package com.inet.authentication.token.server.hmac;

import com.inet.authentication.ActiveAuthenticationProvider;
import com.inet.authentication.AuthenticationDescription;
import com.inet.authentication.AuthenticationProvider;
import com.inet.authentication.LoginProcessor;
import com.inet.authentication.TokenAuthenticationProvider;
import com.inet.authentication.token.TokenAuthenticationServerPlugin;
import com.inet.authentication.token.server.bearer.TokenLoginData;
import com.inet.config.Configuration;
import com.inet.http.servlet.UploadLimitFilter;
import com.inet.id.GUID;
import com.inet.lib.json.Json;
import com.inet.lib.util.StringFunctions;
import com.inet.permissions.Permission;
import com.inet.permissions.SystemPermissionChecker;
import com.inet.search.command.AndSearchExpression;
import com.inet.search.command.SearchCommand;
import com.inet.search.command.SearchCondition;
import com.inet.search.command.SearchExpression;
import com.inet.search.index.IndexSearchEngine;
import com.inet.usersandgroups.api.user.LoginSettings;
import com.inet.usersandgroups.api.user.UserAccount;
import com.inet.usersandgroups.api.user.UserManager;
import com.inet.usersandgroups.user.search.SearchTagActive;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.SuppressFBWarnings;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

/* loaded from: input_file:com/inet/authentication/token/server/hmac/a.class */
public class a implements ActiveAuthenticationProvider, AuthenticationProvider, TokenAuthenticationProvider {
    private HashMap<byte[], C0001a> i;

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: com.inet.authentication.token.server.hmac.a$a, reason: collision with other inner class name */
    /* loaded from: input_file:com/inet/authentication/token/server/hmac/a$a.class */
    public class C0001a {
        private GUID j;
        private TokenLoginData k;

        private C0001a() {
        }
    }

    public a() {
        com.inet.authentication.token.server.a.c.a(() -> {
            this.i = null;
        });
    }

    @Nonnull
    public String name() {
        return "hmac";
    }

    public int getPriority() {
        return 10001;
    }

    @Nonnull
    public LoginProcessor create(AuthenticationDescription authenticationDescription) {
        throw new UnsupportedOperationException();
    }

    @SuppressFBWarnings(value = {"UNSAFE_HASH_EQUALS"}, justification = "runtime is not important because it is a loop")
    public LoginProcessor createLoginProcessor(AuthenticationDescription authenticationDescription, @Nullable String str, HttpServletRequest httpServletRequest, boolean z) {
        if (str == null || !str.startsWith("HMAC ")) {
            return null;
        }
        try {
            byte[] decode = Base64.getDecoder().decode(str.substring(5));
            Set<Map.Entry<byte[], C0001a>> entrySet = f().entrySet();
            if (entrySet.isEmpty()) {
                return null;
            }
            String servletPath = httpServletRequest.getServletPath();
            if (StringFunctions.isEmpty(servletPath)) {
                servletPath = httpServletRequest.getPathInfo();
            }
            if (servletPath == null) {
                return null;
            }
            try {
                byte[] a = a(httpServletRequest);
                for (Map.Entry<byte[], C0001a> entry : entrySet) {
                    if (Arrays.equals(decode, a(entry.getKey(), a))) {
                        C0001a value = entry.getValue();
                        TokenLoginData tokenLoginData = value.k;
                        return com.inet.authentication.token.server.a.c.a(tokenLoginData, servletPath, tokenLoginData.getHash(), value.j, "hmac");
                    }
                }
                LoginProcessor.LOGGER.debug("HMAC hash does not match any known HMAC token: " + str);
                return null;
            } catch (Exception e) {
                LoginProcessor.LOGGER.error(e);
                return null;
            }
        } catch (IllegalArgumentException e2) {
            LoginProcessor.LOGGER.debug("HMAC hash is not a valid base64: " + str);
            return null;
        }
    }

    private static byte[] a(ServletRequest servletRequest) throws IOException {
        while (servletRequest instanceof HttpServletRequestWrapper) {
            if (servletRequest.getClass() == UploadLimitFilter.PreviewHttpServletRequest.class) {
                return ((UploadLimitFilter.PreviewHttpServletRequest) servletRequest).getDataPreview();
            }
            servletRequest = ((HttpServletRequestWrapper) servletRequest).getRequest();
        }
        return null;
    }

    private static byte[] a(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
        return mac.doFinal(bArr2);
    }

    @Nonnull
    private HashMap<byte[], C0001a> f() {
        HashMap<byte[], C0001a> hashMap = this.i;
        if (hashMap == null) {
            hashMap = new HashMap<>();
            IndexSearchEngine searchEngine = UserManager.getInstance().getSearchEngine();
            SearchExpression andSearchExpression = new AndSearchExpression();
            andSearchExpression.add(new SearchCondition("loginsettings", SearchCondition.SearchTermOperator.StartsWith, "hmac|"));
            andSearchExpression.add(new SearchCondition("active", SearchCondition.SearchTermOperator.Equals, SearchTagActive.valueAsString(true)));
            for (GUID guid : searchEngine.simpleSearch(new SearchCommand(new SearchExpression[]{andSearchExpression}))) {
                UserAccount userAccount = UserManager.getInstance().getUserAccount(guid);
                if (userAccount != null && SystemPermissionChecker.hasAnyPermission(userAccount, new Permission[]{TokenAuthenticationServerPlugin.TOKEN_AUTHENTICATION_PERMISSION})) {
                    for (LoginSettings loginSettings : userAccount.getLoginSettings()) {
                        if ("hmac".equals(loginSettings.getLoginSource())) {
                            String additionalData = loginSettings.getAdditionalData();
                            C0001a c0001a = new C0001a();
                            c0001a.j = guid;
                            TokenLoginData tokenLoginData = (TokenLoginData) new Json().fromJson(additionalData, TokenLoginData.class);
                            c0001a.k = tokenLoginData;
                            hashMap.put(tokenLoginData.getHash().getBytes(StandardCharsets.ISO_8859_1), c0001a);
                        }
                    }
                }
            }
            this.i = hashMap;
        }
        return hashMap;
    }

    @Nonnull
    public String getDisplayName(@Nullable Map<String, String> map) {
        return TokenAuthenticationServerPlugin.MSG.getMsg("hmac.logins.displayName", new Object[0]);
    }

    public AuthenticationDescription getAuthenticationDescription(Map<String, String> map, boolean z, boolean z2) {
        if (!z) {
            return null;
        }
        map.put("icon", com.inet.authentication.token.server.a.class.getResource("token.png").toString());
        map.put("color", "#46be94");
        return new AuthenticationDescription(this, map, "hmac", AuthenticationDescription.BasicSupport.No);
    }

    @Nonnull
    public Map<String, String> applySettings(@Nonnull Map<String, String> map, @Nonnull Configuration configuration, @Nonnull List<Map<String, String>> list) {
        return new HashMap();
    }

    public boolean hasAdditionalConfigurationAction() {
        return false;
    }
}
