package org.glassfish.admin.rest;

import com.sun.enterprise.config.serverbeans.Config;
import com.sun.enterprise.config.serverbeans.Domain;
import com.sun.grizzly.tcp.http11.GrizzlyRequest;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.jvnet.hk2.annotations.Inject;
import org.jvnet.hk2.annotations.Scoped;
import org.jvnet.hk2.annotations.Service;
import org.jvnet.hk2.component.Habitat;
import org.jvnet.hk2.component.Singleton;

@Service
@Scoped(Singleton.class)
/* loaded from: input_file:org/glassfish/admin/rest/SessionManager.class */
public class SessionManager {

    @Inject
    private Habitat habitat;
    private RestConfig restConfig = null;
    private final SecureRandom randomGenerator = new SecureRandom();
    private Map<String, SessionData> activeSessions = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/glassfish/admin/rest/SessionManager$SessionData.class */
    public class SessionData {
        private String clientAddress;
        private long lastAccessedTime = System.currentTimeMillis();
        private final String DISABLE_REMOTE_ADDRESS_VALIDATION_PROPERTY_NAME = "org.glassfish.admin.rest.disable.remote.address.validation";
        private final boolean disableRemoteAddressValidation = Boolean.getBoolean("org.glassfish.admin.rest.disable.remote.address.validation");

        public SessionData(String str, GrizzlyRequest grizzlyRequest) {
            this.clientAddress = grizzlyRequest.getRemoteAddr();
        }

        public boolean isSessionActive() {
            long j = 1800000;
            RestConfig restConfig = SessionManager.this.getRestConfig();
            if (restConfig != null) {
                j = Integer.parseInt(restConfig.getSessionTokenTimeout()) * 60000;
            }
            return this.lastAccessedTime + j > System.currentTimeMillis();
        }

        public void updateLastAccessTime() {
            this.lastAccessedTime = System.currentTimeMillis();
        }

        public boolean authenticate(GrizzlyRequest grizzlyRequest) {
            return isSessionActive() && (this.clientAddress.equals(grizzlyRequest.getRemoteAddr()) || this.disableRemoteAddressValidation);
        }
    }

    public String createSession(GrizzlyRequest grizzlyRequest) {
        String bigInteger;
        do {
            bigInteger = new BigInteger(130, this.randomGenerator).toString(16);
        } while (isSessionExist(bigInteger));
        saveSession(bigInteger, grizzlyRequest);
        return bigInteger;
    }

    public boolean authenticate(String str, GrizzlyRequest grizzlyRequest) {
        SessionData sessionData;
        boolean z = false;
        purgeInactiveSessions();
        if (str != null && (sessionData = this.activeSessions.get(str)) != null) {
            z = sessionData.authenticate(grizzlyRequest);
            if (z) {
                sessionData.updateLastAccessTime();
            } else {
                this.activeSessions.remove(str);
            }
        }
        return z;
    }

    public boolean deleteSession(String str) {
        boolean z = false;
        if (str != null) {
            z = this.activeSessions.remove(str) != null;
        }
        return z;
    }

    private void saveSession(String str, GrizzlyRequest grizzlyRequest) {
        purgeInactiveSessions();
        this.activeSessions.put(str, new SessionData(str, grizzlyRequest));
    }

    private void purgeInactiveSessions() {
        Set<Map.Entry<String, SessionData>> entrySet = this.activeSessions.entrySet();
        for (Map.Entry<String, SessionData> entry : entrySet) {
            if (!entry.getValue().isSessionActive()) {
                entrySet.remove(entry);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public RestConfig getRestConfig() {
        Domain domain;
        Config configNamed;
        if (this.restConfig == null && (domain = (Domain) this.habitat.getComponent(Domain.class)) != null && (configNamed = domain.getConfigNamed("server-config")) != null) {
            this.restConfig = (RestConfig) configNamed.getExtensionByType(RestConfig.class);
        }
        return this.restConfig;
    }

    private boolean isSessionExist(String str) {
        return this.activeSessions.containsKey(str);
    }
}
