package com.helger.photon.security.login;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.annotation.Nonempty;
import com.helger.commons.annotation.ReturnsMutableCopy;
import com.helger.commons.annotation.ReturnsMutableObject;
import com.helger.commons.annotation.UsedViaReflection;
import com.helger.commons.callback.CallbackList;
import com.helger.commons.collection.impl.CommonsHashMap;
import com.helger.commons.collection.impl.ICommonsCollection;
import com.helger.commons.collection.impl.ICommonsMap;
import com.helger.commons.collection.impl.ICommonsSet;
import com.helger.commons.concurrent.SimpleReadWriteLock;
import com.helger.commons.state.EChange;
import com.helger.commons.string.ToStringGenerator;
import com.helger.photon.audit.AuditHelper;
import com.helger.photon.core.login.CLogin;
import com.helger.photon.core.servlet.LogoutServlet;
import com.helger.photon.security.lock.ObjectLockManager;
import com.helger.photon.security.mgr.PhotonSecurityManager;
import com.helger.photon.security.password.GlobalPasswordSettings;
import com.helger.photon.security.user.IUser;
import com.helger.photon.security.user.IUserManager;
import com.helger.photon.security.util.SecurityHelper;
import com.helger.scope.IScope;
import com.helger.scope.ISessionScope;
import com.helger.scope.mgr.ScopeManager;
import com.helger.scope.singleton.AbstractGlobalSingleton;
import com.helger.security.authentication.subject.user.ICurrentUserIDProvider;
import com.helger.web.scope.ISessionWebScope;
import com.helger.web.scope.session.ISessionWebScopeActivationHandler;
import com.helger.web.scope.singleton.AbstractSessionWebSingleton;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.time.Duration;
import javax.annotation.Nonnegative;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.GuardedBy;
import javax.annotation.concurrent.ThreadSafe;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/ph-oton-security-8.3.1.jar:com/helger/photon/security/login/LoggedInUserManager.class */
public final class LoggedInUserManager extends AbstractGlobalSingleton implements ICurrentUserIDProvider {
    public static final boolean DEFAULT_LOGOUT_ALREADY_LOGGED_IN_USER = false;
    public static final boolean DEFAULT_ANONYMOUS_LOGGING = false;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) LoggedInUserManager.class);

    @GuardedBy("m_aRWLock")
    private final ICommonsMap<String, LoginInfo> m_aLoggedInUsers = new CommonsHashMap();
    private final CallbackList<IUserLoginCallback> m_aUserLoginCallbacks = new CallbackList<>();
    private final CallbackList<IUserLogoutCallback> m_aUserLogoutCallbacks = new CallbackList<>();
    private boolean m_bLogoutAlreadyLoggedInUser = false;
    private boolean m_bAnonymousLogging = false;

    /* loaded from: input_file:WEB-INF/lib/ph-oton-security-8.3.1.jar:com/helger/photon/security/login/LoggedInUserManager$InternalSessionUserHolder.class */
    public static final class InternalSessionUserHolder extends AbstractSessionWebSingleton implements ISessionWebScopeActivationHandler {
        private transient IUser m_aUser;
        private String m_sUserID;
        private transient LoggedInUserManager m_aOwningMgr;

        @Deprecated
        @UsedViaReflection
        public InternalSessionUserHolder() {
        }

        @Nonnull
        private static InternalSessionUserHolder _getInstance() {
            return (InternalSessionUserHolder) getSessionSingleton(InternalSessionUserHolder.class);
        }

        @Nullable
        private static InternalSessionUserHolder _getInstanceIfInstantiated() {
            return (InternalSessionUserHolder) getSessionSingletonIfInstantiated(InternalSessionUserHolder.class);
        }

