package org.wso2.carbon.identity.application.authentication.handler.session;

import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.config.builder.FileBasedConfigurationBuilder;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException;
import org.wso2.carbon.identity.application.authentication.framework.exception.session.mgt.SessionManagementException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.model.UserSession;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authentication.handler.session.exception.UserSessionRetrievalException;
import org.wso2.carbon.identity.application.authentication.handler.session.exception.UserSessionTerminationException;
import org.wso2.carbon.identity.application.authentication.handler.session.internal.ActiveSessionsLimitHandlerServiceHolder;
import org.wso2.carbon.identity.core.model.UserAgent;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/handler/session/ActiveSessionsLimitHandler.class */
public class ActiveSessionsLimitHandler extends AbstractApplicationAuthenticator implements AuthenticationFlowHandler {
    private static final Log log = LogFactory.getLog(ActiveSessionsLimitHandler.class);
    private static final long serialVersionUID = -1304814600410853867L;
    private static final String REDIRECT_URL = "/authenticationendpoint/handle-multiple-sessions.do";
    public static final String DEFAULT_MAX_SESSION_COUNT = "1";
    public static final String PROMPT_ID = "promptId";
    public static final String SP_NAME = "sp";

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(ActiveSessionsLimitHandlerConstants.ACTIVE_SESSIONS_LIMIT_ACTION) != null;
    }

    public AuthenticatorFlowStatus process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException, LogoutFailedException {
        if (authenticationContext.isLogoutRequest()) {
            return super.process(httpServletRequest, httpServletResponse, authenticationContext);
        }
        String authenticatorParams = getAuthenticatorParams(ActiveSessionsLimitHandlerConstants.MAX_SESSION_COUNT, DEFAULT_MAX_SESSION_COUNT, authenticationContext);
        try {
            int parseInt = Integer.parseInt(authenticatorParams);
            if (parseInt <= 0) {
                log.error("'MaxSessionCount' must be greater than zero. Current value is " + parseInt);
                publishAuthenticationStepAttempt(httpServletRequest, authenticationContext, authenticationContext.getSubject(), false);
                authenticationContext.setRetrying(false);
                return AuthenticatorFlowStatus.FAIL_COMPLETED;
            }
            if (httpServletRequest.getParameter(ActiveSessionsLimitHandlerConstants.ACTIVE_SESSIONS_LIMIT_ACTION) != null && StringUtils.equals(httpServletRequest.getParameter(ActiveSessionsLimitHandlerConstants.ACTIVE_SESSIONS_LIMIT_ACTION), ActiveSessionsLimitHandlerConstants.DENY_LOGIN_ACTION)) {
                if (log.isDebugEnabled()) {
                    log.debug("User: " + authenticationContext.getSubject() + " denied the login.");
                }
                publishAuthenticationStepAttempt(httpServletRequest, authenticationContext, authenticationContext.getSubject(), false);
                authenticationContext.setRetrying(false);
                return AuthenticatorFlowStatus.FAIL_COMPLETED;
            }
            try {
                String userId = getUserId(authenticationContext);
                List<UserSession> list = null;
                if (userId != null) {
                    list = getUserSessions(userId);
                }
                if (list == null || list.size() < parseInt) {
                    publishAuthenticationStepAttempt(httpServletRequest, authenticationContext, authenticationContext.getSubject(), true);
                    return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
                }
                prepareEndpointParams(authenticationContext, authenticatorParams, list);
                return super.process(httpServletRequest, httpServletResponse, authenticationContext);
            } catch (UserSessionRetrievalException e) {
                publishAuthenticationStepAttempt(httpServletRequest, authenticationContext, authenticationContext.getSubject(), false);
                throw new AuthenticationFailedException("Error occurred while retrieving user sessions.", e);
            }
        } catch (NumberFormatException e2) {
            log.error("'MaxSessionCount' must be an integer value.");
            publishAuthenticationStepAttempt(httpServletRequest, authenticationContext, authenticationContext.getSubject(), false);
            authenticationContext.setRetrying(false);
            return AuthenticatorFlowStatus.FAIL_COMPLETED;
        }
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put(PROMPT_ID, authenticationContext.getContextIdentifier());
            hashMap.put(SP_NAME, authenticationContext.getServiceProviderName());
            httpServletResponse.sendRedirect(FrameworkUtils.buildURLWithQueryParams(REDIRECT_URL, hashMap));
        } catch (IOException e) {
            throw new AuthenticationFailedException("Error occurred while redirecting to: /authenticationendpoint/handle-multiple-sessions.do?promptId=" + authenticationContext.getContextIdentifier(), e);
        }
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        if (httpServletRequest.getParameter(ActiveSessionsLimitHandlerConstants.ACTIVE_SESSIONS_LIMIT_ACTION) == null || !StringUtils.equals(httpServletRequest.getParameter(ActiveSessionsLimitHandlerConstants.ACTIVE_SESSIONS_LIMIT_ACTION), ActiveSessionsLimitHandlerConstants.TERMINATE_SESSIONS_ACTION)) {
            if (httpServletRequest.getParameter(ActiveSessionsLimitHandlerConstants.ACTIVE_SESSIONS_LIMIT_ACTION) != null && StringUtils.equals(httpServletRequest.getParameter(ActiveSessionsLimitHandlerConstants.ACTIVE_SESSIONS_LIMIT_ACTION), ActiveSessionsLimitHandlerConstants.REFRESH_ACTION)) {
                throw new AuthenticationFailedException("Refresh action was called from the multiple session handler.");
            }
            return;
        }
        String authenticatorParams = getAuthenticatorParams(ActiveSessionsLimitHandlerConstants.MAX_SESSION_COUNT, DEFAULT_MAX_SESSION_COUNT, authenticationContext);
        try {
            String userId = getUserId(authenticationContext);
            terminateSessions(userId, httpServletRequest.getParameterValues(ActiveSessionsLimitHandlerConstants.SESSIONS_TO_TERMINATE));
            int parseInt = Integer.parseInt(authenticatorParams);
            List<UserSession> userSessions = getUserSessions(userId);
            if (userSessions == null || userSessions.size() < parseInt) {
                return;
            }
            prepareEndpointParams(authenticationContext, authenticatorParams, userSessions);
            throw new AuthenticationFailedException("Active session count: " + userSessions.size() + " exceeds the specified limit: " + authenticatorParams);
        } catch (NumberFormatException e) {
            throw new AuthenticationFailedException("'MaxSessionCount' must be an integer value.", e);
        } catch (UserSessionRetrievalException e2) {
            throw new AuthenticationFailedException("Error occurred while retrieving user sessions.", e2);
        } catch (UserSessionTerminationException e3) {
            throw new AuthenticationFailedException("Error occurred while terminating user sessions.", e3);
        }
    }

