package org.apache.sling.discovery.impl.topology.connector;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.zip.GZIPInputStream;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.sling.commons.json.JSONArray;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;
import org.apache.sling.discovery.impl.Config;

/* loaded from: input_file:resources/install/0/org.apache.sling.discovery.impl-1.1.8.jar:org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.class */
public class TopologyRequestValidator {
    public static final String SIG_HEADER = "X-SlingTopologyTrust";
    public static final String HASH_HEADER = "X-SlingTopologyHash";
    private static final int MAXKEYS = 5;
    private static final int MINKEYS = 3;
    private boolean trustEnabled;
    private boolean encryptionEnabled;
    private String sharedKey;
    private long interval;
    private boolean deactivated;
    private Map<Integer, Key> keys = new ConcurrentHashMap();
    private SecureRandom random = new SecureRandom();

    public TopologyRequestValidator(Config config) {
        this.trustEnabled = false;
        this.encryptionEnabled = false;
        if (config.isHmacEnabled()) {
            this.trustEnabled = true;
            this.sharedKey = config.getSharedKey();
            this.interval = config.getKeyInterval();
            this.encryptionEnabled = config.isEncryptionEnabled();
        }
        this.deactivated = false;
    }

    public String encodeMessage(String str) throws IOException {
        checkActive();
        if (!this.encryptionEnabled) {
            return str;
        }
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("payload", new JSONArray(encrypt(str)));
            return jSONObject.toString();
        } catch (UnsupportedEncodingException e) {
            throw new IOException("Unable to Encrypt Message " + e.getMessage());
        } catch (InvalidKeyException e2) {
            e2.printStackTrace();
            throw new IOException("Unable to Encrypt Message " + e2.getMessage());
        } catch (NoSuchAlgorithmException e3) {
            throw new IOException("Unable to Encrypt Message " + e3.getMessage());
        } catch (InvalidKeySpecException e4) {
            throw new IOException("Unable to Encrypt Message " + e4.getMessage());
        } catch (InvalidParameterSpecException e5) {
            throw new IOException("Unable to Encrypt Message " + e5.getMessage());
        } catch (BadPaddingException e6) {
            throw new IOException("Unable to Encrypt Message " + e6.getMessage());
        } catch (IllegalBlockSizeException e7) {
            throw new IOException("Unable to Encrypt Message " + e7.getMessage());
        } catch (NoSuchPaddingException e8) {
            throw new IOException("Unable to Encrypt Message " + e8.getMessage());
        } catch (JSONException e9) {
            throw new IOException("Unable to Encrypt Message " + e9.getMessage());
        }
    }

    public String decodeMessage(HttpServletRequest httpServletRequest) throws IOException {
        checkActive();
        return decodeMessage("request:", httpServletRequest.getRequestURI(), getRequestBody(httpServletRequest), httpServletRequest.getHeader(HASH_HEADER));
    }

    public String decodeMessage(String str, HttpResponse httpResponse) throws IOException {
        checkActive();
        return decodeMessage("response:", str, getResponseBody(httpResponse), getResponseHeader(httpResponse, HASH_HEADER));
    }

    private String decodeMessage(String str, String str2, String str3, String str4) throws IOException {
        if (!this.trustEnabled) {
            return str3;
        }
        if (hash(str + str2 + ":" + str3).equals(str4) && this.encryptionEnabled) {
            try {
                JSONObject jSONObject = new JSONObject(str3);
                if (jSONObject.has("payload")) {
                    return decrypt(jSONObject.getJSONArray("payload"));
                }
            } catch (InvalidAlgorithmParameterException e) {
                throw new IOException("Encrypted Message is in the correct json format");
            } catch (InvalidKeyException e2) {
                throw new IOException("Encrypted Message is in the correct json format");
            } catch (NoSuchAlgorithmException e3) {
                throw new IOException("Encrypted Message is in the correct json format");
            } catch (InvalidKeySpecException e4) {
                throw new IOException("Encrypted Message is in the correct json format");
            } catch (BadPaddingException e5) {
                throw new IOException("Encrypted Message is in the correct json format");
            } catch (IllegalBlockSizeException e6) {
                throw new IOException("Encrypted Message is in the correct json format");
            } catch (NoSuchPaddingException e7) {
                throw new IOException("Encrypted Message is in the correct json format");
            } catch (JSONException e8) {
                throw new IOException("Encrypted Message is in the correct json format");
            }
        }
        throw new IOException("Message is not valid, hash does not match message");
    }