        /* JADX INFO: Access modifiers changed from: private */
        @Nullable
        public static InternalSessionUserHolder _getInstanceIfInstantiatedInScope(@Nullable ISessionScope iSessionScope) {
            return (InternalSessionUserHolder) getSingletonIfInstantiated(iSessionScope, InternalSessionUserHolder.class);
        }

        private void readObject(@Nonnull ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
            objectInputStream.defaultReadObject();
            if (this.m_sUserID != null) {
                this.m_aUser = PhotonSecurityManager.getUserMgr().getUserOfID(this.m_sUserID);
                if (this.m_aUser == null) {
                    throw new IllegalStateException("Failed to resolve user with ID '" + this.m_sUserID + "'");
                }
            }
            this.m_aOwningMgr = LoggedInUserManager.getInstance();
        }

        @Override // com.helger.web.scope.session.ISessionWebScopeActivationHandler
        public void onSessionDidActivate(@Nonnull ISessionWebScope iSessionWebScope) {
            this.m_aOwningMgr.internalSessionActivateUser(this.m_aUser, iSessionWebScope);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean _hasUser() {
            return this.m_aUser != null;
        }

        /* JADX INFO: Access modifiers changed from: private */
        @Nullable
        public String _getUserID() {
            return this.m_sUserID;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void _setUser(@Nonnull LoggedInUserManager loggedInUserManager, @Nonnull IUser iUser) {
            ValueEnforcer.notNull(loggedInUserManager, "OwningMgr");
            ValueEnforcer.notNull(iUser, "User");
            if (this.m_aUser != null) {
                throw new IllegalStateException("Session already has a user!");
            }
            this.m_aOwningMgr = loggedInUserManager;
            this.m_aUser = iUser;
            this.m_sUserID = iUser.getID();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void _reset() {
            this.m_aUser = null;
            this.m_sUserID = null;
            this.m_aOwningMgr = null;
        }

        @Override // com.helger.scope.singleton.AbstractSingleton
        protected void onDestroy(@Nonnull IScope iScope) {
            LoggedInUserManager loggedInUserManager = this.m_aOwningMgr;
            String str = this.m_sUserID;
            _reset();
            if (loggedInUserManager != null) {
                loggedInUserManager.logoutUser(str);
            }
        }

        @Override // com.helger.scope.singleton.AbstractSingleton
        public String toString() {
            return ToStringGenerator.getDerived(super.toString()).append("userID", this.m_sUserID).getToString();
        }

        static /* synthetic */ InternalSessionUserHolder access$000() {
            return _getInstance();
        }

        static /* synthetic */ InternalSessionUserHolder access$600() {
            return _getInstanceIfInstantiated();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ph-oton-security-8.3.1.jar:com/helger/photon/security/login/LoggedInUserManager$InternalUserLogoutCallbackUnlockAllObjects.class */
    static final class InternalUserLogoutCallbackUnlockAllObjects implements IUserLogoutCallback {
        InternalUserLogoutCallbackUnlockAllObjects() {
        }

        @Override // com.helger.photon.security.login.IUserLogoutCallback
        public void onUserLogout(@Nonnull LoginInfo loginInfo) {
            ObjectLockManager instanceIfInstantiated = ObjectLockManager.getInstanceIfInstantiated();
            if (instanceIfInstantiated != null) {
                instanceIfInstantiated.getDefaultLockMgr().unlockAllObjectsOfUser(loginInfo.getUserID());
            }
        }
    }

    @Deprecated
    @UsedViaReflection
    public LoggedInUserManager() {
        this.m_aUserLogoutCallbacks.add(new InternalUserLogoutCallbackUnlockAllObjects());
    }

    @Nonnull
    public static LoggedInUserManager getInstance() {
        return (LoggedInUserManager) getGlobalSingleton(LoggedInUserManager.class);
    }

    @Nonnull
    @ReturnsMutableObject
    public CallbackList<IUserLoginCallback> userLoginCallbacks() {
        return this.m_aUserLoginCallbacks;
    }

