package org.openslx.bwlp.sat.thrift;

import java.sql.SQLException;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import org.apache.log4j.Logger;
import org.apache.log4j.helpers.FileWatchdog;
import org.openslx.bwlp.sat.database.mappers.DbUser;
import org.openslx.bwlp.sat.permissions.User;
import org.openslx.bwlp.sat.util.Formatter;
import org.openslx.bwlp.thrift.iface.AuthorizationError;
import org.openslx.bwlp.thrift.iface.Role;
import org.openslx.bwlp.thrift.iface.TAuthorizationException;
import org.openslx.bwlp.thrift.iface.TInvalidTokenException;
import org.openslx.bwlp.thrift.iface.TInvocationException;
import org.openslx.bwlp.thrift.iface.UserInfo;
import org.openslx.thrifthelper.ThriftManager;
import org.openslx.util.QuickTimer;

/* loaded from: input_file:org/openslx/bwlp/sat/thrift/SessionManager.class */
public class SessionManager {
    private static final Logger LOGGER = Logger.getLogger(SessionManager.class);
    private static final Map<String, Entry> tokenManager = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/openslx/bwlp/sat/thrift/SessionManager$Entry.class */
    public static class Entry {
        private static final long SESSION_TIMEOUT = TimeUnit.DAYS.toMillis(1);
        private final UserInfo user;
        private long validUntil;

        private Entry(UserInfo userInfo) {
            this.user = userInfo;
            this.validUntil = System.currentTimeMillis() + SESSION_TIMEOUT;
        }

        public void touch(long j) {
            this.validUntil = j + SESSION_TIMEOUT;
        }

        public boolean isTooOld(long j) {
            return this.validUntil < j;
        }
    }

    public static UserInfo getOrFail(String str) throws TAuthorizationException, TInvocationException {
        UserInfo internal = getInternal(str);
        if (internal != null) {
            return internal;
        }
        throw new TAuthorizationException(AuthorizationError.NOT_AUTHENTICATED, "Your session token is not known to the server");
    }

    public static void ensureAuthenticated(String str) throws TAuthorizationException, TInvocationException {
        getInternal(str);
    }

    public static UserInfo get(String str) {
        try {
            return getInternal(str);
        } catch (TAuthorizationException | TInvocationException e) {
            return null;
        }
    }

    private static UserInfo getInternal(String str) throws TAuthorizationException, TInvocationException {
        Entry entry = tokenManager.get(str);
        if (entry == null) {
            LOGGER.info("Cache miss for token " + str + ", asking master");
            return getRemote(str);
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (entry.isTooOld(currentTimeMillis)) {
            tokenManager.remove(str);
            return getRemote(str);
        }
        entry.touch(currentTimeMillis);
        return entry.user;
    }

    public static void remove(String str) {
        tokenManager.remove(str);
    }

    private static UserInfo getRemote(String str) throws TAuthorizationException, TInvocationException {
        try {
            UserInfo userFromToken = ThriftManager.getMasterClient().getUserFromToken(str);
            LOGGER.info("Got '" + Formatter.userFullName(userFromToken) + "' (" + userFromToken.userId + ") for token " + str);
            if (userFromToken.role == null) {
                userFromToken.role = Role.STUDENT;
            }
            handleAuthorizationError(userFromToken, User.canLogin(userFromToken));
            if (userFromToken.role != Role.STUDENT) {
                try {
                    DbUser.writeUserOnLogin(userFromToken);
                    handleAuthorizationError(userFromToken, User.canLogin(userFromToken));
                } catch (SQLException e) {
                    LOGGER.info("User " + userFromToken.userId + " cannot be written to DB - rejecting.");
                    throw new TInvocationException();
                }
            }
            tokenManager.put(str, new Entry(userFromToken));
            return userFromToken;
        } catch (TInvalidTokenException e2) {
            LOGGER.warn("Master says: Invalid token: " + str);
            throw new TAuthorizationException(AuthorizationError.INVALID_TOKEN, "Your token is not known to the master server");
        } catch (Exception e3) {
            LOGGER.warn("Could not reach master server to query for user token (" + str + ") of a client!", e3);
            throw new TInvocationException();
        }
    }

    private static void handleAuthorizationError(UserInfo userInfo, AuthorizationError authorizationError) throws TAuthorizationException {
        if (authorizationError == null) {
            return;
        }
        LOGGER.info("User " + userInfo.userId + " cannot login: " + authorizationError.toString());
        switch (authorizationError) {
            case ACCOUNT_SUSPENDED:
                throw new TAuthorizationException(authorizationError, "Your account is not allowed to log in to this satellite");
            case BANNED_NETWORK:
                throw new TAuthorizationException(authorizationError, "Your IP address is banned from this satellite");
            case INVALID_CREDENTIALS:
            case INVALID_KEY:
            case CHALLENGE_FAILED:
                throw new TAuthorizationException(authorizationError, "Authentication error");
            case INVALID_ORGANIZATION:
                throw new TAuthorizationException(authorizationError, "Your organization is not known to this satellite");
            case ORGANIZATION_SUSPENDED:
                throw new TAuthorizationException(authorizationError, "Your organization is not allowed to log in to this satellite");
            case NOT_AUTHENTICATED:
            case NO_PERMISSION:
                throw new TAuthorizationException(authorizationError, "No permission");
            case GENERIC_ERROR:
            case INVALID_TOKEN:
            default:
                throw new TAuthorizationException(authorizationError, "Internal server error");
        }
    }

    static {
        QuickTimer.scheduleAtFixedDelay(new QuickTimer.Task() { // from class: org.openslx.bwlp.sat.thrift.SessionManager.1
            @Override // org.openslx.util.QuickTimer.Task
            public void fire() {
                long currentTimeMillis = System.currentTimeMillis();
                Iterator it = SessionManager.tokenManager.values().iterator();
                while (it.hasNext()) {
                    Entry entry = (Entry) it.next();
                    if (entry == null || entry.isTooOld(currentTimeMillis)) {
                        it.remove();
                    }
                }
            }
        }, FileWatchdog.DEFAULT_DELAY, 1200600L);
    }
}
