package org.apache.shindig.common.crypto;

import com.google.common.base.Charsets;
import com.google.common.base.Preconditions;
import com.google.common.collect.Maps;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.shindig.common.util.CharsetUtil;
import org.apache.shindig.common.util.TimeSource;

/* loaded from: input_file:WEB-INF/lib/shindig-common-2.0.2.Final-gatein-2.jar:org/apache/shindig/common/crypto/BasicBlobCrypter.class */
public class BasicBlobCrypter implements BlobCrypter {
    private static final byte CIPHER_KEY_LABEL = 0;
    private static final byte HMAC_KEY_LABEL = 1;
    public static final String TIMESTAMP_KEY = "t";
    public static final int MASTER_KEY_MIN_LEN = 16;
    private static final long CLOCK_SKEW_ALLOWANCE = 180;
    private static final String UTF8 = "UTF-8";
    public TimeSource timeSource = new TimeSource();
    private byte[] cipherKey;
    private byte[] hmacKey;

    public BasicBlobCrypter(File file) throws IOException {
        BufferedReader bufferedReader = null;
        try {
            BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(new FileInputStream(file), Charsets.UTF_8));
            String readLine = bufferedReader2.readLine();
            if (readLine == null) {
                throw new IOException("Unexpectedly empty keyfile:" + file);
            }
            init(CharsetUtil.getUtf8Bytes(readLine.trim()));
            if (bufferedReader2 != null) {
                try {
                    bufferedReader2.close();
                } catch (IOException e) {
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (IOException e2) {
                    throw th;
                }
            }
            throw th;
        }
    }

    public BasicBlobCrypter(byte[] bArr) {
        init(bArr);
    }

    private void init(byte[] bArr) {
        Preconditions.checkArgument(bArr.length >= 16, "Master key needs at least %s bytes", 16);
        this.cipherKey = deriveKey((byte) 0, bArr, 16);
        this.hmacKey = deriveKey((byte) 1, bArr, 0);
    }

    private byte[] deriveKey(byte b, byte[] bArr, int i) {
        byte[] sha = DigestUtils.sha(Crypto.concat(new byte[]{b}, bArr));
        if (i == 0) {
            return sha;
        }
        byte[] bArr2 = new byte[i];
        System.arraycopy(sha, 0, bArr2, 0, bArr2.length);
        return bArr2;
    }

    @Override // org.apache.shindig.common.crypto.BlobCrypter
    public String wrap(Map<String, String> map) throws BlobCrypterException {
        Preconditions.checkArgument(!map.containsKey(TIMESTAMP_KEY), "No '%s' key allowed for BlobCrypter", TIMESTAMP_KEY);
        try {
            byte[] aes128cbcEncrypt = Crypto.aes128cbcEncrypt(this.cipherKey, serializeAndTimestamp(map));
            return new String(Base64.encodeBase64URLSafe(Crypto.concat(aes128cbcEncrypt, Crypto.hmacSha1(this.hmacKey, aes128cbcEncrypt))), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new BlobCrypterException(e);
        } catch (GeneralSecurityException e2) {
            throw new BlobCrypterException(e2);
        }
    }

    private byte[] serializeAndTimestamp(Map<String, String> map) throws UnsupportedEncodingException {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            sb.append(URLEncoder.encode(entry.getKey(), "UTF-8"));
            sb.append('=');
            sb.append(URLEncoder.encode(entry.getValue(), "UTF-8"));
            sb.append('&');
        }
        sb.append(TIMESTAMP_KEY);
        sb.append('=');
        sb.append(this.timeSource.currentTimeMillis() / 1000);
        return sb.toString().getBytes("UTF-8");
    }

    @Override // org.apache.shindig.common.crypto.BlobCrypter
    public Map<String, String> unwrap(String str, int i) throws BlobCrypterException {
        try {
            byte[] decodeBase64 = Base64.decodeBase64(str.getBytes("UTF-8"));
            byte[] bArr = new byte[20];
            byte[] bArr2 = new byte[decodeBase64.length - 20];
            System.arraycopy(decodeBase64, 0, bArr2, 0, bArr2.length);
            System.arraycopy(decodeBase64, bArr2.length, bArr, 0, bArr.length);
            Crypto.hmacSha1Verify(this.hmacKey, bArr2, bArr);
            Map<String, String> deserialize = deserialize(Crypto.aes128cbcDecrypt(this.cipherKey, bArr2));
            checkTimestamp(deserialize, i);
            return deserialize;
        } catch (UnsupportedEncodingException e) {
            throw new BlobCrypterException(e);
        } catch (ArrayIndexOutOfBoundsException e2) {
            throw new BlobCrypterException("Invalid token format", e2);
        } catch (NegativeArraySizeException e3) {
            throw new BlobCrypterException("Invalid token format", e3);
        } catch (GeneralSecurityException e4) {
            throw new BlobCrypterException("Invalid token signature", e4);
        }
    }

    private Map<String, String> deserialize(byte[] bArr) throws UnsupportedEncodingException {
        String[] splitPreserveAllTokens = StringUtils.splitPreserveAllTokens(new String(bArr, "UTF-8"), "&=");
        HashMap newHashMapWithExpectedSize = Maps.newHashMapWithExpectedSize(splitPreserveAllTokens.length);
        int i = 0;
        while (i < splitPreserveAllTokens.length) {
            int i2 = i;
            int i3 = i + 1;
            i = i3 + 1;
            newHashMapWithExpectedSize.put(URLDecoder.decode(splitPreserveAllTokens[i2], "UTF-8"), URLDecoder.decode(splitPreserveAllTokens[i3], "UTF-8"));
        }
        return newHashMapWithExpectedSize;
    }

    private void checkTimestamp(Map<String, String> map, int i) throws BlobExpiredException {
        long parseLong = Long.parseLong(map.get(TIMESTAMP_KEY));
        long j = parseLong - CLOCK_SKEW_ALLOWANCE;
        long j2 = parseLong + i + CLOCK_SKEW_ALLOWANCE;
        long currentTimeMillis = this.timeSource.currentTimeMillis() / 1000;
        if (j >= currentTimeMillis || currentTimeMillis >= j2) {
            throw new BlobExpiredException(j, currentTimeMillis, j2);
        }
    }
}
