package org.exoplatform.web.security.security;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.chromattic.api.ChromatticSession;
import org.chromattic.api.query.QueryResult;
import org.exoplatform.commons.chromattic.ChromatticLifeCycle;
import org.exoplatform.commons.chromattic.ChromatticManager;
import org.exoplatform.commons.chromattic.ContextualTask;
import org.exoplatform.commons.chromattic.SessionContext;
import org.exoplatform.commons.utils.PropertyManager;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.container.xml.ObjectParameter;
import org.exoplatform.portal.pom.config.Utils;
import org.exoplatform.web.security.GateInToken;
import org.exoplatform.web.security.codec.AbstractCodec;
import org.exoplatform.web.security.codec.AbstractCodecBuilder;
import org.exoplatform.web.security.hash.JCASaltedHashService;
import org.exoplatform.web.security.hash.SaltedHashException;
import org.exoplatform.web.security.hash.SaltedHashService;
import org.gatein.common.io.IOTools;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;
import org.gatein.wci.security.Credentials;

/* loaded from: input_file:org/exoplatform/web/security/security/CookieTokenService.class */
public class CookieTokenService extends AbstractTokenService<GateInToken, String> {
    public static final String LIFECYCLE_NAME = "lifecycle-name";
    public static final String HASH_SERVICE_INIT_PARAM = "hash.service";
    private ChromatticLifeCycle chromatticLifeCycle;
    private String lifecycleName;
    private AbstractCodec codec;
    private SaltedHashService saltedHashService;
    private final Logger log;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/exoplatform/web/security/security/CookieTokenService$RemovableGetTokenTask.class */
    public class RemovableGetTokenTask extends TokenTask<GateInToken> {
        private final CookieToken token;
        private final boolean remove;

        public RemovableGetTokenTask(CookieToken cookieToken, boolean z) {
            super();
            this.token = cookieToken;
            this.remove = z;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: execute, reason: merged with bridge method [inline-methods] */
        public GateInToken m22execute(SessionContext sessionContext) {
            HashedToken hashedToken;
            TokenEntry tokenEntry = getTokenContainer().getTokens().get(this.token.getId());
            if (tokenEntry == null || (hashedToken = (HashedToken) getMixin(tokenEntry, HashedToken.class)) == null || hashedToken.getHashedToken() == null) {
                return null;
            }
            try {
                if (!CookieTokenService.this.saltedHashService.validate(this.token.getRandomString(), hashedToken.getHashedToken())) {
                    return null;
                }
                GateInToken token = tokenEntry.getToken();
                Credentials payload = token.getPayload();
                Credentials credentials = new Credentials(payload.getUsername(), CookieTokenService.this.codec.decode(payload.getPassword()));
                if (this.remove) {
                    tokenEntry.remove();
                }
                return new GateInToken(token.getExpirationTimeMillis(), credentials);
            } catch (SaltedHashException e) {
                CookieTokenService.this.log.warn("Could not validate cookie token against its salted hash.", e);
                return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/exoplatform/web/security/security/CookieTokenService$TokenTask.class */
    public abstract class TokenTask<V> extends ContextualTask<V> {
        private TokenTask() {
        }

        protected final TokenContainer getTokenContainer() {
            ChromatticSession session = CookieTokenService.this.chromatticLifeCycle.getContext().getSession();
            TokenContainer tokenContainer = (TokenContainer) session.findByPath(TokenContainer.class, CookieTokenService.this.lifecycleName);
            if (tokenContainer == null) {
                tokenContainer = (TokenContainer) session.insert(TokenContainer.class, CookieTokenService.this.lifecycleName);
            }
            return tokenContainer;
        }

        protected final <A> A getMixin(Object obj, Class<A> cls) {
            return (A) CookieTokenService.this.chromatticLifeCycle.getContext().getSession().getEmbedded(obj, cls);
        }

        protected final QueryResult<TokenEntry> findTokensOfUser(String str) {
            ChromatticSession session = CookieTokenService.this.chromatticLifeCycle.getContext().getSession();
            return session.createQueryBuilder(TokenEntry.class).where(new StringBuilder(128).append("jcr:path LIKE '").append(session.getPath(getTokenContainer())).append("/%'").append(" AND username='").append(Utils.queryEscape(str)).append("'").toString()).get().objects();
        }
    }

    public CookieTokenService(InitParams initParams, ChromatticManager chromatticManager) throws TokenServiceInitializationException {
        super(initParams);
        this.lifecycleName = "autologin";
        this.log = LoggerFactory.getLogger(CookieTokenService.class);
        ArrayList values = initParams.getValuesParam("service.configuration").getValues();
        if (values.size() > 3) {
            this.lifecycleName = (String) values.get(3);
        }
        this.chromatticLifeCycle = chromatticManager.getLifeCycle(this.lifecycleName);
        ObjectParameter objectParam = initParams.getObjectParam(HASH_SERVICE_INIT_PARAM);
        if (objectParam == null || objectParam.getObject() == null) {
            this.saltedHashService = new JCASaltedHashService();
        } else {
            this.saltedHashService = (SaltedHashService) objectParam.getObject();
        }
        initCodec();
    }

