package be.ehealth.technicalconnector.session.impl;

import be.ehealth.technicalconnector.beid.BeIDCardFactory;
import be.ehealth.technicalconnector.cache.Cache;
import be.ehealth.technicalconnector.cache.CacheFactory;
import be.ehealth.technicalconnector.config.ConfigFactory;
import be.ehealth.technicalconnector.config.ConfigValidator;
import be.ehealth.technicalconnector.config.Configuration;
import be.ehealth.technicalconnector.exception.SessionManagementException;
import be.ehealth.technicalconnector.exception.SessionManagementExceptionValues;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.exception.TechnicalConnectorExceptionValues;
import be.ehealth.technicalconnector.service.etee.domain.EncryptionToken;
import be.ehealth.technicalconnector.service.keydepot.KeyDepotManager;
import be.ehealth.technicalconnector.service.keydepot.KeyDepotManagerFactory;
import be.ehealth.technicalconnector.service.sts.SAMLTokenFactory;
import be.ehealth.technicalconnector.service.sts.STSServiceFactory;
import be.ehealth.technicalconnector.service.sts.domain.SAMLAttributeDesignator;
import be.ehealth.technicalconnector.service.sts.impl.AbstractSTSService;
import be.ehealth.technicalconnector.service.sts.security.Credential;
import be.ehealth.technicalconnector.service.sts.security.KeyStoreInfo;
import be.ehealth.technicalconnector.service.sts.security.SAMLToken;
import be.ehealth.technicalconnector.service.sts.security.impl.BeIDCredential;
import be.ehealth.technicalconnector.service.sts.security.impl.KeyStoreCredential;
import be.ehealth.technicalconnector.service.sts.utils.SAMLConfigHelper;
import be.ehealth.technicalconnector.service.sts.utils.SAMLHelper;
import be.ehealth.technicalconnector.session.Session;
import be.ehealth.technicalconnector.session.SessionItem;
import be.ehealth.technicalconnector.session.SessionManager;
import be.ehealth.technicalconnector.session.SessionServiceWithCache;
import be.ehealth.technicalconnector.utils.CertificateParser;
import be.ehealth.technicalconnector.utils.DateUtils;
import be.ehealth.technicalconnector.utils.KeyStoreManager;
import be.fgov.ehealth.etee.crypto.utils.KeyManager;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.Validate;
import org.joda.time.DateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/ehealth/technicalconnector/session/impl/SessionManagerImpl.class */
public final class SessionManagerImpl implements SessionManager {
    private static final String EID_SESSION = "session";
    private static final String PROP_SESSIONMNG_SAMLATTRIBUTEDESIGNATOR = "sessionmanager.samlattributedesignator";
    private static final String PROP_SESSIONMNG_SAMLATTRIBUTE = "sessionmanager.samlattribute";
    protected static final String AUTHENTICATION_ALIAS = "authentication";
    private static final String PROP_KEYSTORE_IDNT_NAME = "sessionmanager.identification.keystore";
    private static final String PROP_KEYSTORE_IDNT_ALIAS = "sessionmanager.identification.alias";
    private static final String PROP_KEYSTORE_HOK_NAME = "sessionmanager.holderofkey.keystore";
    private static final String PROP_KEYSTORE_HOK_ALIAS = "sessionmanager.holderofkey.alias";
    private static final String PROP_KEYSTORE_ENC_NAME = "sessionmanager.encryption.keystore";
    private static final String PROP_KEYSTORE_ENC_ALIAS = "sessionmanager.encryption.alias";
    private static final String PROP_VALIDITY_TOKEN = "sessionmanager.validity.token";
    private static final String PROP_AUTO_RENEW = "sessionmanager.activate.autorenew";
    private static final String PROP_DISABLE_EID_DISCOVERY = "sessionmanager.disable.eiddiscovery";
    private static final String PROP_EMPTY_PASSWORD_HOK = "sessionmanager.holderofkey.emptypassword";
    private static final String PROP_EMPTY_PASSWORD_ENCRYPTION = "sessionmanager.encryption.emptypassword";
    public static final String PROP_FETCH_ETK = "sessionmanager.fetch.etk";
    private static final int DEFAULT_VALIDITY_TOKEN = 24;
    private List<SessionServiceWithCache> cacheService;
    private final ConfigValidator config;
    private final Cache<String, KeyStore> cache;
    private SessionItem session;
    private static final Logger LOG = LoggerFactory.getLogger(SessionManagerImpl.class);
    private static Object mutex = new Object();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:be/ehealth/technicalconnector/session/impl/SessionManagerImpl$SessionManagerImplSingleton.class */
    public enum SessionManagerImplSingleton {
        INSTANCE;

        private volatile SessionManagerImpl manager = new SessionManagerImpl();

