package com.ibm.ws.security.token.ltpa.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.auth.InvalidTokenException;
import com.ibm.websphere.security.auth.TokenExpiredException;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.wsspi.security.ltpa.Token;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.util.Date;
import java.util.Enumeration;
import javax.crypto.BadPaddingException;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.token.ltpa_1.0.3.jar:com/ibm/ws/security/token/ltpa/internal/LTPAToken2.class */
public class LTPAToken2 implements Token, Serializable {
    private static final TraceComponent tc = Tr.register(LTPAToken2.class);
    private static final String MESSAGE_DIGEST_ALGORITHM = "SHA";
    private static final String AES_CBC_CIPHER = "AES/CBC/PKCS5Padding";
    private static final long serialVersionUID = 1;
    private static final String DELIM = "%";
    private static final MessageDigest md1JCE;
    private static final MessageDigest md2JCE;
    private static final Object lockObj1;
    private static final Object lockObj2;
    private final short version = 1;
    private byte[] signature;
    private byte[] encryptedBytes;
    private UserData userData;
    private long expirationInMilliseconds;
    private final byte[] sharedKey;
    private final LTPAPrivateKey privateKey;
    private final LTPAPublicKey publicKey;
    private String cipher;

    public LTPAToken2(byte[] bArr, @Sensitive byte[] bArr2, LTPAPrivateKey lTPAPrivateKey, LTPAPublicKey lTPAPublicKey) throws InvalidTokenException {
        this.version = (short) 1;
        this.encryptedBytes = null;
        this.cipher = null;
        checkTokenBytes(bArr);
        this.signature = null;
        this.encryptedBytes = (byte[]) bArr.clone();
        this.sharedKey = (byte[]) bArr2.clone();
        this.privateKey = lTPAPrivateKey;
        this.publicKey = lTPAPublicKey;
        this.expirationInMilliseconds = 0L;
        this.cipher = AES_CBC_CIPHER;
        decrypt();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LTPAToken2(String str, long j, @Sensitive byte[] bArr, LTPAPrivateKey lTPAPrivateKey, LTPAPublicKey lTPAPublicKey) {
        this.version = (short) 1;
        this.encryptedBytes = null;
        this.cipher = null;
        this.signature = null;
        this.encryptedBytes = null;
        this.sharedKey = (byte[]) bArr.clone();
        this.privateKey = lTPAPrivateKey;
        this.publicKey = lTPAPublicKey;
        this.userData = new UserData(str);
        setExpiration(j);
        this.cipher = AES_CBC_CIPHER;
    }

    protected LTPAToken2(long j, @Sensitive byte[] bArr, LTPAPrivateKey lTPAPrivateKey, LTPAPublicKey lTPAPublicKey, UserData userData) {
        this.version = (short) 1;
        this.encryptedBytes = null;
        this.cipher = null;
        this.signature = null;
        this.encryptedBytes = null;
        this.sharedKey = (byte[]) bArr.clone();
        this.privateKey = lTPAPrivateKey;
        this.publicKey = lTPAPublicKey;
        this.userData = userData;
        setExpiration(j);
        this.cipher = AES_CBC_CIPHER;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v26 */
    /* JADX WARN: Type inference failed for: r0v27 */
    /* JADX WARN: Type inference failed for: r0v33, types: [com.ibm.ws.security.token.ltpa.internal.LTPAToken2] */
    private final void encrypt() throws Exception {
        ?? r0;
        String base64Coder = Base64Coder.toString(Base64Coder.base64Encode(this.signature));
        String userData = this.userData.toString();
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(this, tc, "encrypt: userData" + userData, new Object[0]);
        }
        byte[] bytes = Base64Coder.getBytes(userData);
        StringBuilder sb = new StringBuilder("%");
        sb.append(getExpiration()).append("%").append(base64Coder);
        byte[] simpleBytes = getSimpleBytes(sb.toString());
        byte[] bArr = new byte[bytes.length + simpleBytes.length];
        for (int i = 0; i < bytes.length; i++) {
            bArr[i] = bytes[i];
        }
        int length = bytes.length;
        while (true) {
            r0 = length;
            if (r0 >= bArr.length) {
                try {
                    break;
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.token.ltpa.internal.LTPAToken2", "164", this, new Object[0]);
                    Throwable th = r0;
                    if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                        Tr.event(this, tc, "Error encrypting; " + th, new Object[0]);
                    }
                    throw th;
                }
            }
            bArr[length] = simpleBytes[length - bytes.length];
            length++;
        }
        r0 = this;
        r0.encryptedBytes = LTPACrypto.encrypt(bArr, this.sharedKey, this.cipher);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(this, tc, "Encrypted bytes are: " + (this.encryptedBytes == null ? "" : Base64Coder.toString(Base64Coder.base64Encode(this.encryptedBytes))), new Object[0]);
        }
    }

