package org.alfresco.repo.security.authentication;

import java.io.Serializable;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.zip.CRC32;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.service.cmr.repository.datatype.Duration;
import org.alfresco.util.GUID;
import org.alfresco.util.ParameterCheck;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.safehaus.uuid.UUIDGenerator;

/* loaded from: input_file:org/alfresco/repo/security/authentication/InMemoryTicketComponentImpl.class */
public class InMemoryTicketComponentImpl implements TicketComponent {
    public static final String GRANTED_AUTHORITY_TICKET_PREFIX = "TICKET_";
    private static Log logger = LogFactory.getLog(InMemoryTicketComponentImpl.class);
    private static ThreadLocal<String> currentTicket = new ThreadLocal<>();
    private boolean ticketsExpire;
    private Duration validDuration;
    private boolean oneOff;
    private SimpleCache<String, Ticket> ticketsCache;
    private SimpleCache<String, String> usernameKey;
    private ExpiryMode expiryMode = ExpiryMode.AFTER_INACTIVITY;
    private boolean useSingleTicketPerUser = true;
    private String guid = GUID.generate();

    /* loaded from: input_file:org/alfresco/repo/security/authentication/InMemoryTicketComponentImpl$ExpiryMode.class */
    public enum ExpiryMode {
        AFTER_INACTIVITY,
        AFTER_FIXED_TIME,
        DO_NOT_EXPIRE
    }

    /* loaded from: input_file:org/alfresco/repo/security/authentication/InMemoryTicketComponentImpl$Ticket.class */
    public static class Ticket implements Serializable {
        private static final long serialVersionUID = -5904510560161261049L;
        private final ExpiryMode expires;
        private final Date expiryDate;
        private final String userName;
        private final String ticketId;
        private final Duration validDuration;
        private final Duration testDuration;

        Ticket(ExpiryMode expiryMode, Date date, String str, Duration duration) {
            checkValidTicketParameters(expiryMode, date, str, duration);
            this.expires = expiryMode;
            this.expiryDate = date;
            this.userName = str;
            this.validDuration = duration;
            this.testDuration = duration.divide(2);
            this.ticketId = computeTicketId(expiryMode, date, str, UUIDGenerator.getInstance().generateRandomBasedUUID().toString());
            if (InMemoryTicketComponentImpl.logger.isTraceEnabled()) {
                InMemoryTicketComponentImpl.logger.trace("Creating new ticket for user: " + AuthenticationUtil.maskUsername(str) + " with ticketId: " + this.ticketId);
            }
        }

        private static String computeTicketId(ExpiryMode expiryMode, Date date, String str, String str2) {
            String str3;
            String str4 = expiryMode.toString() + getExpireDateAsString(date) + str + str2;
            try {
                str3 = new String(Hex.encodeHex(MessageDigest.getInstance("SHA-1").digest(str4.getBytes())));
            } catch (NoSuchAlgorithmException e) {
                try {
                    str3 = new String(Hex.encodeHex(MessageDigest.getInstance("MD5").digest(str4.getBytes())));
                } catch (NoSuchAlgorithmException e2) {
                    CRC32 crc32 = new CRC32();
                    crc32.update(str4.getBytes());
                    long value = (crc32.getValue() >>> 4) >>> 4;
                    str3 = new String(Hex.encodeHex(new byte[]{(byte) (r0 & 255), (byte) (r0 & 255), (byte) (value & 255), (byte) ((value >>> 4) & 255)}));
                }
            }
            return str3;
        }

        private Ticket(ExpiryMode expiryMode, Date date, String str, Duration duration, String str2) {
            checkValidTicketParameters(expiryMode, date, str, duration);
            ParameterCheck.mandatory("ticketId", str2);
            this.expires = expiryMode;
            this.expiryDate = date;
            this.userName = str;
            this.validDuration = duration;
            this.testDuration = duration.subtract(duration.divide(10));
            this.ticketId = str2;
            if (InMemoryTicketComponentImpl.logger.isTraceEnabled()) {
                InMemoryTicketComponentImpl.logger.trace("Creating (cloning) new ticket for user: " + AuthenticationUtil.maskUsername(str) + " with ticketId: " + this.ticketId);
            }
        }

