package org.wso2.carbon.identity.rest.api.user.session.v1.core;

import java.io.IOException;
import java.net.URLEncoder;
import java.text.Collator;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.api.server.authenticators.common.Constants;
import org.wso2.carbon.identity.api.user.common.ContextLoader;
import org.wso2.carbon.identity.api.user.common.error.APIError;
import org.wso2.carbon.identity.api.user.common.error.ErrorResponse;
import org.wso2.carbon.identity.api.user.common.function.UserToUniqueId;
import org.wso2.carbon.identity.api.user.session.common.constant.SessionManagementConstants;
import org.wso2.carbon.identity.api.user.session.common.util.SessionManagementServiceHolder;
import org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException;
import org.wso2.carbon.identity.application.authentication.framework.exception.session.mgt.SessionManagementClientException;
import org.wso2.carbon.identity.application.authentication.framework.exception.session.mgt.SessionManagementException;
import org.wso2.carbon.identity.application.authentication.framework.model.UserSession;
import org.wso2.carbon.identity.application.authentication.framework.store.UserSessionStore;
import org.wso2.carbon.identity.application.authentication.framework.util.SessionMgtConstants;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.ExpressionNode;
import org.wso2.carbon.identity.core.model.FilterTreeBuilder;
import org.wso2.carbon.identity.core.model.Node;
import org.wso2.carbon.identity.core.model.OperationNode;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.entitlement.endpoint.util.EntitlementEndpointConstants;
import org.wso2.carbon.identity.rest.api.user.session.v1.core.function.UserSessionToExternal;
import org.wso2.carbon.identity.rest.api.user.session.v1.dto.SearchResponseDTO;
import org.wso2.carbon.identity.rest.api.user.session.v1.dto.SessionDTO;
import org.wso2.carbon.identity.rest.api.user.session.v1.dto.SessionsDTO;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.rest.api.user.session.v1-1.3.6.jar:org/wso2/carbon/identity/rest/api/user/session/v1/core/SessionManagementService.class */
public class SessionManagementService {
    private static final String FEDERATED_USER_DOMAIN = "FEDERATED";
    private static final String IS_FEDERATED_USER = "isFederatedUser";
    private static final String IDP_NAME = "idpName";
    private static final String SESSIONS_SEARCH_ENDPOINT = "/v1/sessions";
    private static final Log log = LogFactory.getLog(SessionManagementService.class);
    private static final Integer SESSIONS_SEARCH_DEFAULT_LIMIT = 20;

    public SessionsDTO getSessionsBySessionId(User user, Integer num, Integer num2, String str, String str2) {
        return getSessionsByUserId(isFederatedUser() ? getFederatedUserIdFromUser(user) : getUserIdFromUser(user), num, num2, str, str2);
    }

    public void terminateSessionBySessionId(User user, String str) {
        terminateSessionBySessionId(isFederatedUser() ? getFederatedUserIdFromUser(user) : getUserIdFromUser(user), str);
    }

    public void terminateSessionsByUserId(User user) {
        terminateSessionsByUserId(isFederatedUser() ? getFederatedUserIdFromUser(user) : getUserIdFromUser(user));
    }

    public SessionsDTO getSessionsByUserId(String str, Integer num, Integer num2, String str2, String str3) {
        handleNotImplementedCapabilities(num, num2, str2, str3);
        SessionsDTO sessionsDTO = null;
        try {
            if (!StringUtils.isBlank(str)) {
                sessionsDTO = new SessionsDTO();
                List<UserSession> sessionsByUserId = SessionManagementServiceHolder.getUserSessionManagementService().getSessionsByUserId(str);
                sessionsDTO.setUserId(str);
                sessionsDTO.setSessions(buildSessionDTOs(sessionsByUserId));
            }
            return sessionsDTO;
        } catch (SessionManagementException e) {
            throw handleSessionManagementException(e);
        }
    }

