package edu.internet2.middleware.grouper.j2ee;

import edu.internet2.middleware.grouper.authentication.GrouperPassword;
import edu.internet2.middleware.grouper.authentication.GrouperPasswordRecentlyUsed;
import edu.internet2.middleware.grouper.authentication.GrouperPasswordSave;
import edu.internet2.middleware.grouper.cfg.GrouperConfig;
import edu.internet2.middleware.grouper.cfg.GrouperHibernateConfig;
import edu.internet2.middleware.grouper.misc.GrouperDAOFactory;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.grouperClient.collections.MultiKey;
import edu.internet2.middleware.grouperClient.util.ExpirableCache;
import edu.internet2.middleware.morphString.Morph;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;

/* loaded from: input_file:WEB-INF/lib/grouper-4.7.1.jar:edu/internet2/middleware/grouper/j2ee/Authentication.class */
public class Authentication {
    private static ExpirableCache<MultiKey, GrouperPassword> grouperPasswordCache = new ExpirableCache<>(1);
    private static final Log LOG = GrouperUtil.getLog(Authentication.class);
    private static Map<GrouperPassword.Application, ExpirableCache<MultiKey, Boolean>> authenticationCache = new HashMap();

    public static void main(String[] strArr) {
        System.out.println("indexOfFirst a:b:c:sddfgdfgdfgdfg: " + colonIndexOf("a:b:c:sddfgdfgdfgdfg", true));
        System.out.println("indexOfLast a:b:c:sddfgdfgdfgdfg: " + colonIndexOf("a:b:c:sddfgdfgdfgdfg", false));
        System.out.println("unescapeTrue a&#x3a;b&#x3a;c: " + unescapeColons("a&#x3a;b&#x3a;c", true));
        System.out.println("unescapeFalse a&#x3a;b&#x3a;c: " + unescapeColons("a&#x3a;b&#x3a;c", false));
    }

    public static int colonIndexOf(String str) {
        return colonIndexOf(str, GrouperConfig.retrieveConfig().propertyValueBoolean("grouper.authentication.splitBasicAuthOnFirstColon", false));
    }

    private static int colonIndexOf(String str, boolean z) {
        return z ? str.indexOf(":") : str.lastIndexOf(":");
    }

    public static String unescapeColons(String str) {
        return unescapeColons(str, GrouperConfig.retrieveConfig().propertyValueBoolean("grouper.authentication.basicAuthUnescapeColon", true));
    }

    private static String unescapeColons(String str, boolean z) {
        if (str != null && z) {
            return StringUtils.replace(str, "&#x3a;", ":");
        }
        return str;
    }

    public static final String retrieveUsername(String str) {
        String str2;
        int colonIndexOf;
        if (StringUtils.isBlank(str)) {
            return null;
        }
        try {
            StringTokenizer stringTokenizer = new StringTokenizer(str);
            if (stringTokenizer.hasMoreTokens() && stringTokenizer.nextToken().equalsIgnoreCase("Basic") && (colonIndexOf = colonIndexOf((str2 = new String(Base64.getDecoder().decode(stringTokenizer.nextToken()), "UTF-8")))) != -1) {
                return unescapeColons(str2.substring(0, colonIndexOf).trim());
            }
            return null;
        } catch (Exception e) {
            LOG.error("Error retrieving username from authHeader");
            return null;
        }
    }

    public static final String retrievePassword(String str) {
        String str2;
        int colonIndexOf;
        if (StringUtils.isBlank(str)) {
            return null;
        }
        try {
            StringTokenizer stringTokenizer = new StringTokenizer(str);
            if (stringTokenizer.hasMoreTokens() && stringTokenizer.nextToken().equalsIgnoreCase("Basic") && (colonIndexOf = colonIndexOf((str2 = new String(Base64.getDecoder().decode(stringTokenizer.nextToken()), "UTF-8")))) != -1) {
                return unescapeColons(str2.substring(colonIndexOf + 1).trim());
            }
            return null;
        } catch (Exception e) {
            LOG.error("Error retrieving username from authHeader");
            return null;
        }
    }

    private static ExpirableCache<MultiKey, Boolean> authenticationCache(GrouperPassword.Application application) {
        GrouperUtil.assertion(application != null, "application cant be null");
        ExpirableCache<MultiKey, Boolean> expirableCache = null;
        if (GrouperConfig.retrieveConfig().propertyValueBoolean("grouper.authentication." + application.name() + ".cache", true)) {
            expirableCache = authenticationCache.get(application);
            if (expirableCache == null) {
                expirableCache = new ExpirableCache<>(GrouperConfig.retrieveConfig().propertyValueInt("grouper.authentication." + application.name() + ".cacheTimeMinutes", 2));
                authenticationCache.put(application, expirableCache);
            }
        }
        return expirableCache;
    }