    @FFDCIgnore({BadPaddingException.class, Exception.class})
    private final void decrypt() throws InvalidTokenException {
        try {
            byte[] decrypt = LTPACrypto.decrypt((byte[]) this.encryptedBytes.clone(), this.sharedKey, this.cipher);
            checkTokenBytes(decrypt);
            this.userData = new UserData(LTPATokenizer.parseUserData(LTPATokenizer.parseToken(toUTF8String(decrypt))[0]));
            String[] parseToken = LTPATokenizer.parseToken(toSimpleString(decrypt));
            String[] attributes = this.userData.getAttributes(AttributeNameConstants.WSTOKEN_EXPIRATION);
            if (attributes == null || attributes[attributes.length - 1] == null) {
                this.expirationInMilliseconds = Long.parseLong(parseToken[1]);
            } else {
                this.expirationInMilliseconds = Long.parseLong(attributes[attributes.length - 1]);
            }
            setSignature(Base64Coder.base64Decode(Base64Coder.getBytes(parseToken[2])));
        } catch (BadPaddingException e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.event(this, tc, "Caught BadPaddingException while decrypting token, this is only a critical problem if decryption should have worked.", e);
            }
            throw new InvalidTokenException(e.getMessage(), e);
        } catch (Exception e2) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.event(this, tc, "Error decrypting; " + e2, new Object[0]);
            }
            throw new InvalidTokenException(e2.getMessage(), e2);
        }
    }

    private final void sign() throws Exception {
        setSignature(sign(Base64Coder.getBytes(getUserData().toString()), this.privateKey));
    }

    private final byte[] sign(byte[] bArr, LTPAPrivateKey lTPAPrivateKey) throws Exception {
        byte[] digest;
        synchronized (lockObj1) {
            digest = md1JCE.digest(bArr);
        }
        byte[][] rawKey = lTPAPrivateKey.getRawKey();
        LTPACrypto.setRSAKey(rawKey);
        return LTPACrypto.signISO9796(rawKey, digest, 0, digest.length);
    }

    private final boolean verify() throws Exception {
        return verify(Base64Coder.getBytes(getUserData().toString()), this.signature, this.publicKey);
    }

    private final boolean verify(byte[] bArr, byte[] bArr2, LTPAPublicKey lTPAPublicKey) throws Exception {
        byte[] digest;
        if (bArr == null) {
            throw new IllegalArgumentException("null message");
        }
        if (bArr2 == null) {
            throw new IllegalArgumentException("null signature");
        }
        synchronized (lockObj2) {
            digest = md2JCE.digest(bArr);
        }
        return LTPACrypto.verifyISO9796(lTPAPublicKey.getRawKey(), digest, 0, digest.length, bArr2, 0, bArr2.length);
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    @FFDCIgnore({Exception.class})
    public final boolean isValid() throws InvalidTokenException, TokenExpiredException {
        validateExpiration();
        try {
            boolean verify = verify();
            if (!verify && TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(this, tc, "Invalid signature of the token " + this, new Object[0]);
            }
            return verify;
        } catch (Exception e) {
            throw new InvalidTokenException(e.getMessage(), e);
        }
    }

