package org.acegisecurity.concurrent;

import org.acegisecurity.AcegiMessageSource;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/acegi-security-1.0.0.jar:org/acegisecurity/concurrent/ConcurrentSessionControllerImpl.class */
public class ConcurrentSessionControllerImpl implements ConcurrentSessionController, InitializingBean, MessageSourceAware {
    protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
    private SessionRegistry sessionRegistry = new SessionRegistryImpl();
    private boolean exceptionIfMaximumExceeded = false;
    private int maximumSessions = 1;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.sessionRegistry, "SessionRegistry required");
        Assert.isTrue(this.maximumSessions != 0, "MaximumLogins must be either -1 to allow unlimited logins, or a positive integer to specify a maximum");
        Assert.notNull(this.messages, "A message source must be set");
    }

    protected void allowableSessionsExceeded(String str, SessionInformation[] sessionInformationArr, int i, SessionRegistry sessionRegistry) {
        if (this.exceptionIfMaximumExceeded || sessionInformationArr == null) {
            throw new ConcurrentLoginException(this.messages.getMessage("ConcurrentSessionControllerImpl.exceededAllowed", new Object[]{new Integer(i)}, "Maximum sessions of {0} for this principal exceeded"));
        }
        SessionInformation sessionInformation = null;
        for (int i2 = 0; i2 < sessionInformationArr.length; i2++) {
            if (sessionInformation == null || sessionInformationArr[i2].getLastRequest().before(sessionInformation.getLastRequest())) {
                sessionInformation = sessionInformationArr[i2];
            }
        }
        sessionInformation.expireNow();
    }

    @Override // org.acegisecurity.concurrent.ConcurrentSessionController
    public void checkAuthenticationAllowed(Authentication authentication) throws AuthenticationException {
        Assert.notNull(authentication, "Authentication request cannot be null (violation of interface contract)");
        Object obtainPrincipalFromAuthentication = SessionRegistryUtils.obtainPrincipalFromAuthentication(authentication);
        String obtainSessionIdFromAuthentication = SessionRegistryUtils.obtainSessionIdFromAuthentication(authentication);
        SessionInformation[] allSessions = this.sessionRegistry.getAllSessions(obtainPrincipalFromAuthentication, false);
        int length = allSessions != null ? allSessions.length : 0;
        int maximumSessionsForThisUser = getMaximumSessionsForThisUser(authentication);
        Assert.isTrue(maximumSessionsForThisUser != 0, "getMaximumSessionsForThisUser() must return either -1 to allow unlimited logins, or a positive integer to specify a maximum");
        if (length >= maximumSessionsForThisUser && maximumSessionsForThisUser != -1) {
            if (length == maximumSessionsForThisUser) {
                for (int i = 0; i < length; i++) {
                    if (allSessions[i].getSessionId().equals(obtainSessionIdFromAuthentication)) {
                        return;
                    }
                }
            }
            allowableSessionsExceeded(obtainSessionIdFromAuthentication, allSessions, maximumSessionsForThisUser, this.sessionRegistry);
        }
    }

    protected int getMaximumSessionsForThisUser(Authentication authentication) {
        return this.maximumSessions;
    }

    @Override // org.acegisecurity.concurrent.ConcurrentSessionController
    public void registerSuccessfulAuthentication(Authentication authentication) {
        Assert.notNull(authentication, "Authentication cannot be null (violation of interface contract)");
        Object obtainPrincipalFromAuthentication = SessionRegistryUtils.obtainPrincipalFromAuthentication(authentication);
        String obtainSessionIdFromAuthentication = SessionRegistryUtils.obtainSessionIdFromAuthentication(authentication);
        this.sessionRegistry.removeSessionInformation(obtainSessionIdFromAuthentication);
        this.sessionRegistry.registerNewSession(obtainSessionIdFromAuthentication, obtainPrincipalFromAuthentication);
    }

    public void setExceptionIfMaximumExceeded(boolean z) {
        this.exceptionIfMaximumExceeded = z;
    }

    public void setMaximumSessions(int i) {
        this.maximumSessions = i;
    }

    @Override // org.springframework.context.MessageSourceAware
    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }

    public void setSessionRegistry(SessionRegistry sessionRegistry) {
        this.sessionRegistry = sessionRegistry;
    }
}
