package org.craftercms.security.authentication.impl;

import java.io.File;
import java.io.IOException;
import java.security.Key;
import java.security.SecureRandom;
import java.util.Date;
import javax.annotation.PostConstruct;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.craftercms.security.exception.CrafterSecurityException;
import org.craftercms.security.utils.crypto.KeyFile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:org/craftercms/security/authentication/impl/CipheredAuthenticationCookieFactory.class */
public class CipheredAuthenticationCookieFactory extends AuthenticationCookieFactory {
    public static final String CIPHER_ALGORITHM = "AES";
    public static final String CIPHER_TRANSFORMATION = "AES/CBC/PKCS5Padding";
    public static final int ENCRYPTED_VALUE = 0;
    public static final int IV = 1;
    protected File encryptionKeyFile;
    protected Key encryptionKey;
    public static final SecureRandom secureRandom = new SecureRandom();
    private static final Logger logger = LoggerFactory.getLogger(CipheredAuthenticationCookieFactory.class);

    @Required
    public void setEncryptionKeyFile(File file) {
        this.encryptionKeyFile = file;
    }

    @PostConstruct
    public void init() throws CrafterSecurityException {
        KeyFile encryptionKeyFile = getEncryptionKeyFile();
        if (this.encryptionKeyFile.length() > 0) {
            try {
                this.encryptionKey = encryptionKeyFile.readKey();
                if (logger.isDebugEnabled()) {
                    logger.debug("Found encryption key for authentication cookies in file " + this.encryptionKeyFile);
                    return;
                }
                return;
            } catch (IOException e) {
                throw new CrafterSecurityException("Error while trying to read encryption key from file " + this.encryptionKeyFile, e);
            }
        }
        this.encryptionKey = generateRandomKey();
        try {
            encryptionKeyFile.writeKey(this.encryptionKey);
            if (logger.isDebugEnabled()) {
                logger.debug("No encryption key for authentication cookies found. A new random encryption key was generated and stored in file " + this.encryptionKeyFile + " for future use");
            }
        } catch (IOException e2) {
            throw new CrafterSecurityException("Error while trying to write encryption key to file " + this.encryptionKeyFile, e2);
        }
    }

    @Override // org.craftercms.security.authentication.impl.AuthenticationCookieFactory
    protected AuthenticationCookie createCookie(String str, Date date) {
        return new CipheredAuthenticationCookie(str, date, this.encryptionKey);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.craftercms.security.authentication.impl.AuthenticationCookieFactory
    public String getCookieValueFromRequest(HttpServletRequest httpServletRequest) {
        String cookieValueFromRequest = super.getCookieValueFromRequest(httpServletRequest);
        if (cookieValueFromRequest == null) {
            return null;
        }
        String[] split = StringUtils.split(cookieValueFromRequest, '|');
        return decrypt(split[0], Base64.decodeBase64(split[1]));
    }

    protected String decrypt(String str, byte[] bArr) throws CrafterSecurityException {
        try {
            byte[] decodeBase64 = Base64.decodeBase64(str);
            Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORMATION);
            cipher.init(2, this.encryptionKey, new IvParameterSpec(bArr));
            return new String(cipher.doFinal(decodeBase64), "UTF-8");
        } catch (Exception e) {
            throw new CrafterSecurityException("Error while trying to decrypt cookie value", e);
        }
    }

    protected Key generateRandomKey() throws CrafterSecurityException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(CIPHER_ALGORITHM);
            keyGenerator.init(secureRandom);
            return keyGenerator.generateKey();
        } catch (Exception e) {
            throw new CrafterSecurityException("Unable to generate random encryption key", e);
        }
    }

    protected KeyFile getEncryptionKeyFile() {
        return new KeyFile(this.encryptionKeyFile);
    }
}
