package org.opensaml.storage.impl;

import com.google.common.base.Optional;
import com.google.common.base.Predicate;
import com.google.common.collect.Iterables;
import com.google.common.escape.Escaper;
import com.google.common.net.UrlEscapers;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.KeyException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.TimerTask;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.Condition;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.json.Json;
import javax.json.JsonException;
import javax.json.JsonObject;
import javax.json.JsonValue;
import javax.json.stream.JsonGenerator;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import net.shibboleth.utilities.java.support.annotation.constraint.Live;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.net.CookieManager;
import net.shibboleth.utilities.java.support.net.URISupport;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.security.DataExpiredException;
import net.shibboleth.utilities.java.support.security.DataSealer;
import net.shibboleth.utilities.java.support.security.DataSealerException;
import net.shibboleth.utilities.java.support.security.DataSealerKeyStrategy;
import org.cryptacular.bean.AEADBlockCipherBean;
import org.opensaml.storage.AbstractMapBackedStorageService;
import org.opensaml.storage.MutableStorageRecord;
import org.opensaml.storage.RequestScopedStorageService;
import org.opensaml.storage.StorageCapabilitiesEx;
import org.opensaml.storage.VersionMismatchException;
import org.owasp.esapi.HTTPUtilities;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opensaml/storage/impl/ServletRequestScopedStorageService.class */
public class ServletRequestScopedStorageService extends AbstractMapBackedStorageService implements RequestScopedStorageService, Filter, StorageCapabilitiesEx {

    @Nonnull
    protected static final String CONTEXT_MAP_ATTRIBUTE = "org.opensaml.storage.impl.ServletRequestScopedStorageService.contextMap";

    @Nonnull
    protected static final String DIRTY_BIT_ATTRIBUTE = "org.opensaml.storage.impl.ServletRequestScopedStorageService.dirty";

    @NotEmpty
    @Nonnull
    private static final String DEFAULT_COOKIE_NAME = "shib_idp_req_ss";

    @Nonnull
    private static final ReadWriteLock DUMMY_LOCK = new DummyReadWriteLock();

    @NonnullAfterInit
    private HttpServletRequest httpServletRequest;

    @NonnullAfterInit
    private HttpServletResponse httpServletResponse;

    @NonnullAfterInit
    private CookieManager cookieManager;

    @NonnullAfterInit
    private DataSealer dataSealer;

    @Nullable
    private DataSealerKeyStrategy keyStrategy;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ServletRequestScopedStorageService.class);

    @NotEmpty
    @Nonnull
    private String cookieName = DEFAULT_COOKIE_NAME;
    private int capabilitySize = HTTPUtilities.MAX_COOKIE_LEN;

    @Nonnull
    private Escaper escaper = UrlEscapers.urlFormParameterEscaper();

    /* loaded from: input_file:org/opensaml/storage/impl/ServletRequestScopedStorageService$DummyReadWriteLock.class */
    private static class DummyReadWriteLock implements ReadWriteLock {
        private static DummyLock lock;

        /* loaded from: input_file:org/opensaml/storage/impl/ServletRequestScopedStorageService$DummyReadWriteLock$DummyLock.class */
        private static class DummyLock implements Lock {
            private DummyLock() {
            }

            @Override // java.util.concurrent.locks.Lock
            public void lock() {
            }

            @Override // java.util.concurrent.locks.Lock
            public void lockInterruptibly() throws InterruptedException {
            }

            @Override // java.util.concurrent.locks.Lock
            public boolean tryLock() {
                return true;
            }

            @Override // java.util.concurrent.locks.Lock
            public boolean tryLock(long j, TimeUnit timeUnit) throws InterruptedException {
                return true;
            }

            @Override // java.util.concurrent.locks.Lock
            public void unlock() {
            }

            @Override // java.util.concurrent.locks.Lock
            public Condition newCondition() {
                throw new UnsupportedOperationException("Conditions not supported");
            }
        }

        public DummyReadWriteLock() {
            lock = new DummyLock();
        }

        @Override // java.util.concurrent.locks.ReadWriteLock
        public Lock readLock() {
            return lock;
        }

