package org.wso2.carbon.identity.application.authentication.framework.services;

import org.apache.commons.lang.StringUtils;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.core.AbstractAdmin;
import org.wso2.carbon.identity.application.authentication.framework.context.SessionContext;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/services/SessionManagementService.class */
public class SessionManagementService extends AbstractAdmin {
    private static Log log = LogFactory.getLog(SessionManagementService.class);

    public boolean removeSession(String str) {
        return FrameworkServiceDataHolder.getInstance().getServerSessionManagementService().removeSession(str);
    }

    public boolean removeMySession(String str) {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        SessionContext sessionContextFromCache = FrameworkUtils.getSessionContextFromCache(str, FrameworkUtils.getLoginTenantDomainFromContext());
        CarbonContext threadLocalCarbonContext = CarbonContext.getThreadLocalCarbonContext();
        String removeDomainFromName = UserCoreUtil.removeDomainFromName(threadLocalCarbonContext.getUsername());
        AuthenticatedUser authenticatedUser = (AuthenticatedUser) sessionContextFromCache.getProperty("AuthenticatedUser");
        if (removeDomainFromName.equals(authenticatedUser.getUserName()) && "PRIMARY".equals(authenticatedUser.getUserStoreDomain()) && threadLocalCarbonContext.getTenantDomain().equals(authenticatedUser.getTenantDomain())) {
            return FrameworkServiceDataHolder.getInstance().getServerSessionManagementService().removeSession(str);
        }
        log.warn(String.format("Trying to terminate a session which does not belong to logged in user (%s). This might be an attempt for a security breach", removeDomainFromName));
        return false;
    }
}
