("Session creation failed due to authentication service being unavailable. Actor: \"{}\"", actorAwareAuthenticationToken.getActor().urn());
            this.auditEventSender.failure(actorAwareAuthenticationToken.getActor(), AuditEventTypes.SESSION_CREATE, ImmutableMap.of("remote_address", str2, "message", "Authentication service unavailable: " + e.getMessage()));
            throw e;
        } catch (AuthenticationException e2) {
            log.info("Invalid credentials in session create request. Actor: \"{}\"", actorAwareAuthenticationToken.getActor().urn());
            this.auditEventSender.failure(actorAwareAuthenticationToken.getActor(), AuditEventTypes.SESSION_CREATE, ImmutableMap.of("remote_address", str2));
            return Optional.empty();
        }
    }
}
