package io.undertow.security.impl;

import com.aliyun.oss.ClientConfiguration;
import io.undertow.UndertowMessages;
import io.undertow.security.api.SessionNonceManager;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.FlexBase64;
import io.undertow.util.WorkerUtils;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import java.util.concurrent.ThreadLocalRandom;
import java.util.concurrent.TimeUnit;
import org.xnio.XnioExecutor;
import org.xnio.XnioIoThread;

/* loaded from: input_file:BOOT-INF/lib/undertow-core-2.1.7.Final.jar:io/undertow/security/impl/SimpleNonceManager.class */
public class SimpleNonceManager implements SessionNonceManager {
    private static final String DEFAULT_HASH_ALG = "MD5";
    private final Set<String> invalidNonces;
    private final Map<String, Nonce> knownNonces;
    private final Map<NonceHolder, String> forwardMapping;
    private final String secret;
    private final String hashAlg;
    private final int hashLength;
    private static final long firstUseTimeOut = 300000;
    private static final long overallTimeOut = 900000;
    private static final long cacheTimePostExpiry = 300000;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/undertow-core-2.1.7.Final.jar:io/undertow/security/impl/SimpleNonceManager$InvalidNonceCleaner.class */
    public class InvalidNonceCleaner implements Runnable {
        private final String nonce;

        private InvalidNonceCleaner(String str) {
            if (str == null) {
                throw new NullPointerException("nonce must not be null.");
            }
            this.nonce = str;
        }

        @Override // java.lang.Runnable
        public void run() {
            SimpleNonceManager.this.invalidNonces.remove(this.nonce);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/undertow-core-2.1.7.Final.jar:io/undertow/security/impl/SimpleNonceManager$KnownNonceCleaner.class */
    public class KnownNonceCleaner implements Runnable {
        private final String nonce;

        private KnownNonceCleaner(String str) {
            if (str == null) {
                throw new NullPointerException("nonce must not be null.");
            }
            this.nonce = str;
        }

        @Override // java.lang.Runnable
        public void run() {
            SimpleNonceManager.this.knownNonces.remove(this.nonce);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/undertow-core-2.1.7.Final.jar:io/undertow/security/impl/SimpleNonceManager$Nonce.class */
    public static class Nonce {
        private final String nonce;
        private final long timeStamp;
        private int maxNonceCount;
        private final NonceHolder previousNonce;
        private byte[] sessionKey;
        private XnioExecutor.Key executorKey;

        private Nonce(String str) {
            this(str, -1L, -1);
        }

        private Nonce(String str, long j) {
            this(str, j, -1);
        }

        private Nonce(String str, long j, int i) {
            this(str, j, i, (NonceHolder) null);
        }

        private Nonce(String str, long j, NonceHolder nonceHolder) {
            this(str, j, -1, nonceHolder);
        }

        private Nonce(String str, long j, int i, NonceHolder nonceHolder) {
            this.nonce = str;
            this.timeStamp = j;
            this.maxNonceCount = i;
            this.previousNonce = nonceHolder;
        }

        byte[] getSessionKey() {
            return this.sessionKey;
        }

        void setSessionKey(byte[] bArr) {
            this.sessionKey = bArr;
        }

        int getMaxNonceCount() {
            return this.maxNonceCount;
        }

        void setMaxNonceCount(int i) {
            this.maxNonceCount = i;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/undertow-core-2.1.7.Final.jar:io/undertow/security/impl/SimpleNonceManager$NonceHolder.class */
    public static class NonceHolder {
        private final String nonce;

        private NonceHolder(String str) {
            if (str == null) {
                throw new NullPointerException("nonce must not be null.");
            }
            this.nonce = str;
        }

        public int hashCode() {
            return this.nonce.hashCode();
        }

        public boolean equals(Object obj) {
            if (obj instanceof NonceHolder) {
                return this.nonce.equals(((NonceHolder) obj).nonce);
            }
            return false;
        }
    }

