package fi.oph.kouta.security;

import fi.oph.kouta.auditlog.AuditLog;
import fi.oph.kouta.client.KayttooikeusClient;
import fi.oph.kouta.repository.SessionDAO$;
import fi.vm.sade.utils.cas.CasClient;
import fi.vm.sade.utils.slf4j.Logging;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import scala.Function0;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Some;
import scala.Tuple2;
import scala.concurrent.duration.Duration$;
import scala.package$;
import scala.reflect.ScalaSignature;
import scala.util.Either;

/* compiled from: casSessionService.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005\u0005v!\u0002\f\u0018\u0011\u0003\u0001c!\u0002\u0012\u0018\u0011\u0003\u0019\u0003B\u0002(\u0002\t\u0003\tyJB\u0003#/\u0005\u0005Q\u0005\u0003\u00059\u0007\t\u0015\r\u0011\"\u0001:\u0011!i4A!A!\u0002\u0013Q\u0004\u0002\u0003 \u0004\u0005\u000b\u0007I\u0011A \t\u0011\u0019\u001b!\u0011!Q\u0001\n\u0001C\u0001bR\u0002\u0003\u0002\u0003\u0006I\u0001\u0013\u0005\u0006\u001d\u000e!\ta\u0014\u0005\b'\u000e\u0011\r\u0011\"\u0001U\u0011\u0019\u00017\u0001)A\u0005+\"9\u0011m\u0001b\u0001\n\u0003!\u0006B\u00022\u0004A\u0003%Q\u000bC\u0004d\u0007\t\u0007I\u0011\u00023\t\r-\u001c\u0001\u0015!\u0003f\u0011\u0015a7\u0001\"\u0003n\u0011\u001d\t\tc\u0001C\u0005\u0003GAq!!\u0014\u0004\t\u0013\ty\u0005C\u0004\u0002p\r!I!!\u001d\t\u000f\u0005=4\u0001\"\u0001\u0002\u0002\"9\u00111S\u0002\u0005\u0002\u0005U\u0015!E\"bgN+7o]5p]N+'O^5dK*\u0011\u0001$G\u0001\tg\u0016\u001cWO]5us*\u0011!dG\u0001\u0006W>,H/\u0019\u0006\u00039u\t1a\u001c9i\u0015\u0005q\u0012A\u00014j\u0007\u0001\u0001\"!I\u0001\u000e\u0003]\u0011\u0011cQ1t'\u0016\u001c8/[8o'\u0016\u0014h/[2f'\t\tA\u0005\u0005\u0002\"\u0007M\u00191A\n\u0017\u0011\u0005\u001dRS\"\u0001\u0015\u000b\u0003%\nQa]2bY\u0006L!a\u000b\u0015\u0003\r\u0005s\u0017PU3g!\tic'D\u0001/\u0015\ty\u0003'A\u0003tY\u001a$$N\u0003\u00022e\u0005)Q\u000f^5mg*\u00111\u0007N\u0001\u0005g\u0006$WM\u0003\u00026;\u0005\u0011a/\\\u0005\u0003o9\u0012q\u0001T8hO&tw-A\btK\u000e,(/\u001b;z\u0007>tG/\u001a=u+\u0005Q\u0004CA\u0011<\u0013\tatCA\bTK\u000e,(/\u001b;z\u0007>tG/\u001a=u\u0003A\u0019XmY;sSRL8i\u001c8uKb$\b%\u0001\nvg\u0016\u0014H)\u001a;bS2\u001c8+\u001a:wS\u000e,W#\u0001!\u0011\u0005\u0005#U\"\u0001\"\u000b\u0005\rK\u0012AB2mS\u0016tG/\u0003\u0002F\u0005\n\u00112*Y=ui>|\u0017n[3vg\u000ec\u0017.\u001a8u\u0003M)8/\u001a:EKR\f\u0017\u000e\\:TKJ4\u0018nY3!\u0003!\tW\u000fZ5u\u0019><\u0007CA%M\u001b\u0005Q%BA&\u001a\u0003!\tW\u000fZ5uY><\u0017BA'K\u0005!\tU\u000fZ5u\u0019><\u0017A\u0002\u001fj]&$h\b\u0006\u0003%!F\u0013\u0006\"\u0002\u001d\n\u0001\u0004Q\u0004\"\u0002 \n\u0001\u0004\u0001\u0005\"B$\n\u0001\u0004A\u0015!E:feZL7-Z%eK:$\u0018NZ5feV\tQ\u000b\u0005\u0002W;:\u0011qk\u0017\t\u00031\"j\u0011!\u0017\u0006\u00035~\ta\u0001\u0010:p_Rt\u0014B\u0001/)\u0003\u0019\u0001&/\u001a3fM&\u0011al\u0018\u0002\u0007'R\u0014\u0018N\\4\u000b\u0005qC\u0013AE:feZL7-Z%eK:$\u0018NZ5fe\u0002\naaY1t+Jd\u0017aB2bgV\u0013H\u000eI\u0001\nG\u0006\u001c8\t\\5f]R,\u0012!