package org.owasp.esapi.crypto;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Map;
import java.util.TreeMap;
import java.util.regex.Pattern;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.owasp.esapi.errors.EncodingException;
import org.owasp.esapi.errors.EncryptionException;
import org.owasp.esapi.errors.ValidationException;

/* loaded from: input_file:BOOT-INF/lib/esapi-2.1.0.jar:org/owasp/esapi/crypto/CryptoToken.class */
public class CryptoToken {
    public static final String ANONYMOUS_USER = "<anonymous>";
    private static final long DEFAULT_EXP_TIME = 300000;
    private static final String DELIM = ";";
    private static final char DELIM_CHAR = ';';
    private static final char QUOTE_CHAR = '\\';
    private static final String ATTR_NAME_REGEX = "[A-Za-z0-9_.-]+";
    private static final String USERNAME_REGEX = "[a-z][a-z0-9_.@-]*";
    private static Logger logger;
    private String username;
    private long expirationTime;
    private TreeMap<String, String> attributes;
    private transient SecretKey secretKey;
    private Pattern attrNameRegex;
    private Pattern userNameRegex;
    static final /* synthetic */ boolean $assertionsDisabled;

    public CryptoToken() {
        this.username = ANONYMOUS_USER;
        this.expirationTime = 0L;
        this.attributes = new TreeMap<>();
        this.secretKey = null;
        this.attrNameRegex = Pattern.compile(ATTR_NAME_REGEX);
        this.userNameRegex = Pattern.compile(USERNAME_REGEX);
        this.secretKey = getDefaultSecretKey(ESAPI.securityConfiguration().getEncryptionAlgorithm());
        this.expirationTime = System.currentTimeMillis() + DEFAULT_EXP_TIME;
    }

    public CryptoToken(SecretKey secretKey) {
        this.username = ANONYMOUS_USER;
        this.expirationTime = 0L;
        this.attributes = new TreeMap<>();
        this.secretKey = null;
        this.attrNameRegex = Pattern.compile(ATTR_NAME_REGEX);
        this.userNameRegex = Pattern.compile(USERNAME_REGEX);
        if (!$assertionsDisabled && secretKey == null) {
            throw new AssertionError("SecretKey may not be null.");
        }
        this.secretKey = secretKey;
        this.expirationTime = System.currentTimeMillis() + DEFAULT_EXP_TIME;
    }

    public CryptoToken(String str) throws EncryptionException {
        this.username = ANONYMOUS_USER;
        this.expirationTime = 0L;
        this.attributes = new TreeMap<>();
        this.secretKey = null;
        this.attrNameRegex = Pattern.compile(ATTR_NAME_REGEX);
        this.userNameRegex = Pattern.compile(USERNAME_REGEX);
        this.secretKey = getDefaultSecretKey(ESAPI.securityConfiguration().getEncryptionAlgorithm());
        try {
            decryptToken(this.secretKey, str);
            if (!$assertionsDisabled && this.username == null) {
                throw new AssertionError("Programming error: Decrypted token found username null.");
            }
            if (!$assertionsDisabled && this.expirationTime <= 0) {
                throw new AssertionError("Programming error: Decrypted token found expirationTime <= 0.");
            }
        } catch (EncodingException e) {
            throw new EncryptionException("Decryption of token failed. Token improperly encoded or encrypted with different key.", "Can't decrypt token because not correctly encoded or encrypted with different key.", e);
        }
    }

    public CryptoToken(SecretKey secretKey, String str) throws EncryptionException {
        this.username = ANONYMOUS_USER;
        this.expirationTime = 0L;
        this.attributes = new TreeMap<>();
        this.secretKey = null;
        this.attrNameRegex = Pattern.compile(ATTR_NAME_REGEX);
        this.userNameRegex = Pattern.compile(USERNAME_REGEX);
        if (!$assertionsDisabled && secretKey == null) {
            throw new AssertionError("SecretKey may not be null.");
        }
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError("Token may not be null");
        }
        this.secretKey = secretKey;
        try {
            decryptToken(this.secretKey, str);
            if (!$assertionsDisabled && this.username == null) {
                throw new AssertionError("Programming error: Decrypted token found username null.");
            }
            if (!$assertionsDisabled && this.expirationTime <= 0) {
                throw new AssertionError("Programming error: Decrypted token found expirationTime <= 0.");
            }
        } catch (EncodingException e) {
            throw new EncryptionException("Decryption of token failed. Token improperly encoded.", "Can't decrypt token because not correctly encoded.", e);
        }
    }

