package org.apache.sling.auth.form.impl;

import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/resources/install/0/org.apache.sling.auth.form-1.0.12.jar:org/apache/sling/auth/form/impl/TokenStore.class */
class TokenStore {
    private static final char[] TOHEX = "0123456789abcdef".toCharArray();
    private static final String SHA1PRNG = "SHA1PRNG";
    private static final String HMAC_SHA1 = "HmacSHA1";
    private static final String UTF_8 = "UTF-8";
    private static final int TOKEN_BUFFER_SIZE = 5;
    private final long ttl;
    private volatile SecretKey[] currentTokens;
    private SecureRandom random;
    private File tokenFile;
    private File tmpTokenFile;
    public final Logger log = LoggerFactory.getLogger((Class<?>) TokenStore.class);
    private long nextUpdate = System.currentTimeMillis();
    private volatile int currentToken = 0;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenStore(File file, long j, boolean z) throws NoSuchAlgorithmException, InvalidKeyException, IllegalStateException, UnsupportedEncodingException {
        if (file == null) {
            throw new NullPointerException("tokenfile");
        }
        this.random = SecureRandom.getInstance("SHA1PRNG");
        this.ttl = j;
        this.tokenFile = file;
        this.tmpTokenFile = new File(file + ".tmp");
        loadTokens();
        if (z) {
            this.random.setSeed(getFastEntropy());
        } else {
            this.log.info("Seeding the secure random number generator can take up to several minutes on some operating systems depending upon environment factors. If this is a problem for you, set the system property 'java.security.egd' to 'file:/dev/./urandom' or enable the Fast Seed Generator in the Web Console");
        }
        byte[] bArr = new byte[20];
        this.random.nextBytes(bArr);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, HMAC_SHA1);
        Mac mac = Mac.getInstance(HMAC_SHA1);
        mac.init(secretKeySpec);
        mac.update("UTF-8".getBytes("UTF-8"));
        mac.doFinal();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String encode(long j, String str) throws IllegalStateException, UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException {
        int activeToken = getActiveToken();
        return encode(j, str, activeToken, this.currentTokens[activeToken]);
    }

    private String encode(long j, String str, int i, SecretKey secretKey) throws IllegalStateException, UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException {
        String str2 = String.valueOf(i) + String.valueOf(j) + "@" + str;
        Mac mac = Mac.getInstance(HMAC_SHA1);
        mac.init(secretKey);
        mac.update(str2.getBytes("UTF-8"));
        return byteToHex(mac.doFinal()) + "@" + str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String[] split(String str) {
        String[] split = StringUtils.split(str, "@", 3);
        if (split == null || split.length != 3) {
            return null;
        }
        return split;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isValid(String str) {
        String[] split = split(str);
        if (split == null) {
            this.log.error("AuthNCookie value '{}' has invalid format", str);
            return false;
        }
        int charAt = split[1].charAt(0) - '0';
        if (charAt < 0 || charAt >= this.currentTokens.length) {
            this.log.error("AuthNCookie value '{}' is invalid: refers to an invalid token number", str, Integer.valueOf(charAt));
            return false;
        }
        long parseLong = Long.parseLong(split[1].substring(1));
        if (System.currentTimeMillis() >= parseLong) {
            this.log.error("AuthNCookie value '{}' has expired {}ms ago", str, Long.valueOf(System.currentTimeMillis() - parseLong));
            return false;
        }
        try {
            return str.equals(encode(parseLong, split[2], charAt, this.currentTokens[charAt]));
        } catch (UnsupportedEncodingException e) {
            this.log.error(e.getMessage(), (Throwable) e);
            this.log.error("AuthNCookie value '{}' is invalid", str);
            return false;
        } catch (ArrayIndexOutOfBoundsException e2) {
            this.log.error(e2.getMessage(), (Throwable) e2);
            this.log.error("AuthNCookie value '{}' is invalid", str);
            return false;
        } catch (IllegalStateException e3) {
            this.log.error(e3.getMessage(), (Throwable) e3);
            this.log.error("AuthNCookie value '{}' is invalid", str);
            return false;
        } catch (InvalidKeyException e4) {
            this.log.error(e4.getMessage(), (Throwable) e4);
            this.log.error("AuthNCookie value '{}' is invalid", str);
            return false;
        } catch (NoSuchAlgorithmException e5) {
            this.log.error(e5.getMessage(), (Throwable) e5);
            this.log.error("AuthNCookie value '{}' is invalid", str);
            return false;
        }
    }

    private synchronized int getActiveToken() {
        if (System.currentTimeMillis() > this.nextUpdate || this.currentTokens[this.currentToken] == null) {
            this.nextUpdate = System.currentTimeMillis() + (this.ttl / (this.currentTokens.length - 1));
            byte[] bArr = new byte[20];
            this.random.nextBytes(bArr);
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, HMAC_SHA1);
            int i = this.currentToken + 1;
            if (i == this.currentTokens.length) {
                i = 0;
            }
            this.currentTokens[i] = secretKeySpec;
            this.currentToken = i;
            saveTokens();
        }
        return this.currentToken;
    }

