package com.xpn.xwiki.user.impl.xwiki;

import java.security.MessageDigest;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
import java.util.TimeZone;
import javax.crypto.Cipher;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.TimeZones;
import org.eclipse.aether.repository.AuthenticationContext;
import org.securityfilter.authenticator.persistent.DefaultPersistentLoginManager;
import org.securityfilter.filter.SecurityRequestWrapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/xwiki-platform-legacy-oldcore-10.8.2.jar:com/xpn/xwiki/user/impl/xwiki/MyPersistentLoginManager.class */
public class MyPersistentLoginManager extends DefaultPersistentLoginManager {
    private static final long serialVersionUID = -8454351828032103173L;
    private static final String FIELD_SEPARATOR = ":";
    private static final String COOKIE_DOT_PFX = ".";
    private static final String DEFAULT_VALUE = "false";
    private static final String COOKIE_EXPIRE_NOW;
    protected String[] cookieDomains;
    protected String cookiePath = "/";
    protected String cookiePrefix = "";
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) MyPersistentLoginManager.class);
    private static final DateFormat COOKIE_EXPIRE_FORMAT = new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss z", Locale.US);

    private String conformCookieDomain(String str) {
        return (str == null || str.startsWith(".")) ? str : ".".concat(str);
    }

    public void setCookieDomains(String[] strArr) {
        if (strArr == null || strArr.length <= 0) {
            this.cookieDomains = null;
            return;
        }
        this.cookieDomains = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            this.cookieDomains[i] = conformCookieDomain(strArr[i]);
        }
    }

    public void setCookiePath(String str) {
        this.cookiePath = str;
    }

    @Deprecated
    public void setupCookie(Cookie cookie, boolean z, String str, HttpServletResponse httpServletResponse) {
        setupCookie(cookie, z, false, str, httpServletResponse);
    }

    private void setupCookie(Cookie cookie, boolean z, boolean z2, String str, HttpServletResponse httpServletResponse) {
        if (!z) {
            setMaxAge(cookie);
        }
        cookie.setSecure(z2);
        cookie.setPath(this.cookiePath);
        if (str != null) {
            cookie.setDomain(str);
        }
        addCookie(httpServletResponse, cookie);
    }

    @Override // org.securityfilter.authenticator.persistent.DefaultPersistentLoginManager, org.securityfilter.authenticator.persistent.PersistentLoginManagerInterface
    public void rememberLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        String str3 = str;
        String str4 = str2;
        if (this.protection.equals("all") || this.protection.equals("encryption")) {
            str3 = encryptText(str3);
            str4 = encryptText(str4);
            if (str3 == null || str4 == null) {
                LOGGER.error("ERROR!!");
                LOGGER.error("There was a problem encrypting the username or password!!");
                LOGGER.error("Remember Me function will be disabled!!");
                return;
            }
        }
        boolean z = !isTrue(httpServletRequest.getParameter("j_rememberme"));
        boolean isSecure = httpServletRequest.isSecure();
        String cookieDomain = getCookieDomain(httpServletRequest);
        setupCookie(new Cookie(getCookiePrefix() + AuthenticationContext.USERNAME, str3), z, isSecure, cookieDomain, httpServletResponse);
        setupCookie(new Cookie(getCookiePrefix() + "password", str4), z, isSecure, cookieDomain, httpServletResponse);
        setupCookie(new Cookie(getCookiePrefix() + "rememberme", (!z) + ""), z, isSecure, cookieDomain, httpServletResponse);
        if (this.protection.equals("all") || this.protection.equals("validation")) {
            String validationHash = getValidationHash(str3, str4, getClientIP(httpServletRequest));
            if (validationHash != null) {
                setupCookie(new Cookie(getCookiePrefix() + "validation", validationHash), z, isSecure, cookieDomain, httpServletResponse);
            } else if (LOGGER.isErrorEnabled()) {
                LOGGER.error("WARNING!!! WARNING!!!");
                LOGGER.error("PROTECTION=ALL or PROTECTION=VALIDATION was specified");
                LOGGER.error("but Validation Hash could NOT be generated");
                LOGGER.error("Validation has been disabled!!!!");
            }
        }
    }

    private void setMaxAge(Cookie cookie) {
        try {
            cookie.setMaxAge(Math.round(86400.0f * Float.parseFloat(this.cookieLife)));
        } catch (Exception e) {
            if (LOGGER.isErrorEnabled()) {
                LOGGER.error("Failed setting cookie Max age with duration " + this.cookieLife);
            }
        }
    }

