package org.pageseeder.bridge.berlioz.auth;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.Cookie;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:org/pageseeder/bridge/berlioz/auth/RememberMe.class */
public final class RememberMe {
    private static final SecureRandom R = new SecureRandom();
    private static final int TAG_LENGTH_BYTES = 12;
    private static final int IV_LENGTH_BYTES = 12;
    private static final int KEY_LENGTH_BYTES = 16;
    private static final String DEFAULT_COOKIE_NAME = "pid";
    private static final int DEFAULT_COOKIE_MAX_AGE_SECONDS = 2592000;
    private SecretKeySpec masterKey = null;
    private SecretKeySpec commonKey = null;
    private Path userkeysStore = null;
    private Map<String, SecretKeySpec> userkeys = new HashMap();
    private final String _cookieName = DEFAULT_COOKIE_NAME;
    private final int _cookieMaxAge = DEFAULT_COOKIE_MAX_AGE_SECONDS;

    /* loaded from: input_file:org/pageseeder/bridge/berlioz/auth/RememberMe$Credentials.class */
    public static final class Credentials {
        private final String _username;
        private final String _password;

        public Credentials(String str, String str2) {
            this._username = str;
            this._password = str2;
        }

        public String username() {
            return this._username;
        }

        public String password() {
            return this._password;
        }
    }

    public void init(Path path) throws GeneralSecurityException, IOException {
        if (!Files.exists(path, new LinkOption[0])) {
            Files.createDirectory(path, new FileAttribute[0]);
        }
        this.masterKey = generateMaster("Allette TimeSheet");
        this.commonKey = getKey(path, this.masterKey);
        this.userkeysStore = path.resolve("users.properties");
        load(this.userkeysStore, this.userkeys, this.commonKey);
    }

    public Credentials getCredentials(Cookie cookie) {
        String value;
        int indexOf;
        if (cookie == null || (indexOf = (value = cookie.getValue()).indexOf(58)) <= 0) {
            return null;
        }
        try {
            byte[] parseBase64URL = parseBase64URL(value.substring(0, indexOf));
            byte[] parseBase64URL2 = parseBase64URL(value.substring(indexOf + 1));
            String str = new String(decrypt(parseBase64URL, this.commonKey));
            SecretKeySpec secretKeySpec = this.userkeys.get(str);
            if (secretKeySpec != null) {
                return new Credentials(str, new String(decrypt(parseBase64URL2, secretKeySpec)));
            }
            return null;
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
            return null;
        }
    }

    public Cookie getCookie(Cookie[] cookieArr) {
        if (cookieArr == null || cookieArr.length == 0) {
            return null;
        }
        for (Cookie cookie : cookieArr) {
            if (this._cookieName.equals(cookie.getName())) {
                return cookie;
            }
        }
        return null;
    }

    public Cookie newCookie(Credentials credentials) {
        Cookie cookie = null;
        try {
            SecretKeySpec secretKeySpec = this.userkeys.get(credentials.username());
            if (secretKeySpec == null) {
                secretKeySpec = new SecretKeySpec(newRandomBytes(KEY_LENGTH_BYTES), "AES");
                this.userkeys.put(credentials.username(), this.commonKey);
                save(this.userkeysStore, this.userkeys, this.commonKey);
            }
            cookie = new Cookie(this._cookieName, toBase64URL(encrypt(credentials.username().getBytes(), this.commonKey)) + ":" + toBase64URL(encrypt(credentials.password().getBytes(), secretKeySpec)));
            cookie.setHttpOnly(true);
            cookie.setSecure(true);
            cookie.setMaxAge(this._cookieMaxAge);
        } catch (IOException | GeneralSecurityException e) {
            e.printStackTrace();
        }
        return cookie;
    }

    private static byte[] encrypt(byte[] bArr, Key key) throws GeneralSecurityException {
        byte[] newRandomBytes = newRandomBytes(12);
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(96, newRandomBytes);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, key, gCMParameterSpec);
        return concatenate(newRandomBytes, cipher.doFinal(bArr));
    }

    private static byte[] decrypt(byte[] bArr, Key key) throws GeneralSecurityException {
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(96, Arrays.copyOf(bArr, 12));
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, key, gCMParameterSpec);
        return cipher.doFinal(Arrays.copyOfRange(bArr, 12, bArr.length));
    }

    private static byte[] newRandomBytes(int i) {
        byte[] bArr = new byte[i];
        R.nextBytes(bArr);
        return bArr;
    }

    private static byte[] concatenate(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    private static SecretKeySpec getKey(Path path, SecretKeySpec secretKeySpec) throws IOException, GeneralSecurityException {
        byte[] newRandomBytes;
        Path resolve = path.resolve("common.key");
        if (Files.exists(resolve, new LinkOption[0])) {
            newRandomBytes = decrypt(Files.readAllBytes(resolve), secretKeySpec);
        } else {
            newRandomBytes = newRandomBytes(KEY_LENGTH_BYTES);
            Files.write(resolve, encrypt(newRandomBytes, secretKeySpec), new OpenOption[0]);
        }
        return new SecretKeySpec(newRandomBytes, "AES");
    }

    private static SecretKeySpec generateMaster(String str) throws GeneralSecurityException {
        return new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str.toCharArray(), new byte[]{1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5}, 1024, 128)).getEncoded(), "AES");
    }

    private static void load(Path path, Map<String, SecretKeySpec> map, SecretKeySpec secretKeySpec) throws IOException, GeneralSecurityException {
        if (Files.exists(path, new LinkOption[0])) {
            for (String str : Files.readAllLines(path, StandardCharsets.UTF_8)) {
                int indexOf = str.indexOf(61);
                if (indexOf > 0) {
                    map.put(str.substring(0, indexOf), new SecretKeySpec(decrypt(DatatypeConverter.parseBase64Binary(str.substring(indexOf + 1)), secretKeySpec), "AES"));
                }
            }
        }
    }

    private static void save(Path path, Map<String, SecretKeySpec> map, SecretKeySpec secretKeySpec) throws IOException, GeneralSecurityException {
        ArrayList arrayList = new ArrayList(map.size());
        for (Map.Entry<String, SecretKeySpec> entry : map.entrySet()) {
            arrayList.add(entry.getKey() + "=" + DatatypeConverter.printBase64Binary(encrypt(entry.getValue().getEncoded(), secretKeySpec)));
        }
        Files.write(path, arrayList, StandardCharsets.UTF_8, new OpenOption[0]);
    }

    private String toBase64URL(byte[] bArr) {
        return Base64.getUrlEncoder().encodeToString(bArr);
    }

    private byte[] parseBase64URL(String str) {
        return Base64.getDecoder().decode(str);
    }
}
