package org.bimserver.webservices.authorization;

import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.bimserver.models.store.Project;
import org.bimserver.models.store.User;
import org.bimserver.models.store.UserType;
import org.bimserver.shared.exceptions.UserException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/bimserver-1.5.159.jar:org/bimserver/webservices/authorization/Authorization.class */
public abstract class Authorization {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) Authorization.class);
    private final GregorianCalendar expires = new GregorianCalendar();
    private long uoid = -1;
    private String username;

    public Authorization(int i, TimeUnit timeUnit) {
        this.expires.add(13, (int) TimeUnit.SECONDS.convert(i, timeUnit));
    }

    public Authorization() {
    }

    public GregorianCalendar getExpires() {
        return this.expires;
    }

    public void canDownload(long j) throws UserException {
    }

    public void canCheckin(long j) throws UserException {
    }

    public void canReadExtendedData(long j) throws UserException {
    }

    public void canWriteExtendedData(long j) throws UserException {
    }

    protected abstract int getBufferSize();

    protected abstract byte getId();

    public boolean hasRightsOnProjectOrSuperProjectsOrSubProjects(User user, Project project) {
        if (user == null) {
            return false;
        }
        if (user.getUserType() == UserType.ADMIN || user.getUserType() == UserType.SYSTEM) {
            return true;
        }
        while (project != null) {
            if (hasRightsOnProjectOrSubProjects(user, project)) {
                return true;
            }
            project = project.getParent();
        }
        return false;
    }

    public boolean hasRightsOnProjectOrSuperProjects(User user, Project project) {
        if (user.getUserType() == UserType.ADMIN || user.getUserType() == UserType.SYSTEM || hasRightsOnProject(user, project)) {
            return true;
        }
        return project.getParent() != null && hasRightsOnProjectOrSuperProjects(user, project.getParent());
    }

    public boolean hasRightsOnProjectOrSubProjects(User user, Project project) {
        if (user.getUserType() == UserType.ADMIN || user.getUserType() == UserType.SYSTEM || hasRightsOnProject(user, project)) {
            return true;
        }
        Iterator<Project> it2 = project.getSubProjects().iterator();
        while (it2.hasNext()) {
            if (hasRightsOnProjectOrSubProjects(user, it2.next())) {
                return true;
            }
        }
        return false;
    }

    public boolean hasRightsOnProject(User user, Project project) {
        if (user.getUserType() == UserType.ADMIN || user.getUserType() == UserType.SYSTEM) {
            return true;
        }
        Iterator<User> it2 = project.getHasAuthorizedUsers().iterator();
        while (it2.hasNext()) {
            if (it2.next() == user) {
                return true;
            }
        }
        return false;
    }

    protected abstract void getBytes(ByteBuffer byteBuffer);

    public String asHexToken(Key key) {
        try {
            Cipher cipher = Cipher.getInstance("AES");
            cipher.init(1, key);
            ByteBuffer allocate = ByteBuffer.allocate(33 + getBufferSize());
            allocate.position(16);
            allocate.put(getId());
            allocate.putLong(getExpires().getTimeInMillis());
            allocate.putLong(getUoid());
            getBytes(allocate);
            if (allocate.position() != allocate.capacity()) {
                throw new RuntimeException("Buffer's position should be at the end " + allocate.position() + "/" + allocate.capacity());
            }
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            allocate.position(16);
            messageDigest.update(allocate);
            allocate.position(0);
            allocate.put(messageDigest.digest());
            return new String(Hex.encodeHex(cipher.doFinal(allocate.array())));
        } catch (Exception e) {
            LOGGER.error("", (Throwable) e);
            return null;
        }
    }

    public static Authorization fromToken(SecretKeySpec secretKeySpec, String str) throws AuthenticationException {
        Authorization fromBuffer;
        if (str == null) {
            throw new IllegalArgumentException("Token required");
        }
        try {
            Cipher cipher = Cipher.getInstance("AES");
            cipher.init(2, secretKeySpec);
            ByteBuffer wrap = ByteBuffer.wrap(cipher.doFinal(Hex.decodeHex(str.toCharArray())));
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            byte[] bArr = new byte[16];
            wrap.get(bArr, 0, 16);
            byte[] bArr2 = new byte[wrap.capacity() - 16];
            wrap.get(bArr2);
            wrap.position(16);
            if (!Arrays.equals(bArr, messageDigest.digest(bArr2))) {
                throw new AuthenticationException("Given token is corrupt");
            }
            byte b = wrap.get();
            long j = wrap.getLong();
            long j2 = wrap.getLong();
            switch (b) {
                case 1:
                    fromBuffer = AnonymousAuthorization.fromBuffer(wrap);
                    break;
                case 2:
                    fromBuffer = ExplicitRightsAuthorization.fromBuffer(wrap);
                    break;
                case 3:
                    fromBuffer = SystemAuthorization.fromBuffer(wrap);
                    break;
                case 4:
                    fromBuffer = UserAuthorization.fromBuffer(wrap);
                    break;
                case 5:
                    fromBuffer = AdminAuthorization.fromBuffer(wrap);
                    break;
                case 6:
                    fromBuffer = SingleProjectAuthorization.fromBuffer(wrap);
                    break;
                case 7:
                    fromBuffer = RunServiceAuthorization.fromBuffer(wrap);
                    break;
                case 8:
                    fromBuffer = MonitorAuthorization.fromBuffer(wrap);
                    break;
                default:
                    throw new AuthenticationException("Unknown authorization type: " + ((int) b));
            }
            fromBuffer.setUoid(j2);
            fromBuffer.setExpires(j);
            if (fromBuffer.getExpires().getTimeInMillis() < new GregorianCalendar().getTimeInMillis()) {
                throw new AuthenticationException("This token has expired");
            }
            return fromBuffer;
        } catch (GeneralSecurityException e) {
            throw new AuthenticationException("Invalid token", e);
        } catch (DecoderException e2) {
            throw new AuthenticationException(e2);
        }
    }

    private void setExpires(long j) {
        this.expires.setTimeInMillis(j);
    }

    public long getUoid() {
        return this.uoid;
    }

    public void setUoid(long j) {
        this.uoid = j;
    }

    public String getUsername() {
        return this.username;
    }

    public void setUsername(String str) {
        this.username = str;
    }
}
