package org.ovirt.engine.core.sso.utils;

import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.ovirt.engine.api.extensions.Base;
import org.ovirt.engine.api.extensions.ExtMap;
import org.ovirt.engine.api.extensions.aaa.Authn;
import org.ovirt.engine.core.extensions.mgr.ExtensionProxy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ovirt/engine/core/sso/utils/TokenCleanupUtility.class */
public class TokenCleanupUtility {
    private static long lastCleanup = 0;
    private static Logger log = LoggerFactory.getLogger(TokenCleanupUtility.class);

    public static synchronized void cleanupExpiredTokens(ServletContext servletContext) {
        SsoContext ssoContext = SsoUtils.getSsoContext(servletContext);
        long nanoTime = System.nanoTime();
        if (nanoTime - lastCleanup < ssoContext.getSsoLocalConfig().getLong("SSO_HOUSE_KEEPING_INTERVAL") * 1000000000) {
            log.debug("Not cleaning up expired tokens");
            return;
        }
        lastCleanup = nanoTime;
        log.debug("Cleaning up expired tokens");
        long j = ssoContext.getSsoLocalConfig().getLong("SSO_TOKEN_TIMEOUT") * 1000000000;
        for (Map.Entry<String, SsoSession> entry : ssoContext.getSsoSessions().entrySet()) {
            if (nanoTime - entry.getValue().getTokenLastAccess() > j) {
                try {
                    cleanupSsoSession(ssoContext, entry.getValue(), entry.getValue().getAssociatedClientIds());
                } catch (Exception e) {
                    log.error("Unable to cleanup expired session for token {} : {}", entry.getKey(), e.getMessage());
                    log.debug("Exception", e);
                }
            }
        }
        log.debug("Done cleaning up expired tokens");
    }

    public static void cleanupSsoSession(SsoContext ssoContext, SsoSession ssoSession, Set<String> set) {
        try {
            ssoContext.removeSsoSession(ssoSession.getAccessToken());
            HttpSession httpSession = ssoSession.getHttpSession();
            if (httpSession == null) {
                log.debug("No existing Session found for token: {}, cannot invalidate session", ssoSession.getAccessToken());
            } else {
                log.debug("Existing Session found for token: {}, invalidating session", ssoSession.getAccessToken());
                try {
                    httpSession.invalidate();
                } catch (IllegalStateException e) {
                    log.debug("Unable to cleanup SsoSession: {}", e.getMessage());
                }
            }
            invokeAuthnLogout(ssoContext, ssoSession);
            SsoUtils.notifyClientsOfLogoutEvent(ssoContext, set, ssoSession.getAccessToken());
        } catch (Exception e2) {
            log.error("Unable to cleanup SsoSession: {}", e2.getMessage());
            log.debug("Exception", e2);
        }
    }

    private static void invokeAuthnLogout(SsoContext ssoContext, SsoSession ssoSession) throws Exception {
        String profile = ssoSession.getProfile();
        String userId = ssoSession.getUserId();
        ExtMap extMap = null;
        ExtensionProxy extensionProxy = null;
        try {
            try {
                extMap = ssoSession.getAuthRecord();
                if (StringUtils.isNotEmpty(profile) && StringUtils.isNotEmpty(userId)) {
                    Iterator it = ssoContext.getSsoExtensionsManager().getExtensionsByService(Authn.class.getName()).iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        ExtensionProxy extensionProxy2 = (ExtensionProxy) it.next();
                        if (profile.equals(((Properties) extensionProxy2.getContext().get(Base.ContextKeys.CONFIGURATION)).getProperty("ovirt.engine.aaa.authn.profile.name"))) {
                            extensionProxy = extensionProxy2;
                            break;
                        }
                    }
                }
                if (extensionProxy == null || extMap == null || (((Long) extensionProxy.getContext().get(Authn.ContextKeys.CAPABILITIES)).longValue() & 16) == 0) {
                    return;
                }
                extensionProxy.invoke(new ExtMap().mput(Base.InvokeKeys.COMMAND, Authn.InvokeCommands.LOGOUT).mput(Authn.InvokeKeys.AUTH_RECORD, extMap));
            } catch (Exception e) {
                throw new RuntimeException(String.format("Unable to invalidate sessions for token: %s", e.getMessage()));
            }
        } catch (Throwable th) {
            if (0 != 0 && extMap != null && (((Long) extensionProxy.getContext().get(Authn.ContextKeys.CAPABILITIES)).longValue() & 16) != 0) {
                extensionProxy.invoke(new ExtMap().mput(Base.InvokeKeys.COMMAND, Authn.InvokeCommands.LOGOUT).mput(Authn.InvokeKeys.AUTH_RECORD, extMap));
            }
            throw th;
        }
    }
}