    public Optional<SessionDTO> getSessionBySessionId(String str, String str2) {
        try {
            if (StringUtils.isBlank(str)) {
                throw new SessionManagementClientException(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_USER, SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_USER.getDescription());
            }
            if (StringUtils.isBlank(str2)) {
                throw new SessionManagementClientException(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_SESSION, "Session ID is not provided to perform session management tasks.");
            }
            return SessionManagementServiceHolder.getUserSessionManagementService().getSessionBySessionId(str, str2).map(new UserSessionToExternal());
        } catch (SessionManagementException e) {
            throw handleSessionManagementException(e);
        }
    }

    public SearchResponseDTO getSessions(String str, String str2, Integer num, Long l, Long l2) {
        try {
            List<ExpressionNode> expressionNodes = getExpressionNodes(str2, l, l2);
            validateSearchFilter(expressionNodes);
            Integer num2 = (num == null || num.intValue() <= 0) ? SESSIONS_SEARCH_DEFAULT_LIMIT : num;
            String str3 = l != null ? "ASC" : "DESC";
            SearchResponseDTO searchResponseDTO = new SearchResponseDTO();
            List sessions = SessionManagementServiceHolder.getUserSessionManagementService().getSessions(str, expressionNodes, Integer.valueOf(num2.intValue() + 1), str3);
            if (!sessions.isEmpty()) {
                boolean z = sessions.size() > num2.intValue();
                boolean z2 = l != null;
                boolean z3 = (l == null && l2 == null) || !(l == null || z);
                boolean z4 = !z && (l2 != null || l == null);
                String str4 = "?limit=" + num2;
                if (StringUtils.isNotBlank(str2)) {
                    str4 = str4 + "&filter=" + URLEncoder.encode(str2);
                }
                if (z) {
                    sessions.remove(sessions.size() - 1);
                }
                if (z2) {
                    Collections.reverse(sessions);
                }
                searchResponseDTO.setResources((List) sessions.stream().map(new UserSessionToExternal()).collect(Collectors.toList()));
                if (!z3) {
                    searchResponseDTO.setPrevious(ContextLoader.buildURIForBody(SESSIONS_SEARCH_ENDPOINT + str4 + "&since=" + ((UserSession) sessions.get(0)).getCreationTime()));
                }
                if (!z4) {
                    searchResponseDTO.setNext(ContextLoader.buildURIForBody(SESSIONS_SEARCH_ENDPOINT + str4 + "&until=" + ((UserSession) sessions.get(sessions.size() - 1)).getCreationTime()));
                }
            }
            return searchResponseDTO;
        } catch (SessionManagementException e) {
            throw handleSessionManagementException(e);
        }
    }

    public void terminateSessionBySessionId(String str, String str2) {
        try {
            if (str == null || str2 == null) {
                throw handleForbiddenAction();
            }
            SessionManagementServiceHolder.getUserSessionManagementService().terminateSessionBySessionId(str, str2);
        } catch (SessionManagementException e) {
            throw handleSessionManagementException(e);
        } catch (SessionManagementClientException e2) {
            if (log.isDebugEnabled()) {
                log.debug(e2);
            }
        }
    }

    public void terminateSessionsByUserId(String str) {
        if (str != null) {
            try {
                SessionManagementServiceHolder.getUserSessionManagementService().terminateSessionsByUserId(str);
            } catch (SessionManagementException e) {
                throw handleSessionManagementException(e);
            }
        }
    }

    private List<SessionDTO> buildSessionDTOs(List<UserSession> list) {
        return (List) list.stream().map(new UserSessionToExternal()).collect(Collectors.toList());
    }

    private APIError handleSessionManagementException(SessionManagementException sessionManagementException) {
        ErrorResponse build = getErrorBuilder(sessionManagementException).build(log, sessionManagementException, sessionManagementException.getDescription());
        if (sessionManagementException.getErrorCode() != null) {
            String errorCode = sessionManagementException.getErrorCode();
            build.setCode(errorCode.contains("-") ? errorCode : "USM-" + errorCode);
        }
        return new APIError(sessionManagementException instanceof SessionManagementClientException ? StringUtils.equals(SessionMgtConstants.ErrorMessages.ERROR_CODE_FORBIDDEN_ACTION.getCode(), sessionManagementException.getErrorCode()) ? Response.Status.FORBIDDEN : Response.Status.BAD_REQUEST : Response.Status.INTERNAL_SERVER_ERROR, build);
    }