        SessionManagerImplSingleton() {
        }

        public SessionManagerImpl getManagerImpl() {
            return this.manager;
        }
    }

    private SessionManagerImpl() {
        this.cacheService = new ArrayList();
        this.config = ConfigFactory.getConfigValidatorFor(PROP_SESSIONMNG_SAMLATTRIBUTE, PROP_SESSIONMNG_SAMLATTRIBUTEDESIGNATOR);
        this.cache = CacheFactory.newInstance(CacheFactory.CacheType.MEMORY);
        this.session = new SessionItemImpl();
    }

    public static SessionManagerImpl getInstance() {
        return SessionManagerImplSingleton.INSTANCE.getManagerImpl();
    }

    @Override // be.ehealth.technicalconnector.session.SessionManager
    public void loadSession(SAMLToken sAMLToken, String str) throws TechnicalConnectorException {
        loadSession(sAMLToken, str, null);
    }

    @Override // be.ehealth.technicalconnector.session.SessionManager
    public void loadSession(SAMLToken sAMLToken, String str, String str2) throws TechnicalConnectorException {
        this.session.setHolderOfKeyCredential(sAMLToken);
        HashMap hashMap = new HashMap();
        hashMap.put(AUTHENTICATION_ALIAS, sAMLToken.getPrivateKey());
        try {
            if (sAMLToken.getKeyStore() != null && str != null) {
                LOG.debug("Trying to add all the private keys of the HOK keystore.");
                hashMap.putAll(KeyManager.getDecryptionKeys(sAMLToken.getKeyStore(), str.toCharArray()));
            }
        } catch (Exception e) {
            LOG.warn(e.getClass().getSimpleName() + ":" + e.getMessage(), e);
        }
        this.session.setHolderOfKeyPrivateKeys(hashMap);
        loadEncryptionKeys(str2);
        this.session.setSAMLToken(sAMLToken);
    }

    @Override // be.ehealth.technicalconnector.session.SessionManager
    public SessionItem createSessionEidOnly() throws TechnicalConnectorException {
        return createSession(null, null);
    }

    @Override // be.ehealth.technicalconnector.session.SessionManager
    public SessionItem createSession(String str) throws TechnicalConnectorException {
        return createSession(str, null);
    }

    @Override // be.ehealth.technicalconnector.session.SessionManager
    public SessionItem createSession(String str, String str2) throws TechnicalConnectorException {
        isEidPresent();
        populateConfigWithEidFields();
        loadIdentificationKeys(null, true);
        loadHolderOfKeyKeys(str, true);
        loadEncryptionKeys(str2, true);
        return initSession();
    }

    @Override // be.ehealth.technicalconnector.session.SessionManager
    public SessionItem createFallbackSession(String str) throws TechnicalConnectorException {
        return createFallbackSession(str, null);
    }

    @Override // be.ehealth.technicalconnector.session.SessionManager
    public SessionItem createFallbackSession(String str, String str2) throws TechnicalConnectorException {
        return createFallbackSession(str, str, str2);
    }

    @Override // be.ehealth.technicalconnector.session.SessionManager
    public SessionItem createFallbackSession(String str, String str2, String str3) throws TechnicalConnectorException {
        loadIdentificationKeys(str, false);
        loadHolderOfKeyKeys(str2, false);
        loadEncryptionKeys(str3, false);
        return initSession();
    }

    @Override // be.ehealth.technicalconnector.session.SessionManager
    public SessionItem getSession() {
        if (this.session == null) {
            this.session = new SessionItemImpl();
        }
        return this.session;
    }

