package org.opencms.security;

import com.google.common.collect.Lists;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.logging.Log;
import org.opencms.file.CmsObject;
import org.opencms.file.CmsUser;
import org.opencms.main.CmsException;
import org.opencms.main.CmsLog;
import org.opencms.util.CmsStringUtil;

/* loaded from: input_file:org/opencms/security/CmsPersistentLoginTokenHandler.class */
public class CmsPersistentLoginTokenHandler {
    public static final long DEFAULT_LIFETIME = 28800000;
    public static final String KEY_PREFIX = "logintoken_";
    private static final Log LOG = CmsLog.getLog(CmsPersistentLoginTokenHandler.class);
    private static CmsObject m_adminCms;
    private long m_lifetime = DEFAULT_LIFETIME;

    /* loaded from: input_file:org/opencms/security/CmsPersistentLoginTokenHandler$Token.class */
    public static class Token {
        public static final String SEPARATOR = "|";
        private String m_key;
        private String m_name;

        public Token(String str) {
            if (str != null) {
                List<String> splitAsList = CmsStringUtil.splitAsList(str, "|");
                if (splitAsList.size() == 2) {
                    this.m_name = decodeName(splitAsList.get(0));
                    this.m_key = splitAsList.get(1);
                }
            }
        }

        public Token(String str, String str2) {
            this.m_name = str;
            this.m_key = str2;
        }

        public String encode() {
            return encodeName(this.m_name) + "|" + this.m_key;
        }

        public String getAdditionalInfoKey() {
            return "logintoken_" + this.m_key;
        }

        public String getKey() {
            return this.m_key;
        }

        public String getName() {
            return this.m_name;
        }

        public boolean isValid() {
            return (this.m_name == null || this.m_key == null) ? false : true;
        }

        private String decodeName(String str) {
            try {
                return new String(Hex.decodeHex(str.toCharArray()), "UTF-8");
            } catch (Exception e) {
                CmsPersistentLoginTokenHandler.LOG.warn(e.getLocalizedMessage(), e);
                return null;
            }
        }

        private String encodeName(String str) {
            try {
                return Hex.encodeHexString(str.getBytes("UTF-8"));
            } catch (UnsupportedEncodingException e) {
                throw new IllegalStateException("UTF8 not supported");
            }
        }
    }

    public static void setAdminCms(CmsObject cmsObject) {
        if (m_adminCms == null) {
            m_adminCms = cmsObject;
        }
    }

    public String createToken(CmsObject cmsObject) throws CmsException {
        CmsUser currentUser = cmsObject.getRequestContext().getCurrentUser();
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(16);
        Token token = new Token(currentUser.getName(), randomAlphanumeric);
        String encode = token.encode();
        currentUser.getAdditionalInfo().put(token.getAdditionalInfoKey(), (System.currentTimeMillis() + this.m_lifetime));
        removeExpiredTokens(currentUser, System.currentTimeMillis());
        LOG.info("Generated token for user " + currentUser.getName() + " using key " + randomAlphanumeric);
        m_adminCms.writeUser(currentUser);
        return encode;
    }

    public void invalidateToken(CmsUser cmsUser, String str) throws CmsException {
        Token token = new Token(str);
        if (token.isValid()) {
            if (null != cmsUser.getAdditionalInfo().remove(token.getAdditionalInfoKey())) {
                m_adminCms.writeUser(cmsUser);
            }
        }
    }

    public void removeExpiredTokens(CmsUser cmsUser, long j) {
        ArrayList newArrayList = Lists.newArrayList();
        for (Map.Entry<String, Object> entry : cmsUser.getAdditionalInfo().entrySet()) {
            String key = entry.getKey();
            if (key.startsWith(KEY_PREFIX)) {
                try {
                    if (Long.parseLong((String) entry.getValue()) < j) {
                        newArrayList.add(key);
                    }
                } catch (NumberFormatException e) {
                    newArrayList.add(key);
                }
            }
        }
        LOG.info("Removing " + newArrayList.size() + " expired tokens for user " + cmsUser.getName());
        Iterator it = newArrayList.iterator();
        while (it.hasNext()) {
            cmsUser.getAdditionalInfo().remove((String) it.next());
        }
    }

    public void setTokenLifetime(long j) {
        this.m_lifetime = j;
    }

    public CmsUser validateToken(String str) {
        if (CmsStringUtil.isEmpty(str)) {
            return null;
        }
        Token token = new Token(str);
        if (!token.isValid()) {
            LOG.warn("Invalid token: " + str);
            return null;
        }
        String name = token.getName();
        String str2 = "[user=" + name + ",key=" + token.getKey() + "] ";
        try {
            CmsUser readUser = m_adminCms.readUser(name);
            String additionalInfoKey = token.getAdditionalInfoKey();
            String str3 = (String) readUser.getAdditionalInfo().get(additionalInfoKey);
            str2 = str2 + "[value=" + str3 + "]";
            if (str3 == null) {
                LOG.warn(str2 + " no matching additional info value found");
                return null;
            }
            try {
                if (System.currentTimeMillis() <= Long.parseLong(str3)) {
                    return readUser;
                }
                LOG.warn(str2 + "Login token expired");
                readUser.getAdditionalInfo().remove(additionalInfoKey);
                try {
                    m_adminCms.writeUser(readUser);
                    return null;
                } catch (Exception e) {
                    LOG.error(e.getLocalizedMessage(), e);
                    return null;
                }
            } catch (NumberFormatException e2) {
                LOG.warn(str2 + "Invalid format for login token additional info");
                return null;
            }
        } catch (Exception e3) {
            LOG.warn(str2 + "error validating token", e3);
            return null;
        }
    }
}
