package _ss_com.streamsets.lib.security.http;

import _ss_com.com.google.common.annotations.VisibleForTesting;
import _ss_com.streamsets.datacollector.record.PathElement;
import _ss_com.streamsets.datacollector.util.Configuration;
import com.streamsets.pipeline.api.impl.Utils;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.concurrent.Callable;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:_ss_com/streamsets/lib/security/http/AbstractSSOService.class */
public abstract class AbstractSSOService implements SSOService {
    public static final String CONFIG_PREFIX = "dpm.";
    public static final String SECURITY_SERVICE_VALIDATE_AUTH_TOKEN_FREQ_CONFIG = "dpm.security.validationTokenFrequency.secs";
    public static final long SECURITY_SERVICE_VALIDATE_AUTH_TOKEN_FREQ_DEFAULT = 60;
    private String loginPageUrl;
    private String logoutUrl;
    private PrincipalCache userPrincipalCache;
    private PrincipalCache appPrincipalCache;
    protected RegistrationResponseDelegate registrationResponseDelegate;
    private ConcurrentMap<String, Object> lockMap = new ConcurrentHashMap();
    private static final Logger LOG = LoggerFactory.getLogger(AbstractSSOService.class);
    private static final Object DUMMY = new Object();

    @Override // _ss_com.streamsets.lib.security.http.SSOService
    public void setDelegateTo(SSOService sSOService) {
        throw new UnsupportedOperationException();
    }

    @Override // _ss_com.streamsets.lib.security.http.SSOService
    public SSOService getDelegateTo() {
        throw new UnsupportedOperationException();
    }

    @Override // _ss_com.streamsets.lib.security.http.SSOService
    public void setConfiguration(Configuration configuration) {
        long j = configuration.get(SECURITY_SERVICE_VALIDATE_AUTH_TOKEN_FREQ_CONFIG, 60L);
        Utils.checkArgument(j >= 30, Utils.format("Configuration '{}' set to '{}' seconds, it must be at least '{}' secs", new Object[]{SECURITY_SERVICE_VALIDATE_AUTH_TOKEN_FREQ_CONFIG, Long.valueOf(j), 30}));
        initializePrincipalCaches(TimeUnit.SECONDS.toMillis(j));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setLoginPageUrl(String str) {
        this.loginPageUrl = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setLogoutUrl(String str) {
        this.logoutUrl = str;
    }

    void initializePrincipalCaches(long j) {
        this.userPrincipalCache = new PrincipalCache(j, TimeUnit.HOURS.toMillis(1L));
        this.appPrincipalCache = new PrincipalCache(j, j);
    }

    protected PrincipalCache getUserPrincipalCache() {
        return this.userPrincipalCache;
    }

    protected PrincipalCache getAppPrincipalCache() {
        return this.appPrincipalCache;
    }

    @Override // _ss_com.streamsets.lib.security.http.SSOService
    public String createRedirectToLoginUrl(String str, boolean z) {
        try {
            String str2 = this.loginPageUrl + PathElement.WILDCARD_SINGLE_CHAR + SSOConstants.REQUESTED_URL_PARAM + "=" + URLEncoder.encode(str, "UTF-8");
            if (z) {
                str2 = str2 + "&" + SSOConstants.REPEATED_REDIRECT_PARAM + "=";
            }
            return str2;
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(Utils.format("Should not happen: {}", new Object[]{e.toString()}), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getLoginPageUrl() {
        return this.loginPageUrl;
    }

    @Override // _ss_com.streamsets.lib.security.http.SSOService
    public String getLogoutUrl() {
        return this.logoutUrl;
    }

    @Override // _ss_com.streamsets.lib.security.http.SSOService
    public SSOPrincipal validateUserToken(String str) {
        return validate(this.userPrincipalCache, createUserRemoteValidation(str), str, "-", "User");
    }

    @Override // _ss_com.streamsets.lib.security.http.SSOService
    public boolean invalidateUserToken(String str) {
        return this.userPrincipalCache.invalidate(str);
    }

    protected abstract SSOPrincipal validateUserTokenWithSecurityService(String str) throws ForbiddenException;

    @Override // _ss_com.streamsets.lib.security.http.SSOService
    public SSOPrincipal validateAppToken(String str, String str2) {
        SSOPrincipal validate = validate(this.appPrincipalCache, createAppRemoteValidation(str, str2), str, str2, "App");
        if (validate != null && !validate.getPrincipalId().equals(str2)) {
            validate = null;
        }
        return validate;
    }

    @Override // _ss_com.streamsets.lib.security.http.SSOService
    public boolean invalidateAppToken(String str) {
        return this.appPrincipalCache.invalidate(str);
    }