        @Override // java.util.concurrent.locks.ReadWriteLock
        public Lock writeLock() {
            return lock;
        }
    }

    /* loaded from: input_file:org/opensaml/storage/impl/ServletRequestScopedStorageService$OutputInterceptingHttpServletResponseProxy.class */
    private class OutputInterceptingHttpServletResponseProxy extends HttpServletResponseWrapper {
        public OutputInterceptingHttpServletResponseProxy(@Nonnull HttpServletResponse httpServletResponse) {
            super(httpServletResponse);
        }

        public ServletOutputStream getOutputStream() throws IOException {
            ServletRequestScopedStorageService.this.save();
            return super.getOutputStream();
        }

        public PrintWriter getWriter() throws IOException {
            ServletRequestScopedStorageService.this.save();
            return super.getWriter();
        }

        public void sendError(int i, String str) throws IOException {
            ServletRequestScopedStorageService.this.save();
            super.sendError(i, str);
        }

        public void sendError(int i) throws IOException {
            ServletRequestScopedStorageService.this.save();
            super.sendError(i);
        }

        public void sendRedirect(String str) throws IOException {
            ServletRequestScopedStorageService.this.save();
            super.sendRedirect(str);
        }
    }

    @Override // org.opensaml.storage.AbstractStorageService
    public synchronized void setCleanupInterval(long j) {
        super.setCleanupInterval(0L);
    }

    public void setCapabilitySize(int i) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.capabilitySize = i;
    }

    public void setHttpServletRequest(@Nonnull HttpServletRequest httpServletRequest) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.httpServletRequest = (HttpServletRequest) Constraint.isNotNull(httpServletRequest, "HttpServletRequest cannot be null");
    }

    public void setHttpServletResponse(@Nonnull HttpServletResponse httpServletResponse) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.httpServletResponse = (HttpServletResponse) Constraint.isNotNull(httpServletResponse, "HttpServletResponse cannot be null");
    }

    public void setCookieManager(@Nonnull CookieManager cookieManager) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.cookieManager = (CookieManager) Constraint.isNotNull(cookieManager, "CookieManager cannot be null");
    }

    @NotEmpty
    @Nonnull
    public String getCookieName() {
        return this.cookieName;
    }

    public void setCookieName(@NotEmpty @Nonnull String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.cookieName = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Cookie name cannot be null or empty");
    }

    public void setDataSealer(@Nonnull DataSealer dataSealer) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.dataSealer = (DataSealer) Constraint.isNotNull(dataSealer, "DataSealer cannot be null");
    }

    public void setKeyStrategy(@Nonnull DataSealerKeyStrategy dataSealerKeyStrategy) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.keyStrategy = dataSealerKeyStrategy;
    }

    @Override // org.opensaml.storage.StorageCapabilitiesEx
    public boolean isServerSide() {
        return false;
    }

    @Override // org.opensaml.storage.StorageCapabilitiesEx
    public boolean isClustered() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.storage.AbstractStorageService, net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent, net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.httpServletRequest == null || this.httpServletResponse == null) {
            throw new ComponentInitializationException("HttpServletRequest and HttpServletResponse must be set");
        }
        if (this.dataSealer == null || this.cookieManager == null) {
            throw new ComponentInitializationException("DataSealer and CookieManager must be set");
        }
        setContextSize(this.capabilitySize);
        setKeySize(this.capabilitySize);
        setValueSize(this.capabilitySize);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletResponse instanceof HttpServletResponse)) {
            throw new ServletException("Response was not an HttpServletResponse");
        }
        filterChain.doFilter(servletRequest, new OutputInterceptingHttpServletResponseProxy((HttpServletResponse) servletResponse));
    }

