package com.ibm.ws.security.ltpa;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.auth.InvalidTokenException;
import com.ibm.websphere.security.auth.TokenCreationFailedException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.util.Base64Coder;
import com.ibm.ws.security.util.StringUtil;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;

/* loaded from: input_file:efixes/PK19195/components/security.impl/update.jar:lib/securityimpl.jarcom/ibm/ws/security/ltpa/LTPAToken.class */
public class LTPAToken implements Token, Serializable {
    private static final TraceComponent tc;
    private static SimpleDateFormat dateFormat;
    private UserData userData;
    private long expiration;
    private byte[] signature;
    public static final String DELIM = "%";
    private byte[] encryptedBytes;
    private byte[] sharedKey;
    private LTPAPrivateKey privateKey;
    private LTPAPublicKey publicKey;
    static Class class$com$ibm$ws$security$ltpa$LTPAToken;
    private int defaultExpirationMins = 10;
    private short version = 1;

    public LTPAToken(byte[] bArr, long j, byte[] bArr2, LTPAPrivateKey lTPAPrivateKey, LTPAPublicKey lTPAPublicKey) throws InvalidTokenException {
        this.encryptedBytes = null;
        this.sharedKey = null;
        this.privateKey = null;
        this.publicKey = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "LTPAToken 1");
        }
        this.expiration = 0L;
        this.sharedKey = bArr2;
        this.privateKey = lTPAPrivateKey;
        this.publicKey = lTPAPublicKey;
        this.encryptedBytes = bArr;
        decrypt();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, getLogInfo().toString());
        }
        if (!isValid() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Expired LTPA token constructed", new Exception());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "LTPAToken 1");
        }
    }

    public LTPAToken(UserData userData, long j, byte[] bArr, LTPAPrivateKey lTPAPrivateKey, LTPAPublicKey lTPAPublicKey) throws TokenCreationFailedException {
        this.encryptedBytes = null;
        this.sharedKey = null;
        this.privateKey = null;
        this.publicKey = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "LTPAToken 1");
        }
        this.encryptedBytes = null;
        this.expiration = new Date().getTime() + (j * 60 * 1000);
        this.sharedKey = bArr;
        this.privateKey = lTPAPrivateKey;
        this.publicKey = lTPAPublicKey;
        this.userData = userData;
        try {
            sign();
            encrypt();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, getLogInfo().toString());
            }
            if (!isValid() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Expired LTPA token constructed", new Exception());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "LTPAToken 1");
            }
        } catch (NoSuchAlgorithmException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("NoSuchAlgorithmException: ").append(e.getMessage()).toString(), new Object[]{e});
            }
            throw new TokenCreationFailedException(e);
        }
    }

    protected void encrypt() {
        String stringUtil = StringUtil.toString(Base64Coder.base64Encode(this.signature));
        byte[] bytes = toBytes(this.userData.toString());
        StringBuffer stringBuffer = new StringBuffer(DELIM);
        stringBuffer.append(this.expiration).append(DELIM).append(stringUtil);
        byte[] bytes2 = StringUtil.getBytes(stringBuffer.toString());
        byte[] bArr = new byte[bytes.length + bytes2.length];
        for (int i = 0; i < bytes.length; i++) {
            bArr[i] = bytes[i];
        }
        for (int length = bytes.length; length < bArr.length; length++) {
            bArr[length] = bytes2[length - bytes.length];
        }
        new LTPACrypto();
        this.encryptedBytes = LTPACrypto.encrypt(bArr, this.sharedKey);
    }

    protected void decrypt() throws InvalidTokenException {
        new LTPACrypto();
        try {
            byte[] decrypt = LTPACrypto.decrypt((byte[]) this.encryptedBytes.clone(), this.sharedKey);
            Hashtable parseUserData = LTPATokenizer.parseUserData(LTPATokenizer.parseToken(toStrings(decrypt))[0]);
            this.userData = new UserData((String) parseUserData.get("u"));
            String[] parseToken = LTPATokenizer.parseToken(StringUtil.toString(decrypt));
            this.expiration = Long.parseLong(parseToken[1]);
            Enumeration keys = parseUserData.keys();
            while (keys.hasMoreElements()) {
                String str = (String) keys.nextElement();
                if (!str.equals("u")) {
                    setAttribute(str, (String) parseUserData.get(str));
                }
            }
            setSignature(StringUtil.getBytes(Base64Coder.base64Decode(parseToken[2])));
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.ltpa.LTPAToken.getInstance", "119");
            throw new InvalidTokenException();
        }
    }

    protected void sign() throws NoSuchAlgorithmException {
        setSignature(LTPADigSignature.sign(toBytes(getUserData().toString()), this.privateKey));
    }

    public boolean isValid() {
        boolean z;
        boolean before = new Date().before(new Date(this.expiration));
        if (!before) {
            StringBuffer logInfo = getLogInfo();
            logInfo.insert(0, "token expired ");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, logInfo.toString());
            }
        }
        try {
            z = verify();
        } catch (NoSuchAlgorithmException e) {
            z = false;
        }
        if (!z) {
            StringBuffer logInfo2 = getLogInfo();
            logInfo2.insert(0, "invalid signature ");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, logInfo2.toString());
            }
        }
        return before && z;
    }

    private boolean verify() throws NoSuchAlgorithmException {
        String userData = getUserData().toString();
        return LTPADigSignature.verify(toBytes(userData), getSignature(), this.publicKey);
    }

    private static String toStrings(byte[] bArr) {
        String str = null;
        try {
            str = new String(bArr, "UTF8");
        } catch (UnsupportedEncodingException e) {
            Tr.debug(tc, new StringBuffer().append("to UTF8 Strings =").append(e.toString()).toString());
        }
        return str;
    }

    private static byte[] toBytes(String str) {
        byte[] bArr = null;
        try {
            bArr = str.getBytes("UTF8");
        } catch (UnsupportedEncodingException e) {
            Tr.debug(tc, new StringBuffer().append("to UTF8 bytes =").append(e.toString()).toString());
        }
        return bArr;
    }

    public byte[] getBytes() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Returning existing encrypted bytes from token object.");
        }
        return (byte[]) this.encryptedBytes.clone();
    }

    public long getExpiration() {
        return this.expiration;
    }

    byte[] getSignature() {
        return this.signature;
    }

    UserData getUserData() {
        return this.userData;
    }

    public void setAttribute(String str, String str2) {
        this.userData.setAttribute(str, str2);
    }

    public String getAttribute(String str) {
        return this.userData.getAttributeValue(str);
    }

    void setSignature(byte[] bArr) {
        this.signature = bArr;
    }

    public String toString() {
        return StringUtil.toString(this.encryptedBytes);
    }

    public short getVersion() {
        return this.version;
    }

    private StringBuffer getLogInfo() {
        StringBuffer stringBuffer = new StringBuffer(getAttribute("u"));
        stringBuffer.append(" Expiration time: ");
        stringBuffer.append(dateFormat.format(new Date(this.expiration)));
        return stringBuffer;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$ltpa$LTPAToken == null) {
            cls = class$("com.ibm.ws.security.ltpa.LTPAToken");
            class$com$ibm$ws$security$ltpa$LTPAToken = cls;
        } else {
            cls = class$com$ibm$ws$security$ltpa$LTPAToken;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
        dateFormat = new SimpleDateFormat("yy.MM.dd kk:mm:ss:SSS z");
    }
}