    public final void validateExpiration() throws TokenExpiredException {
        Date date = new Date();
        Date date2 = new Date(getExpiration());
        boolean after = date.after(date2);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(this, tc, "Current time = " + date + ", expiration time = " + date2, new Object[0]);
        }
        if (after) {
            String str = "The token has expired: current time = \"" + date + "\", expire time = \"" + date2 + "\"";
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(this, tc, str, new Object[0]);
            }
            throw new TokenExpiredException(this.expirationInMilliseconds, str);
        }
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    @FFDCIgnore({Exception.class})
    public final byte[] getBytes() throws InvalidTokenException, TokenExpiredException {
        if (this.encryptedBytes == null) {
            try {
                sign();
                encrypt();
            } catch (Exception e) {
                throw new InvalidTokenException(e.getMessage(), e);
            }
        }
        return (byte[]) this.encryptedBytes.clone();
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    public final long getExpiration() {
        return this.expirationInMilliseconds;
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    public final short getVersion() {
        return (short) 1;
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    public final String[] addAttribute(String str, String str2) {
        this.signature = null;
        this.encryptedBytes = null;
        return this.userData.addAttribute(str, str2);
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    public final String[] getAttributes(String str) {
        return this.userData.getAttributes(str);
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    public final Enumeration<String> getAttributeNames() {
        return this.userData.getAttributeNames();
    }

    public final String toString() {
        return this.encryptedBytes == null ? "NULL" : Base64Coder.base64EncodeToString(this.encryptedBytes);
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    public final Object clone() {
        return new LTPAToken2(getExpiration(), this.sharedKey, this.privateKey, this.publicKey, (UserData) this.userData.clone());
    }

    private static final void checkTokenBytes(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("No token bytes specified");
        }
    }

    private final void setSignature(byte[] bArr) {
        this.signature = bArr;
    }

    private final UserData getUserData() {
        return this.userData;
    }

    private final void setExpiration(long j) {
        this.expirationInMilliseconds = (((System.currentTimeMillis() + ((j * 60) * 1000)) + 60000) / 60000) * 60000;
        this.signature = null;
        if (this.userData == null) {
            this.encryptedBytes = null;
        } else {
            this.encryptedBytes = null;
            this.userData.addAttribute(AttributeNameConstants.WSTOKEN_EXPIRATION, Long.toString(this.expirationInMilliseconds));
        }
    }

    private static final String toUTF8String(byte[] bArr) {
        String str = null;
        String str2 = null;
        try {
            str = new String(bArr, "UTF8");
            str2 = str;
        } catch (UnsupportedEncodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.token.ltpa.internal.LTPAToken2", "427", null, new Object[]{bArr});
            String str3 = str;
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.event(tc, "Error converting to string; " + ((Object) str3), new Object[0]);
            }
        }
        return str2;
    }

    private static final String toSimpleString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            sb.append((char) (b & 255));
        }
        return sb.toString();
    }

    private static final byte[] getSimpleBytes(String str) {
        StringBuilder sb = new StringBuilder(str);
        byte[] bArr = new byte[sb.length()];
        int length = sb.length();
        for (int i = 0; i < length; i++) {
            bArr[i] = (byte) sb.charAt(i);
        }
        return bArr;
    }

    static {
        MessageDigest messageDigest = null;
        MessageDigest messageDigest2 = null;
        MessageDigest messageDigest3 = null;
        try {
            messageDigest = MessageDigest.getInstance("SHA");
            messageDigest2 = MessageDigest.getInstance("SHA");
            messageDigest3 = messageDigest2;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.token.ltpa.internal.LTPAToken2", "67", null, new Object[0]);
            MessageDigest messageDigest4 = messageDigest2;
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.event(tc, "Error creating digest; " + messageDigest4, new Object[0]);
            }
        }
        md1JCE = messageDigest;
        md2JCE = messageDigest3;
        lockObj1 = new Object();
        lockObj2 = new Object();
    }
}
