package com.filenet.apiimpl.util;

import com.filenet.api.exception.EngineRuntimeException;
import com.filenet.api.exception.ExceptionCode;
import com.filenet.apiimpl.authentication.util.B64;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;

/* loaded from: input_file:runtime/Jace.jar:com/filenet/apiimpl/util/BinaryImpersonation.class */
public class BinaryImpersonation {
    private byte[] token;
    private SecureRandom rand = null;
    private MessageDigest msgDigest = null;
    private int lenDigest;
    private boolean isOk;
    private static final byte VERSION_ONE = 1;
    private static final int MIN_LEN_KEY = 8;
    private static final int POS_VERSION = 0;
    private static final int POS_NONCE = 1;
    private static final int POS_TIMESTAMP = 9;
    private static final int POS_USERNAME = 17;
    public static final int MIN_TOKEN_LEN = 38;
    private static final BaseLogger logger = BaseLogger.getBaseLogger(BinaryImpersonation.class, SubSystem.Security);
    private static final long MAX_IMP_SEC_DELTA = ConfigValueLookup.getValueAsInt("imp.TimestampTimeToLiveSeconds", 900);
    private static final long MAX_IMP_MSEC_DELTA = 1000 * MAX_IMP_SEC_DELTA;
    private static final int MIN_CACHED_IMP_NONCES = ConfigValueLookup.getValueAsInt("imp.NonceCacheInitialSize", 500);
    private static final int MAX_CACHED_IMP_NONCES = ConfigValueLookup.getValueAsInt("imp.NonceCacheMaxSize", 0);
    private static NonceCache nonces = new NonceCache(MIN_CACHED_IMP_NONCES, MAX_CACHED_IMP_NONCES, MAX_IMP_SEC_DELTA);

    public BinaryImpersonation(String str) {
        this.isOk = false;
        if (str == null || str.length() == 0) {
            return;
        }
        initDigester();
        byte[] encode = UTF8Helper.encode(str);
        this.token = new byte[17 + encode.length + this.lenDigest];
        Arrays.fill(this.token, (byte) 0);
        this.token[0] = 1;
        System.arraycopy(encode, 0, this.token, 17, encode.length);
        this.isOk = true;
    }

    public char[] generateToken(byte[] bArr) {
        if (!this.isOk || bArr == null || bArr.length < 8) {
            return null;
        }
        if (this.rand == null) {
            this.rand = new SecureRandom();
        }
        long nextLong = this.rand.nextLong();
        long currentTimeMillis = System.currentTimeMillis();
        long2byte(nextLong, this.token, 1);
        long2byte(currentTimeMillis, this.token, 9);
        if (logger.isDetailTraceEnabled()) {
            logger.traceDetail("generate impersonation token; username=" + getUsername() + ", nonce=" + nextLong + ", timestamp=" + currentTimeMillis);
        }
        System.arraycopy(figureDigest(bArr), 0, this.token, this.token.length - this.lenDigest, this.lenDigest);
        byte[] bArr2 = new byte[this.token.length];
        System.arraycopy(this.token, 0, bArr2, 0, 9);
        int i = 9;
        int i2 = 0;
        while (i < this.token.length) {
            bArr2[i] = (byte) (this.token[i] ^ this.token[1 + (i2 % 8)]);
            i++;
            i2++;
        }
        return B64.encodeToChars(bArr2);
    }