        private static void checkValidTicketParameters(ExpiryMode expiryMode, Date date, String str, Duration duration) {
            ParameterCheck.mandatory("expires mode", expiryMode);
            ParameterCheck.mandatoryString("userName", str);
            ParameterCheck.mandatory("validDuration", duration);
            if (ExpiryMode.DO_NOT_EXPIRE.equals(expiryMode)) {
                return;
            }
            ParameterCheck.mandatory("expiryDate", date);
        }

        private static String getExpireDateAsString(Date date) {
            return date == null ? "" : date.toString();
        }

        boolean hasExpired(Date date) {
            return this.expiryDate != null && this.expiryDate.compareTo(date) < 0;
        }

        Ticket getNewEntry() {
            switch (this.expires) {
                case AFTER_FIXED_TIME:
                    if (hasExpired(new Date())) {
                        return null;
                    }
                    return this;
                case AFTER_INACTIVITY:
                    Date date = new Date();
                    if (hasExpired(date)) {
                        return null;
                    }
                    if (new Duration(date, this.expiryDate).compareTo(this.testDuration) >= 0) {
                        return this;
                    }
                    if (InMemoryTicketComponentImpl.logger.isTraceEnabled()) {
                        InMemoryTicketComponentImpl.logger.trace("AFTER_INACTIVITY case, Creating new ticket based on the current one that expires at: " + this.expiryDate);
                    }
                    return new Ticket(this.expires, Duration.add(date, this.validDuration), this.userName, this.validDuration, this.ticketId);
                case DO_NOT_EXPIRE:
                default:
                    return this;
            }
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof Ticket)) {
                return false;
            }
            Ticket ticket = (Ticket) obj;
            return this.ticketId.equals(ticket.ticketId) && this.userName.equals(ticket.userName) && this.expires.equals(ticket.expires) && areTheExpiryDatesEqual(ticket);
        }

        private boolean areTheExpiryDatesEqual(Ticket ticket) {
            if (ExpiryMode.DO_NOT_EXPIRE.equals(this.expires)) {
                return true;
            }
            if (this.expiryDate == null) {
                InMemoryTicketComponentImpl.logger.warn("expiryDate should not be null in this case");
            }
            return this.expiryDate.equals(ticket.expiryDate);
        }

        public int hashCode() {
            return this.ticketId.hashCode();
        }

        protected ExpiryMode getExpires() {
            return this.expires;
        }

        protected Date getExpiryDate() {
            return this.expiryDate;
        }

        protected String getTicketId() {
            return this.ticketId;
        }

        protected String getUserName() {
            return this.userName;
        }

        public String toString() {
            return "Ticket with ticketId: " + this.ticketId + " for user: " + AuthenticationUtil.maskUsername(this.userName) + " ExpiryMode: " + this.expires + " expire date: " + this.expiryDate + " validDuration: " + this.validDuration;
        }
    }

    public void setTicketsCache(SimpleCache<String, Ticket> simpleCache) {
        this.ticketsCache = simpleCache;
    }

    public void setUsernameKey(SimpleCache<String, String> simpleCache) {
        this.usernameKey = simpleCache;
    }

    public void setUseSingleTicketPerUser(boolean z) {
        this.useSingleTicketPerUser = z;
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public boolean getUseSingleTicketPerUser() {
        return this.useSingleTicketPerUser;
    }

    @Deprecated
    public void setOneOff(boolean z) {
        this.oneOff = z;
        if (this.oneOff) {
            logger.warn("The 'oneOff' feature has been deprecated and will be removed in a future version. This feature may not work as intended even in the current version");
        }
    }

    public void setTicketsExpire(boolean z) {
        this.ticketsExpire = z;
    }

    public void setExpiryMode(String str) {
        this.expiryMode = ExpiryMode.valueOf(str);
    }

    public void setValidDuration(String str) {
        this.validDuration = new Duration(str);
    }

    private void putTicketIntoTicketsCache(Ticket ticket) {
        if (logger.isTraceEnabled()) {
            logger.trace("Putting into ticketsCache " + this.ticketsCache.toString() + " ticket: " + ticket);
        }
        this.ticketsCache.put(ticket.getTicketId(), ticket);
    }