    public boolean isTrusted(HttpServletRequest httpServletRequest) {
        checkActive();
        if (this.trustEnabled) {
            return checkTrustHeader(httpServletRequest.getHeader(HASH_HEADER), httpServletRequest.getHeader(SIG_HEADER));
        }
        return false;
    }

    public boolean isTrusted(HttpResponse httpResponse) {
        checkActive();
        if (this.trustEnabled) {
            return checkTrustHeader(getResponseHeader(httpResponse, HASH_HEADER), getResponseHeader(httpResponse, SIG_HEADER));
        }
        return false;
    }

    public void trustMessage(HttpUriRequest httpUriRequest, String str) {
        checkActive();
        if (this.trustEnabled) {
            String hash = hash("request:" + httpUriRequest.getURI().getPath() + ":" + str);
            httpUriRequest.setHeader(HASH_HEADER, hash);
            httpUriRequest.setHeader(SIG_HEADER, createTrustHeader(hash));
        }
    }

    public void trustMessage(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, String str) {
        checkActive();
        if (this.trustEnabled) {
            String hash = hash("response:" + httpServletRequest.getRequestURI() + ":" + str);
            httpServletResponse.setHeader(HASH_HEADER, hash);
            httpServletResponse.setHeader(SIG_HEADER, createTrustHeader(hash));
        }
    }

    private String hash(String str) {
        try {
            return new String(Base64.encodeBase64(MessageDigest.getInstance("SHA-256").digest(str.getBytes("UTF-8"))), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e.getMessage(), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2.getMessage(), e2);
        }
    }

    private String createTrustHeader(String str) {
        try {
            int currentKey = getCurrentKey();
            return currentKey + "/" + hmac(currentKey, str);
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e.getMessage(), e);
        } catch (IllegalStateException e2) {
            throw new RuntimeException(e2.getMessage(), e2);
        } catch (InvalidKeyException e3) {
            throw new RuntimeException(e3.getMessage(), e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new RuntimeException(e4.getMessage(), e4);
        }
    }

    private boolean checkTrustHeader(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        try {
            String[] split = str2.split("/", 2);
            return hmac(Integer.parseInt(split[0]), str).equals(split[1]);
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e.getMessage(), e);
        } catch (ArrayIndexOutOfBoundsException e2) {
            return false;
        } catch (IllegalArgumentException e3) {
            return false;
        } catch (IllegalStateException e4) {
            throw new RuntimeException(e4.getMessage(), e4);
        } catch (InvalidKeyException e5) {
            throw new RuntimeException(e5.getMessage(), e5);
        } catch (NoSuchAlgorithmException e6) {
            throw new RuntimeException(e6.getMessage(), e6);
        } catch (Exception e7) {
            throw new RuntimeException(e7.getMessage(), e7);
        }
    }

    private Mac getMac(int i) throws NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(getKey(i));
        return mac;
    }

    private String hmac(int i, String str) throws InvalidKeyException, UnsupportedEncodingException, IllegalStateException, NoSuchAlgorithmException {
        return new String(Base64.encodeBase64(getMac(i).doFinal(str.getBytes("UTF-8"))), "UTF-8");
    }