    @Override // be.ehealth.technicalconnector.session.SessionManager
    public void unloadSession() {
        this.session = new SessionItemImpl();
        Iterator<SessionServiceWithCache> it = this.cacheService.iterator();
        while (it.hasNext()) {
            it.next().flushCache();
        }
    }

    @Override // be.ehealth.technicalconnector.session.SessionManager
    public boolean hasValidSession() throws SessionManagementException {
        LOG.debug("Checking if session exists and if session is valid...");
        if (getSession() == null || getSession().getSAMLToken() == null) {
            LOG.debug("No Session found");
            return false;
        }
        SAMLToken sAMLToken = getSession().getSAMLToken();
        DateTime notOnOrAfterCondition = SAMLHelper.getNotOnOrAfterCondition(sAMLToken.getAssertion());
        boolean isAfterNow = notOnOrAfterCondition.isAfterNow();
        if (!isAfterNow) {
            isAfterNow = renewSession(sAMLToken);
        }
        LOG.debug("Session found, valid: " + isAfterNow + ". (Valid until:" + DateUtils.printDateTime(notOnOrAfterCondition) + ")");
        return isAfterNow;
    }

    private boolean renewSession(SAMLToken sAMLToken) throws SessionManagementException {
        boolean z = false;
        Iterator<SessionServiceWithCache> it = this.cacheService.iterator();
        while (it.hasNext()) {
            it.next().flushCache();
        }
        if (0 == 0) {
            try {
                if (this.session.getHeaderCredential() != null && this.config.getBooleanProperty(PROP_AUTO_RENEW, false).booleanValue()) {
                    synchronized (mutex) {
                        if (0 == 0) {
                            LOG.debug("Trying to renew existing session.");
                            getSession().setSAMLToken(SAMLTokenFactory.getInstance().createSamlToken(STSServiceFactory.getInstance().renewToken(this.session.getHeaderCredential(), this.session.getHolderOfKeyCredential(), sAMLToken.getAssertion(), this.config.getIntegerProperty(PROP_VALIDITY_TOKEN, Integer.valueOf(DEFAULT_VALIDITY_TOKEN)).intValue()), this.session.getHolderOfKeyCredential()));
                            z = true;
                        }
                    }
                }
            } catch (TechnicalConnectorException e) {
                LOG.error("Autorenew failed: " + e.getMessage());
                throw new SessionManagementException(SessionManagementExceptionValues.ERROR_GENERAL, e, e.getMessage());
            }
        }
        return z;
    }

    private void loadIdentificationKeys(String str, boolean z) throws TechnicalConnectorException {
        char[] charArray = str == null ? ArrayUtils.EMPTY_CHAR_ARRAY : str.toCharArray();
        if (this.cache.containsKey(Session.IDENTIFICATION_KEYSTORE)) {
            this.session.setHeaderCredential(new KeyStoreCredential(this.cache.get(Session.IDENTIFICATION_KEYSTORE), this.config.getProperty(PROP_KEYSTORE_IDNT_ALIAS, AUTHENTICATION_ALIAS), str));
            return;
        }
        if (str == null && z) {
            this.session.setHeaderCredential(BeIDCredential.getInstance(EID_SESSION, BeIDCredential.EID_AUTH_ALIAS));
            return;
        }
        if (str != null || this.config.getBooleanProperty("sessionmanager.identification.emptypassword", false).booleanValue()) {
            try {
                this.session.setHeaderCredential(new KeyStoreCredential(new KeyStoreInfo(this.config.getProperty(PROP_KEYSTORE_IDNT_NAME), charArray, this.config.getProperty(PROP_KEYSTORE_IDNT_ALIAS, AUTHENTICATION_ALIAS), charArray)));
            } catch (Exception e) {
                LOG.error(e.getClass().getSimpleName() + ": Could not load HolderOfkey keys. Reason:" + e.getMessage());
                throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, e, "Could not load decryption keys");
            }
        }
    }