    private String getAuthenticatorParams(String str, String str2, AuthenticationContext authenticationContext) {
        Map authenticatorParams = authenticationContext.getAuthenticatorParams(getName());
        AuthenticatorConfig authenticatorBean = FileBasedConfigurationBuilder.getInstance().getAuthenticatorBean(getName());
        return (authenticatorParams == null || authenticatorParams.get(str) == null) ? (authenticatorBean == null || authenticatorBean.getParameterMap() == null || authenticatorBean.getParameterMap().get(str) == null) ? str2 : (String) authenticatorBean.getParameterMap().get(str) : (String) authenticatorParams.get(str);
    }

    private List<String[]> getSessionProperties(List<UserSession> list) {
        return (List) list.stream().map(userSession -> {
            UserAgent userAgent = new UserAgent(userSession.getUserAgent());
            return new String[]{userSession.getSessionId(), userSession.getLastAccessTime(), userAgent.getBrowser(), userAgent.getPlatform(), userAgent.getDevice()};
        }).collect(Collectors.toList());
    }

    private List<UserSession> getUserSessions(String str) throws UserSessionRetrievalException {
        try {
            List<UserSession> sessionsByUserId = ActiveSessionsLimitHandlerServiceHolder.getInstance().getUserSessionManagementService().getSessionsByUserId(str);
            if (log.isDebugEnabled()) {
                log.debug("Retrieved " + sessionsByUserId.size() + " for userId: " + str);
            }
            return sessionsByUserId;
        } catch (SessionManagementException e) {
            throw new UserSessionRetrievalException("Error occurred while retrieving sessions for userId: " + str, e);
        }
    }

    private String getUserId(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        StepConfig currentSubjectIdentifierStep = getCurrentSubjectIdentifierStep(authenticationContext);
        AuthenticatedUser authenticatedUser = currentSubjectIdentifierStep != null ? currentSubjectIdentifierStep.getAuthenticatedUser() : authenticationContext.getSubject();
        try {
            return authenticatedUser.getUserId();
        } catch (UserIdNotFoundException e) {
            throw new AuthenticationFailedException("User id is not available for user: " + authenticatedUser.getUserName(), e);
        }
    }

    private void prepareEndpointParams(AuthenticationContext authenticationContext, String str, List<UserSession> list) {
        HashMap hashMap = new HashMap();
        hashMap.put(ActiveSessionsLimitHandlerConstants.MAX_SESSION_COUNT, str);
        hashMap.put(ActiveSessionsLimitHandlerConstants.SESSIONS, getSessionProperties(list).toArray());
        authenticationContext.addEndpointParams(hashMap);
    }

    private void terminateSessions(String str, String[] strArr) throws UserSessionTerminationException {
        for (String str2 : strArr) {
            try {
                ActiveSessionsLimitHandlerServiceHolder.getInstance().getUserSessionManagementService().terminateSessionBySessionId(str, str2);
                if (log.isDebugEnabled()) {
                    log.debug("Terminated user session with sessionId: " + str2 + " of userId: " + str);
                }
            } catch (SessionManagementException e) {
                throw new UserSessionTerminationException("Error occurred terminating user session with sessionId:" + str2 + " of userId: " + str, e);
            }
        }
    }

    protected boolean retryAuthenticationEnabled() {
        return true;
    }

    protected boolean retryAuthenticationEnabled(AuthenticationContext authenticationContext) {
        return true;
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(ActiveSessionsLimitHandlerConstants.SESSION_DATA_KEY);
    }

    public String getFriendlyName() {
        return ActiveSessionsLimitHandlerConstants.HANDLER_FRIENDLY_NAME;
    }

    public String getName() {
        return ActiveSessionsLimitHandlerConstants.HANDLER_NAME;
    }

    private StepConfig getCurrentSubjectIdentifierStep(AuthenticationContext authenticationContext) {
        if (authenticationContext.getSequenceConfig() == null) {
            return null;
        }
        return (StepConfig) authenticationContext.getSequenceConfig().getStepMap().values().stream().filter(stepConfig -> {
            return stepConfig.isCompleted() && stepConfig.isSubjectIdentifierStep();
        }).findFirst().orElse(null);
    }
}