\u001a\t\u0003M&l\u0011a\u001a\u0006\u0003QB\n1aY1t\u0013\tQwMA\u0005DCN\u001cE.[3oi\u0006Q1-Y:DY&,g\u000e\u001e\u0011\u0002+Y\fG.\u001b3bi\u0016\u001cVM\u001d<jG\u0016$\u0016nY6fiR\u0019a.a\u0006\u0011\t=$xO\u001f\b\u0003aJt!\u0001W9\n\u0003%J!a\u001d\u0015\u0002\u000fA\f7m[1hK&\u0011QO\u001e\u0002\u0007\u000b&$\b.\u001a:\u000b\u0005MD\u0003CA8y\u0013\tIhOA\u0005UQJ|w/\u00192mKB\u001910!\u0005\u000f\u0007q\fiAD\u0002~\u0003\u0017q1A`A\u0005\u001d\ry\u0018q\u0001\b\u0005\u0003\u0003\t)AD\u0002Y\u0003\u0007I\u0011AH\u0005\u0003kuI!a\r\u001b\n\u0005E\u0012\u0014B\u000151\u0013\r\tyaZ\u0001\n\u0007\u0006\u001c8\t\\5f]RLA!a\u0005\u0002\u0016\tAQk]3s]\u0006lWMC\u0002\u0002\u0010\u001dDq!!\u0007\u0011\u0001\u0004\tY\"\u0001\u0004uS\u000e\\W\r\u001e\t\u0004C\u0005u\u0011bAA\u0010/\ti1+\u001a:wS\u000e,G+[2lKR\fAb\u001d;pe\u0016\u001cVm]:j_:$b!!\n\u0002B\u0005\r\u0003cB\u0014\u0002(\u0005-\u00121H\u0005\u0004\u0003SA#A\u0002+va2,'\u0007\u0005\u0003\u0002.\u0005]RBAA\u0018\u0015\u0011\t\t$a\r\u0002\tU$\u0018\u000e\u001c\u0006\u0003\u0003k\tAA[1wC&!\u0011\u0011HA\u0018\u0005\u0011)V+\u0013#\u0011\u0007\u0005\ni$C\u0002\u0002@]\u0011!bQ1t'\u0016\u001c8/[8o\u0011\u001d\tI\"\u0005a\u0001\u00037Aq!!\u0012\u0012\u0001\u0004\t9%\u0001\u0003vg\u0016\u0014\bcA\u0011\u0002J%\u0019\u00111J\f\u0003/-\u000b\u0017\u0010\u001e;p_&\\W-^:Vg\u0016\u0014H)\u001a;bS2\u001c\u0018!D2sK\u0006$XmU3tg&|g\u000e\u0006\u0003\u0002R\u00055D\u0003BA*\u0003+\u0002Ra\u001c;x\u0003KAq!a\u0016\u0013\u0001\b\tI&A\u0004sKF,Xm\u001d;\u0011\t\u0005m\u0013\u0011N\u0007\u0003\u0003;RA!a\u0018\u0002b\u0005!\u0001\u000e\u001e;q\u0015\u0011\t\u0019'!\u001a\u0002\u000fM,'O\u001e7fi*\u0011\u0011qM\u0001\u0006U\u00064\u0018\r_\u0005\u0005\u0003W\niF\u0001\nIiR\u00048+\u001a:wY\u0016$(+Z9vKN$\bbBA\r%\u0001\u0007\u00111D\u0001\u000bO\u0016$8+Z:tS>tG\u0003BA:\u0003{\u0002Ra\u001c;x\u0003k\u0002raJA\u0014\u0003W\t9\bE\u0002\"\u0003sJ1!a\u001f\u0018\u0005\u001d\u0019Vm]:j_:Dq!a \u0014\u0001\u0004\tY#\u0001\u0002jIR1\u00111QAD\u0003\u001f#B!a\u001d\u0002\u0006\"9\u0011q\u000b\u000bA\u0004\u0005e\u0003bBA\r)\u0001\u0007\u0011\u0011\u0012\t\u0006O\u0005-\u00151D\u0005\u0004\u0003\u001bC#AB(qi&|g\u000eC\u0004\u0002��Q\u0001\r!!%\u0011\u000b\u001d\nY)a\u000b\u0002\u001b\u0011,G.\u001a;f'\u0016\u001c8/[8o)\u0011\t9*!(\u0011\u0007\u001d\nI*C\u0002\u0002\u001c\"\u0012qAQ8pY\u0016\fg\u000eC\u0004\u0002\u001aU\u0001\r!a\u0007\u0015\u0003\u0001\u0002")
/* loaded from: input_file:fi/oph/kouta/security/CasSessionService.class */
public abstract class CasSessionService implements Logging {
    private final SecurityContext securityContext;
    private final KayttooikeusClient userDetailsService;
    private final AuditLog auditLog;
    private final String serviceIdentifier;
    private final String casUrl;
    private final CasClient casClient;
    private Logger logger;
    private volatile boolean bitmap$0;

