package org.apache.impala.authentication.saml;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import java.security.SecureRandom;
import java.util.Optional;
import java.util.Random;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.util.generator.ValueGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/impala/authentication/saml/HiveSamlRelayStateStore.class */
public class HiveSamlRelayStateStore implements ValueGenerator {
    private final Cache<String, HiveSamlRelayStateInfo> relayStateCache = CacheBuilder.newBuilder().expireAfterWrite(5, TimeUnit.MINUTES).build();
    private static final Random randGenerator = new SecureRandom();
    private static final Logger LOG = LoggerFactory.getLogger(HiveSamlRelayStateStore.class);
    private static final HiveSamlRelayStateStore INSTANCE = new HiveSamlRelayStateStore();

    private HiveSamlRelayStateStore() {
    }

    public static HiveSamlRelayStateStore get() {
        return INSTANCE;
    }

    public String generateValue(WebContext webContext) {
        Optional requestHeader = webContext.getRequestHeader(HiveSamlUtils.SSO_TOKEN_RESPONSE_PORT);
        if (!requestHeader.isPresent()) {
            throw new RuntimeException("SAML response port header X-Hive-Token-Response-Port is not set ");
        }
        int parseInt = Integer.parseInt((String) requestHeader.get());
        String uuid = UUID.randomUUID().toString();
        HiveSamlRelayStateInfo hiveSamlRelayStateInfo = new HiveSamlRelayStateInfo(parseInt, UUID.randomUUID().toString());
        webContext.setResponseHeader(HiveSamlUtils.SSO_CLIENT_IDENTIFIER, hiveSamlRelayStateInfo.getClientIdentifier());
        this.relayStateCache.put(uuid, hiveSamlRelayStateInfo);
        return uuid;
    }

    public String getRelayStateInfo(WebContext webContext) throws HttpSamlAuthenticationException {
        Optional requestParameter = webContext.getRequestParameter("RelayState");
        if (requestParameter == null || !requestParameter.isPresent()) {
            throw new HttpSamlAuthenticationException("Could not get the RelayState from the SAML response");
        }
        return (String) requestParameter.get();
    }

    public HiveSamlRelayStateInfo getRelayStateInfo(String str) throws HttpSamlAuthenticationException {
        HiveSamlRelayStateInfo hiveSamlRelayStateInfo = (HiveSamlRelayStateInfo) this.relayStateCache.getIfPresent(str);
        if (hiveSamlRelayStateInfo == null) {
            throw new HttpSamlAuthenticationException("Invalid value of relay state received: " + str);
        }
        return hiveSamlRelayStateInfo;
    }

    public synchronized boolean validateClientIdentifier(String str, String str2) {
        HiveSamlRelayStateInfo hiveSamlRelayStateInfo = (HiveSamlRelayStateInfo) this.relayStateCache.getIfPresent(str);
        if (hiveSamlRelayStateInfo == null) {
            return false;
        }
        this.relayStateCache.invalidate(str);
        LOG.debug("Validating client identifier {} with {}", str2, hiveSamlRelayStateInfo.getClientIdentifier());
        return hiveSamlRelayStateInfo.getClientIdentifier().equals(str2);
    }
}