    private void putTicketIntoUsernameKeyCache(Ticket ticket) {
        if (logger.isTraceEnabled()) {
            logger.trace("Putting into usernameKey " + this.usernameKey.toString() + " username and key of ticket: " + ticket);
        }
        this.usernameKey.put(ticket.getUserName(), ticket.getTicketId());
    }

    private void removeTicketFromTicketsCache(String str) {
        if (logger.isTraceEnabled()) {
            logger.trace("Removing ticket from ticketsCache: " + str);
        }
        this.ticketsCache.remove(str);
    }

    private void removeFromUsernameKey(String str) {
        if (logger.isTraceEnabled()) {
            logger.trace("Removing ticket key from usernameKey: " + str);
        }
        this.usernameKey.remove(str);
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public String getNewTicket(String str) throws AuthenticationException {
        Ticket ticket = null;
        if (this.useSingleTicketPerUser) {
            ticket = findNonExpiredUserTicket(str);
        }
        if (ticket == null) {
            Date date = null;
            if (this.ticketsExpire) {
                date = Duration.add(new Date(), this.validDuration);
            }
            ticket = new Ticket(this.ticketsExpire ? this.expiryMode : ExpiryMode.DO_NOT_EXPIRE, date, str, this.validDuration);
            putTicketIntoTicketsCache(ticket);
            putTicketIntoUsernameKeyCache(ticket);
        }
        String str2 = "TICKET_" + ticket.getTicketId();
        currentTicket.set(str2);
        if (logger.isTraceEnabled()) {
            logger.trace("Setting the current ticket for this thread: " + Thread.currentThread().getName() + " to: " + str2);
        }
        return str2;
    }

    private Ticket findNonExpiredUserTicket(String str) {
        Ticket newEntry;
        Ticket newEntry2;
        String str2 = this.usernameKey.get(str);
        if (StringUtils.isNotBlank(str2)) {
            Ticket ticket = this.ticketsCache.get(str2);
            if (ticket == null || (newEntry2 = ticket.getNewEntry()) == null) {
                return null;
            }
            if (newEntry2 != ticket) {
                putTicketIntoTicketsCache(newEntry2);
                putTicketIntoUsernameKeyCache(newEntry2);
            }
            return ticket;
        }
        Iterator<String> it = this.ticketsCache.getKeys().iterator();
        while (it.hasNext()) {
            Ticket ticket2 = this.ticketsCache.get(it.next());
            if (ticket2 != null && ticket2.getUserName().equals(str) && (newEntry = ticket2.getNewEntry()) != null) {
                if (newEntry != ticket2) {
                    putTicketIntoTicketsCache(newEntry);
                    putTicketIntoUsernameKeyCache(newEntry);
                }
                return ticket2;
            }
        }
        return null;
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public String validateTicket(String str) throws AuthenticationException {
        if (logger.isTraceEnabled()) {
            logger.trace("Validating ticket: " + str);
        }
        String ticketKey = getTicketKey(str);
        Ticket ticket = this.ticketsCache.get(ticketKey);
        if (ticket == null) {
            String str2 = "Missing ticket for " + str;
            if (logger.isDebugEnabled()) {
                logger.debug(str2);
            }
            throw new AuthenticationException(str2);
        }
        Ticket newEntry = ticket.getNewEntry();
        if (newEntry == null) {
            String str3 = "Ticket expired for " + str;
            if (logger.isDebugEnabled()) {
                logger.debug(str3);
            }
            throw new TicketExpiredException(str3);
        }
        if (this.oneOff) {
            removeTicketFromTicketsCache(ticketKey);
            String userName = newEntry.getUserName();
            if (StringUtils.isNotBlank(userName)) {
                removeFromUsernameKey(userName);
            }
        } else if (newEntry != ticket) {
            putTicketIntoTicketsCache(newEntry);
            putTicketIntoUsernameKeyCache(newEntry);
        }
        currentTicket.set(str);
        if (logger.isTraceEnabled()) {
            logger.trace("Setting the current ticket for this thread: " + Thread.currentThread().getName() + " to: " + str);
        }
        return newEntry.getUserName();
    }

    private Ticket getTicketByTicketString(String str) {
        return this.ticketsCache.get(getTicketKey(str));
    }