    @Override // fi.vm.sade.utils.slf4j.Logging
    public <T> T withErrorLogging(Function0<T> function0, String str) {
        Object withErrorLogging;
        withErrorLogging = withErrorLogging(function0, str);
        return (T) withErrorLogging;
    }

    @Override // fi.vm.sade.utils.slf4j.Logging
    public <T> T withWarnLogging(Function0<T> function0, String str, T t) {
        Object withWarnLogging;
        withWarnLogging = withWarnLogging(function0, str, t);
        return (T) withWarnLogging;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8, types: [fi.oph.kouta.security.CasSessionService] */
    private Logger logger$lzycompute() {
        Logger logger;
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                logger = logger();
                this.logger = logger;
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        return this.logger;
    }

    @Override // fi.vm.sade.utils.slf4j.Logging
    public Logger logger() {
        return !this.bitmap$0 ? logger$lzycompute() : this.logger;
    }

    public SecurityContext securityContext() {
        return this.securityContext;
    }

    public KayttooikeusClient userDetailsService() {
        return this.userDetailsService;
    }

    public String serviceIdentifier() {
        return this.serviceIdentifier;
    }

    public String casUrl() {
        return this.casUrl;
    }

    private CasClient casClient() {
        return this.casClient;
    }

    private Either<Throwable, String> validateServiceTicket(ServiceTicket serviceTicket) {
        if (serviceTicket == null) {
            throw new MatchError(serviceTicket);
        }
        String s = serviceTicket.s();
        return casClient().validateServiceTicketWithVirkailijaUsername(securityContext().casServiceIdentifier(), s).handleWith(new CasSessionService$$anonfun$validateServiceTicket$1(this, s)).unsafePerformSyncAttemptFor(Duration$.MODULE$.apply(15L, TimeUnit.SECONDS)).toEither();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Tuple2<UUID, CasSession> storeSession(ServiceTicket serviceTicket, KayttooikeusUserDetails kayttooikeusUserDetails) {
        CasSession casSession = new CasSession(serviceTicket, kayttooikeusUserDetails.oid(), kayttooikeusUserDetails.authorities());
        logger().debug(new StringBuilder(22).append("Storing to session: ").append(casSession.casTicket()).append(" ").append(casSession.personOid()).append(" ").append(casSession.authorities()).toString());
        return new Tuple2<>(SessionDAO$.MODULE$.store(casSession), casSession);
    }

