package com.liferay.portal.security.sso.openid.connect.internal.session.manager;

import com.liferay.counter.kernel.service.CounterLocalService;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.messaging.BaseMessageListener;
import com.liferay.portal.kernel.messaging.Destination;
import com.liferay.portal.kernel.messaging.DestinationConfiguration;
import com.liferay.portal.kernel.messaging.DestinationFactory;
import com.liferay.portal.kernel.messaging.Message;
import com.liferay.portal.kernel.messaging.MessageListener;
import com.liferay.portal.kernel.scheduler.SchedulerException;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.HashMapDictionary;
import com.liferay.portal.kernel.util.HashMapDictionaryBuilder;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnectProviderRegistry;
import com.liferay.portal.security.sso.openid.connect.internal.constants.OpenIdConnectDestinationNames;
import com.liferay.portal.security.sso.openid.connect.internal.scheduler.OpenIdConnectTokenRefreshScheduler;
import com.liferay.portal.security.sso.openid.connect.internal.util.OpenIdConnectTokenRequestUtil;
import com.liferay.portal.security.sso.openid.connect.persistence.model.OpenIdConnectSession;
import com.liferay.portal.security.sso.openid.connect.persistence.service.OpenIdConnectSessionLocalService;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata;
import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import java.util.Date;
import javax.servlet.http.HttpSession;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true, service = {OfflineOpenIdConnectSessionManager.class})
/* loaded from: input_file:com/liferay/portal/security/sso/openid/connect/internal/session/manager/OfflineOpenIdConnectSessionManager.class */
public class OfflineOpenIdConnectSessionManager {
    private static final Log _log = LogFactoryUtil.getLog(OfflineOpenIdConnectSessionManager.class);
    private volatile BundleContext _bundleContext;

    @Reference
    private CounterLocalService _counterLocalService;

    @Reference
    private DestinationFactory _destinationFactory;

    @Reference
    private OpenIdConnectProviderRegistry<OIDCClientMetadata, OIDCProviderMetadata> _openIdConnectProviderRegistry;

    @Reference
    private OpenIdConnectSessionLocalService _openIdConnectSessionLocalService;

    @Reference
    private OpenIdConnectTokenRefreshScheduler _openIdConnectTokenRefreshScheduler;
    private ServiceRegistration<Destination> _serviceRegistration1;
    private ServiceRegistration<MessageListener> _serviceRegistration2;

    /* loaded from: input_file:com/liferay/portal/security/sso/openid/connect/internal/session/manager/OfflineOpenIdConnectSessionManager$OpenIdConnectMessageListener.class */
    private class OpenIdConnectMessageListener extends BaseMessageListener {
        private OpenIdConnectMessageListener() {
        }

        protected void doReceive(Message message) throws Exception {
            long j = GetterUtil.getLong(message.getPayload());
            try {
                OfflineOpenIdConnectSessionManager.this._extendOpenIdConnectSession(OfflineOpenIdConnectSessionManager.this._openIdConnectSessionLocalService.getOpenIdConnectSession(j));
            } catch (PortalException e) {
                if (OfflineOpenIdConnectSessionManager._log.isDebugEnabled()) {
                    OfflineOpenIdConnectSessionManager._log.debug("Unable to get OpenId Connect session " + j, e);
                }
            }
        }
    }

    public void endOpenIdConnectSession(long j) {
        try {
            this._openIdConnectTokenRefreshScheduler.unschedule(j);
        } catch (SchedulerException e) {
            if (_log.isWarnEnabled()) {
                _log.warn(e, e);
            }
        }
    }

    public boolean isOpenIdConnectSession(HttpSession httpSession) {
        return (httpSession == null || ((Long) httpSession.getAttribute("OPEN_ID_CONNECT_SESSION_ID")) == null) ? false : true;
    }

    public boolean isOpenIdConnectSessionExpired(HttpSession httpSession) {
        Long l = (Long) httpSession.getAttribute("OPEN_ID_CONNECT_SESSION_ID");
        if (l == null) {
            return true;
        }
        OpenIdConnectSession fetchOpenIdConnectSession = this._openIdConnectSessionLocalService.fetchOpenIdConnectSession(l.longValue());
        if (fetchOpenIdConnectSession == null) {
            endOpenIdConnectSession(l.longValue());
            return true;
        }
        return System.currentTimeMillis() - fetchOpenIdConnectSession.getModifiedDate().getTime() >= _getAccessToken(fetchOpenIdConnectSession).getLifetime() * 1000;
    }