    private String decrypt(JSONArray jSONArray) throws IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeySpecException, JSONException {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(2, getCiperKey(Base64.decodeBase64(jSONArray.getString(0).getBytes("UTF-8"))), new IvParameterSpec(Base64.decodeBase64(jSONArray.getString(1).getBytes("UTF-8"))));
        return new String(cipher.doFinal(Base64.decodeBase64(jSONArray.getString(2).getBytes("UTF-8"))));
    }

    private List<String> encrypt(String str) throws IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidParameterSpecException {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        byte[] bArr = new byte[9];
        this.random.nextBytes(bArr);
        cipher.init(1, getCiperKey(bArr));
        AlgorithmParameters parameters = cipher.getParameters();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new String(Base64.encodeBase64(bArr)));
        arrayList.add(new String(Base64.encodeBase64(((IvParameterSpec) parameters.getParameterSpec(IvParameterSpec.class)).getIV())));
        arrayList.add(new String(Base64.encodeBase64(cipher.doFinal(str.getBytes("UTF-8")))));
        return arrayList;
    }

    private Key getCiperKey(byte[] bArr) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException {
        return new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(this.sharedKey.toCharArray(), bArr, 256, 128)).getEncoded(), "AES");
    }

    private Key getKey(int i) throws UnsupportedEncodingException {
        if (Math.abs(i - getCurrentKey()) > 1) {
            throw new IllegalArgumentException("Key has expired");
        }
        if (this.keys.containsKey(Integer.valueOf(i))) {
            return this.keys.get(Integer.valueOf(i));
        }
        trimKeys();
        SecretKeySpec secretKeySpec = new SecretKeySpec(hash(this.sharedKey + i).getBytes("UTF-8"), "HmacSHA256");
        this.keys.put(Integer.valueOf(i), secretKeySpec);
        return secretKeySpec;
    }

    private int getCurrentKey() {
        return (int) (System.currentTimeMillis() / this.interval);
    }

    private void trimKeys() {
        if (this.keys.size() > 5) {
            ArrayList<Integer> arrayList = new ArrayList(this.keys.keySet());
            Collections.sort(arrayList);
            for (Integer num : arrayList) {
                if (this.keys.size() < 3) {
                    return;
                } else {
                    this.keys.remove(num);
                }
            }
        }
    }

    private String getResponseHeader(HttpResponse httpResponse, String str) {
        Header firstHeader = httpResponse.getFirstHeader(str);
        if (firstHeader == null) {
            return null;
        }
        return firstHeader.getValue();
    }

    private String getRequestBody(HttpServletRequest httpServletRequest) throws IOException {
        String header = httpServletRequest.getHeader("Content-Encoding");
        if (header == null || !header.contains("gzip")) {
            return IOUtils.toString(httpServletRequest.getReader());
        }
        GZIPInputStream gZIPInputStream = new GZIPInputStream(httpServletRequest.getInputStream());
        String iOUtils = IOUtils.toString(gZIPInputStream);
        gZIPInputStream.close();
        return iOUtils;
    }

    private String getResponseBody(HttpResponse httpResponse) throws IOException {
        Header firstHeader = httpResponse.getFirstHeader("Content-Encoding");
        if (firstHeader == null || firstHeader.getValue() == null || !firstHeader.getValue().contains("gzip")) {
            return IOUtils.toString(httpResponse.getEntity().getContent(), "UTF-8");
        }
        GZIPInputStream gZIPInputStream = new GZIPInputStream(httpResponse.getEntity().getContent());
        String iOUtils = IOUtils.toString(gZIPInputStream);
        gZIPInputStream.close();
        return iOUtils;
    }

    private void checkActive() {
        if (this.deactivated) {
            throw new IllegalStateException(getClass().getName() + " is not active");
        }
        if ((this.trustEnabled || this.encryptionEnabled) && this.sharedKey == null) {
            throw new IllegalStateException(getClass().getName() + " Shared Key must be set if encryption or signing is enabled.");
        }
    }
}