    private String getTicketKey(String str) {
        if (str == null) {
            return null;
        }
        if (str.length() < GRANTED_AUTHORITY_TICKET_PREFIX.length()) {
            throw new AuthenticationException(str + " is an invalid ticket format");
        }
        return str.substring(GRANTED_AUTHORITY_TICKET_PREFIX.length());
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public void invalidateTicketById(String str) {
        removeTicketFromTicketsCache(str.substring(GRANTED_AUTHORITY_TICKET_PREFIX.length()));
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public Set<String> getUsersWithTickets(boolean z) {
        Date date = new Date();
        HashSet hashSet = new HashSet();
        Iterator<String> it = this.ticketsCache.getKeys().iterator();
        while (it.hasNext()) {
            Ticket ticket = this.ticketsCache.get(it.next());
            if (ticket != null && (!z || !ticket.hasExpired(date))) {
                hashSet.add(ticket.getUserName());
            }
        }
        return hashSet;
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public int countTickets(boolean z) {
        Date date = new Date();
        if (!z) {
            return this.ticketsCache.getKeys().size();
        }
        int i = 0;
        Iterator<String> it = this.ticketsCache.getKeys().iterator();
        while (it.hasNext()) {
            Ticket ticket = this.ticketsCache.get(it.next());
            if (ticket != null && !ticket.hasExpired(date)) {
                i++;
            }
        }
        return i;
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public int invalidateTickets(boolean z) {
        if (logger.isTraceEnabled()) {
            logger.trace("Invalidate all tickets, expired only: " + z);
        }
        Date date = new Date();
        int i = 0;
        if (z) {
            HashSet hashSet = new HashSet();
            for (String str : this.ticketsCache.getKeys()) {
                Ticket ticket = this.ticketsCache.get(str);
                if (ticket == null || ticket.hasExpired(date)) {
                    i++;
                    hashSet.add(str);
                }
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                removeTicketFromTicketsCache((String) it.next());
            }
        } else {
            i = this.ticketsCache.getKeys().size();
            if (logger.isTraceEnabled()) {
                logger.trace("Clearing all tickets from the ticketsCache, that used to have size: " + i);
            }
            this.ticketsCache.clear();
        }
        return i;
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public void invalidateTicketByUser(String str) {
        HashSet hashSet = new HashSet();
        String str2 = this.usernameKey.get(str);
        if (StringUtils.isNotBlank(str2)) {
            Ticket ticket = this.ticketsCache.get(str2);
            if (ticket != null) {
                hashSet.add(ticket.getTicketId());
            }
        } else {
            Iterator<String> it = this.ticketsCache.getKeys().iterator();
            while (it.hasNext()) {
                Ticket ticket2 = this.ticketsCache.get(it.next());
                if (ticket2 != null && ticket2.getUserName().equals(str)) {
                    hashSet.add(ticket2.getTicketId());
                }
            }
        }
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            removeTicketFromTicketsCache((String) it2.next());
        }
        removeFromUsernameKey(str);
    }

    public int hashCode() {
        return (31 * 1) + (this.guid == null ? 0 : this.guid.hashCode());
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        InMemoryTicketComponentImpl inMemoryTicketComponentImpl = (InMemoryTicketComponentImpl) obj;
        return this.guid == null ? inMemoryTicketComponentImpl.guid == null : this.guid.equals(inMemoryTicketComponentImpl.guid);
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public String getAuthorityForTicket(String str) {
        Ticket ticketByTicketString = getTicketByTicketString(str);
        if (ticketByTicketString == null) {
            return null;
        }
        return ticketByTicketString.getUserName();
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public String getCurrentTicket(String str, boolean z) {
        String str2 = currentTicket.get();
        if (str2 == null) {
            if (z) {
                return getNewTicket(str);
            }
            return null;
        }
        if (str.equals(getAuthorityForTicket(str2))) {
            return str2;
        }
        if (z) {
            return getNewTicket(str);
        }
        return null;
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public void clearCurrentTicket() {
        clearCurrentSecurityContext();
    }

    public static void clearCurrentSecurityContext() {
        String str = currentTicket.get();
        currentTicket.set(null);
        if (logger.isTraceEnabled()) {
            logger.trace("Clearing the current ticket for this thread: " + Thread.currentThread().getName() + " . Previous ticket was: " + str);
        }
    }
}