    private void loadHolderOfKeyKeys(String str, boolean z) throws TechnicalConnectorException {
        LOG.debug("Loading HolderOfKeyKeys");
        char[] charArray = str == null ? ArrayUtils.EMPTY_CHAR_ARRAY : str.toCharArray();
        if (this.cache.containsKey(Session.HOLDEROFKEY_KEYSTORE)) {
            KeyStore keyStore = this.cache.get(Session.HOLDEROFKEY_KEYSTORE);
            this.session.setHolderOfKeyCredential(new KeyStoreCredential(keyStore, this.config.getProperty(PROP_KEYSTORE_HOK_ALIAS, AUTHENTICATION_ALIAS), str));
            this.session.setHolderOfKeyPrivateKeys(KeyManager.getDecryptionKeys(keyStore, charArray));
            return;
        }
        if (str == null && z) {
            BeIDCredential beIDCredential = BeIDCredential.getInstance(EID_SESSION, BeIDCredential.EID_AUTH_ALIAS);
            HashMap hashMap = new HashMap();
            hashMap.put(AUTHENTICATION_ALIAS, beIDCredential.getPrivateKey());
            this.session.setHolderOfKeyCredential(beIDCredential);
            this.session.setHolderOfKeyPrivateKeys(hashMap);
            return;
        }
        if (str != null || this.config.getBooleanProperty(PROP_EMPTY_PASSWORD_HOK, false).booleanValue()) {
            try {
                KeyStoreInfo keyStoreInfo = new KeyStoreInfo(this.config.getProperty(PROP_KEYSTORE_HOK_NAME), charArray, this.config.getProperty(PROP_KEYSTORE_HOK_ALIAS, AUTHENTICATION_ALIAS), charArray);
                Map<String, PrivateKey> decryptionKeys = KeyManager.getDecryptionKeys(new KeyStoreManager(keyStoreInfo).getKeyStore(), keyStoreInfo.getPrivateKeyPassword());
                this.session.setHolderOfKeyCredential(new KeyStoreCredential(keyStoreInfo));
                this.session.setHolderOfKeyPrivateKeys(decryptionKeys);
                fetchEtk(KeyDepotManager.EncryptionTokenType.HOLDER_OF_KEY, decryptionKeys, this.config);
            } catch (Exception e) {
                throw translate(e, "HolderOfKey");
            }
        }
    }

    private static TechnicalConnectorException translate(Exception exc, String str) throws TechnicalConnectorException {
        if (exc instanceof TechnicalConnectorException) {
            return (TechnicalConnectorException) exc;
        }
        LOG.error(exc.getClass().getSimpleName() + ": Could not load " + str + " keys. Reason:" + exc.getMessage());
        throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, exc, "Could not load " + str + " keys");
    }

    private static void fetchEtk(KeyDepotManager.EncryptionTokenType encryptionTokenType, Map<String, PrivateKey> map, Configuration configuration) throws TechnicalConnectorException {
        if (configuration.getBooleanProperty(PROP_FETCH_ETK, Boolean.TRUE).booleanValue()) {
            EncryptionToken encryptionToken = null;
            try {
                encryptionToken = KeyDepotManagerFactory.getKeyDepotManager().getETK(encryptionTokenType);
            } catch (Exception e) {
                LOG.warn("Unable to prefetch ETK", e);
            }
            if (encryptionToken != null && !map.containsKey(encryptionToken.getCertificate().getSerialNumber().toString(10))) {
                throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_CONFIG, "The certificate from the ETK don't match with the one in the encryption keystore");
            }
        }
    }

    @Override // be.ehealth.technicalconnector.session.SessionManager
    public void loadEncryptionKeys(String str) throws TechnicalConnectorException {
        loadEncryptionKeys(str, false);
    }

