package com.ibm.ws.security.ltpa;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.auth.InvalidTokenException;
import com.ibm.websphere.security.auth.TokenCreationFailedException;
import com.ibm.websphere.security.auth.TokenExpiredException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SecurityConfig;
import com.ibm.ws.security.util.Base64Coder;
import com.ibm.ws.security.util.StringUtil;
import com.ibm.wsspi.security.ltpa.Token;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Enumeration;

/* loaded from: input_file:ws_runtime.jar:com/ibm/ws/security/ltpa/LTPAToken2.class */
public class LTPAToken2 implements Token, Serializable {
    private static final TraceComponent tc;
    private static SimpleDateFormat dateFormat;
    private UserData userData;
    private long expiration;
    private int defaultExpirationMins;
    private byte[] signature;
    private String cipher;
    public static final String DELIM = "%";
    private byte[] encryptedBytes;
    private byte[] sharedKey;
    private LTPAPrivateKey privateKey;
    private LTPAPublicKey publicKey;
    private String userId;
    private short version;
    static Class class$com$ibm$ws$security$ltpa$LTPAToken2;

    public LTPAToken2(byte[] bArr, byte[] bArr2, LTPAPrivateKey lTPAPrivateKey, LTPAPublicKey lTPAPublicKey) throws InvalidTokenException, TokenExpiredException {
        this.defaultExpirationMins = 120;
        this.cipher = null;
        this.encryptedBytes = null;
        this.sharedKey = null;
        this.privateKey = null;
        this.publicKey = null;
        this.userId = null;
        this.version = (short) 1;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate LTPAToken2 from byte[]");
        }
        this.expiration = 0L;
        this.sharedKey = bArr2;
        this.privateKey = lTPAPrivateKey;
        this.publicKey = lTPAPublicKey;
        this.encryptedBytes = bArr;
        this.cipher = (String) SecurityConfig.getConfig().getValue(SecurityConfig.LTPATOKEN2_CIPHER);
        decrypt();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, getLogInfo().toString());
        }
        if (!isValid()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "LTPAToken2 failed to validate.");
            }
            throw new InvalidTokenException("LTPAToken2 failed to validate.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validate LTPAToken2 from byte[]");
        }
    }

    public LTPAToken2(String str, long j, byte[] bArr, LTPAPrivateKey lTPAPrivateKey, LTPAPublicKey lTPAPublicKey) throws TokenCreationFailedException {
        this.defaultExpirationMins = 120;
        this.cipher = null;
        this.encryptedBytes = null;
        this.sharedKey = null;
        this.privateKey = null;
        this.publicKey = null;
        this.userId = null;
        this.version = (short) 1;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "new LTPAToken2 from accessID");
        }
        this.expiration = System.currentTimeMillis() + (j * 60 * 1000);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Expiration set to: ").append(new Date(this.expiration)).toString());
        }
        this.sharedKey = bArr;
        this.privateKey = lTPAPrivateKey;
        this.publicKey = lTPAPublicKey;
        this.userData = new UserData(str);
        this.userId = str;
        this.cipher = (String) SecurityConfig.getConfig().getValue(SecurityConfig.LTPATOKEN2_CIPHER);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "new LTPAToken2 from accessID");
        }
    }

    protected LTPAToken2(long j, byte[] bArr, LTPAPrivateKey lTPAPrivateKey, LTPAPublicKey lTPAPublicKey, UserData userData) throws TokenCreationFailedException {
        this.defaultExpirationMins = 120;
        this.cipher = null;
        this.encryptedBytes = null;
        this.sharedKey = null;
        this.privateKey = null;
        this.publicKey = null;
        this.userId = null;
        this.version = (short) 1;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "new LTPAToken2 from clone");
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Refreshing expiration of token.");
        }
        this.expiration = currentTimeMillis + (((Long) SecurityConfig.getConfig().getValue("security.ltpa.expirydate")).longValue() * 60 * 1000);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Expiration set to: ").append(new Date(this.expiration)).toString());
        }
        this.sharedKey = bArr;
        this.privateKey = lTPAPrivateKey;
        this.publicKey = lTPAPublicKey;
        this.userData = userData;
        this.cipher = (String) SecurityConfig.getConfig().getValue(SecurityConfig.LTPATOKEN2_CIPHER);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "new LTPAToken2 from clone");
        }
    }

    protected void encrypt() {
        String stringUtil = StringUtil.toString(Base64Coder.base64Encode(this.signature));
        byte[] bytes = toBytes(this.userData.toString());
        StringBuffer stringBuffer = new StringBuffer("%");
        stringBuffer.append(this.expiration).append("%").append(stringUtil);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("tokenData before encrypt: ").append(stringBuffer.toString()).toString());
        }
        byte[] bytes2 = StringUtil.getBytes(stringBuffer.toString());
        byte[] bArr = new byte[bytes.length + bytes2.length];
        for (int i = 0; i < bytes.length; i++) {
            bArr[i] = bytes[i];
        }
        for (int length = bytes.length; length < bArr.length; length++) {
            bArr[length] = bytes2[length - bytes.length];
        }
        new LTPACrypto();
        this.encryptedBytes = LTPACrypto.encrypt(bArr, this.sharedKey, this.cipher, true);
    }