    /* JADX WARN: Finally extract failed */
    private void initCodec() throws TokenServiceInitializationException {
        String property = PropertyManager.getProperty("gatein.codec.builderclass");
        HashMap hashMap = new HashMap();
        if (property != null) {
            String property2 = PropertyManager.getProperty("gatein.codec.config");
            FileInputStream fileInputStream = null;
            try {
                try {
                    File file = new File(property2);
                    fileInputStream = new FileInputStream(file);
                    Properties properties = new Properties();
                    properties.load(fileInputStream);
                    for (Map.Entry entry : properties.entrySet()) {
                        hashMap.put((String) entry.getKey(), (String) entry.getValue());
                    }
                    hashMap.put("gatein.codec.config.basedir", file.getParentFile().getAbsolutePath());
                    IOTools.safeClose(fileInputStream);
                } catch (IOException e) {
                    throw new TokenServiceInitializationException("Failed to read the config parameters from file '" + property2 + "'.", e);
                }
            } catch (Throwable th) {
                IOTools.safeClose(fileInputStream);
                throw th;
            }
        } else {
            property = "org.exoplatform.web.security.codec.JCASymmetricCodecBuilder";
            String property3 = PropertyManager.getProperty("gatein.conf.dir");
            if (property3 == null || property3.length() == 0) {
                throw new TokenServiceInitializationException("'gatein.conf.dir' property must be set.");
            }
            File file2 = new File(property3 + "/codec/codeckey.txt");
            if (!file2.exists()) {
                File parentFile = file2.getParentFile();
                if (!parentFile.exists()) {
                    parentFile.mkdir();
                }
                FileOutputStream fileOutputStream = null;
                try {
                    try {
                        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                        keyGenerator.init(128);
                        SecretKey generateKey = keyGenerator.generateKey();
                        KeyStore keyStore = KeyStore.getInstance("JCEKS");
                        keyStore.load(null, "gtnStorePass".toCharArray());
                        keyStore.setEntry("gtnKey", new KeyStore.SecretKeyEntry(generateKey), new KeyStore.PasswordProtection("gtnKeyPass".toCharArray()));
                        fileOutputStream = new FileOutputStream(file2);
                        keyStore.store(fileOutputStream, "gtnStorePass".toCharArray());
                        IOTools.safeClose(fileOutputStream);
                    } catch (Exception e2) {
                        throw new TokenServiceInitializationException(e2);
                    }
                } catch (Throwable th2) {
                    IOTools.safeClose(fileOutputStream);
                    throw th2;
                }
            }
            hashMap.put("gatein.codec.jca.symmetric.keyalg", "AES");
            hashMap.put("gatein.codec.jca.symmetric.keystore", "codeckey.txt");
            hashMap.put("gatein.codec.jca.symmetric.storetype", "JCEKS");
            hashMap.put("gatein.codec.jca.symmetric.alias", "gtnKey");
            hashMap.put("gatein.codec.jca.symmetric.keypass", "gtnKeyPass");
            hashMap.put("gatein.codec.jca.symmetric.storepass", "gtnStorePass");
            hashMap.put("gatein.codec.config.basedir", file2.getParentFile().getAbsolutePath());
        }
        try {
            this.codec = ((AbstractCodecBuilder) Class.forName(property).asSubclass(AbstractCodecBuilder.class).newInstance()).build(hashMap);
            this.log.info("Initialized CookieTokenService.codec using builder " + property);
        } catch (Exception e3) {
            throw new TokenServiceInitializationException("Could not initialize CookieTokenService.codec.", e3);
        }
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [org.exoplatform.web.security.security.CookieTokenService$1] */
    @Override // org.exoplatform.web.security.security.AbstractTokenService
    public void start() {
        new TokenTask<Void>() { // from class: org.exoplatform.web.security.security.CookieTokenService.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public Void m16execute(SessionContext sessionContext) {
                TokenContainer tokenContainer = (TokenContainer) CookieTokenService.this.chromatticLifeCycle.getContext().getSession().findByPath(TokenContainer.class, CookieTokenService.this.lifecycleName);
                if (tokenContainer == null) {
                    return null;
                }
                tokenContainer.cleanLegacyTokens();
                return null;
            }
        }.executeWith(this.chromatticLifeCycle);
        super.start();
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [org.exoplatform.web.security.security.CookieTokenService$2] */
    @Override // org.exoplatform.web.security.TokenStore
    public String createToken(final Credentials credentials) {
        if (this.validityMillis < 0) {
            throw new IllegalArgumentException();
        }
        if (credentials == null) {
            throw new NullPointerException();
        }
        return (String) new TokenTask<String>() { // from class: org.exoplatform.web.security.security.CookieTokenService.2
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            /* JADX INFO: Access modifiers changed from: protected */
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public String m17execute(SessionContext sessionContext) {
                String str = null;
                TokenContainer tokenContainer = getTokenContainer();
                while (str == null) {
                    String nextTokenId = CookieTokenService.this.nextTokenId();
                    String nextRandom = CookieTokenService.this.nextRandom();
                    str = new CookieToken(nextRandom, nextTokenId).toString();
                    try {
                        tokenContainer.saveToken(sessionContext.getSession(), nextRandom, CookieTokenService.this.hashToken(nextTokenId), new Credentials(credentials.getUsername(), CookieTokenService.this.codec.encode(credentials.getPassword())), new Date(System.currentTimeMillis() + CookieTokenService.this.validityMillis));
                    } catch (TokenExistsException e) {
                        str = null;
                    }
                }
                return str;
            }
        }.executeWith(this.chromatticLifeCycle);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.exoplatform.web.security.security.AbstractTokenService
    public String nextTokenId() {
        return nextRandom();
    }