    public SimpleNonceManager() {
        this("MD5");
    }

    public SimpleNonceManager(String str) {
        this.invalidNonces = Collections.synchronizedSet(new HashSet());
        this.knownNonces = Collections.synchronizedMap(new HashMap());
        this.forwardMapping = Collections.synchronizedMap(new WeakHashMap());
        MessageDigest digest = getDigest(str);
        this.hashAlg = str;
        this.hashLength = digest.getDigestLength();
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        this.secret = FlexBase64.encodeString(digest.digest(bArr), false);
    }

    private MessageDigest getDigest(String str) {
        try {
            return MessageDigest.getInstance(str);
        } catch (NoSuchAlgorithmException e) {
            throw UndertowMessages.MESSAGES.hashAlgorithmNotFound(str);
        }
    }

    @Override // io.undertow.security.api.NonceManager
    public String nextNonce(String str, HttpServerExchange httpServerExchange) {
        if (str != null && !this.invalidNonces.contains(str)) {
            String str2 = str;
            synchronized (this.forwardMapping) {
                NonceHolder nonceHolder = new NonceHolder(str);
                while (this.forwardMapping.containsKey(nonceHolder)) {
                    str2 = this.forwardMapping.get(nonceHolder);
                    nonceHolder = new NonceHolder(str2);
                }
                synchronized (this.knownNonces) {
                    Nonce nonce = this.knownNonces.get(str2);
                    if (nonce == null) {
                        str2 = createNewNonceString();
                    } else {
                        long currentTimeMillis = System.currentTimeMillis();
                        if (nonce.timeStamp < currentTimeMillis - ClientConfiguration.DEFAULT_SLOW_REQUESTS_THRESHOLD || nonce.timeStamp > currentTimeMillis) {
                            Nonce createNewNonce = createNewNonce(nonceHolder);
                            if (nonce.executorKey != null) {
                                nonce.executorKey.remove();
                            }
                            str2 = createNewNonce.nonce;
                            this.forwardMapping.put(nonceHolder, str2);
                            createNewNonce.setSessionKey(nonce.getSessionKey());
                            this.knownNonces.remove(nonceHolder.nonce);
                            this.knownNonces.put(str2, createNewNonce);
                            createNewNonce.executorKey = WorkerUtils.executeAfter(httpServerExchange.getIoThread(), new KnownNonceCleaner(str2), createNewNonce.timeStamp - (currentTimeMillis - 1200000), TimeUnit.MILLISECONDS);
                        }
                    }
                }
            }
            return str2;
        }
        return createNewNonceString();
    }

    private String createNewNonceString() {
        return createNewNonce(null).nonce;
    }

    private Nonce createNewNonce(NonceHolder nonceHolder) {
        byte[] bArr = new byte[8];
        ThreadLocalRandom.current().nextBytes(bArr);
        long currentTimeMillis = System.currentTimeMillis();
        return new Nonce(createNonce(bArr, Long.toString(currentTimeMillis).getBytes(StandardCharsets.UTF_8)), currentTimeMillis, nonceHolder);
    }

    @Override // io.undertow.security.api.NonceManager
    public boolean validateNonce(String str, int i, HttpServerExchange httpServerExchange) {
        if (i < 0) {
            if (this.invalidNonces.contains(str)) {
                return false;
            }
        } else {
            if (this.knownNonces.containsKey(str)) {
                return validateNonceWithCount(new Nonce(str), i, httpServerExchange.getIoThread());
            }
            if (this.forwardMapping.containsKey(new NonceHolder(str))) {
                return false;
            }
        }
        Nonce verifyUnknownNonce = verifyUnknownNonce(str, i);
        if (verifyUnknownNonce == null) {
            return false;
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (verifyUnknownNonce.timeStamp < currentTimeMillis - ClientConfiguration.DEFAULT_SLOW_REQUESTS_THRESHOLD || verifyUnknownNonce.timeStamp > currentTimeMillis) {
            return false;
        }
        return i < 0 ? addInvalidNonce(verifyUnknownNonce, httpServerExchange.getIoThread()) : validateNonceWithCount(verifyUnknownNonce, i, httpServerExchange.getIoThread());
    }