    private void addCookie(HttpServletResponse httpServletResponse, Cookie cookie) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Adding cookie: " + cookie.getDomain() + cookie.getPath() + " " + cookie.getName() + "=" + cookie.getValue());
        }
        StringBuilder sb = new StringBuilder(150);
        sb.append(cookie.getName() + "=");
        if (StringUtils.isNotEmpty(cookie.getValue())) {
            sb.append("\"" + cookie.getValue() + "\"");
        }
        sb.append("; Version=1");
        if (cookie.getMaxAge() >= 0) {
            sb.append("; Max-Age=" + cookie.getMaxAge());
            sb.append("; Expires=");
            if (cookie.getMaxAge() == 0) {
                sb.append(COOKIE_EXPIRE_NOW);
            } else {
                sb.append(COOKIE_EXPIRE_FORMAT.format(new Date(System.currentTimeMillis() + (cookie.getMaxAge() * 1000))));
            }
        }
        if (StringUtils.isNotEmpty(cookie.getDomain())) {
            sb.append("; Domain=" + cookie.getDomain().toLowerCase());
        }
        if (StringUtils.isNotEmpty(cookie.getPath())) {
            sb.append("; Path=" + cookie.getPath());
        }
        sb.append("; HttpOnly");
        if (cookie.getSecure()) {
            sb.append("; Secure");
        }
        httpServletResponse.addHeader("Set-Cookie", sb.toString());
    }

    private String getCookieDomain(HttpServletRequest httpServletRequest) {
        String str = null;
        if (this.cookieDomains != null) {
            String conformCookieDomain = conformCookieDomain(httpServletRequest.getServerName());
            String[] strArr = this.cookieDomains;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str2 = strArr[i];
                if (conformCookieDomain.endsWith(str2)) {
                    str = str2;
                    break;
                }
                i++;
            }
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Cookie domain is:" + str);
        }
        return str;
    }

    private String getValidationHash(String str, String str2, String str3) {
        if (this.validationKey == null) {
            if (!LOGGER.isErrorEnabled()) {
                return null;
            }
            LOGGER.error("ERROR! >> validationKey not specified...");
            LOGGER.error("you are REQUIRED to specify the validatonkey in xwiki.cfg");
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            stringBuffer.append(str);
            stringBuffer.append(":");
            stringBuffer.append(str2.toString());
            stringBuffer.append(":");
            if (isTrue(this.useIP)) {
                stringBuffer.append(str3.toString());
                stringBuffer.append(":");
            }
            stringBuffer.append(this.validationKey.toString());
            this.valueBeforeMD5 = stringBuffer.toString();
            messageDigest.update(this.valueBeforeMD5.getBytes());
            byte[] digest = messageDigest.digest();
            StringBuffer stringBuffer2 = new StringBuffer();
            for (byte b : digest) {
                int i = b & 255;
                if (i < 16) {
                    stringBuffer2.append('0');
                }
                stringBuffer2.append(Integer.toHexString(i));
            }
            this.valueAfterMD5 = stringBuffer2.toString();
        } catch (Exception e) {
            LOGGER.error("Failed to get [" + MessageDigest.class.getName() + "] instance", (Throwable) e);
        }
        return this.valueAfterMD5;
    }

    public String encryptText(String str) {
        try {
            Cipher cipher = Cipher.getInstance(this.cipherParameters);
            if (this.secretKey != null) {
                cipher.init(1, this.secretKey);
                return new String(Base64.encodeBase64(cipher.doFinal(str.getBytes()))).replaceAll("=", "_");
            }
            if (LOGGER.isErrorEnabled()) {
                LOGGER.error("ERROR! >> SecretKey not generated...");
                LOGGER.error("you are REQUIRED to specify the encryptionKey in xwiki.cfg");
            }
            return null;
        } catch (Exception e) {
            if (!LOGGER.isErrorEnabled()) {
                return null;
            }
            LOGGER.error("Failed to encrypt text: " + str, (Throwable) e);
            return null;
        }
    }

    @Override // org.securityfilter.authenticator.persistent.DefaultPersistentLoginManager, org.securityfilter.authenticator.persistent.PersistentLoginManagerInterface
    public void forgetLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        ((SecurityRequestWrapper) httpServletRequest).setUserPrincipal(null);
        removeCookie(httpServletRequest, httpServletResponse, getCookiePrefix() + AuthenticationContext.USERNAME);
        removeCookie(httpServletRequest, httpServletResponse, getCookiePrefix() + "password");
        removeCookie(httpServletRequest, httpServletResponse, getCookiePrefix() + "rememberme");
        removeCookie(httpServletRequest, httpServletResponse, getCookiePrefix() + "validation");
    }