    protected void decrypt() throws InvalidTokenException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "decrypt");
        }
        new LTPACrypto();
        try {
            byte[] decrypt = LTPACrypto.decrypt((byte[]) this.encryptedBytes.clone(), this.sharedKey, this.cipher, true);
            this.userData = new UserData(LTPATokenizer.parseUserData(LTPATokenizer.parseToken(toStrings(decrypt))[0]));
            String stringUtil = StringUtil.toString(decrypt);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("tokenString after decrypt: ").append(stringUtil).toString());
            }
            String[] parseToken = LTPATokenizer.parseToken(stringUtil);
            String[] attributes = this.userData.getAttributes(AttributeNameConstants.WSTOKEN_EXPIRATION);
            if (attributes == null || attributes[0] == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Getting expiration from expiration field.");
                }
                this.expiration = Long.parseLong(parseToken[1]);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Expiration set to: ").append(new Date(this.expiration)).toString());
                }
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Getting expiration from userdata area.");
                }
                this.expiration = Long.parseLong(attributes[0]);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Expiration set to: ").append(new Date(this.expiration)).toString());
                }
            }
            setSignature(StringUtil.getBytes(Base64Coder.base64Decode(parseToken[2])));
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "decrypt");
            }
        } catch (Throwable th) {
            ContextManagerFactory.getInstance().setRootException(th);
            throw new InvalidTokenException(th.getMessage(), th);
        }
    }

    protected void sign() throws NoSuchAlgorithmException {
        setSignature(LTPADigSignature.sign(toBytes(getUserData().toString()), this.privateKey, true));
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    public boolean isValid() throws InvalidTokenException, TokenExpiredException {
        Date date = new Date();
        Date date2 = new Date(this.expiration);
        boolean before = date.before(date2);
        if (!before) {
            StringBuffer logInfo = getLogInfo();
            logInfo.insert(0, "token expired ");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, logInfo.toString());
            }
            throw new TokenExpiredException(new StringBuffer().append("Token expiration Date: ").append(date2).append(", current Date: ").append(date).toString());
        }
        try {
            boolean verify = verify();
            if (!verify) {
                StringBuffer logInfo2 = getLogInfo();
                logInfo2.insert(0, "invalid signature ");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, logInfo2.toString());
                }
            }
            return before && verify;
        } catch (Exception e) {
            throw new InvalidTokenException(e.getMessage(), e);
        }
    }

    private boolean verify() throws NoSuchAlgorithmException {
        String userData = getUserData().toString();
        return LTPADigSignature.verify(toBytes(userData), getSignature(), this.publicKey, true);
    }

    private static String toStrings(byte[] bArr) {
        String str = null;
        try {
            str = new String(bArr, "UTF8");
        } catch (UnsupportedEncodingException e) {
            Tr.debug(tc, new StringBuffer().append("to UTF8 Strings =").append(e.toString()).toString());
        }
        return str;
    }

    private static byte[] toBytes(String str) {
        byte[] bArr = null;
        try {
            bArr = str.getBytes("UTF8");
        } catch (UnsupportedEncodingException e) {
            Tr.debug(tc, new StringBuffer().append("to UTF8 bytes =").append(e.toString()).toString());
        }
        return bArr;
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    public byte[] getBytes() throws InvalidTokenException, TokenExpiredException {
        if (this.encryptedBytes != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning existing encrypted bytes from token object.");
            }
            return this.encryptedBytes;
        }
        try {
            sign();
            encrypt();
            if (!isValid() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Expired or invalid LTPA token constructed");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, getLogInfo().toString());
            }
            return this.encryptedBytes;
        } catch (NoSuchAlgorithmException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("NoSuchAlgorithmException: ").append(e.getMessage()).toString(), new Object[]{e});
            }
            throw new InvalidTokenException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    public long getExpiration() {
        return this.expiration;
    }

    byte[] getSignature() {
        return this.signature;
    }

    UserData getUserData() {
        return this.userData;
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    public String[] addAttribute(String str, String str2) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Token was updated thus clearing encrypted bytes to re-encrypt.");
        }
        this.encryptedBytes = null;
        return this.userData.addAttribute(str, str2);
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    public String[] getAttributes(String str) {
        return this.userData.getAttributes(str);
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    public Enumeration getAttributeNames() {
        return this.userData.getAttributeNames();
    }

    void setSignature(byte[] bArr) {
        this.signature = bArr;
    }

    public String toString() {
        return StringUtil.toString(this.encryptedBytes);
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    public short getVersion() {
        return this.version;
    }

    private StringBuffer getLogInfo() {
        StringBuffer stringBuffer = new StringBuffer();
        Enumeration attributeNames = getAttributeNames();
        while (attributeNames.hasMoreElements()) {
            String str = (String) attributeNames.nextElement();
            String[] attributes = getAttributes(str);
            stringBuffer.append(str);
            stringBuffer.append(": ");
            if (attributes != null) {
                for (int i = 0; i < attributes.length; i++) {
                    stringBuffer.append(attributes[i]);
                    if (i < attributes.length - 1) {
                        stringBuffer.append(" | ");
                    }
                }
            }
        }
        stringBuffer.append("Expiration time: ");
        stringBuffer.append(dateFormat.format(new Date(this.expiration)));
        return stringBuffer;
    }

    @Override // com.ibm.wsspi.security.ltpa.Token
    public Object clone() {
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Expiration passed into cloned token: ").append(this.expiration).toString());
            }
            return new LTPAToken2(this.expiration, this.sharedKey, this.privateKey, this.publicKey, (UserData) this.userData.clone());
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAToken2.clone", "442");
            return null;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$ltpa$LTPAToken2 == null) {
            cls = class$("com.ibm.ws.security.ltpa.LTPAToken2");
            class$com$ibm$ws$security$ltpa$LTPAToken2 = cls;
        } else {
            cls = class$com$ibm$ws$security$ltpa$LTPAToken2;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
        dateFormat = new SimpleDateFormat("yy.MM.dd kk:mm:ss:SSS z");
    }
}