    private void saveTokens() {
        FileOutputStream fileOutputStream = null;
        DataOutputStream dataOutputStream = null;
        try {
            try {
                File parentFile = this.tokenFile.getAbsoluteFile().getParentFile();
                this.log.info("Token File {} parent {} ", this.tokenFile, parentFile);
                if (!parentFile.exists()) {
                    parentFile.mkdirs();
                }
                fileOutputStream = new FileOutputStream(this.tmpTokenFile);
                dataOutputStream = new DataOutputStream(fileOutputStream);
                dataOutputStream.writeInt(this.currentToken);
                dataOutputStream.writeLong(this.nextUpdate);
                for (int i = 0; i < this.currentTokens.length; i++) {
                    if (this.currentTokens[i] == null) {
                        dataOutputStream.writeInt(0);
                    } else {
                        dataOutputStream.writeInt(1);
                        byte[] encoded = this.currentTokens[i].getEncoded();
                        dataOutputStream.writeInt(encoded.length);
                        dataOutputStream.write(encoded);
                    }
                }
                dataOutputStream.close();
                this.tmpTokenFile.renameTo(this.tokenFile);
                try {
                    dataOutputStream.close();
                } catch (Exception e) {
                }
                try {
                    fileOutputStream.close();
                } catch (Exception e2) {
                }
            } catch (IOException e3) {
                this.log.error("Failed to save cookie keys " + e3.getMessage());
                try {
                    dataOutputStream.close();
                } catch (Exception e4) {
                }
                try {
                    fileOutputStream.close();
                } catch (Exception e5) {
                }
            }
        } catch (Throwable th) {
            try {
                dataOutputStream.close();
            } catch (Exception e6) {
            }
            try {
                fileOutputStream.close();
            } catch (Exception e7) {
            }
            throw th;
        }
    }

    private void loadTokens() {
        if (this.tokenFile.isFile() && this.tokenFile.canRead()) {
            FileInputStream fileInputStream = null;
            DataInputStream dataInputStream = null;
            try {
                try {
                    fileInputStream = new FileInputStream(this.tokenFile);
                    dataInputStream = new DataInputStream(fileInputStream);
                    int readInt = dataInputStream.readInt();
                    long readLong = dataInputStream.readLong();
                    SecretKey[] secretKeyArr = new SecretKey[5];
                    for (int i = 0; i < secretKeyArr.length; i++) {
                        if (dataInputStream.readInt() == 1) {
                            byte[] bArr = new byte[dataInputStream.readInt()];
                            dataInputStream.read(bArr);
                            secretKeyArr[i] = new SecretKeySpec(bArr, HMAC_SHA1);
                        } else {
                            secretKeyArr[i] = null;
                        }
                    }
                    this.nextUpdate = readLong;
                    this.currentToken = readInt;
                    this.currentTokens = secretKeyArr;
                    if (dataInputStream != null) {
                        try {
                            dataInputStream.close();
                        } catch (IOException e) {
                        }
                    } else if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e2) {
                        }
                    }
                } catch (IOException e3) {
                    this.log.error("Failed to load cookie keys " + e3.getMessage());
                    if (dataInputStream != null) {
                        try {
                            dataInputStream.close();
                        } catch (IOException e4) {
                        }
                    } else if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e5) {
                        }
                    }
                }
            } catch (Throwable th) {
                if (dataInputStream != null) {
                    try {
                        dataInputStream.close();
                    } catch (IOException e6) {
                    }
                } else if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e7) {
                    }
                }
                throw th;
            }
        }
        if (this.currentTokens == null) {
            this.currentTokens = new SecretKey[5];
            this.nextUpdate = System.currentTimeMillis();
            this.currentToken = 0;
        }
    }

    private String byteToHex(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        int i = 0;
        for (byte b : bArr) {
            int i2 = b + 128;
            int i3 = i;
            int i4 = i + 1;
            cArr[i3] = TOHEX[i2 / 16];
            i = i4 + 1;
            cArr[i4] = TOHEX[i2 % 16];
        }
        return new String(cArr);
    }

    private static byte[] getFastEntropy() {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            update(messageDigest, System.currentTimeMillis());
            update(messageDigest, System.nanoTime());
            File[] listFiles = new File(System.getProperty("java.io.tmpdir")).listFiles();
            if (listFiles != null) {
                for (File file : listFiles) {
                    messageDigest.update(file.getName().getBytes());
                    update(messageDigest, file.lastModified());
                    update(messageDigest, file.length());
                }
            }
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new InternalError("internal error: SHA-1 not available.");
        }
    }

    private static void update(MessageDigest messageDigest, long j) {
        long j2 = j ^ (j << 21);
        long j3 = j2 ^ (j2 >>> 35);
        long j4 = j3 ^ (j3 << 4);
        for (int i = 0; i < 8; i++) {
            messageDigest.update((byte) j4);
            j4 >>= 8;
        }
    }
}