    @Nonnull
    @ReturnsMutableObject
    public CallbackList<IUserLogoutCallback> userLogoutCallbacks() {
        return this.m_aUserLogoutCallbacks;
    }

    public boolean isLogoutAlreadyLoggedInUser() {
        return this.m_aRWLock.readLockedBoolean(() -> {
            return this.m_bLogoutAlreadyLoggedInUser;
        });
    }

    public void setLogoutAlreadyLoggedInUser(boolean z) {
        this.m_aRWLock.writeLocked(() -> {
            this.m_bLogoutAlreadyLoggedInUser = z;
        });
    }

    public boolean isAnonymousLogging() {
        return this.m_aRWLock.readLockedBoolean(() -> {
            return this.m_bAnonymousLogging;
        });
    }

    public void setAnonymousLogging(boolean z) {
        this.m_aRWLock.writeLocked(() -> {
            this.m_bAnonymousLogging = z;
        });
    }

    @Nonnull
    private String _getUserIDLogText(@Nonnull String str) {
        return isAnonymousLogging() ? "a user" : "user '" + str + "'";
    }

    @Nonnull
    private ELoginResult _onLoginError(@Nonnull @Nonempty String str, @Nonnull ELoginResult eLoginResult) {
        this.m_aUserLoginCallbacks.forEach(iUserLoginCallback -> {
            iUserLoginCallback.onUserLoginError(str, eLoginResult);
        });
        return eLoginResult;
    }

    void internalSessionActivateUser(@Nonnull IUser iUser, @Nonnull ISessionScope iSessionScope) {
        ValueEnforcer.notNull(iUser, "User");
        ValueEnforcer.notNull(iSessionScope, "SessionScope");
        LoginInfo loginInfo = new LoginInfo(iUser, iSessionScope);
        this.m_aRWLock.writeLocked(() -> {
            this.m_aLoggedInUsers.put(iUser.getID(), loginInfo);
        });
    }

    @Nonnull
    public ELoginResult loginUser(@Nullable String str, @Nullable String str2) {
        return loginUser(str, str2, (Iterable<String>) null);
    }

    @Nonnull
    public ELoginResult loginUser(@Nullable String str, @Nullable String str2, @Nullable Iterable<String> iterable) {
        IUser userOfLoginName = PhotonSecurityManager.getUserMgr().getUserOfLoginName(str);
        if (userOfLoginName != null) {
            return loginUser(userOfLoginName, str2, iterable);
        }
        AuditHelper.onAuditExecuteFailure(CLogin.LAYOUT_AREAID_LOGIN, str, "no-such-loginname");
        return ELoginResult.USER_NOT_EXISTING;
    }