    private ErrorResponse.Builder getErrorBuilder(SessionManagementException sessionManagementException) {
        return new ErrorResponse.Builder().withCode(sessionManagementException.getErrorCode()).withMessage(sessionManagementException.getMessage()).withDescription(sessionManagementException.getDescription());
    }

    private ErrorResponse.Builder getErrorBuilder(SessionManagementConstants.ErrorMessage errorMessage) {
        return new ErrorResponse.Builder().withCode(errorMessage.getCode()).withMessage(errorMessage.getMessage()).withDescription(errorMessage.getDescription());
    }

    private void handleNotImplementedCapabilities(Integer num, Integer num2, String str, String str2) {
        SessionManagementConstants.ErrorMessage errorMessage = null;
        if (num != null || num2 != null) {
            errorMessage = SessionManagementConstants.ErrorMessage.ERROR_CODE_PAGINATION_NOT_IMPLEMENTED;
        } else if (str != null) {
            errorMessage = SessionManagementConstants.ErrorMessage.ERROR_CODE_FILTERING_NOT_IMPLEMENTED;
        } else if (str2 != null) {
            errorMessage = SessionManagementConstants.ErrorMessage.ERROR_CODE_SORTING_NOT_IMPLEMENTED;
        }
        if (errorMessage != null) {
            throw new APIError(Response.Status.NOT_IMPLEMENTED, getErrorBuilder(errorMessage).build(log, errorMessage.getDescription()));
        }
    }

    private APIError handleForbiddenAction() {
        return new APIError(Response.Status.FORBIDDEN, getErrorBuilder(SessionManagementConstants.ErrorMessage.ERROR_CODE_SESSION_TERMINATE_FORBIDDEN).build(log, SessionManagementConstants.ErrorMessage.ERROR_CODE_SESSION_TERMINATE_FORBIDDEN.getDescription()));
    }

    private String getUserIdFromUser(User user) {
        return new UserToUniqueId().apply(SessionManagementServiceHolder.getRealmService(), user);
    }

    private String getFederatedUserIdFromUser(User user) {
        if (((Map) IdentityUtil.threadLocalProperties.get()).containsKey(IDP_NAME)) {
            try {
                return UserSessionStore.getInstance().getUserId(user.getUserName(), IdentityTenantUtil.getTenantId(user.getTenantDomain()), FEDERATED_USER_DOMAIN, UserSessionStore.getInstance().getIdPId((String) ((Map) IdentityUtil.threadLocalProperties.get()).get(IDP_NAME), IdentityTenantUtil.getTenantId(user.getTenantDomain())));
            } catch (UserSessionException e) {
                String format = String.format(SessionManagementConstants.ErrorMessage.ERROR_CODE_UNABLE_TO_RETRIEVE_FEDERATED_USERID.getDescription(), user.getUserName(), user.getTenantDomain());
                throw new APIError(Response.Status.INTERNAL_SERVER_ERROR, new ErrorResponse.Builder().withCode("USM-" + SessionManagementConstants.ErrorMessage.ERROR_CODE_UNABLE_TO_RETRIEVE_FEDERATED_USERID.getCode()).withMessage(SessionManagementConstants.ErrorMessage.ERROR_CODE_UNABLE_TO_RETRIEVE_FEDERATED_USERID.getMessage()).withDescription(format).build(log, e, format));
            }
        }
        if (!log.isDebugEnabled()) {
            return null;
        }
        log.debug("Idp name cannot be found in thread local.");
        return null;
    }

    private boolean isFederatedUser() {
        return ((Map) IdentityUtil.threadLocalProperties.get()).containsKey(IS_FEDERATED_USER) && ((Boolean) ((Map) IdentityUtil.threadLocalProperties.get()).get(IS_FEDERATED_USER)).booleanValue();
    }