    public boolean authenticate(String str, GrouperPassword.Application application, String str2) {
        String str3;
        int colonIndexOf;
        boolean equals;
        if (StringUtils.isBlank(str)) {
            return false;
        }
        long currentTimeMillis = System.currentTimeMillis();
        ExpirableCache<MultiKey, Boolean> authenticationCache2 = authenticationCache(application);
        GrouperPasswordRecentlyUsed grouperPasswordRecentlyUsed = new GrouperPasswordRecentlyUsed();
        grouperPasswordRecentlyUsed.setAttemptMillis(Long.valueOf(currentTimeMillis));
        grouperPasswordRecentlyUsed.setIpAddress(str2);
        try {
            try {
                StringTokenizer stringTokenizer = new StringTokenizer(str);
                if (!stringTokenizer.hasMoreTokens() || !stringTokenizer.nextToken().equalsIgnoreCase("Basic") || (colonIndexOf = colonIndexOf((str3 = new String(Base64.getDecoder().decode(stringTokenizer.nextToken()), "UTF-8")))) == -1) {
                    if (!StringUtils.isNotBlank(grouperPasswordRecentlyUsed.getGrouperPasswordId())) {
                        return false;
                    }
                    GrouperDAOFactory.getFactory().getGrouperPasswordRecentlyUsed().saveOrUpdate(grouperPasswordRecentlyUsed);
                    return false;
                }
                String trim = str3.substring(0, colonIndexOf).trim();
                String trim2 = str3.substring(colonIndexOf + 1).trim();
                String unescapeColons = unescapeColons(trim);
                String unescapeColons2 = unescapeColons(trim2);
                MultiKey multiKey = null;
                if (authenticationCache2 != null) {
                    multiKey = new MultiKey(application, unescapeColons, Morph.encrypt(unescapeColons2));
                    Boolean bool = authenticationCache2.get(multiKey);
                    if (bool != null && bool.booleanValue()) {
                        MultiKey multiKey2 = new MultiKey(unescapeColons, application.name());
                        GrouperPassword grouperPassword = grouperPasswordCache.get(multiKey2);
                        if (grouperPassword != null) {
                            grouperPasswordRecentlyUsed.setGrouperPasswordId(grouperPassword.getId());
                            grouperPasswordRecentlyUsed.setStatus('S');
                        } else {
                            GrouperPassword findByUsernameApplication = GrouperDAOFactory.getFactory().getGrouperPassword().findByUsernameApplication(unescapeColons, application.name());
                            if (findByUsernameApplication == null) {
                                if (StringUtils.isNotBlank(grouperPasswordRecentlyUsed.getGrouperPasswordId())) {
                                    GrouperDAOFactory.getFactory().getGrouperPasswordRecentlyUsed().saveOrUpdate(grouperPasswordRecentlyUsed);
                                }
                                return false;
                            }
                            grouperPasswordCache.put(multiKey2, findByUsernameApplication);
                        }
                        if (StringUtils.isNotBlank(grouperPasswordRecentlyUsed.getGrouperPasswordId())) {
                            GrouperDAOFactory.getFactory().getGrouperPasswordRecentlyUsed().saveOrUpdate(grouperPasswordRecentlyUsed);
                        }
                        return true;
                    }
                }
                GrouperPassword findByUsernameApplication2 = GrouperDAOFactory.getFactory().getGrouperPassword().findByUsernameApplication(unescapeColons, application.name());
                if (findByUsernameApplication2 != null) {
                    equals = StringUtils.equals(Morph.encrypt(findByUsernameApplication2.getEncryptionType().generateHash(findByUsernameApplication2.getTheSalt() + unescapeColons2)), findByUsernameApplication2.getThePassword());
                    if (equals) {
                        grouperPasswordRecentlyUsed.setGrouperPasswordId(findByUsernameApplication2.getId());
                        grouperPasswordRecentlyUsed.setStatus('S');
                    } else {
                        grouperPasswordRecentlyUsed.setGrouperPasswordId(findByUsernameApplication2.getId());
                        grouperPasswordRecentlyUsed.setStatus('F');
                    }
                } else {
                    String decryptIfFile = Morph.decryptIfFile(GrouperHibernateConfig.retrieveConfig().propertyValueString("grouperPasswordConfigOverride_" + application.name() + "_" + unescapeColons + "_pass"));
                    try {
                        decryptIfFile = Morph.decrypt(decryptIfFile);
                    } catch (Exception e) {
                    }
                    equals = StringUtils.equals(unescapeColons2, decryptIfFile);
                }
                if (equals && authenticationCache2 != null) {
                    authenticationCache2.put(multiKey, true);
                }
                boolean z = equals;
                if (StringUtils.isNotBlank(grouperPasswordRecentlyUsed.getGrouperPasswordId())) {
                    GrouperDAOFactory.getFactory().getGrouperPasswordRecentlyUsed().saveOrUpdate(grouperPasswordRecentlyUsed);
                }
                return z;
            } catch (Exception e2) {
                LOG.error("Error authenticating", e2);
                grouperPasswordRecentlyUsed.setStatus('E');
                if (StringUtils.isNotBlank(grouperPasswordRecentlyUsed.getGrouperPasswordId())) {
                    GrouperDAOFactory.getFactory().getGrouperPasswordRecentlyUsed().saveOrUpdate(grouperPasswordRecentlyUsed);
                }
                return false;
            }
        } catch (Throwable th) {
            if (StringUtils.isNotBlank(grouperPasswordRecentlyUsed.getGrouperPasswordId())) {
                GrouperDAOFactory.getFactory().getGrouperPasswordRecentlyUsed().saveOrUpdate(grouperPasswordRecentlyUsed);
            }
            throw th;
        }
    }

    public void assignUserPassword(GrouperPasswordSave grouperPasswordSave) {
        grouperPasswordSave.save();
    }
}