    @Nonnull
    public ELoginResult loginUser(@Nullable IUser iUser, @Nullable String str, @Nullable Iterable<String> iterable) {
        if (iUser == null) {
            return ELoginResult.USER_NOT_EXISTING;
        }
        String id = iUser.getID();
        if (iUser.isDeleted()) {
            AuditHelper.onAuditExecuteFailure(CLogin.LAYOUT_AREAID_LOGIN, id, "user-is-deleted");
            return _onLoginError(id, ELoginResult.USER_IS_DELETED);
        }
        if (iUser.isDisabled()) {
            AuditHelper.onAuditExecuteFailure(CLogin.LAYOUT_AREAID_LOGIN, id, "user-is-disabled");
            return _onLoginError(id, ELoginResult.USER_IS_DISABLED);
        }
        IUserManager userMgr = PhotonSecurityManager.getUserMgr();
        if (!userMgr.areUserIDAndPasswordValid(id, str)) {
            AuditHelper.onAuditExecuteFailure(CLogin.LAYOUT_AREAID_LOGIN, id, "invalid-password");
            return _onLoginError(id, ELoginResult.INVALID_PASSWORD);
        }
        if (!SecurityHelper.hasUserAllRoles(id, iterable)) {
            AuditHelper.onAuditExecuteFailure(CLogin.LAYOUT_AREAID_LOGIN, id, "user-is-missing-required-roles", iterable);
            return _onLoginError(id, ELoginResult.USER_IS_MISSING_ROLE);
        }
        String algorithmName = iUser.getPasswordHash().getAlgorithmName();
        String defaultPasswordHashCreatorAlgorithmName = GlobalPasswordSettings.getPasswordHashCreatorManager().getDefaultPasswordHashCreatorAlgorithmName();
        if (!algorithmName.equals(defaultPasswordHashCreatorAlgorithmName)) {
            userMgr.setUserPassword(id, str);
            if (LOGGER.isInfoEnabled()) {
                LOGGER.info("Updated password hash of " + _getUserIDLogText(id) + " from algorithm '" + algorithmName + "' to '" + defaultPasswordHashCreatorAlgorithmName + "'");
            }
        }
        boolean z = false;
        this.m_aRWLock.writeLock().lock();
        try {
            if (this.m_aLoggedInUsers.containsKey(id)) {
                if (!isLogoutAlreadyLoggedInUser()) {
                    AuditHelper.onAuditExecuteFailure(CLogin.LAYOUT_AREAID_LOGIN, id, "user-already-logged-in");
                    ELoginResult _onLoginError = _onLoginError(id, ELoginResult.USER_ALREADY_LOGGED_IN);
                    this.m_aRWLock.writeLock().unlock();
                    return _onLoginError;
                }
                logoutUser(id);
                if (this.m_aLoggedInUsers.containsKey(id)) {
                    throw new IllegalStateException("Failed to logout '" + id + "'");
                }
                AuditHelper.onAuditExecuteSuccess("logout-in-login", id);
                z = true;
            }
            InternalSessionUserHolder access$000 = InternalSessionUserHolder.access$000();
            if (access$000._hasUser()) {
                if (LOGGER.isWarnEnabled()) {
                    LOGGER.warn("The session user holder already has the user ID '" + access$000._getUserID() + "' so the new ID '" + id + "' will not be set!");
                }
                AuditHelper.onAuditExecuteFailure(CLogin.LAYOUT_AREAID_LOGIN, id, "session-already-has-user");
                ELoginResult _onLoginError2 = _onLoginError(id, ELoginResult.SESSION_ALREADY_HAS_USER);
                this.m_aRWLock.writeLock().unlock();
                return _onLoginError2;
            }
            LoginInfo loginInfo = new LoginInfo(iUser, ScopeManager.getSessionScope());
            this.m_aLoggedInUsers.put(id, loginInfo);
            access$000._setUser(this, iUser);
            this.m_aRWLock.writeLock().unlock();
            if (LOGGER.isInfoEnabled()) {
                LOGGER.info("Logged in " + _getUserIDLogText(id) + (isAnonymousLogging() ? "" : " with login name '" + iUser.getLoginName() + "'"));
            }
            AuditHelper.onAuditExecuteSuccess("login-user", id, iUser.getLoginName());
            this.m_aUserLoginCallbacks.forEach(iUserLoginCallback -> {
                iUserLoginCallback.onUserLogin(loginInfo);
            });
            return z ? ELoginResult.SUCCESS_WITH_LOGOUT : ELoginResult.SUCCESS;
        } catch (Throwable th) {
            this.m_aRWLock.writeLock().unlock();
            throw th;
        }
    }

    @Nonnull
    public EChange logoutUser(@Nullable String str) {
        this.m_aRWLock.writeLock().lock();
        try {
            LoginInfo remove = this.m_aLoggedInUsers.remove(str);
            if (remove == null) {
                AuditHelper.onAuditExecuteSuccess(LogoutServlet.SERVLET_DEFAULT_NAME, str, "user-not-logged-in");
                EChange eChange = EChange.UNCHANGED;
                this.m_aRWLock.writeLock().unlock();
                return eChange;
            }
            InternalSessionUserHolder _getInstanceIfInstantiatedInScope = InternalSessionUserHolder._getInstanceIfInstantiatedInScope(remove.getSessionScope());
            if (_getInstanceIfInstantiatedInScope != null) {
                _getInstanceIfInstantiatedInScope._reset();
            }
            remove.setLogoutDTNow();
            this.m_aRWLock.writeLock().unlock();
            if (LOGGER.isInfoEnabled()) {
                LOGGER.info("Logged out " + _getUserIDLogText(str) + " after " + Duration.between(remove.getLoginDT(), remove.getLogoutDT()).toString());
            }
            AuditHelper.onAuditExecuteSuccess(LogoutServlet.SERVLET_DEFAULT_NAME, str);
            this.m_aUserLogoutCallbacks.forEach(iUserLogoutCallback -> {
                iUserLogoutCallback.onUserLogout(remove);
            });
            return EChange.CHANGED;
        } catch (Throwable th) {
            this.m_aRWLock.writeLock().unlock();
            throw th;
        }
    }

