package org.wildfly.security.http.impl;

import java.nio.ByteBuffer;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.ScheduledThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.log4j.spi.Configurator;
import org.wildfly.common.iteration.ByteIterator;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.mechanism.AuthenticationMechanismException;
import org.wildfly.security.util._private.Arrays2;

/* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/http/impl/NonceManager.class */
class NonceManager {
    private static final int PREFIX_LENGTH = 12;
    private final ScheduledExecutorService executor;
    private final AtomicInteger nonceCounter;
    private final Map<String, NonceState> usedNonces;
    private final byte[] privateKey;
    private final long validityPeriodNano;
    private final long nonceSessionTime;
    private final boolean singleUse;
    private final String algorithm;
    private ElytronMessages log;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/http/impl/NonceManager$NonceState.class */
    public static class NonceState {
        private ScheduledFuture<?> futureCleanup;
        private int highestNonceCount;

        private NonceState() {
            this.highestNonceCount = -1;
        }
    }

    @Deprecated
    NonceManager(long j, long j2, boolean z, int i, String str) {
        this.executor = new ScheduledThreadPoolExecutor(1);
        this.nonceCounter = new AtomicInteger();
        this.usedNonces = new HashMap();
        this.validityPeriodNano = j * 1000000;
        this.nonceSessionTime = j2;
        this.singleUse = z;
        this.algorithm = str;
        this.log = ElytronMessages.log;
        this.privateKey = new byte[i];
        new SecureRandom().nextBytes(this.privateKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public NonceManager(long j, long j2, boolean z, int i, String str, ElytronMessages elytronMessages) {
        this.executor = new ScheduledThreadPoolExecutor(1);
        this.nonceCounter = new AtomicInteger();
        this.usedNonces = new HashMap();
        this.validityPeriodNano = j * 1000000;
        this.nonceSessionTime = j2;
        this.singleUse = z;
        this.algorithm = str;
        this.log = elytronMessages;
        this.privateKey = new byte[i];
        new SecureRandom().nextBytes(this.privateKey);
    }

    String generateNonce() {
        return generateNonce(null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String generateNonce(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(this.algorithm);
            ByteBuffer allocate = ByteBuffer.allocate(12 + messageDigest.getDigestLength());
            allocate.putInt(this.nonceCounter.incrementAndGet());
            allocate.putLong(System.nanoTime());
            allocate.put(digest(allocate.array(), 0, 12, bArr, messageDigest));
            String drainToString = ByteIterator.ofBytes(allocate.array()).base64Encode().drainToString();
            if (this.log.isTraceEnabled()) {
                this.log.tracef("New nonce generated %s, using seed %s", drainToString, bArr == null ? Configurator.NULL : ByteIterator.ofBytes(bArr).hexEncode().drainToString());
            }
            return drainToString;
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException(e);
        }
    }

    private byte[] digest(byte[] bArr, int i, int i2, byte[] bArr2, MessageDigest messageDigest) throws DigestException {
        messageDigest.update(bArr, i, i2);
        if (bArr2 != null) {
            messageDigest.update(bArr2);
        }
        return messageDigest.digest(this.privateKey);
    }

    boolean useNonce(String str, int i) throws AuthenticationMechanismException {
        return useNonce(str, null, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean useNonce(String str, byte[] bArr, int i) throws AuthenticationMechanismException {
        MessageDigest messageDigest;
        byte[] drain;
        try {
            messageDigest = MessageDigest.getInstance(this.algorithm);
            drain = CodePointIterator.ofChars(str.toCharArray()).base64Decode().drain();
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException(e);
        }
        if (drain.length != 12 + messageDigest.getDigestLength()) {
            throw this.log.invalidNonceLength();
        }
        if (!Arrays2.equals(drain, 12, digest(drain, 0, 12, bArr, messageDigest))) {
            if (!this.log.isTraceEnabled()) {
                return false;
            }
            this.log.tracef("Nonce %s rejected due to failed comparison using secret key with seed %s.", str, bArr == null ? Configurator.NULL : ByteIterator.ofBytes(bArr).hexEncode().drainToString());
            return false;
        }
        long nanoTime = System.nanoTime() - ByteBuffer.wrap(drain, 4, 8).getLong();
        if (i <= 0) {
            if (nanoTime < 0 || nanoTime > this.validityPeriodNano) {
                this.log.tracef("Nonce %s rejected due to age %d (ns) being less than 0 or greater than the validity period %d (ns)", str, Long.valueOf(nanoTime), Long.valueOf(this.validityPeriodNano));
                return false;
            }
            if (!this.singleUse) {
                return true;
            }
            synchronized (this.usedNonces) {
                if (this.usedNonces.get(str) != null) {
                    this.log.tracef("Nonce %s rejected due to previously being used", str);
                    return false;
                }
                this.usedNonces.put(str, new NonceState());
                if (this.log.isTraceEnabled()) {
                    this.log.tracef("Currently %d nonces being tracked", this.usedNonces.size());
                }
                this.executor.schedule(() -> {
                    synchronized (this.usedNonces) {
                        this.usedNonces.remove(str);
                    }
                }, this.validityPeriodNano - nanoTime, TimeUnit.NANOSECONDS);
                return true;
            }
        }
        synchronized (this.usedNonces) {
            NonceState nonceState = this.usedNonces.get(str);
            if (nonceState != null && nonceState.highestNonceCount < 0) {
                this.log.tracef("Nonce %s rejected due to previously being used without a nonce count", str);
                return false;
            }
            if (nonceState != null) {
                if (i <= nonceState.highestNonceCount) {
                    this.log.tracef("Nonce %s rejected due to highest seen nonce count %d being equal to or higher than the nonce count received %d", str, Integer.valueOf(nonceState.highestNonceCount), Integer.valueOf(i));
                    return false;
                }
                if (!nonceState.futureCleanup.cancel(true)) {
                    this.log.tracef("Nonce %s rejected as unable to cancel clean up, likely at expiration time", str);
                    return false;
                }
                nonceState.highestNonceCount = i;
            } else {
                if (nanoTime < 0 || nanoTime > this.validityPeriodNano) {
                    this.log.tracef("Nonce %s rejected due to age %d (ns) being less than 0 or greater than the validity period %d (ns)", str, Long.valueOf(nanoTime), Long.valueOf(this.validityPeriodNano));
                    return false;
                }
                nonceState = new NonceState();
                nonceState.highestNonceCount = i;
                this.usedNonces.put(str, nonceState);
                if (this.log.isTraceEnabled()) {
                    this.log.tracef("Currently %d nonces being tracked", this.usedNonces.size());
                }
            }
            nonceState.futureCleanup = this.executor.schedule(() -> {
                synchronized (this.usedNonces) {
                    this.usedNonces.remove(str);
                }
            }, this.nonceSessionTime, TimeUnit.MILLISECONDS);
            return true;
        }
        throw new IllegalStateException(e);
    }
}