    @Override // _ss_com.streamsets.lib.security.http.SSOService
    public void clearCaches() {
        getUserPrincipalCache().clear();
        getAppPrincipalCache().clear();
        LOG.info("Flushed user and application principal caches");
    }

    @Override // _ss_com.streamsets.lib.security.http.SSOService
    public void setRegistrationResponseDelegate(RegistrationResponseDelegate registrationResponseDelegate) {
        this.registrationResponseDelegate = registrationResponseDelegate;
    }

    protected abstract SSOPrincipal validateAppTokenWithSecurityService(String str, String str2) throws ForbiddenException;

    @VisibleForTesting
    ConcurrentMap<String, Object> getLockMap() {
        return this.lockMap;
    }

    private void trace(String str, String str2, String str3) {
        if (LOG.isTraceEnabled()) {
            LOG.trace(str, SSOUtils.tokenForLog(str2), str3);
        }
    }

    SSOPrincipal validate(PrincipalCache principalCache, Callable<SSOPrincipal> callable, String str, String str2, String str3) {
        SSOPrincipal sSOPrincipal = principalCache.get(str);
        String str4 = SSOUtils.tokenForLog(str);
        if (sSOPrincipal == null) {
            if (principalCache.isInvalid(str)) {
                LOG.debug("Token '{}' invalid '{}' for component '{}'", new Object[]{str3, str4, str2});
            } else {
                trace("Trying to get lock for token '{}' component '{}'", str4, str2);
                long currentTimeMillis = System.currentTimeMillis();
                int i = 0;
                while (getLockMap().putIfAbsent(str, DUMMY) != null) {
                    int i2 = i + 1;
                    if (i2 % 1000 == 0) {
                        trace("Retrying getting lock for token '{}' component '{}'", str4, str2);
                    }
                    i = i2 + 1;
                    if (System.currentTimeMillis() - currentTimeMillis > 10000) {
                        String format = Utils.format("Exceeded 10sec max wait time trying to validate component '{}'", new Object[]{str2});
                        LOG.warn(format);
                        throw new RuntimeException(format);
                    }
                    try {
                        Thread.sleep(10L);
                    } catch (InterruptedException e) {
                        LOG.warn("Got interrupted while waiting for lock for token '{}' for component '{}'", str4, str2);
                        return null;
                    }
                }
                trace("Got lock for token '{}' component '{}'", str, str2);
                try {
                    try {
                        sSOPrincipal = principalCache.get(str);
                        if (sSOPrincipal == null) {
                            LOG.debug("Token '{}' component '{}' not found in cache", str4, str2);
                            try {
                                sSOPrincipal = callable.call();
                                trace("Adding token '{}' for component '{}' to cache", str4, str2);
                                principalCache.put(str, sSOPrincipal);
                            } catch (ForbiddenException e2) {
                                principalCache.invalidate(str);
                                trace("ForbiddenToken '{}' invalid '{}', invalidating in cache", str4, str2);
                                throw e2;
                            } catch (Exception e3) {
                                if (e3 instanceof RuntimeException) {
                                    throw ((RuntimeException) e3);
                                }
                                throw new RuntimeException(e3);
                            }
                        } else {
                            LOG.debug("Token '{}' component '{}' found in cache", str4, str2);
                        }
                        trace("Released lock for token '{}' component '{}'", str4, str2);
                        getLockMap().remove(str);
                    } catch (Throwable th) {
                        trace("Released lock for token '{}' component '{}'", str4, str2);
                        getLockMap().remove(str);
                        throw th;
                    }
                } catch (Exception e4) {
                    LOG.error("Exception while doing remote validation for token '{}' component '{}': {}", new Object[]{str4, str2, e4.toString()});
                    trace("Released lock for token '{}' component '{}'", str4, str2);
                    getLockMap().remove(str);
                }
            }
        }
        return sSOPrincipal;
    }

    Callable<SSOPrincipal> createUserRemoteValidation(final String str) {
        return new Callable<SSOPrincipal>() { // from class: _ss_com.streamsets.lib.security.http.AbstractSSOService.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public SSOPrincipal call() throws Exception {
                return AbstractSSOService.this.validateUserTokenWithSecurityService(str);
            }
        };
    }

    Callable<SSOPrincipal> createAppRemoteValidation(final String str, final String str2) {
        return new Callable<SSOPrincipal>() { // from class: _ss_com.streamsets.lib.security.http.AbstractSSOService.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public SSOPrincipal call() throws Exception {
                return AbstractSSOService.this.validateAppTokenWithSecurityService(str, str2);
            }
        };
    }
}