    private boolean validateNonceWithCount(Nonce nonce, int i, XnioIoThread xnioIoThread) {
        synchronized (this.knownNonces) {
            Nonce nonce2 = this.knownNonces.get(nonce.nonce);
            long currentTimeMillis = System.currentTimeMillis();
            long j = currentTimeMillis - 1200000;
            if (nonce2 != null) {
                if (nonce2.timeStamp < j || nonce2.timeStamp > currentTimeMillis) {
                    return false;
                }
                if (nonce2.getMaxNonceCount() >= i) {
                    return false;
                }
                nonce2.setMaxNonceCount(i);
                return true;
            }
            if (nonce.timeStamp < 0) {
                return false;
            }
            if (nonce.timeStamp <= j || nonce.timeStamp > currentTimeMillis) {
                return false;
            }
            this.knownNonces.put(nonce.nonce, nonce);
            nonce.executorKey = WorkerUtils.executeAfter(xnioIoThread, new KnownNonceCleaner(nonce.nonce), nonce.timeStamp - j, TimeUnit.MILLISECONDS);
            return true;
        }
    }

    private boolean addInvalidNonce(Nonce nonce, XnioExecutor xnioExecutor) {
        long currentTimeMillis = nonce.timeStamp - (System.currentTimeMillis() - ClientConfiguration.DEFAULT_SLOW_REQUESTS_THRESHOLD);
        if (currentTimeMillis <= 0 || !this.invalidNonces.add(nonce.nonce)) {
            return false;
        }
        xnioExecutor.executeAfter(new InvalidNonceCleaner(nonce.nonce), currentTimeMillis, TimeUnit.MILLISECONDS);
        return true;
    }

    private Nonce verifyUnknownNonce(String str, int i) {
        try {
            ByteBuffer decode = FlexBase64.decode(str);
            byte[] array = decode.array();
            int arrayOffset = decode.arrayOffset();
            int limit = decode.limit() - arrayOffset;
            int i2 = array[arrayOffset + 8];
            if (this.hashLength > 0) {
                if (limit != 9 + i2 + this.hashLength) {
                    throw UndertowMessages.MESSAGES.invalidNonceReceived();
                }
                if (i2 + 1 >= limit) {
                    throw UndertowMessages.MESSAGES.invalidNonceReceived();
                }
            }
            byte[] bArr = new byte[8];
            System.arraycopy(array, arrayOffset, bArr, 0, 8);
            byte[] bArr2 = new byte[i2];
            System.arraycopy(array, arrayOffset + 9, bArr2, 0, bArr2.length);
            String createNonce = createNonce(bArr, bArr2);
            if (!createNonce.equals(str)) {
                return null;
            }
            try {
                return new Nonce(createNonce, Long.parseLong(new String(bArr2, StandardCharsets.UTF_8)), i);
            } catch (NumberFormatException e) {
                return null;
            }
        } catch (IOException e2) {
            throw UndertowMessages.MESSAGES.invalidBase64Token(e2);
        }
    }

    private String createNonce(byte[] bArr, byte[] bArr2) {
        byte[] generateHash = generateHash(bArr, bArr2);
        byte[] bArr3 = new byte[9 + bArr2.length + generateHash.length];
        System.arraycopy(bArr, 0, bArr3, 0, 8);
        bArr3[8] = (byte) bArr2.length;
        System.arraycopy(bArr2, 0, bArr3, 9, bArr2.length);
        System.arraycopy(generateHash, 0, bArr3, 9 + bArr2.length, generateHash.length);
        return FlexBase64.encodeString(bArr3, false);
    }

    private byte[] generateHash(byte[] bArr, byte[] bArr2) {
        MessageDigest digest = getDigest(this.hashAlg);
        digest.update(bArr);
        digest.update(bArr2);
        return digest.digest(this.secret.getBytes(StandardCharsets.UTF_8));
    }

    @Override // io.undertow.security.api.SessionNonceManager
    public void associateHash(String str, byte[] bArr) {
    }

    @Override // io.undertow.security.api.SessionNonceManager
    public byte[] lookupHash(String str) {
        return null;
    }
}
