package org.exist.xquery.modules.persistentlogin;

import java.security.SecureRandom;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.security.internal.SecurityManagerImpl;
import org.exist.util.Base64Encoder;
import org.exist.xquery.XPathException;
import org.exist.xquery.value.DateTimeValue;
import org.exist.xquery.value.DurationValue;

/* loaded from: input_file:WEB-INF/lib/exist-modules.jar:org/exist/xquery/modules/persistentlogin/PersistentLogin.class */
public class PersistentLogin {
    private static final PersistentLogin instance = new PersistentLogin();
    private static final Logger LOG = LogManager.getLogger((Class<?>) PersistentLogin.class);
    public static final int DEFAULT_SERIES_LENGTH = 16;
    public static final int DEFAULT_TOKEN_LENGTH = 16;
    public static final int INVALIDATION_TIMEOUT = 20000;
    private Map<String, LoginDetails> seriesMap = Collections.synchronizedMap(new HashMap());
    private SecureRandom random = new SecureRandom();

    /* loaded from: input_file:WEB-INF/lib/exist-modules.jar:org/exist/xquery/modules/persistentlogin/PersistentLogin$LoginDetails.class */
    public class LoginDetails {
        private String userName;
        private String password;
        private String token;
        private String series;
        private long expires;
        private DurationValue timeToLive;
        private boolean seqBehavior = false;
        private Map<String, Long> invalidatedTokens = new HashMap();

        public LoginDetails(String str, String str2, DurationValue durationValue, long j) {
            this.userName = str;
            this.password = str2;
            this.timeToLive = durationValue;
            this.expires = j;
            this.token = PersistentLogin.this.generateToken();
            this.series = PersistentLogin.this.generateSeriesToken();
        }

        public String getToken() {
            return this.token;
        }

        public String getSeries() {
            return this.series;
        }

        public String getUser() {
            return this.userName;
        }

        public String getPassword() {
            return this.password;
        }

        public DurationValue getTimeToLive() {
            return this.timeToLive;
        }

        public boolean checkAndUpdateToken(String str) {
            if (this.token.equals(str)) {
                update();
                return true;
            }
            Long l = this.invalidatedTokens.get(str);
            if (l == null) {
                return false;
            }
            if (System.currentTimeMillis() <= l.longValue()) {
                return true;
            }
            this.invalidatedTokens.remove(str);
            return false;
        }

        public String update() {
            timeoutCheck();
            this.invalidatedTokens.put(this.token, Long.valueOf(System.currentTimeMillis() + SecurityManagerImpl.TIMEOUT_CHECK_PERIOD));
            this.token = PersistentLogin.this.generateToken();
            return this.token;
        }

        private void timeoutCheck() {
            long currentTimeMillis = System.currentTimeMillis();
            this.invalidatedTokens.entrySet().removeIf(entry -> {
                return ((Long) entry.getValue()).longValue() < currentTimeMillis;
            });
        }

        public String toString() {
            return this.series + ":" + this.token;
        }
    }

    public static PersistentLogin getInstance() {
        return instance;
    }

    public LoginDetails register(String str, String str2, DurationValue durationValue) throws XPathException {
        LoginDetails loginDetails = new LoginDetails(str, str2, durationValue, ((DateTimeValue) new DateTimeValue(new Date()).plus(durationValue)).getTimeInMillis());
        this.seriesMap.put(loginDetails.getSeries(), loginDetails);
        return loginDetails;
    }

    public LoginDetails lookup(String str) throws XPathException {
        String[] split = str.split(":");
        LoginDetails loginDetails = this.seriesMap.get(split[0]);
        if (loginDetails == null) {
            LOG.debug("No session found for series " + split[0]);
            return null;
        }
        if (System.currentTimeMillis() > loginDetails.expires) {
            LOG.debug("Persistent session expired");
            this.seriesMap.remove(split[0]);
            return null;
        }
        if (loginDetails.seqBehavior) {
            LOG.debug("Using sequential tokens");
            if (!loginDetails.checkAndUpdateToken(split[1])) {
                LOG.debug("Out-of-sequence request or cookie theft attack. Deleting session.");
                this.seriesMap.remove(split[0]);
                throw new XPathException("Token mismatch. This may indicate an out-of-sequence request (likely) or a cookie theft attack.  Session is deleted for security reasons.");
            }
        }
        return loginDetails;
    }

    public void invalidate(String str) {
        this.seriesMap.remove(str.split(":")[0]);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String generateSeriesToken() {
        byte[] bArr = new byte[16];
        this.random.nextBytes(bArr);
        Base64Encoder base64Encoder = new Base64Encoder();
        base64Encoder.translate(bArr);
        return new String(base64Encoder.getCharArray());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String generateToken() {
        byte[] bArr = new byte[16];
        this.random.nextBytes(bArr);
        Base64Encoder base64Encoder = new Base64Encoder();
        base64Encoder.translate(bArr);
        return new String(base64Encoder.getCharArray());
    }
}