    private Either<Throwable, Tuple2<UUID, CasSession>> createSession(ServiceTicket serviceTicket, HttpServletRequest httpServletRequest) {
        return validateServiceTicket(serviceTicket).map(str -> {
            return this.userDetailsService().getUserByUsername(str);
        }).map(kayttooikeusUserDetails -> {
            return this.storeSession(serviceTicket, kayttooikeusUserDetails);
        }).map(tuple2 -> {
            if (tuple2 == null) {
                throw new MatchError(tuple2);
            }
            return this.auditLog.logLogin((UUID) tuple2.mo7068_1(), (CasSession) tuple2.mo7067_2(), serviceTicket, httpServletRequest);
        });
    }

    private Either<Throwable, Tuple2<UUID, Session>> getSession(UUID uuid) {
        return SessionDAO$.MODULE$.get(uuid).map(session -> {
            return new Tuple2(uuid, session);
        }).toRight(() -> {
            return new AuthenticationFailedException(new StringBuilder(22).append("Session ").append(uuid).append(" doesn't exist").toString());
        });
    }

    public Either<Throwable, Tuple2<UUID, Session>> getSession(Option<ServiceTicket> option, Option<UUID> option2, HttpServletRequest httpServletRequest) {
        Either<Throwable, Tuple2<UUID, Session>> flatMap;
        logger().trace(new StringBuilder(44).append("Getting session with ticket ").append(option).append(" and session id ").append(option2).toString());
        Tuple2 tuple2 = new Tuple2(option, option2);
        if (tuple2 != null) {
            Option option3 = (Option) tuple2.mo7068_1();
            Option option4 = (Option) tuple2.mo7067_2();
            if (None$.MODULE$.equals(option3) && None$.MODULE$.equals(option4)) {
                logger().trace("No session found");
                flatMap = package$.MODULE$.Left().apply(new AuthenticationFailedException("No credentials given"));
                return flatMap;
            }
        }
        if (tuple2 != null) {
            Option option5 = (Option) tuple2.mo7068_1();
            Option option6 = (Option) tuple2.mo7067_2();
            if (None$.MODULE$.equals(option5) && (option6 instanceof Some)) {
                flatMap = getSession((UUID) ((Some) option6).value());
                return flatMap;
            }
        }
        if (tuple2 != null) {
            Option option7 = (Option) tuple2.mo7068_1();
            Option option8 = (Option) tuple2.mo7067_2();
            if (option7 instanceof Some) {
                ServiceTicket serviceTicket = (ServiceTicket) ((Some) option7).value();
                if (None$.MODULE$.equals(option8)) {
                    flatMap = createSession(serviceTicket, httpServletRequest);
                    return flatMap;
                }
            }
        }
        if (tuple2 != null) {
            Option option9 = (Option) tuple2.mo7068_1();
            Option option10 = (Option) tuple2.mo7067_2();
            if (option9 instanceof Some) {
                ServiceTicket serviceTicket2 = (ServiceTicket) ((Some) option9).value();
                if (option10 instanceof Some) {
                    flatMap = getSession((UUID) ((Some) option10).value()).left().flatMap(th -> {
                        Either<Throwable, Tuple2<UUID, CasSession>> apply;
                        if (th instanceof AuthenticationFailedException) {
                            this.logger().warn(new StringBuilder(56).append("Creating session after authentication failed exception: ").append(((AuthenticationFailedException) th).getMessage()).toString());
                            apply = this.createSession(serviceTicket2, httpServletRequest);
                        } else {
                            apply = package$.MODULE$.Left().apply(th);
                        }
                        return apply;
                    });
                    return flatMap;
                }
            }
        }
        throw new MatchError(tuple2);
    }

    public boolean deleteSession(ServiceTicket serviceTicket) {
        return SessionDAO$.MODULE$.delete(serviceTicket);
    }

    public CasSessionService(SecurityContext securityContext, KayttooikeusClient kayttooikeusClient, AuditLog auditLog) {
        this.securityContext = securityContext;
        this.userDetailsService = kayttooikeusClient;
        this.auditLog = auditLog;
        Logging.$init$(this);
        logger().info(new StringBuilder(23).append("Using security context ").append(securityContext.getClass().getSimpleName()).toString());
        this.serviceIdentifier = securityContext.casServiceIdentifier();
        this.casUrl = securityContext.casUrl();
        this.casClient = securityContext.casClient();
    }
}