    public String getUserAccountName() {
        return this.username != null ? this.username : ANONYMOUS_USER;
    }

    public void setUserAccountName(String str) throws ValidationException {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError("User account name may not be null.");
        }
        String lowerCase = str.toLowerCase();
        if (!this.userNameRegex.matcher(lowerCase).matches()) {
            throw new ValidationException("Invalid user account name encountered.", "User account name " + str + " does not match regex " + USERNAME_REGEX + " after conversion to lowercase.");
        }
        this.username = lowerCase;
    }

    public boolean isExpired() {
        return System.currentTimeMillis() > this.expirationTime;
    }

    public void setExpiration(int i) throws IllegalArgumentException {
        int i2 = i * 1000;
        if (i2 <= 0) {
            throw new IllegalArgumentException("intervalSecs argument, converted to millisecs, must be > 0.");
        }
        long currentTimeMillis = System.currentTimeMillis();
        preAdd(currentTimeMillis, i2);
        this.expirationTime = currentTimeMillis + i2;
    }

    public void setExpiration(Date date) throws IllegalArgumentException {
        if (date == null) {
            throw new IllegalArgumentException("expirationDate may not be null.");
        }
        long currentTimeMillis = System.currentTimeMillis();
        long time = date.getTime();
        if (time <= currentTimeMillis) {
            throw new IllegalArgumentException("Expiration date must be after current date/time.");
        }
        this.expirationTime = time;
    }

    public long getExpiration() {
        if ($assertionsDisabled || this.expirationTime > 0) {
            return this.expirationTime;
        }
        throw new AssertionError("Programming error: Expiration time <= 0");
    }

    public Date getExpirationDate() {
        return new Date(getExpiration());
    }

    public void setAttribute(String str, String str2) throws ValidationException {
        if (str == null || str.length() == 0) {
            throw new ValidationException("Null or empty attribute NAME encountered", "Attribute NAMES may not be null or empty string.");
        }
        if (str2 == null) {
            throw new ValidationException("Null attribute VALUE encountered for attr name " + str, "Attribute VALUE may not be null; attr name: " + str);
        }
        if (!this.attrNameRegex.matcher(str).matches()) {
            throw new ValidationException("Invalid attribute name encountered.", "Attribute name " + str + " does not match regex " + ATTR_NAME_REGEX);
        }
        this.attributes.put(str, str2);
    }

    public void addAttributes(Map<String, String> map) throws ValidationException {
        if (!$assertionsDisabled && map == null) {
            throw new AssertionError("Attribute map may not be null.");
        }
        for (Map.Entry<String, String> entry : map.entrySet()) {
            setAttribute(entry.getKey(), entry.getValue());
        }
    }

    public String getAttribute(String str) {
        return this.attributes.get(str);
    }

    public Map<String, String> getAttributes() {
        return (Map) this.attributes.clone();
    }

    public void clearAttributes() {
        this.attributes.clear();
    }

    public String getToken(SecretKey secretKey) throws EncryptionException {
        return createEncryptedToken(secretKey);
    }

    public String updateToken(int i) throws EncryptionException, ValidationException {
        if (i < 0) {
            throw new IllegalArgumentException("additionalSecs argument must be >= 0.");
        }
        long expiration = getExpiration();
        preAdd(expiration, i * 1000);
        this.expirationTime = expiration + (i * 1000);
        if (!isExpired()) {
            return getToken();
        }
        this.expirationTime = expiration;
        throw new ValidationException("Token timed out.", "Cryptographic token not increased to sufficient value to prevent timeout.");
    }

    public String getToken() throws EncryptionException {
        return createEncryptedToken(this.secretKey);
    }

    private String createEncryptedToken(SecretKey secretKey) throws EncryptionException {
        StringBuilder sb = new StringBuilder(getUserAccountName() + ";");
        sb.append(getExpiration()).append(";");
        sb.append(getQuotedAttributes());
        return ESAPI.encoder().encodeForBase64(ESAPI.encryptor().encrypt(secretKey, new PlainText(sb.toString())).asPortableSerializedByteArray(), false);
    }

    private String getQuotedAttributes() {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> entry : this.attributes.entrySet()) {
            String key = entry.getKey();
            String value = entry.getValue();
            logger.debug(Logger.EVENT_UNSPECIFIED, "   " + key + " -> <not shown>");
            sb.append(key + "=" + quoteAttributeValue(value) + ";");
        }
        return sb.toString();
    }