    public BinaryImpersonation(char[] cArr, byte[] bArr) {
        this.isOk = false;
        if (cArr == null || bArr == null || bArr.length < 8) {
            return;
        }
        initDigester();
        try {
            this.token = B64.decodeToBytes(cArr);
            int length = this.token.length - this.lenDigest;
            if (length <= 17 || this.token[0] != 1) {
                logger.error("Badly formed impersonation token");
            } else {
                int i = 9;
                int i2 = 0;
                while (i < this.token.length) {
                    byte[] bArr2 = this.token;
                    int i3 = i;
                    bArr2[i3] = (byte) (bArr2[i3] ^ this.token[1 + (i2 % 8)]);
                    i++;
                    i2++;
                }
                byte[] figureDigest = figureDigest(bArr);
                byte[] bArr3 = new byte[this.lenDigest];
                System.arraycopy(this.token, length, bArr3, 0, this.lenDigest);
                String username = getUsername();
                if (!MessageDigest.isEqual(figureDigest, bArr3) || username == null) {
                    this.token = null;
                    logger.error("Impersonation token rejected due to digest mismatch; username=" + username);
                } else {
                    int i4 = 0;
                    int i5 = 0;
                    while (i4 < length) {
                        int i6 = i5 % this.lenDigest;
                        this.token[i4] = (byte) ((this.token[i4] ^ figureDigest[i6]) ^ this.token[length + i6]);
                        i4++;
                        i5++;
                    }
                    long currentTimeMillis = System.currentTimeMillis();
                    long timestamp = getTimestamp();
                    long j = currentTimeMillis - timestamp;
                    if (logger.isDetailTraceEnabled()) {
                        logger.traceDetail("received impersonation token; username=" + username + ", nonce=" + getNonce() + ", timestamp=" + timestamp + ", age=" + j);
                    }
                    if ((j < 0 ? -j : j) > MAX_IMP_MSEC_DELTA) {
                        logger.error("Impersonation token rejected due to timestamp; username=" + username + ", age=" + j);
                        this.token = null;
                    } else {
                        long nonce = getNonce();
                        synchronized (nonces) {
                            if (nonces == null) {
                                nonces = new NonceCache(MIN_CACHED_IMP_NONCES, MAX_IMP_SEC_DELTA);
                            }
                            Long l = (Long) nonces.put(Long.valueOf(nonce), Long.valueOf(timestamp));
                            if (l != null) {
                                long longValue = currentTimeMillis - l.longValue();
                                if ((longValue < 0 ? -longValue : longValue) < MAX_IMP_MSEC_DELTA) {
                                    logger.error("Impersonation token rejected because its nonce was duplicated; username=" + username + ", nonce=" + nonce + ", timestamp=" + l.longValue() + ", age=" + longValue);
                                    this.token = null;
                                }
                            }
                        }
                    }
                    this.isOk = this.token != null;
                }
            }
        } catch (Exception e) {
            logger.error("Unexpected exception when handling impersonation token", e);
        }
        if (!this.isOk) {
            throw new EngineRuntimeException(ExceptionCode.E_NOT_AUTHENTICATED);
        }
    }

    public byte getVersion() {
        return this.token[0];
    }

    public long getNonce() {
        return byte2long(this.token, 1);
    }

    public long getTimestamp() {
        return byte2long(this.token, 9);
    }

    public String getUsername() {
        int length = (this.token.length - this.lenDigest) - 17;
        byte[] bArr = new byte[length];
        System.arraycopy(this.token, 17, bArr, 0, length);
        return UTF8Helper.decodeString(bArr);
    }

    private static void long2byte(long j, byte[] bArr, int i) {
        for (int i2 = 7; i2 >= 0; i2--) {
            bArr[i + i2] = (byte) (j & 255);
            j >>= 8;
        }
    }

    private static long byte2long(byte[] bArr, int i) {
        long j = 0;
        for (int i2 = 0; i2 < 8; i2++) {
            j = (j << 8) + (bArr[i + i2] & 255);
        }
        return j;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof BinaryImpersonation)) {
            return false;
        }
        BinaryImpersonation binaryImpersonation = (BinaryImpersonation) obj;
        if (this.token == binaryImpersonation.token) {
            return true;
        }
        return Arrays.equals(this.token, binaryImpersonation.token);
    }

    private void initDigester() {
        try {
            this.msgDigest = MessageDigest.getInstance("SHA-1");
            this.lenDigest = this.msgDigest.getDigestLength();
        } catch (NoSuchAlgorithmException e) {
            throw new EngineRuntimeException(e, ExceptionCode.E_UNEXPECTED, (Object[]) null);
        }
    }

    private byte[] figureDigest(byte[] bArr) {
        this.msgDigest.update(this.token, 0, this.token.length - this.lenDigest);
        this.msgDigest.update(bArr);
        return this.msgDigest.digest();
    }

    private static void debugToken(String str, byte[] bArr, byte[] bArr2) {
        if (logger.isDetailTraceEnabled()) {
            StringBuffer stringBuffer = new StringBuffer(200);
            stringBuffer.append('\n');
            stringBuffer.append(str);
            stringBuffer.append(" token:");
            byte2hex(stringBuffer, bArr, 0, bArr.length);
            stringBuffer.append('\n');
            stringBuffer.append(str);
            stringBuffer.append(" key:  ");
            byte2hex(stringBuffer, bArr2, 0, bArr2.length);
            logger.traceDetail(stringBuffer.toString());
        }
    }

    private static void byte2hex(StringBuffer stringBuffer, byte[] bArr, int i, int i2) {
        for (int i3 = 0; i3 < i2; i3++) {
            if (i3 % 2 == 0) {
                stringBuffer.append(' ');
            }
            int i4 = bArr[i + i3] & 255;
            if (i4 < 16) {
                stringBuffer.append('0');
            }
            stringBuffer.append(Integer.toHexString(i4));
        }
    }
}
