package io.quarkus.vertx.http.runtime.security;

import io.quarkus.security.identity.SecurityIdentity;
import io.vertx.core.http.Cookie;
import io.vertx.ext.web.RoutingContext;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/vertx/http/runtime/security/PersistentLoginManager.class */
public class PersistentLoginManager {
    private static final Logger log = Logger.getLogger((Class<?>) PersistentLoginManager.class);
    private static final String ENC_ALGORITHM = "AES/GCM/NoPadding";
    private static final int ENC_TAG_LENGTH = 128;
    private final SecretKey secretKey;
    private final String cookieName;
    private final long timeoutMillis;
    private final SecureRandom secureRandom = new SecureRandom();
    private final long newCookieIntervalMillis;
    private final boolean httpOnlyCookie;

    /* loaded from: input_file:io/quarkus/vertx/http/runtime/security/PersistentLoginManager$RestoreResult.class */
    public static class RestoreResult {
        private final String principal;
        final boolean newCookieNeeded;

        public RestoreResult(String str, boolean z) {
            this.principal = str;
            this.newCookieNeeded = z;
        }

        public String getPrincipal() {
            return this.principal;
        }
    }

    public PersistentLoginManager(String str, String str2, long j, long j2, boolean z) {
        this.cookieName = str2;
        this.newCookieIntervalMillis = j2;
        this.timeoutMillis = j;
        this.httpOnlyCookie = z;
        try {
            if (str == null) {
                this.secretKey = KeyGenerator.getInstance("AES").generateKey();
            } else {
                if (str.length() < 16) {
                    throw new RuntimeException("Shared keys for persistent logins must be more than 16 characters long");
                }
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                messageDigest.update(str.getBytes(StandardCharsets.UTF_8));
                this.secretKey = new SecretKeySpec(messageDigest.digest(), "AES");
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public RestoreResult restore(RoutingContext routingContext) {
        return restore(routingContext, this.cookieName);
    }

    public RestoreResult restore(RoutingContext routingContext, String str) {
        Cookie cookie = routingContext.getCookie(str);
        if (cookie == null) {
            return null;
        }
        String value = cookie.getValue();
        try {
            Cipher cipher = Cipher.getInstance(ENC_ALGORITHM);
            ByteBuffer wrap = ByteBuffer.wrap(Base64.getDecoder().decode(value.getBytes(StandardCharsets.UTF_8)));
            byte[] bArr = new byte[wrap.get()];
            wrap.get(bArr);
            byte[] bArr2 = new byte[wrap.remaining()];
            wrap.get(bArr2);
            cipher.init(2, this.secretKey, new GCMParameterSpec(128, bArr));
            String str2 = new String(cipher.doFinal(bArr2), StandardCharsets.UTF_8);
            int indexOf = str2.indexOf(":");
            if (indexOf == -1) {
                log.debugf("%s cookie parsing failed. Is encryption-key set for all instances?", str);
                return null;
            }
            long parseLong = Long.parseLong(str2.substring(0, indexOf));
            long currentTimeMillis = System.currentTimeMillis();
            log.debugf("Current time: %s, Expire idle timeout: %s, expireIdle - now is: %d - %d = %d", new Date(currentTimeMillis).toString(), new Date(parseLong).toString(), Long.valueOf(parseLong), Long.valueOf(currentTimeMillis), Long.valueOf(parseLong - currentTimeMillis));
            if (currentTimeMillis > parseLong) {
                return null;
            }
            boolean z = this.timeoutMillis - (parseLong - currentTimeMillis) > this.newCookieIntervalMillis;
            log.debugf("Is new cookie needed? ( %d - ( %d - %d)) > %d : %b", Long.valueOf(this.timeoutMillis), Long.valueOf(parseLong), Long.valueOf(currentTimeMillis), Long.valueOf(this.newCookieIntervalMillis), Boolean.valueOf(z));
            return new RestoreResult(str2.substring(indexOf + 1), z);
        } catch (Exception e) {
            log.debug("Failed to restore persistent user session", e);
            return null;
        }
    }

    public void save(SecurityIdentity securityIdentity, RoutingContext routingContext, RestoreResult restoreResult, boolean z) {
        save(securityIdentity.getPrincipal().getName(), routingContext, this.cookieName, restoreResult, z);
    }

    public void save(String str, RoutingContext routingContext, String str2, RestoreResult restoreResult, boolean z) {
        if (restoreResult == null || restoreResult.newCookieNeeded) {
            try {
                Cipher cipher = Cipher.getInstance(ENC_ALGORITHM);
                byte[] bArr = new byte[12];
                this.secureRandom.nextBytes(bArr);
                cipher.init(1, this.secretKey, new GCMParameterSpec(128, bArr));
                StringBuilder sb = new StringBuilder();
                long currentTimeMillis = System.currentTimeMillis() + this.timeoutMillis;
                log.debugf("The new cookie will expire at %s", new Date(currentTimeMillis).toString());
                sb.append(currentTimeMillis);
                sb.append(":");
                sb.append(str);
                byte[] doFinal = cipher.doFinal(sb.toString().getBytes(StandardCharsets.UTF_8));
                ByteBuffer allocate = ByteBuffer.allocate(1 + bArr.length + doFinal.length);
                allocate.put((byte) bArr.length);
                allocate.put(bArr);
                allocate.put(doFinal);
                routingContext.addCookie(Cookie.cookie(str2, Base64.getEncoder().encodeToString(allocate.array())).setPath("/").setSecure(z).setHttpOnly(this.httpOnlyCookie));
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    public void clear(RoutingContext routingContext) {
        Cookie cookie = routingContext.request().getCookie(this.cookieName);
        if (cookie != null) {
            cookie.setPath("/");
        }
        routingContext.response().removeCookie(this.cookieName);
    }
}