    protected void load() throws IOException {
        Map<String, Map<String, MutableStorageRecord>> contextMap = getContextMap();
        if (contextMap.isEmpty()) {
            this.log.trace("Loading storage state from cookie in current request");
            setDirty(false);
            Cookie[] cookies = this.httpServletRequest.getCookies();
            if (cookies == null) {
                return;
            }
            Optional tryFind = Iterables.tryFind(Arrays.asList(cookies), new Predicate<Cookie>() { // from class: org.opensaml.storage.impl.ServletRequestScopedStorageService.1
                public boolean apply(@Nullable Cookie cookie) {
                    return cookie != null && cookie.getName().equals(ServletRequestScopedStorageService.this.cookieName);
                }
            });
            if (!tryFind.isPresent() || ((Cookie) tryFind.get()).getValue() == null || ((Cookie) tryFind.get()).getValue().isEmpty()) {
                return;
            }
            try {
                StringBuffer stringBuffer = new StringBuffer();
                String unwrap = this.dataSealer.unwrap(URISupport.doURLDecode(((Cookie) tryFind.get()).getValue()), stringBuffer);
                this.log.trace("Data after decryption: {}", unwrap);
                JsonObject read = Json.createReader(new StringReader(unwrap)).read();
                if (!(read instanceof JsonObject)) {
                    throw new IOException("Found invalid data structure while parsing context map");
                }
                for (Map.Entry entry : read.entrySet()) {
                    if (((JsonValue) entry.getValue()).getValueType() != JsonValue.ValueType.OBJECT) {
                        contextMap.clear();
                        throw new IOException("Found invalid data structure while parsing context map");
                    }
                    for (Map.Entry entry2 : ((JsonObject) entry.getValue()).entrySet()) {
                        JsonObject jsonObject = (JsonObject) entry2.getValue();
                        Long l = null;
                        if (jsonObject.containsKey("x")) {
                            l = Long.valueOf(jsonObject.getJsonNumber("x").longValueExact());
                        }
                        create((String) entry.getKey(), (String) entry2.getKey(), jsonObject.getString("v"), l);
                    }
                }
                if (this.keyStrategy != null) {
                    try {
                        setDirty(!this.keyStrategy.getDefaultKey().getFirst().equals(stringBuffer.toString()));
                    } catch (KeyException e) {
                        this.log.error("Exception while accessing default key during stale key detection", e);
                        setDirty(false);
                    }
                } else {
                    setDirty(false);
                }
            } catch (ArithmeticException | ClassCastException | NullPointerException | JsonException e2) {
                contextMap.clear();
                setDirty(true);
                this.log.error("Exception while parsing context map", e2);
                throw new IOException("Found invalid data structure while parsing context map", e2);
            } catch (DataExpiredException e3) {
                setDirty(true);
                this.log.debug("Secured data or key has expired");
            } catch (DataSealerException e4) {
                setDirty(true);
                this.log.error("Exception unwrapping secured data", e4);
                throw new IOException("Exception unwrapping secured data", e4);
            }
        }
    }

