package org.graylog2.security;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.auto.value.AutoValue;
import com.google.common.eventbus.EventBus;
import com.google.common.eventbus.Subscribe;
import com.google.common.util.concurrent.AbstractIdleService;
import java.io.Serializable;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.session.ExpiredSessionException;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.DefaultSessionKey;
import org.graylog2.plugin.cluster.ClusterConfigService;
import org.graylog2.plugin.database.users.User;
import org.graylog2.shared.users.UserService;
import org.graylog2.users.events.UserChangedEvent;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:org/graylog2/security/UserSessionTerminationService.class */
public class UserSessionTerminationService extends AbstractIdleService {
    private static final long TERMINATION_REVISION = 1;
    private static final Logger LOG = LoggerFactory.getLogger(UserSessionTerminationService.class);
    private static final EnumSet<User.AccountStatus> SESSION_TERMINATION_STATUS = EnumSet.of(User.AccountStatus.DELETED, User.AccountStatus.DISABLED);
    private final MongoDbSessionDAO sessionDao;
    private final MongoDBSessionService sessionService;
    private final DefaultSecurityManager securityManager;
    private final ClusterConfigService clusterConfigService;
    private final UserService userService;
    private final EventBus eventBus;

    @AutoValue
    /* loaded from: input_file:org/graylog2/security/UserSessionTerminationService$GlobalTerminationRevisionConfig.class */
    public static abstract class GlobalTerminationRevisionConfig {
        @JsonProperty("applied_revision")
        public abstract long appliedRevision();

        public static GlobalTerminationRevisionConfig initial() {
            return create(0L);
        }

        public static GlobalTerminationRevisionConfig withCurrentRevision() {
            return create(UserSessionTerminationService.TERMINATION_REVISION);
        }

        @JsonIgnore
        public boolean isOutdated() {
            return appliedRevision() < UserSessionTerminationService.TERMINATION_REVISION;
        }

        @JsonCreator
        public static GlobalTerminationRevisionConfig create(@JsonProperty("applied_revision") long j) {
            return new AutoValue_UserSessionTerminationService_GlobalTerminationRevisionConfig(j);
        }
    }

    @Inject
    public UserSessionTerminationService(MongoDbSessionDAO mongoDbSessionDAO, MongoDBSessionService mongoDBSessionService, DefaultSecurityManager defaultSecurityManager, ClusterConfigService clusterConfigService, UserService userService, EventBus eventBus) {
        this.sessionDao = mongoDbSessionDAO;
        this.securityManager = defaultSecurityManager;
        this.clusterConfigService = clusterConfigService;
        this.sessionService = mongoDBSessionService;
        this.userService = userService;
        this.eventBus = eventBus;
    }

    @Subscribe
    public void handleUserChanged(UserChangedEvent userChangedEvent) {
        User loadById = this.userService.loadById(userChangedEvent.userId());
        if (loadById == null || !SESSION_TERMINATION_STATUS.contains(loadById.getAccountStatus())) {
            return;
        }
        terminateSessionsForUser(loadById);
    }

    protected void startUp() throws Exception {
        this.eventBus.register(this);
    }

    protected void shutDown() throws Exception {
        this.eventBus.unregister(this);
    }

    public void runGlobalSessionTermination() {
        if (!((GlobalTerminationRevisionConfig) this.clusterConfigService.getOrDefault(GlobalTerminationRevisionConfig.class, GlobalTerminationRevisionConfig.initial())).isOutdated()) {
            LOG.debug("Global session termination not required");
            return;
        }
        long j = 0;
        Iterator<Session> it = this.sessionDao.getActiveSessions().iterator();
        while (it.hasNext()) {
            terminateSessionForID(it.next().getId());
            j += TERMINATION_REVISION;
        }
        LOG.info("Globally terminated {} session(s)", Long.valueOf(j));
        this.clusterConfigService.write(GlobalTerminationRevisionConfig.withCurrentRevision());
    }

    public List<Session> getActiveSessionsForUser(User user) {
        return getSessionIDsForUser(user).stream().map((v1) -> {
            return getActiveSessionForID(v1);
        }).flatMap((v0) -> {
            return v0.stream();
        }).toList();
    }

    private void terminateSessionsForUser(User user) {
        try {
            for (Session session : getActiveSessionsForUser(user)) {
                LOG.info("Terminating session for user <{}/{}>", user.getName(), user.getId());
                session.stop();
            }
        } catch (Exception e) {
            LOG.error("Couldn't terminate session for user <{}/{}>", new Object[]{user.getName(), user.getId(), e});
        }
    }

    private void terminateSessionForID(Serializable serializable) {
        try {
            getActiveSessionForID(serializable).ifPresent((v0) -> {
                v0.stop();
            });
        } catch (Exception e) {
            LOG.error("Couldn't terminate session", e);
        }
    }

    private Optional<Session> getActiveSessionForID(Serializable serializable) {
        try {
            return Optional.ofNullable(this.securityManager.getSessionManager().getSession(new DefaultSessionKey(serializable)));
        } catch (ExpiredSessionException e) {
            return Optional.empty();
        }
    }

    private Set<String> getSessionIDsForUser(User user) {
        String str = (String) Objects.requireNonNull(user.getId(), "user ID cannot be null");
        return (Set) this.sessionService.loadAll().stream().filter(mongoDbSession -> {
            return str.equals(mongoDbSession.getUserIdAttribute().orElse(null));
        }).map((v0) -> {
            return v0.getSessionId();
        }).collect(Collectors.toSet());
    }
}
