package de.arbeitsagentur.opdt.keycloak.cassandra.authSession;

import de.arbeitsagentur.opdt.keycloak.cassandra.AbstractCassandraProvider;
import de.arbeitsagentur.opdt.keycloak.cassandra.authSession.persistence.AuthSessionRepository;
import de.arbeitsagentur.opdt.keycloak.cassandra.authSession.persistence.entities.AuthenticationSession;
import de.arbeitsagentur.opdt.keycloak.cassandra.authSession.persistence.entities.RootAuthenticationSession;
import de.arbeitsagentur.opdt.keycloak.cassandra.cache.ThreadLocalCache;
import java.util.Map;
import java.util.Objects;
import java.util.function.Function;
import java.util.function.Predicate;
import org.jboss.logging.Logger;
import org.keycloak.common.util.StackUtil;
import org.keycloak.common.util.Time;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.map.common.ExpirationUtils;
import org.keycloak.models.map.common.TimeAdapter;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.SessionExpiration;
import org.keycloak.sessions.AuthenticationSessionCompoundId;
import org.keycloak.sessions.AuthenticationSessionProvider;
import org.keycloak.sessions.RootAuthenticationSessionModel;

/* loaded from: input_file:de/arbeitsagentur/opdt/keycloak/cassandra/authSession/CassandraAuthSessionProvider.class */
public class CassandraAuthSessionProvider extends AbstractCassandraProvider implements AuthenticationSessionProvider {
    private static final Logger log = Logger.getLogger(CassandraAuthSessionProvider.class);
    private final KeycloakSession session;
    private final AuthSessionRepository authSessionRepository;
    private final int authSessionsLimit;

    private Function<RootAuthenticationSession, RootAuthenticationSessionModel> entityToAdapterFunc(RealmModel realmModel) {
        return rootAuthenticationSession -> {
            if (rootAuthenticationSession == null) {
                return null;
            }
            if (!ExpirationUtils.isExpired(rootAuthenticationSession, true)) {
                return new CassandraRootAuthSessionAdapter(this.session, realmModel, rootAuthenticationSession, this.authSessionRepository, this.authSessionsLimit);
            }
            this.authSessionRepository.deleteRootAuthSession(rootAuthenticationSession);
            return null;
        };
    }

    private Predicate<RootAuthenticationSession> entityRealmFilter(String str) {
        return str == null ? rootAuthenticationSession -> {
            return false;
        } : rootAuthenticationSession2 -> {
            return Objects.equals(str, rootAuthenticationSession2.getRealmId());
        };
    }

    public RootAuthenticationSessionModel createRootAuthenticationSession(RealmModel realmModel) {
        Objects.requireNonNull(realmModel, "The provided realm can't be null!");
        return createRootAuthenticationSession(realmModel, null);
    }

    public RootAuthenticationSessionModel createRootAuthenticationSession(RealmModel realmModel, String str) {
        Objects.requireNonNull(realmModel, "The provided realm can't be null!");
        log.tracef("createRootAuthenticationSession(%s)%s", realmModel.getName(), StackUtil.getShortStackTrace());
        long currentTimeMillis = Time.currentTimeMillis();
        RootAuthenticationSession build = RootAuthenticationSession.builder().id(str == null ? KeycloakModelUtils.generateId() : str).realmId(realmModel.getId()).timestamp(Long.valueOf(currentTimeMillis)).expiration(Long.valueOf(currentTimeMillis + TimeAdapter.fromSecondsToMilliseconds(SessionExpiration.getAuthSessionLifespan(realmModel)).longValue())).build();
        if (str != null && this.authSessionRepository.findRootAuthSessionById(str) != null) {
            throw new ModelDuplicateException("Root authentication session exists: " + build.getId());
        }
        this.authSessionRepository.insertOrUpdate(build);
        return entityToAdapterFunc(realmModel).apply(build);
    }

    public RootAuthenticationSessionModel getRootAuthenticationSession(RealmModel realmModel, String str) {
        Objects.requireNonNull(realmModel, "The provided realm can't be null!");
        if (str == null) {
            return null;
        }
        log.tracef("getRootAuthenticationSession(%s, %s)%s", realmModel.getName(), str, StackUtil.getShortStackTrace());
        RootAuthenticationSession findRootAuthSessionById = this.authSessionRepository.findRootAuthSessionById(str);
        if (findRootAuthSessionById == null || !entityRealmFilter(realmModel.getId()).test(findRootAuthSessionById)) {
            return null;
        }
        return entityToAdapterFunc(realmModel).apply(findRootAuthSessionById);
    }

    public void removeRootAuthenticationSession(RealmModel realmModel, RootAuthenticationSessionModel rootAuthenticationSessionModel) {
        Objects.requireNonNull(rootAuthenticationSessionModel, "The provided root authentication session can't be null!");
        this.authSessionRepository.deleteRootAuthSession(rootAuthenticationSessionModel.getId());
    }

    public void removeAllExpired() {
        log.tracef("removeAllExpired()%s", StackUtil.getShortStackTrace());
        log.warnf("Clearing expired entities should not be triggered manually. It is responsibility of the store to clear these.", new Object[0]);
    }

    public void removeExpired(RealmModel realmModel) {
        log.tracef("removeExpired(%s)%s", realmModel, StackUtil.getShortStackTrace());
        log.warnf("Clearing expired entities should not be triggered manually. It is responsibility of the store to clear these.", new Object[0]);
    }

    public void onRealmRemoved(RealmModel realmModel) {
    }

    public void onClientRemoved(RealmModel realmModel, ClientModel clientModel) {
    }

    public void updateNonlocalSessionAuthNotes(AuthenticationSessionCompoundId authenticationSessionCompoundId, Map<String, String> map) {
        if (authenticationSessionCompoundId == null) {
            return;
        }
        Objects.requireNonNull(map, "The provided authentication's notes map can't be null!");
        AuthenticationSession orElse = this.authSessionRepository.findAuthSessionsByParentSessionId(authenticationSessionCompoundId.getRootSessionId()).stream().filter(authenticationSession -> {
            return Objects.equals(authenticationSession.getTabId(), authenticationSessionCompoundId.getTabId());
        }).filter(authenticationSession2 -> {
            return Objects.equals(authenticationSession2.getClientId(), authenticationSessionCompoundId.getClientUUID());
        }).findFirst().orElse(null);
        if (orElse != null) {
            orElse.setAuthNotes(map);
            this.authSessionRepository.insertOrUpdate(orElse);
        }
    }

    @Override // de.arbeitsagentur.opdt.keycloak.cassandra.AbstractCassandraProvider
    protected String getCacheName() {
        return ThreadLocalCache.AUTH_SESSION_CACHE;
    }

    public CassandraAuthSessionProvider(KeycloakSession keycloakSession, AuthSessionRepository authSessionRepository, int i) {
        this.session = keycloakSession;
        this.authSessionRepository = authSessionRepository;
        this.authSessionsLimit = i;
    }
}