    private void loadEncryptionKeys(String str, boolean z) throws TechnicalConnectorException {
        LOG.debug("Loading EncryptionKeys");
        char[] charArray = str == null ? ArrayUtils.EMPTY_CHAR_ARRAY : str.toCharArray();
        if (this.cache.containsKey(Session.ENCRYPTION_KEYSTORE)) {
            KeyStore keyStore = this.cache.get(Session.ENCRYPTION_KEYSTORE);
            this.session.setHolderOfKeyCredential(new KeyStoreCredential(keyStore, this.config.getProperty(PROP_KEYSTORE_ENC_ALIAS, AUTHENTICATION_ALIAS), str));
            this.session.setHolderOfKeyPrivateKeys(KeyManager.getDecryptionKeys(keyStore, charArray));
            return;
        }
        if (str == null && z) {
            BeIDCredential beIDCredential = BeIDCredential.getInstance(EID_SESSION, BeIDCredential.EID_AUTH_ALIAS);
            HashMap hashMap = new HashMap();
            hashMap.put(AUTHENTICATION_ALIAS, beIDCredential.getPrivateKey());
            this.session.setEncryptionCredential(beIDCredential);
            this.session.setEncryptionPrivateKeys(hashMap);
            return;
        }
        if (str != null || this.config.getBooleanProperty(PROP_EMPTY_PASSWORD_ENCRYPTION, false).booleanValue()) {
            try {
                KeyStoreInfo keyStoreInfo = new KeyStoreInfo(this.config.getProperty(PROP_KEYSTORE_ENC_NAME), charArray, this.config.getProperty(PROP_KEYSTORE_ENC_ALIAS, AUTHENTICATION_ALIAS), charArray);
                Map<String, PrivateKey> decryptionKeys = KeyManager.getDecryptionKeys(new KeyStoreManager(keyStoreInfo).getKeyStore(), keyStoreInfo.getPrivateKeyPassword());
                this.session.setEncryptionCredential(new KeyStoreCredential(keyStoreInfo));
                this.session.setEncryptionPrivateKeys(decryptionKeys);
                fetchEtk(KeyDepotManager.EncryptionTokenType.ENCRYPTION, decryptionKeys, this.config);
            } catch (Exception e) {
                throw translate(e, "EncrytionKeys");
            }
        }
    }

    @Override // be.ehealth.technicalconnector.session.SessionManager
    public void registerSessionService(SessionServiceWithCache sessionServiceWithCache) {
        if (this.cacheService == null) {
            this.cacheService = new ArrayList();
        }
        this.cacheService.add(sessionServiceWithCache);
    }

    private SessionItem initSession() throws TechnicalConnectorException {
        int intValue = this.config.getIntegerProperty(PROP_VALIDITY_TOKEN, Integer.valueOf(DEFAULT_VALIDITY_TOKEN)).intValue();
        LOG.debug("Requesting SAML-Token from STS...");
        SAMLToken token = getToken(intValue, this.session.getHeaderCredential(), this.session.getHolderOfKeyCredential());
        LOG.debug("SAML Token received");
        LOG.debug("Loading SAML token into session...");
        this.session.setSAMLToken(token);
        LOG.debug("Session created!");
        return this.session;
    }

    protected SAMLToken getToken(int i, Credential credential, Credential credential2) throws TechnicalConnectorException {
        Validate.notNull(credential, "Parameter headerCredential is not nullable");
        Validate.notNull(credential2, "Parameter bodyCredential is not nullable");
        List<SAMLAttributeDesignator> sAMLAttributeDesignators = SAMLConfigHelper.getSAMLAttributeDesignators(PROP_SESSIONMNG_SAMLATTRIBUTEDESIGNATOR);
        return SAMLTokenFactory.getInstance().createSamlToken(STSServiceFactory.getInstance().getToken(credential, credential2, SAMLConfigHelper.getSAMLAttributes(PROP_SESSIONMNG_SAMLATTRIBUTE), sAMLAttributeDesignators, AbstractSTSService.HOK_METHOD, i), credential2);
    }

    private void populateConfigWithEidFields() throws TechnicalConnectorException {
        if (this.config.getBooleanProperty(PROP_DISABLE_EID_DISCOVERY, false).booleanValue() || !StringUtils.isEmpty(this.config.getProperty("user.inss"))) {
            return;
        }
        this.config.setProperty("user.inss", new CertificateParser(BeIDCredential.getInstance(EID_SESSION, BeIDCredential.EID_AUTH_ALIAS).getCertificate()).getId());
    }

    private static void isEidPresent() throws TechnicalConnectorException {
        BeIDCardFactory.getBeIDCard();
    }

    @Override // be.ehealth.technicalconnector.session.SessionManager
    public void setKeyStore(Map<String, KeyStore> map) {
        this.cache.clear();
        this.cache.putAll(map);
    }
}
