package org.primeframework.mvc.security;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.fusionauth.http.Cookie;
import io.fusionauth.http.server.HTTPRequest;
import io.fusionauth.http.server.HTTPResponse;
import java.time.Clock;
import java.time.Duration;
import java.time.ZonedDateTime;
import java.time.temporal.TemporalAmount;
import java.util.Optional;
import javax.crypto.BadPaddingException;
import org.primeframework.mvc.ErrorException;
import org.primeframework.mvc.util.CookieTools;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/primeframework/mvc/security/BaseUserIdCookieSecurityContext.class */
public abstract class BaseUserIdCookieSecurityContext<T> implements UserLoginSecurityContext {
    public static final String UserKey = "primeCurrentUser";
    private static final String ContextKey = "primeLoginContext";
    private static final Logger logger = LoggerFactory.getLogger(BaseUserIdCookieSecurityContext.class);
    protected final CookieProxy sessionCookie;
    private final Clock clock;
    private final Encryptor encryptor;
    private final ObjectMapper objectMapper;
    private final HTTPRequest request;
    private final HTTPResponse response;
    private final Duration sessionMaxAge;
    private final Duration sessionTimeout;

    /* renamed from: org.primeframework.mvc.security.BaseUserIdCookieSecurityContext$1, reason: invalid class name */
    /* loaded from: input_file:org/primeframework/mvc/security/BaseUserIdCookieSecurityContext$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$primeframework$mvc$security$BaseUserIdCookieSecurityContext$CookieExtendResult = new int[CookieExtendResult.values().length];

        static {
            try {
                $SwitchMap$org$primeframework$mvc$security$BaseUserIdCookieSecurityContext$CookieExtendResult[CookieExtendResult.Extend.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$primeframework$mvc$security$BaseUserIdCookieSecurityContext$CookieExtendResult[CookieExtendResult.Invalid.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/primeframework/mvc/security/BaseUserIdCookieSecurityContext$CookieExtendResult.class */
    public enum CookieExtendResult {
        Keep,
        Extend,
        Invalid
    }

    protected BaseUserIdCookieSecurityContext(HTTPRequest hTTPRequest, HTTPResponse hTTPResponse, Encryptor encryptor, ObjectMapper objectMapper, Clock clock, Duration duration, Duration duration2) {
        this.request = hTTPRequest;
        this.response = hTTPResponse;
        this.encryptor = encryptor;
        this.objectMapper = objectMapper;
        this.clock = clock;
        this.sessionMaxAge = duration2;
        this.sessionTimeout = duration;
        this.sessionCookie = new CookieProxy(getCookieName(), Long.valueOf(duration.toSeconds()), Cookie.SameSite.Strict);
    }

    @Override // org.primeframework.mvc.security.UserLoginSecurityContext
    public Object getCurrentUser() {
        Object attribute = this.request.getAttribute(UserKey);
        if (attribute != null) {
            return attribute;
        }
        UserIdSessionContext<T> resolveContext = resolveContext();
        if (resolveContext == null) {
            return null;
        }
        Object retrieveUserById = retrieveUserById(resolveContext.getUserId());
        this.request.setAttribute(UserKey, retrieveUserById);
        return retrieveUserById;
    }

    @Override // org.primeframework.mvc.security.UserLoginSecurityContext
    public String getSessionId() {
        return (String) Optional.ofNullable(resolveContext()).map((v0) -> {
            return v0.getSessionId();
        }).orElse(null);
    }

    @Override // org.primeframework.mvc.security.UserLoginSecurityContext
    public boolean isLoggedIn() {
        return resolveContext() != null;
    }

    @Override // org.primeframework.mvc.security.UserLoginSecurityContext
    public void login(Object obj) {
        try {
            UserIdSessionContext<T> createUserIdSessionContext = createUserIdSessionContext(getIdFromUser(obj), ZonedDateTime.now(this.clock));
            if (createUserIdSessionContext.getSessionId() == null) {
                throw new IllegalArgumentException("Received a null getSessionId from " + String.valueOf(createUserIdSessionContext.getClass()));
            }
            this.sessionCookie.add(this.request, this.response, CookieTools.toJSONCookie(createUserIdSessionContext, true, true, this.encryptor, this.objectMapper));
        } catch (Exception e) {
            deleteCookies();
            throw new ErrorException(e, new Object[0]);
        }
    }

    @Override // org.primeframework.mvc.security.UserLoginSecurityContext
    public void logout() {
        deleteCookies();
    }

    @Override // org.primeframework.mvc.security.UserLoginSecurityContext
    public void updateUser(Object obj) {
        if (this.request.getAttribute(UserKey) != null) {
            this.request.setAttribute(UserKey, obj);
        }
    }

    protected abstract UserIdSessionContext<T> createUserIdSessionContext(T t, ZonedDateTime zonedDateTime);

    protected String getCookieName() {
        return UserKey;
    }

    protected abstract T getIdFromUser(Object obj);

    protected abstract Class<? extends UserIdSessionContext<T>> getUserIdSessionContextClass();

    protected abstract Object retrieveUserById(T t);

    CookieExtendResult shouldExtendCookie(ZonedDateTime zonedDateTime) {
        ZonedDateTime now = ZonedDateTime.now(this.clock);
        ZonedDateTime plus = zonedDateTime.plus((TemporalAmount) this.sessionMaxAge);
        if (now.isAfter(plus)) {
            return CookieExtendResult.Invalid;
        }
        if (!now.plus((TemporalAmount) this.sessionTimeout).isAfter(plus) && now.isAfter(zonedDateTime.plusMinutes(this.sessionTimeout.toMinutes() / 2))) {
            return CookieExtendResult.Extend;
        }
        return CookieExtendResult.Keep;
    }

    private void deleteCookies() {
        this.sessionCookie.delete(this.request, this.response);
    }

    private UserIdSessionContext<T> resolveContext() {
        UserIdSessionContext<T> userIdSessionContext = (UserIdSessionContext) this.request.getAttribute(ContextKey);
        if (userIdSessionContext != null) {
            return userIdSessionContext;
        }
        String str = this.sessionCookie.get(this.request);
        if (str == null) {
            return null;
        }
        try {
            UserIdSessionContext<T> userIdSessionContext2 = (UserIdSessionContext) CookieTools.fromJSONCookie(str, (Class) getUserIdSessionContextClass(), true, true, this.encryptor, this.objectMapper);
            switch (shouldExtendCookie(userIdSessionContext2.getLoginInstant()).ordinal()) {
                case 1:
                    this.sessionCookie.add(this.request, this.response, str);
                    break;
                case 2:
                    deleteCookies();
                    return null;
            }
            this.request.setAttribute(ContextKey, userIdSessionContext2);
            return userIdSessionContext2;
        } catch (BadPaddingException e) {
            logger.debug("User cookie parsing failed. It is likely the cookie encryption key has changed, therefore deleting session.", e);
            deleteCookies();
            return null;
        } catch (Exception e2) {
            logger.debug("User cookie parsing failed because decoding or decryption failed, therefore deleting session.", e2);
            deleteCookies();
            return null;
        }
    }
}
