package org.springframework.security.web.authentication.rememberme;

import com.hazelcast.org.apache.commons.codec.digest.MessageDigestAlgorithms;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Date;
import java.util.function.Supplier;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.codec.Utf8;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.1.5.jar:org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.class */
public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
    private static final RememberMeTokenAlgorithm DEFAULT_MATCHING_ALGORITHM = RememberMeTokenAlgorithm.SHA256;
    private static final RememberMeTokenAlgorithm DEFAULT_ENCODING_ALGORITHM = RememberMeTokenAlgorithm.SHA256;
    private final RememberMeTokenAlgorithm encodingAlgorithm;
    private RememberMeTokenAlgorithm matchingAlgorithm;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.1.5.jar:org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices$RememberMeTokenAlgorithm.class */
    public enum RememberMeTokenAlgorithm {
        MD5(MessageDigestAlgorithms.MD5),
        SHA256("SHA-256");

        private final String digestAlgorithm;

        RememberMeTokenAlgorithm(String str) {
            this.digestAlgorithm = str;
        }

        public String getDigestAlgorithm() {
            return this.digestAlgorithm;
        }
    }

    public TokenBasedRememberMeServices(String str, UserDetailsService userDetailsService) {
        this(str, userDetailsService, DEFAULT_ENCODING_ALGORITHM);
    }

    public TokenBasedRememberMeServices(String str, UserDetailsService userDetailsService, RememberMeTokenAlgorithm rememberMeTokenAlgorithm) {
        super(str, userDetailsService);
        this.matchingAlgorithm = DEFAULT_MATCHING_ALGORITHM;
        Assert.notNull(rememberMeTokenAlgorithm, "encodingAlgorithm cannot be null");
        this.encodingAlgorithm = rememberMeTokenAlgorithm;
    }

    @Override // org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
    protected UserDetails processAutoLoginCookie(String[] strArr, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!isValidCookieTokensLength(strArr)) {
            throw new InvalidCookieException("Cookie token did not contain 3 or 4 tokens, but contained '" + Arrays.asList(strArr) + "'");
        }
        long tokenExpiryTime = getTokenExpiryTime(strArr);
        if (isTokenExpired(tokenExpiryTime)) {
            throw new InvalidCookieException("Cookie token[1] has expired (expired on '" + new Date(tokenExpiryTime) + "'; current time is '" + new Date() + "')");
        }
        UserDetails loadUserByUsername = getUserDetailsService().loadUserByUsername(strArr[0]);
        Assert.notNull(loadUserByUsername, (Supplier<String>) () -> {
            return "UserDetailsService " + getUserDetailsService() + " returned null for username " + strArr[0] + ". This is an interface contract violation";
        });
        String str = strArr[2];
        RememberMeTokenAlgorithm rememberMeTokenAlgorithm = this.matchingAlgorithm;
        if (strArr.length == 4) {
            str = strArr[3];
            rememberMeTokenAlgorithm = RememberMeTokenAlgorithm.valueOf(strArr[2]);
        }
        String makeTokenSignature = makeTokenSignature(tokenExpiryTime, loadUserByUsername.getUsername(), loadUserByUsername.getPassword(), rememberMeTokenAlgorithm);
        if (equals(makeTokenSignature, str)) {
            return loadUserByUsername;
        }
        throw new InvalidCookieException("Cookie contained signature '" + str + "' but expected '" + makeTokenSignature + "'");
    }

    private boolean isValidCookieTokensLength(String[] strArr) {
        return strArr.length == 3 || strArr.length == 4;
    }

    private long getTokenExpiryTime(String[] strArr) {
        try {
            return new Long(strArr[1]).longValue();
        } catch (NumberFormatException e) {
            throw new InvalidCookieException("Cookie token[1] did not contain a valid number (contained '" + strArr[1] + "')");
        }
    }

    protected String makeTokenSignature(long j, String str, String str2) {
        getKey();
        try {
            return new String(Hex.encode(MessageDigest.getInstance(this.encodingAlgorithm.getDigestAlgorithm()).digest((str + ":" + j + ":" + str + ":" + str2).getBytes())));
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("No " + this.encodingAlgorithm.name() + " algorithm available!");
        }
    }

    protected String makeTokenSignature(long j, String str, String str2, RememberMeTokenAlgorithm rememberMeTokenAlgorithm) {
        getKey();
        try {
            return new String(Hex.encode(MessageDigest.getInstance(rememberMeTokenAlgorithm.getDigestAlgorithm()).digest((str + ":" + j + ":" + str + ":" + str2).getBytes())));
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("No " + rememberMeTokenAlgorithm.name() + " algorithm available!");
        }
    }

    protected boolean isTokenExpired(long j) {
        return j < System.currentTimeMillis();
    }

    @Override // org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
    public void onLoginSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        String retrieveUserName = retrieveUserName(authentication);
        String retrievePassword = retrievePassword(authentication);
        if (!StringUtils.hasLength(retrieveUserName)) {
            this.logger.debug("Unable to retrieve username");
            return;
        }
        if (!StringUtils.hasLength(retrievePassword)) {
            retrievePassword = getUserDetailsService().loadUserByUsername(retrieveUserName).getPassword();
            if (!StringUtils.hasLength(retrievePassword)) {
                this.logger.debug("Unable to obtain password for user: " + retrieveUserName);
                return;
            }
        }
        int calculateLoginLifetime = calculateLoginLifetime(httpServletRequest, authentication);
        long currentTimeMillis = System.currentTimeMillis() + (1000 * (calculateLoginLifetime < 0 ? AbstractRememberMeServices.TWO_WEEKS_S : calculateLoginLifetime));
        setCookie(new String[]{retrieveUserName, Long.toString(currentTimeMillis), this.encodingAlgorithm.name(), makeTokenSignature(currentTimeMillis, retrieveUserName, retrievePassword, this.encodingAlgorithm)}, calculateLoginLifetime, httpServletRequest, httpServletResponse);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Added remember-me cookie for user '" + retrieveUserName + "', expiry: '" + new Date(currentTimeMillis) + "'");
        }
    }

    public void setMatchingAlgorithm(RememberMeTokenAlgorithm rememberMeTokenAlgorithm) {
        Assert.notNull(rememberMeTokenAlgorithm, "matchingAlgorithm cannot be null");
        this.matchingAlgorithm = rememberMeTokenAlgorithm;
    }

    protected int calculateLoginLifetime(HttpServletRequest httpServletRequest, Authentication authentication) {
        return getTokenValiditySeconds();
    }

    protected String retrieveUserName(Authentication authentication) {
        return isInstanceOfUserDetails(authentication) ? ((UserDetails) authentication.getPrincipal()).getUsername() : authentication.getPrincipal().toString();
    }

    protected String retrievePassword(Authentication authentication) {
        if (isInstanceOfUserDetails(authentication)) {
            return ((UserDetails) authentication.getPrincipal()).getPassword();
        }
        if (authentication.getCredentials() != null) {
            return authentication.getCredentials().toString();
        }
        return null;
    }

    private boolean isInstanceOfUserDetails(Authentication authentication) {
        return authentication.getPrincipal() instanceof UserDetails;
    }

    private static boolean equals(String str, String str2) {
        return MessageDigest.isEqual(bytesUtf8(str), bytesUtf8(str2));
    }

    private static byte[] bytesUtf8(String str) {
        if (str != null) {
            return Utf8.encode(str);
        }
        return null;
    }
}