    @Override // org.exoplatform.web.security.security.AbstractTokenService
    public GateInToken getToken(String str) {
        try {
            return (GateInToken) new RemovableGetTokenTask(new CookieToken(str), false).executeWith(this.chromatticLifeCycle);
        } catch (TokenParseException e) {
            this.log.warn("Could not parse cookie token:" + e.getMessage());
            return null;
        }
    }

    @Override // org.exoplatform.web.security.security.AbstractTokenService
    public GateInToken deleteToken(String str) {
        try {
            return (GateInToken) new RemovableGetTokenTask(new CookieToken(str), true).executeWith(this.chromatticLifeCycle);
        } catch (TokenParseException e) {
            this.log.warn("Could not parse cookie token:" + e.getMessage());
            return null;
        }
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [org.exoplatform.web.security.security.CookieTokenService$3] */
    public void deleteTokensOfUser(final String str) {
        new TokenTask<Void>() { // from class: org.exoplatform.web.security.security.CookieTokenService.3
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            /* JADX INFO: Access modifiers changed from: protected */
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public Void m18execute(SessionContext sessionContext) {
                QueryResult<TokenEntry> findTokensOfUser = findTokensOfUser(str);
                while (findTokensOfUser.hasNext()) {
                    ((TokenEntry) findTokensOfUser.next()).remove();
                }
                return null;
            }
        }.executeWith(this.chromatticLifeCycle);
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [org.exoplatform.web.security.security.CookieTokenService$4] */
    public void deleteAll() {
        new TokenTask<Void>() { // from class: org.exoplatform.web.security.security.CookieTokenService.4
            /* JADX INFO: Access modifiers changed from: protected */
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public Void m19execute(SessionContext sessionContext) {
                getTokenContainer().removeAll();
                return null;
            }
        }.executeWith(this.chromatticLifeCycle);
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [org.exoplatform.web.security.security.CookieTokenService$5] */
    @Override // org.exoplatform.web.security.security.AbstractTokenService
    public void cleanExpiredTokens() {
        new TokenTask<Void>() { // from class: org.exoplatform.web.security.security.CookieTokenService.5
            /* JADX INFO: Access modifiers changed from: protected */
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public Void m20execute(SessionContext sessionContext) {
                getTokenContainer().cleanExpiredTokens();
                return null;
            }
        }.executeWith(this.chromatticLifeCycle);
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [org.exoplatform.web.security.security.CookieTokenService$6] */
    @Override // org.exoplatform.web.security.security.AbstractTokenService
    public long size() {
        return ((Long) new TokenTask<Long>() { // from class: org.exoplatform.web.security.security.CookieTokenService.6
            /* JADX INFO: Access modifiers changed from: protected */
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public Long m21execute(SessionContext sessionContext) {
                return Long.valueOf(getTokenContainer().size());
            }
        }.executeWith(this.chromatticLifeCycle)).longValue();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.exoplatform.web.security.security.AbstractTokenService
    public String decodeKey(String str) {
        return str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String hashToken(String str) {
        if (this.saltedHashService == null) {
            return str;
        }
        try {
            return this.saltedHashService.getSaltedHash(str);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
