package org.graylog2.security.realm;

import java.util.Optional;
import javax.inject.Inject;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAccount;
import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.graylog2.plugin.database.users.User;
import org.graylog2.shared.security.SessionIdToken;
import org.graylog2.shared.security.ShiroRequestHeadersBinder;
import org.graylog2.shared.users.UserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/security/realm/SessionAuthenticator.class */
public class SessionAuthenticator extends AuthenticatingRealm {
    private static final Logger LOG = LoggerFactory.getLogger(SessionAuthenticator.class);
    public static final String NAME = "mongodb-session";
    public static final String X_GRAYLOG_NO_SESSION_EXTENSION = "X-Graylog-No-Session-Extension";
    private final UserService userService;

    @Inject
    SessionAuthenticator(UserService userService) {
        this.userService = userService;
        setCredentialsMatcher(new AllowAllCredentialsMatcher());
        setAuthenticationTokenClass(SessionIdToken.class);
        setCachingEnabled(false);
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        SessionIdToken sessionIdToken = (SessionIdToken) authenticationToken;
        Subject buildSubject = new Subject.Builder().sessionId(sessionIdToken.getSessionId()).buildSubject();
        Session session = buildSubject.getSession(false);
        if (session == null) {
            LOG.debug("Invalid session {}. Either it has expired or did not exist.", sessionIdToken.getSessionId());
            return null;
        }
        Object principal = buildSubject.getPrincipal();
        User loadById = this.userService.loadById(String.valueOf(principal));
        if (loadById == null) {
            LOG.debug("No user with userId {} found for session {}", principal, sessionIdToken.getSessionId());
            return null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Found session {} for userId {}", session.getId(), principal);
        }
        Optional<String> headerFromThreadContext = ShiroRequestHeadersBinder.getHeaderFromThreadContext(X_GRAYLOG_NO_SESSION_EXTENSION);
        if (headerFromThreadContext.isPresent() && "true".equalsIgnoreCase(headerFromThreadContext.get())) {
            LOG.debug("Not extending session because the request indicated not to.");
        } else {
            session.touch();
        }
        ThreadContext.bind(buildSubject);
        return new SimpleAccount(loadById.getId(), (Object) null, "session authenticator");
    }
}