    public long startOpenIdConnectSession(String str, OIDCTokens oIDCTokens, String str2, long j) {
        OpenIdConnectSession fetchOpenIdConnectSession = this._openIdConnectSessionLocalService.fetchOpenIdConnectSession(j, str);
        if (fetchOpenIdConnectSession == null) {
            fetchOpenIdConnectSession = this._openIdConnectSessionLocalService.createOpenIdConnectSession(this._counterLocalService.increment(OpenIdConnectSession.class.getName()));
        }
        AccessToken accessToken = oIDCTokens.getAccessToken();
        _updateOpenIdConnectSession(accessToken, str, oIDCTokens.getIDTokenString(), oIDCTokens.getRefreshToken(), fetchOpenIdConnectSession, str2, j);
        if (fetchOpenIdConnectSession.getRefreshToken() != null) {
            try {
                this._openIdConnectTokenRefreshScheduler.schedule(accessToken.getLifetime(), fetchOpenIdConnectSession.getOpenIdConnectSessionId(), fetchOpenIdConnectSession.getModifiedDate());
            } catch (SchedulerException e) {
                if (_log.isWarnEnabled()) {
                    _log.warn(e, e);
                }
            }
        }
        return fetchOpenIdConnectSession.getOpenIdConnectSessionId();
    }

    @Activate
    protected void activate(BundleContext bundleContext) {
        this._bundleContext = bundleContext;
        Destination createDestination = this._destinationFactory.createDestination(DestinationConfiguration.createSerialDestinationConfiguration(OpenIdConnectDestinationNames.OPENID_CONNECT_TOKEN_REFRESH));
        HashMapDictionary build = HashMapDictionaryBuilder.put("destination.name", createDestination.getName()).build();
        this._serviceRegistration1 = bundleContext.registerService(Destination.class, createDestination, build);
        this._serviceRegistration2 = bundleContext.registerService(MessageListener.class, new OpenIdConnectMessageListener(), build);
    }

    @Deactivate
    protected void deactivate() throws Exception {
        if (this._serviceRegistration1 != null) {
            Destination destination = (Destination) this._bundleContext.getService(this._serviceRegistration1.getReference());
            this._serviceRegistration1.unregister();
            destination.destroy();
        }
        if (this._serviceRegistration2 != null) {
            this._serviceRegistration2.unregister();
        }
        this._bundleContext = null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void _extendOpenIdConnectSession(OpenIdConnectSession openIdConnectSession) throws Exception {
        if (openIdConnectSession.getRefreshToken() == null) {
            return;
        }
        OIDCTokens request = OpenIdConnectTokenRequestUtil.request(this._openIdConnectProviderRegistry.findOpenIdConnectProvider(openIdConnectSession.getProviderName()), new RefreshToken(openIdConnectSession.getRefreshToken()));
        AccessToken _getAccessToken = _getAccessToken(openIdConnectSession);
        AccessToken accessToken = request.getAccessToken();
        _updateOpenIdConnectSession(accessToken, openIdConnectSession, request.getRefreshToken());
        if (openIdConnectSession.getRefreshToken() == null || _getAccessToken.getLifetime() == accessToken.getLifetime()) {
            return;
        }
        try {
            this._openIdConnectTokenRefreshScheduler.reschedule(accessToken.getLifetime(), openIdConnectSession.getOpenIdConnectSessionId(), openIdConnectSession.getModifiedDate());
        } catch (SchedulerException e) {
            if (_log.isWarnEnabled()) {
                _log.warn(e, e);
            }
        }
    }

    private AccessToken _getAccessToken(OpenIdConnectSession openIdConnectSession) {
        try {
            return AccessToken.parse(JSONObjectUtils.parse(openIdConnectSession.getAccessToken()));
        } catch (ParseException e) {
            if (!_log.isWarnEnabled()) {
                return null;
            }
            _log.warn(e, e);
            return null;
        }
    }

    private void _updateOpenIdConnectSession(AccessToken accessToken, OpenIdConnectSession openIdConnectSession, RefreshToken refreshToken) {
        openIdConnectSession.setAccessToken(accessToken.toJSONString());
        if (refreshToken != null) {
            openIdConnectSession.setRefreshToken(refreshToken.toString());
        }
        openIdConnectSession.setModifiedDate(new Date());
        this._openIdConnectSessionLocalService.updateOpenIdConnectSession(openIdConnectSession);
    }

    private void _updateOpenIdConnectSession(AccessToken accessToken, String str, String str2, RefreshToken refreshToken, OpenIdConnectSession openIdConnectSession, String str3, long j) {
        openIdConnectSession.setUserId(j);
        openIdConnectSession.setConfigurationPid(str);
        openIdConnectSession.setIdToken(str2);
        openIdConnectSession.setProviderName(str3);
        _updateOpenIdConnectSession(accessToken, openIdConnectSession, refreshToken);
    }
}
