package leap.oauth2.server.sso;

import java.util.HashSet;
import java.util.List;
import leap.core.BeanFactory;
import leap.core.annotation.Inject;
import leap.core.ioc.PostCreateBean;
import leap.core.security.Authentication;
import leap.core.security.UserPrincipal;
import leap.core.security.token.jwt.JwtVerifier;
import leap.core.security.token.jwt.MacSigner;
import leap.lang.Arrays2;
import leap.lang.Strings;
import leap.oauth2.server.OAuth2AuthzServerConfig;
import leap.oauth2.server.authc.AuthzAuthentication;
import leap.oauth2.server.client.AuthzClient;
import leap.web.Request;
import leap.web.Response;
import leap.web.security.SecurityConfig;
import leap.web.security.logout.LogoutContext;

/* loaded from: input_file:leap/oauth2/server/sso/DefaultAuthzSSOManager.class */
public class DefaultAuthzSSOManager implements AuthzSSOManager, PostCreateBean {
    public static final String SSO_SESSION_ATTR_NAME = DefaultAuthzSSOManager.class.getName() + "$" + AuthzSSOSession.class.getName();
    public static final String SSO_LOGIN_ATTR_NAME = SSO_SESSION_ATTR_NAME + "$" + AuthzSSOLogin.class.getName();

    @Inject
    protected SecurityConfig sc;

    @Inject
    protected OAuth2AuthzServerConfig config;
    protected JwtVerifier verifier;

    @Override // leap.oauth2.server.sso.AuthzSSOManager
    public void onOAuth2LoginSuccess(Request request, Response response, AuthzAuthentication authzAuthentication) throws Throwable {
        if (this.config.isSingleLoginEnabled()) {
            String token = authzAuthentication.getAuthentication().getToken();
            if (null == token) {
                throw new IllegalStateException("The authentication token must be exists");
            }
            AuthzSSOStore sSOStore = this.config.getSSOStore();
            AuthzSSOSession loadSessionByToken = sSOStore.loadSessionByToken(authzAuthentication.getUserDetails().getLoginName(), token);
            if (null == loadSessionByToken) {
                loadSessionByToken = newSession(request, response, authzAuthentication);
                AuthzSSOLogin newLogin = newLogin(request, response, authzAuthentication, loadSessionByToken, true);
                sSOStore.saveSession(loadSessionByToken, newLogin);
                setCurrentSSOLogin(newLogin, request, authzAuthentication);
            } else {
                AuthzSSOLogin newLogin2 = newLogin(request, response, authzAuthentication, loadSessionByToken, false);
                sSOStore.saveLogin(loadSessionByToken, newLogin2);
                setCurrentSSOLogin(newLogin2, request, authzAuthentication);
            }
            setSSOSession(loadSessionByToken, request, authzAuthentication);
        }
    }

    @Override // leap.oauth2.server.sso.AuthzSSOManager
    public void setSSOSession(AuthzSSOSession authzSSOSession, Request request, AuthzAuthentication authzAuthentication) throws Throwable {
        request.setAttribute(SSO_SESSION_ATTR_NAME, authzSSOSession);
    }

    @Override // leap.oauth2.server.sso.AuthzSSOManager
    public void setCurrentSSOLogin(AuthzSSOLogin authzSSOLogin, Request request, AuthzAuthentication authzAuthentication) throws Throwable {
        request.setAttribute(SSO_LOGIN_ATTR_NAME, authzSSOLogin);
    }

    @Override // leap.oauth2.server.sso.AuthzSSOManager
    public AuthzSSOSession getSSOSession(Request request, Response response, AuthzAuthentication authzAuthentication) throws Throwable {
        return (AuthzSSOSession) request.getAttribute(SSO_SESSION_ATTR_NAME);
    }

    @Override // leap.oauth2.server.sso.AuthzSSOManager
    public AuthzSSOLogin getCurrentSSOLogin(Request request, Response response, AuthzAuthentication authzAuthentication) throws Throwable {
        return (AuthzSSOLogin) request.getAttribute(SSO_LOGIN_ATTR_NAME);
    }

    @Override // leap.oauth2.server.sso.AuthzSSOManager
    public String[] resolveLogoutUrls(Request request, Response response, LogoutContext logoutContext) throws Throwable {
        Authentication authentication = logoutContext.getAuthentication();
        if (null == authentication) {
            return Arrays2.EMPTY_STRING_ARRAY;
        }
        String authenticationToken = logoutContext.getAuthenticationToken();
        if (Strings.isEmpty(authenticationToken)) {
            throw new IllegalStateException("The authentication token must be exists.");
        }
        AuthzSSOStore sSOStore = this.config.getSSOStore();
        AuthzSSOSession loadSessionByToken = sSOStore.loadSessionByToken(authentication.getUser().getLoginName(), authenticationToken);
        if (null == loadSessionByToken) {
            return Arrays2.EMPTY_STRING_ARRAY;
        }
        List<AuthzSSOLogin> loadLoginsInSession = sSOStore.loadLoginsInSession(loadSessionByToken);
        HashSet hashSet = new HashSet();
        for (AuthzSSOLogin authzSSOLogin : loadLoginsInSession) {
            if (!Strings.isEmpty(authzSSOLogin.getLogoutUri())) {
                hashSet.add(authzSSOLogin.getLogoutUri());
            }
        }
        return (String[]) hashSet.toArray(new String[hashSet.size()]);
    }

    public void postCreate(BeanFactory beanFactory) throws Throwable {
        if (null == this.verifier) {
            this.verifier = new MacSigner(this.sc.getSecret(), this.sc.getDefaultAuthenticationExpires());
        }
    }

    protected AuthzSSOSession newSession(Request request, Response response, AuthzAuthentication authzAuthentication) {
        SimpleAuthzSSOSession simpleAuthzSSOSession = new SimpleAuthzSSOSession();
        UserPrincipal user = authzAuthentication.getAuthentication().getUser();
        simpleAuthzSSOSession.setId((String) this.verifier.verify(authzAuthentication.getAuthentication().getToken()).get("jti"));
        simpleAuthzSSOSession.setUserId(user.getIdAsString());
        simpleAuthzSSOSession.setUsername(user.getLoginName());
        simpleAuthzSSOSession.setToken(authzAuthentication.getAuthentication().getToken());
        simpleAuthzSSOSession.setExpiresIn(this.config.getDefaultLoginSessionExpires());
        simpleAuthzSSOSession.setCreated(System.currentTimeMillis());
        return simpleAuthzSSOSession;
    }

    protected AuthzSSOLogin newLogin(Request request, Response response, AuthzAuthentication authzAuthentication, AuthzSSOSession authzSSOSession, boolean z) {
        SimpleAuthzSSOLogin simpleAuthzSSOLogin = new SimpleAuthzSSOLogin();
        simpleAuthzSSOLogin.setInitial(z);
        simpleAuthzSSOLogin.setLoginTime(System.currentTimeMillis());
        simpleAuthzSSOLogin.setLogoutUri(authzAuthentication.getParams().getLogoutUri());
        AuthzClient clientDetails = authzAuthentication.getClientDetails();
        if (null != clientDetails) {
            simpleAuthzSSOLogin.setClientId(clientDetails.getId());
            if (Strings.isEmpty(simpleAuthzSSOLogin.getLogoutUri())) {
                simpleAuthzSSOLogin.setLogoutUri(clientDetails.getLogoutUri());
            }
        }
        return simpleAuthzSSOLogin;
    }
}
