package edu.internet2.middleware.grouper.j2ee;

import edu.internet2.middleware.grouper.authentication.GrouperPassword;
import edu.internet2.middleware.grouper.authentication.GrouperPasswordSave;
import edu.internet2.middleware.grouper.cfg.GrouperConfig;
import edu.internet2.middleware.grouper.cfg.GrouperHibernateConfig;
import edu.internet2.middleware.grouper.misc.GrouperDAOFactory;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.grouperClient.collections.MultiKey;
import edu.internet2.middleware.grouperClient.util.ExpirableCache;
import edu.internet2.middleware.morphString.Morph;
import java.security.SecureRandom;
import java.time.Instant;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;

/* loaded from: input_file:edu/internet2/middleware/grouper/j2ee/Authentication.class */
public class Authentication {
    private static final Log LOG = GrouperUtil.getLog(Authentication.class);
    private static Map<GrouperPassword.Application, ExpirableCache<MultiKey, Boolean>> authenticationCache = new HashMap();

    public static final String retrieveUsername(String str) {
        String str2;
        int indexOf;
        if (StringUtils.isBlank(str)) {
            return null;
        }
        try {
            StringTokenizer stringTokenizer = new StringTokenizer(str);
            if (stringTokenizer.hasMoreTokens() && stringTokenizer.nextToken().equalsIgnoreCase("Basic") && (indexOf = (str2 = new String(Base64.getDecoder().decode(stringTokenizer.nextToken()), "UTF-8")).indexOf(":")) != -1) {
                return str2.substring(0, indexOf).trim();
            }
            return null;
        } catch (Exception e) {
            LOG.error("Error retrieving username from authHeader");
            return null;
        }
    }

    private static ExpirableCache<MultiKey, Boolean> authenticationCache(GrouperPassword.Application application) {
        GrouperUtil.assertion(application != null, "application cant be null");
        ExpirableCache<MultiKey, Boolean> expirableCache = null;
        if (GrouperConfig.retrieveConfig().propertyValueBoolean("grouper.authentication." + application.name() + ".cache", true)) {
            expirableCache = authenticationCache.get(application);
            if (expirableCache == null) {
                expirableCache = new ExpirableCache<>(GrouperConfig.retrieveConfig().propertyValueInt("grouper.authentication." + application.name() + ".cacheTimeMinutes", 2));
                authenticationCache.put(application, expirableCache);
            }
        }
        return expirableCache;
    }

    public boolean authenticate(String str, GrouperPassword.Application application) {
        String str2;
        int indexOf;
        if (StringUtils.isBlank(str)) {
            return false;
        }
        ExpirableCache<MultiKey, Boolean> authenticationCache2 = authenticationCache(application);
        try {
            StringTokenizer stringTokenizer = new StringTokenizer(str);
            if (!stringTokenizer.hasMoreTokens() || !stringTokenizer.nextToken().equalsIgnoreCase("Basic") || (indexOf = (str2 = new String(Base64.getDecoder().decode(stringTokenizer.nextToken()), "UTF-8")).indexOf(":")) == -1) {
                return false;
            }
            String trim = str2.substring(0, indexOf).trim();
            String trim2 = str2.substring(indexOf + 1).trim();
            MultiKey multiKey = null;
            if (authenticationCache2 != null) {
                multiKey = new MultiKey(application, trim, Morph.encrypt(trim2));
                Boolean bool = (Boolean) authenticationCache2.get(multiKey);
                if (bool != null && bool.booleanValue()) {
                    return true;
                }
            }
            GrouperPassword findByUsernameApplication = GrouperDAOFactory.getFactory().getGrouperPassword().findByUsernameApplication(trim, application.name());
            boolean equals = findByUsernameApplication != null ? StringUtils.equals(Morph.encrypt(findByUsernameApplication.getEncryptionType().generateHash(findByUsernameApplication.getTheSalt() + trim2)), findByUsernameApplication.getThePassword()) : StringUtils.equals(trim2, Morph.decryptIfFile(GrouperHibernateConfig.retrieveConfig().propertyValueString("grouperPasswordConfigOverride_" + application.name() + "_" + trim + "_pass")));
            if (equals && authenticationCache2 != null) {
                authenticationCache2.put(multiKey, true);
            }
            return equals;
        } catch (Exception e) {
            LOG.error("Error authenticating", e);
            return false;
        }
    }

    public void assignUserPassword(GrouperPasswordSave grouperPasswordSave) {
        try {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            String propertyValueString = GrouperConfig.retrieveConfig().propertyValueString("grouper.authentication.encryptionType", null);
            if (StringUtils.isBlank(propertyValueString)) {
                throw new RuntimeException("grouper.authentication.encryptionType must be set to SHA-256 or RS-256");
            }
            try {
                GrouperPassword.EncryptionType valueOf = GrouperPassword.EncryptionType.valueOf(propertyValueString.replace("-", "_"));
                String encodeHexString = Hex.encodeHexString(bArr);
                String encrypt = Morph.encrypt(valueOf.generateHash(encodeHexString + grouperPasswordSave.getThePassword()));
                GrouperPassword grouperPassword = new GrouperPassword();
                grouperPassword.setApplication(grouperPasswordSave.getApplication());
                grouperPassword.setEncryptionType(valueOf);
                grouperPassword.setEntityType(grouperPasswordSave.getEntityType());
                grouperPassword.setThePassword(encrypt);
                grouperPassword.setHashed(valueOf == GrouperPassword.EncryptionType.SHA_256);
                grouperPassword.setTheSalt(encodeHexString);
                grouperPassword.setUsername(grouperPasswordSave.getUsername());
                grouperPassword.setLastEdited(Long.valueOf(Instant.now().toEpochMilli()));
                GrouperDAOFactory.getFactory().getGrouperPassword().saveOrUpdate(grouperPassword);
            } catch (Exception e) {
                throw new RuntimeException("grouper.authentication.encryptionType must be set to SHA-256 or RS-256");
            }
        } catch (Exception e2) {
            throw new RuntimeException("error", e2);
        }
    }
}
