package org.apache.druid.security.pac4j;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.util.Map;
import java.util.Optional;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
import javax.annotation.Nullable;
import org.apache.commons.io.IOUtils;
import org.apache.druid.crypto.CryptoService;
import org.apache.druid.java.util.common.StringUtils;
import org.apache.druid.java.util.common.logger.Logger;
import org.pac4j.core.context.ContextHelper;
import org.pac4j.core.context.Cookie;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.util.JavaSerializationHelper;

/* loaded from: input_file:org/apache/druid/security/pac4j/Pac4jSessionStore.class */
public class Pac4jSessionStore<T extends WebContext> implements SessionStore<T> {
    private static final Logger LOGGER = new Logger(Pac4jSessionStore.class);
    public static final String PAC4J_SESSION_PREFIX = "pac4j.session.";
    private final JavaSerializationHelper javaSerializationHelper = new JavaSerializationHelper();
    private final CryptoService cryptoService;

    public Pac4jSessionStore(String str) {
        this.cryptoService = new CryptoService(str, "AES", "CBC", "PKCS5Padding", "PBKDF2WithHmacSHA256", 128, 65536, 128);
    }

    public String getOrCreateSessionId(WebContext webContext) {
        return null;
    }

    @Nullable
    public Optional<Object> get(WebContext webContext, String str) {
        Cookie cookie = ContextHelper.getCookie(webContext, PAC4J_SESSION_PREFIX + str);
        Serializable serializable = null;
        if (cookie != null) {
            serializable = uncompressDecryptBase64(cookie.getValue());
        }
        LOGGER.debug("Get from session: [%s] = [%s]", new Object[]{str, serializable});
        return Optional.ofNullable(serializable);
    }

    public void set(WebContext webContext, String str, @Nullable Object obj) {
        Cookie cookie;
        Object obj2 = obj;
        if (obj == null) {
            cookie = new Cookie(PAC4J_SESSION_PREFIX + str, (String) null);
        } else {
            if (str.contentEquals("pac4jUserProfiles")) {
                obj2 = clearUserProfile(obj);
            }
            LOGGER.debug("Save in session: [%s] = [%s]", new Object[]{str, obj2});
            cookie = new Cookie(PAC4J_SESSION_PREFIX + str, compressEncryptBase64(obj2));
        }
        cookie.setDomain("");
        cookie.setHttpOnly(true);
        cookie.setSecure(ContextHelper.isHttpsOrSecure(webContext));
        cookie.setPath("/");
        cookie.setMaxAge(900);
        webContext.addResponseCookie(cookie);
    }

    @Nullable
    private String compressEncryptBase64(Object obj) {
        if (obj == null || "".equals(obj)) {
            return null;
        }
        if ((obj instanceof Map) && ((Map) obj).isEmpty()) {
            return null;
        }
        byte[] compress = compress(this.javaSerializationHelper.serializeToBytes((Serializable) obj));
        if (compress.length > 3000) {
            LOGGER.warn("Cookie too big, it might not be properly set", new Object[0]);
        }
        return StringUtils.encodeBase64String(this.cryptoService.encrypt(compress));
    }

    @Nullable
    private Serializable uncompressDecryptBase64(String str) {
        byte[] decodeBase64String;
        if (str == null || str.isEmpty() || (decodeBase64String = StringUtils.decodeBase64String(str)) == null) {
            return null;
        }
        return this.javaSerializationHelper.deserializeFromBytes(unCompress(this.cryptoService.decrypt(decodeBase64String)));
    }

    private byte[] compress(byte[] bArr) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length);
            try {
                GZIPOutputStream gZIPOutputStream = new GZIPOutputStream(byteArrayOutputStream);
                try {
                    gZIPOutputStream.write(bArr);
                    gZIPOutputStream.close();
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    byteArrayOutputStream.close();
                    return byteArray;
                } catch (Throwable th) {
                    try {
                        gZIPOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new TechnicalException(e);
        }
    }

    private byte[] unCompress(byte[] bArr) {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                GZIPInputStream gZIPInputStream = new GZIPInputStream(byteArrayInputStream);
                try {
                    byte[] byteArray = IOUtils.toByteArray(gZIPInputStream);
                    gZIPInputStream.close();
                    byteArrayInputStream.close();
                    return byteArray;
                } catch (Throwable th) {
                    try {
                        gZIPInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new TechnicalException(e);
        }
    }

    private Object clearUserProfile(Object obj) {
        if (obj instanceof Map) {
            Map map = (Map) obj;
            map.forEach((str, commonProfile) -> {
                commonProfile.removeLoginData();
            });
            return map;
        }
        CommonProfile commonProfile2 = (CommonProfile) obj;
        commonProfile2.removeLoginData();
        return commonProfile2;
    }

    public Optional<SessionStore<T>> buildFromTrackableSession(WebContext webContext, Object obj) {
        return Optional.empty();
    }

    public boolean destroySession(WebContext webContext) {
        return false;
    }

    public Optional getTrackableSession(WebContext webContext) {
        return Optional.empty();
    }

    public boolean renewSession(WebContext webContext) {
        return false;
    }
}