    private List<ExpressionNode> getExpressionNodes(String str, Long l, Long l2) throws SessionManagementClientException {
        ArrayList arrayList = new ArrayList();
        String str2 = StringUtils.isNotBlank(str) ? str : "";
        try {
            if (l != null) {
                str2 = str2 + (StringUtils.isNotBlank(str2) ? " and since gt " + l : "since gt " + l);
            } else if (l2 != null) {
                str2 = str2 + (StringUtils.isNotBlank(str2) ? " and until lt " + l2 : "until lt " + l2);
            }
            if (StringUtils.isNotBlank(str2)) {
                setExpressionNodeList(new FilterTreeBuilder(str2).buildTree(), arrayList);
            }
            return arrayList;
        } catch (IOException | IdentityException e) {
            throw new SessionManagementClientException(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_DATA, String.format(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_DATA.getDescription(), "check filter parameter syntax"), e);
        }
    }

    private void setExpressionNodeList(Node node, List<ExpressionNode> list) {
        if (node instanceof ExpressionNode) {
            list.add((ExpressionNode) node);
        } else if (node instanceof OperationNode) {
            setExpressionNodeList(node.getLeftNode(), list);
            setExpressionNodeList(node.getRightNode(), list);
        }
    }

    public void validateSearchFilter(List<ExpressionNode> list) throws SessionManagementClientException {
        Collator collator = Collator.getInstance();
        collator.setStrength(0);
        for (ExpressionNode expressionNode : list) {
            String operation = expressionNode.getOperation();
            String value = expressionNode.getValue();
            String attributeValue = expressionNode.getAttributeValue();
            if (StringUtils.isBlank(attributeValue) || StringUtils.isBlank(operation) || StringUtils.isBlank(value)) {
                throw new SessionManagementClientException(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_DATA, String.format(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_DATA.getDescription(), String.format("'%s %s %s' is not a valid filter", attributeValue, operation, value)));
            }
            if (!collator.equals(attributeValue, "appName") && !collator.equals(attributeValue, EntitlementEndpointConstants.ATTRIBUTE_DATA_TYPE_IP_ADDRESS_SHORT) && !collator.equals(attributeValue, "loginId") && !collator.equals(attributeValue, "sessionId") && !collator.equals(attributeValue, "userAgent") && !collator.equals(attributeValue, "lastAccessTime") && !collator.equals(attributeValue, "loginTime") && !collator.equals(attributeValue, "since") && !collator.equals(attributeValue, "until")) {
                throw new SessionManagementClientException(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_DATA, String.format(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_DATA.getDescription(), attributeValue + " is not a valid filter attribute name"));
            }
            if (collator.equals(attributeValue, "lastAccessTime") || collator.equals(attributeValue, "loginTime")) {
                if (!collator.equals(operation, "le") && !collator.equals(operation, "ge")) {
                    throw new SessionManagementClientException(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_DATA, String.format(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_DATA.getDescription(), operation + " is not a supported operation for " + attributeValue));
                }
                if (!StringUtils.isNumeric(value)) {
                    throw new SessionManagementClientException(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_DATA, String.format(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_DATA.getDescription(), attributeValue + "'s value is not a valid number: " + value));
                }
            } else {
                if (collator.equals(attributeValue, EntitlementEndpointConstants.ATTRIBUTE_DATA_TYPE_IP_ADDRESS_SHORT) && !collator.equals(operation, Constants.FilterOperations.EQ)) {
                    throw new SessionManagementClientException(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_DATA, String.format(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_DATA.getDescription(), operation + " is not a supported operation for " + attributeValue));
                }
                if (collator.equals(attributeValue, "appName") || collator.equals(attributeValue, "loginId") || collator.equals(attributeValue, "sessionId") || collator.equals(attributeValue, "userAgent")) {
                    if (!collator.equals(operation, Constants.FilterOperations.EQ) && !collator.equals(operation, Constants.FilterOperations.SW) && !collator.equals(operation, "ew") && !collator.equals(operation, "co")) {
                        throw new SessionManagementClientException(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_DATA, String.format(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_DATA.getDescription(), operation + " is not a supported operation for " + attributeValue));
                    }
                }
            }
        }
    }
}