    @Nullable
    protected void save() throws IOException {
        if (!isDirty()) {
            this.log.trace("Storage state has not been modified during request, save operation skipped");
            return;
        }
        this.log.trace("Saving updated storage data to cookie");
        Map<String, Map<String, MutableStorageRecord>> contextMap = getContextMap();
        if (contextMap.isEmpty()) {
            this.log.trace("Context map was empty, unsetting storage cookie");
            this.cookieManager.unsetCookie(this.cookieName);
            setDirty(false);
            return;
        }
        long j = 0;
        long currentTimeMillis = System.currentTimeMillis();
        boolean z = true;
        try {
            StringWriter stringWriter = new StringWriter(AEADBlockCipherBean.MAC_SIZE_BITS);
            JsonGenerator createGenerator = Json.createGenerator(stringWriter);
            createGenerator.writeStartObject();
            for (Map.Entry<String, Map<String, MutableStorageRecord>> entry : contextMap.entrySet()) {
                createGenerator.writeStartObject(entry.getKey());
                for (Map.Entry<String, MutableStorageRecord> entry2 : entry.getValue().entrySet()) {
                    MutableStorageRecord value = entry2.getValue();
                    Long expiration = value.getExpiration();
                    if (expiration == null || expiration.longValue() > currentTimeMillis) {
                        z = false;
                        createGenerator.writeStartObject(entry2.getKey()).write("v", value.getValue());
                        if (expiration != null) {
                            createGenerator.write("x", value.getExpiration().longValue());
                            j = Math.max(j, expiration.longValue());
                        }
                        createGenerator.writeEnd();
                    }
                }
                createGenerator.writeEnd();
            }
            createGenerator.writeEnd().close();
            if (z) {
                this.log.trace("Context map was empty, unsetting storage cookie");
                this.cookieManager.unsetCookie(this.cookieName);
                setDirty(false);
                return;
            }
            String stringWriter2 = stringWriter.toString();
            this.log.trace("Size of data before encryption is {}", Integer.valueOf(stringWriter2.length()));
            this.log.trace("Data before encryption is {}", stringWriter2);
            try {
                String wrap = this.dataSealer.wrap(stringWriter2, j > 0 ? j : currentTimeMillis + 86400000);
                this.log.trace("Size of data after encryption is {}", Integer.valueOf(wrap.length()));
                this.cookieManager.addCookie(this.cookieName, this.escaper.escape(wrap));
                setDirty(false);
            } catch (DataSealerException e) {
                throw new IOException(e);
            }
        } catch (JsonException e2) {
            this.log.error("JsonException while serializing context map", e2);
            throw new IOException((Throwable) e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.storage.AbstractMapBackedStorageService
    @Nullable
    public Long updateImpl(@Nullable Long l, @NotEmpty @Nonnull String str, @NotEmpty @Nonnull String str2, @Nullable String str3, @Nullable Long l2) throws IOException, VersionMismatchException {
        Long updateImpl = super.updateImpl(l, str, str2, str3, l2);
        if (updateImpl != null) {
            setDirty(true);
        }
        return updateImpl;
    }

    @Override // org.opensaml.storage.AbstractStorageService
    @Nullable
    protected TimerTask getCleanupTask() {
        return null;
    }

    @Override // org.opensaml.storage.AbstractMapBackedStorageService
    @NonnullElements
    @Live
    @Nonnull
    protected Map<String, Map<String, MutableStorageRecord>> getContextMap() {
        Object attribute = this.httpServletRequest.getAttribute("org.opensaml.storage.impl.ServletRequestScopedStorageService.contextMap." + this.cookieName);
        if (attribute != null) {
            return (Map) attribute;
        }
        HashMap hashMap = new HashMap();
        this.httpServletRequest.setAttribute("org.opensaml.storage.impl.ServletRequestScopedStorageService.contextMap." + this.cookieName, hashMap);
        try {
            load();
        } catch (IOException e) {
            setDirty(true);
            this.log.error("Error loading data from cookie, starting fresh", e);
        }
        return hashMap;
    }

    @Override // org.opensaml.storage.AbstractMapBackedStorageService
    @Nonnull
    protected ReadWriteLock getLock() {
        return DUMMY_LOCK;
    }

    @Override // org.opensaml.storage.AbstractMapBackedStorageService
    public void setDirty() {
        setDirty(true);
    }

    private void setDirty(boolean z) {
        if (z) {
            this.httpServletRequest.setAttribute("org.opensaml.storage.impl.ServletRequestScopedStorageService.dirty." + this.cookieName, Boolean.TRUE);
        } else {
            this.httpServletRequest.removeAttribute("org.opensaml.storage.impl.ServletRequestScopedStorageService.dirty." + this.cookieName);
        }
    }

    private boolean isDirty() {
        Object attribute = this.httpServletRequest.getAttribute("org.opensaml.storage.impl.ServletRequestScopedStorageService.dirty." + this.cookieName);
        if (attribute == null || !(attribute instanceof Boolean)) {
            return false;
        }
        return ((Boolean) attribute).booleanValue();
    }
}