    private static Cookie getCookie(Cookie[] cookieArr, String str) {
        if (cookieArr == null) {
            return null;
        }
        for (Cookie cookie : cookieArr) {
            if (str.equals(cookie.getName())) {
                return cookie;
            }
        }
        return null;
    }

    private void removeCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        Cookie cookie = getCookie(httpServletRequest.getCookies(), str);
        if (cookie != null) {
            cookie.setMaxAge(0);
            cookie.setValue("");
            cookie.setPath(this.cookiePath);
            addCookie(httpServletResponse, cookie);
            String cookieDomain = getCookieDomain(httpServletRequest);
            if (cookieDomain != null) {
                cookie.setDomain(cookieDomain);
                addCookie(httpServletResponse, cookie);
            }
        }
    }

    private static boolean isTrue(String str) {
        return "true".equals(str) || "1".equals(str) || "yes".equals(str);
    }

    private static String getCookieValue(Cookie[] cookieArr, String str, String str2) {
        String str3 = str2;
        if (cookieArr != null) {
            for (Cookie cookie : cookieArr) {
                if (str.equals(cookie.getName())) {
                    str3 = cookie.getValue();
                }
            }
        }
        return str3;
    }

    private boolean checkValidation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!this.protection.equals("all") && !this.protection.equals("validation")) {
            return false;
        }
        if (getCookieValue(httpServletRequest.getCookies(), getCookiePrefix() + "validation", "false").equals(getValidationHash(getCookieValue(httpServletRequest.getCookies(), getCookiePrefix() + AuthenticationContext.USERNAME, "false"), getCookieValue(httpServletRequest.getCookies(), getCookiePrefix() + "password", "false"), getClientIP(httpServletRequest)))) {
            return true;
        }
        LOGGER.warn("Login cookie validation hash mismatch! Cookies have been tampered with");
        LOGGER.info("Login cookie is being deleted!");
        forgetLogin(httpServletRequest, httpServletResponse);
        return false;
    }

    @Override // org.securityfilter.authenticator.persistent.DefaultPersistentLoginManager, org.securityfilter.authenticator.persistent.PersistentLoginManagerInterface
    public String getRememberedUsername(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String cookieValue = getCookieValue(httpServletRequest.getCookies(), getCookiePrefix() + AuthenticationContext.USERNAME, "false");
        if (cookieValue.equals("false") || !checkValidation(httpServletRequest, httpServletResponse)) {
            return null;
        }
        if (this.protection.equals("all") || this.protection.equals("encryption")) {
            cookieValue = decryptText(cookieValue);
        }
        return cookieValue;
    }

    @Override // org.securityfilter.authenticator.persistent.DefaultPersistentLoginManager, org.securityfilter.authenticator.persistent.PersistentLoginManagerInterface
    public String getRememberedPassword(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String cookieValue = getCookieValue(httpServletRequest.getCookies(), getCookiePrefix() + "password", "false");
        if (cookieValue.equals("false") || !checkValidation(httpServletRequest, httpServletResponse)) {
            return null;
        }
        if (this.protection.equals("all") || this.protection.equals("encryption")) {
            cookieValue = decryptText(cookieValue);
        }
        return cookieValue;
    }

    @Override // org.securityfilter.authenticator.persistent.DefaultPersistentLoginManager, org.securityfilter.authenticator.persistent.PersistentLoginManagerInterface
    public boolean rememberingLogin(HttpServletRequest httpServletRequest) {
        return getCookieValue(httpServletRequest.getCookies(), new StringBuilder().append(getCookiePrefix()).append("rememberme").toString(), "false").equals("true");
    }

    private String decryptText(String str) {
        try {
            byte[] decodeBase64 = Base64.decodeBase64(str.replaceAll("_", "=").getBytes("ISO-8859-1"));
            Cipher cipher = Cipher.getInstance(this.cipherParameters);
            cipher.init(2, this.secretKey);
            return new String(cipher.doFinal(decodeBase64));
        } catch (Exception e) {
            LOGGER.error("Error decypting text: " + str, (Throwable) e);
            return null;
        }
    }

    protected String getClientIP(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("X-Forwarded-For");
        if (header == null || "".equals(header)) {
            header = httpServletRequest.getRemoteAddr();
        } else if (header.indexOf(44) != -1) {
            header = header.substring(0, header.indexOf(44));
        }
        return header;
    }

    public void setCookiePrefix(String str) {
        this.cookiePrefix = str;
    }

    public String getCookiePrefix() {
        return this.cookiePrefix;
    }

    static {
        COOKIE_EXPIRE_FORMAT.setTimeZone(TimeZone.getTimeZone(TimeZones.GMT_ID));
        COOKIE_EXPIRE_NOW = COOKIE_EXPIRE_FORMAT.format(new Date(0L));
    }
}