    @Nonnull
    public EChange logoutCurrentUser() {
        return logoutUser(getCurrentUserID());
    }

    public boolean isUserLoggedIn(@Nullable String str) {
        return this.m_aRWLock.readLockedBoolean(() -> {
            return this.m_aLoggedInUsers.containsKey(str);
        });
    }

    @Nonnull
    @ReturnsMutableCopy
    public ICommonsSet<String> getAllLoggedInUserIDs() {
        SimpleReadWriteLock simpleReadWriteLock = this.m_aRWLock;
        ICommonsMap<String, LoginInfo> iCommonsMap = this.m_aLoggedInUsers;
        iCommonsMap.getClass();
        return (ICommonsSet) simpleReadWriteLock.readLockedGet(iCommonsMap::copyOfKeySet);
    }

    @Nullable
    public LoginInfo getLoginInfo(@Nullable String str) {
        return (LoginInfo) this.m_aRWLock.readLockedGet(() -> {
            return this.m_aLoggedInUsers.get(str);
        });
    }

    @Nonnull
    @ReturnsMutableCopy
    public ICommonsCollection<LoginInfo> getAllLoginInfos() {
        SimpleReadWriteLock simpleReadWriteLock = this.m_aRWLock;
        ICommonsMap<String, LoginInfo> iCommonsMap = this.m_aLoggedInUsers;
        iCommonsMap.getClass();
        return (ICommonsCollection) simpleReadWriteLock.readLockedGet(iCommonsMap::copyOfValues);
    }

    @Nonnegative
    public int getLoggedInUserCount() {
        SimpleReadWriteLock simpleReadWriteLock = this.m_aRWLock;
        ICommonsMap<String, LoginInfo> iCommonsMap = this.m_aLoggedInUsers;
        iCommonsMap.getClass();
        return simpleReadWriteLock.readLockedInt(iCommonsMap::size);
    }

    @Override // com.helger.security.authentication.subject.user.ICurrentUserIDProvider
    @Nullable
    public String getCurrentUserID() {
        InternalSessionUserHolder access$600 = InternalSessionUserHolder.access$600();
        if (access$600 == null) {
            return null;
        }
        return access$600.m_sUserID;
    }

    public boolean isUserLoggedInInCurrentSession() {
        return getCurrentUserID() != null;
    }

    public boolean isNoUserLoggedInInCurrentSession() {
        return getCurrentUserID() == null;
    }

    @Nullable
    public IUser getCurrentUser() {
        InternalSessionUserHolder access$600 = InternalSessionUserHolder.access$600();
        if (access$600 == null) {
            return null;
        }
        return access$600.m_aUser;
    }

    public boolean isCurrentUserAdministrator() {
        IUser currentUser = getCurrentUser();
        return currentUser != null && currentUser.isAdministrator();
    }

    @Override // com.helger.scope.singleton.AbstractSingleton
    public String toString() {
        return ToStringGenerator.getDerived(super.toString()).append("loggedInUsers", this.m_aLoggedInUsers).append("userLoginCallbacks", this.m_aUserLoginCallbacks).append("userLogoutCallbacks", this.m_aUserLogoutCallbacks).append("logoutAlreadyLoggedInUser", this.m_bLogoutAlreadyLoggedInUser).getToString();
    }
}