    private static String quoteAttributeValue(String str) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError("Program error: Value should not be null.");
        }
        StringBuilder sb = new StringBuilder();
        for (char c : str.toCharArray()) {
            if (c == '\\' || c == '=' || c == ';') {
                sb.append('\\').append(c);
            } else {
                sb.append(c);
            }
        }
        return sb.toString();
    }

    private static String parseQuotedValue(String str) {
        StringBuilder sb = new StringBuilder();
        char[] charArray = str.toCharArray();
        int i = 0;
        while (i < charArray.length) {
            char c = charArray[i];
            if (c == '\\') {
                i++;
                sb.append(charArray[i]);
            } else {
                sb.append(c);
            }
            i++;
        }
        return sb.toString();
    }

    private void decryptToken(SecretKey secretKey, String str) throws EncryptionException, EncodingException {
        try {
            String plainText = ESAPI.encryptor().decrypt(secretKey, CipherText.fromPortableSerializedBytes(ESAPI.encoder().decodeFromBase64(str))).toString();
            if (!$assertionsDisabled && !plainText.endsWith(";")) {
                throw new AssertionError("Programming error: Expecting decrypted token to end with delim char, ;");
            }
            char[] charArray = plainText.toCharArray();
            int i = -1;
            int i2 = 0;
            ArrayList arrayList = new ArrayList();
            int length = charArray.length;
            int i3 = 0;
            while (i3 < length) {
                boolean z = false;
                char c = charArray[i3];
                if (c == '\\') {
                    i3++;
                    if (c != length) {
                        c = charArray[i3 + 1];
                        z = true;
                    } else {
                        c = ';';
                    }
                }
                if (c == ';' && !z) {
                    arrayList.add(plainText.substring(i + 1, i3));
                    i2++;
                    i = i3;
                }
                i3++;
            }
            Object[] array = arrayList.toArray();
            if (!$assertionsDisabled && i2 != array.length) {
                throw new AssertionError("Program error: Mismatch of delimited field count.");
            }
            logger.debug(Logger.EVENT_UNSPECIFIED, "Found " + array.length + " fields.");
            if (!$assertionsDisabled && array.length < 2) {
                throw new AssertionError("Missing mandatory fields from decrypted token (username &/or expiration time).");
            }
            this.username = ((String) array[0]).toLowerCase();
            this.expirationTime = Long.parseLong((String) array[1]);
            for (int i4 = 2; i4 < array.length; i4++) {
                String str2 = (String) array[i4];
                int indexOf = str2.indexOf("=");
                if (indexOf == -1) {
                    throw new EncryptionException("Invalid attribute encountered in decrypted token.", "Malformed attribute name/value pair (" + str2 + ") found in decrypted token.");
                }
                String substring = str2.substring(0, indexOf);
                String parseQuotedValue = parseQuotedValue(str2.substring(indexOf + 1));
                logger.debug(Logger.EVENT_UNSPECIFIED, "Attribute[" + i4 + "]: name=" + substring + ", value=<not shown>");
                if (!this.attrNameRegex.matcher(substring).matches()) {
                    throw new EncryptionException("Invalid attribute name encountered in decrypted token.", "Invalid attribute name encountered in decrypted token; attribute name " + substring + " does not match regex " + ATTR_NAME_REGEX);
                }
                this.attributes.put(substring, parseQuotedValue);
                this.attributes.put(substring, parseQuotedValue);
            }
        } catch (IOException e) {
            throw new EncodingException("Invalid base64 encoding.", "Invalid base64 encoding. Encrypted token was: " + str);
        }
    }

    private SecretKey getDefaultSecretKey(String str) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError("Encryption algorithm cannot be null");
        }
        byte[] masterKey = ESAPI.securityConfiguration().getMasterKey();
        if (!$assertionsDisabled && masterKey == null) {
            throw new AssertionError("Can't obtain master key, Encryptor.MasterKey");
        }
        if ($assertionsDisabled || masterKey.length >= 7) {
            return new SecretKeySpec(masterKey, str);
        }
        throw new AssertionError("Encryptor.MasterKey must be at least 7 bytes. Length is: " + masterKey.length + " bytes.");
    }

    static final void preAdd(long j, int i) throws ArithmeticException {
        if (i > 0 && j + i < j) {
            throw new ArithmeticException("Arithmetic overflow for addition.");
        }
        if (i < 0 && j + i > j) {
            throw new ArithmeticException("Arithmetic underflow for addition.");
        }
    }

    static {
        $assertionsDisabled = !CryptoToken.class.desiredAssertionStatus();
        logger = ESAPI.getLogger("CryptoToken");
    }
}
