package org.alfresco.encryption;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.AlgorithmParameters;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.encryption.MACUtils;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.util.IPUtils;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.surf.util.Base64;
import org.springframework.util.FileCopyUtils;

/* loaded from: input_file:WEB-INF/lib/alfresco-core-17.153.jar:org/alfresco/encryption/DefaultEncryptionUtils.class */
public class DefaultEncryptionUtils implements EncryptionUtils {
    protected static Log logger = LogFactory.getLog((Class<?>) Encryptor.class);
    protected static String HEADER_ALGORITHM_PARAMETERS = "XAlfresco-algorithmParameters";
    protected static String HEADER_MAC = "XAlfresco-mac";
    protected static String HEADER_TIMESTAMP = "XAlfresco-timestamp";
    protected Encryptor encryptor;
    protected MACUtils macUtils;
    protected long messageTimeout;
    protected String remoteIP;
    protected String localIP;

    public DefaultEncryptionUtils() {
        try {
            this.localIP = InetAddress.getLocalHost().getHostAddress();
        } catch (Exception e) {
            throw new AlfrescoRuntimeException("Unable to initialise EncryptionUtils", e);
        }
    }

    public String getRemoteIP() {
        return this.remoteIP;
    }

    public void setRemoteIP(String str) {
        try {
            this.remoteIP = IPUtils.getRealIPAddress(str);
        } catch (UnknownHostException e) {
            throw new AlfrescoRuntimeException("Failed to get server IP address", e);
        }
    }

    protected String getLocalIPAddress() {
        return this.localIP;
    }

    public void setMessageTimeout(long j) {
        this.messageTimeout = j;
    }

    public void setEncryptor(Encryptor encryptor) {
        this.encryptor = encryptor;
    }

    public void setMacUtils(MACUtils mACUtils) {
        this.macUtils = mACUtils;
    }

    protected void setRequestMac(HttpMethod httpMethod, byte[] bArr) {
        if (bArr == null) {
            throw new AlfrescoRuntimeException("Mac cannot be null");
        }
        httpMethod.setRequestHeader(HEADER_MAC, Base64.encodeBytes(bArr));
    }

    protected void setMac(HttpServletResponse httpServletResponse, byte[] bArr) {
        if (bArr == null) {
            throw new AlfrescoRuntimeException("Mac cannot be null");
        }
        httpServletResponse.setHeader(HEADER_MAC, Base64.encodeBytes(bArr));
    }

    protected byte[] getMac(HttpServletRequest httpServletRequest) throws IOException {
        String header = httpServletRequest.getHeader(HEADER_MAC);
        if (header != null) {
            return Base64.decode(header);
        }
        return null;
    }

    protected byte[] getResponseMac(HttpMethod httpMethod) throws IOException {
        Header responseHeader = httpMethod.getResponseHeader(HEADER_MAC);
        if (responseHeader != null) {
            return Base64.decode(responseHeader.getValue());
        }
        return null;
    }

    protected void setRequestTimestamp(HttpMethod httpMethod, long j) {
        httpMethod.setRequestHeader(HEADER_TIMESTAMP, String.valueOf(j));
    }

    protected void setTimestamp(HttpServletResponse httpServletResponse, long j) {
        httpServletResponse.setHeader(HEADER_TIMESTAMP, String.valueOf(j));
    }

    protected Long getResponseTimestamp(HttpMethod httpMethod) throws IOException {
        Header responseHeader = httpMethod.getResponseHeader(HEADER_TIMESTAMP);
        if (responseHeader != null) {
            return Long.valueOf(responseHeader.getValue());
        }
        return null;
    }

    protected Long getTimestamp(HttpServletRequest httpServletRequest) throws IOException {
        String header = httpServletRequest.getHeader(HEADER_TIMESTAMP);
        if (header != null) {
            return Long.valueOf(header);
        }
        return null;
    }

    @Override // org.alfresco.encryption.EncryptionUtils
    public void setRequestAlgorithmParameters(HttpMethod httpMethod, AlgorithmParameters algorithmParameters) throws IOException {
        if (algorithmParameters != null) {
            httpMethod.setRequestHeader(HEADER_ALGORITHM_PARAMETERS, Base64.encodeBytes(algorithmParameters.getEncoded()));
        }
    }

    protected void setAlgorithmParameters(HttpServletResponse httpServletResponse, AlgorithmParameters algorithmParameters) throws IOException {
        if (algorithmParameters != null) {
            httpServletResponse.setHeader(HEADER_ALGORITHM_PARAMETERS, Base64.encodeBytes(algorithmParameters.getEncoded()));
        }
    }

    protected AlgorithmParameters decodeAlgorithmParameters(HttpMethod httpMethod) throws IOException {
        Header responseHeader = httpMethod.getResponseHeader(HEADER_ALGORITHM_PARAMETERS);
        if (responseHeader == null) {
            return null;
        }
        return this.encryptor.decodeAlgorithmParameters(Base64.decode(responseHeader.getValue()));
    }

    protected AlgorithmParameters decodeAlgorithmParameters(HttpServletRequest httpServletRequest) throws IOException {
        String header = httpServletRequest.getHeader(HEADER_ALGORITHM_PARAMETERS);
        if (header == null) {
            return null;
        }
        return this.encryptor.decodeAlgorithmParameters(Base64.decode(header));
    }

    @Override // org.alfresco.encryption.EncryptionUtils
    public byte[] decryptResponseBody(HttpMethod httpMethod) throws IOException {
        InputStream responseBodyAsStream = httpMethod.getResponseBodyAsStream();
        if (responseBodyAsStream == null) {
            return null;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        FileCopyUtils.copy(responseBodyAsStream, byteArrayOutputStream);
        AlgorithmParameters decodeAlgorithmParameters = decodeAlgorithmParameters(httpMethod);
        if (decodeAlgorithmParameters != null) {
            return this.encryptor.decrypt(KeyProvider.ALIAS_SOLR, decodeAlgorithmParameters, byteArrayOutputStream.toByteArray());
        }
        throw new AlfrescoRuntimeException("Unable to decrypt response body, missing encryption algorithm parameters");
    }

    @Override // org.alfresco.encryption.EncryptionUtils
    public byte[] decryptBody(HttpServletRequest httpServletRequest) throws IOException {
        InputStream inputStream;
        if (!httpServletRequest.getMethod().equals("POST") || (inputStream = httpServletRequest.getInputStream()) == null) {
            return null;
        }
        return IOUtils.toByteArray(this.encryptor.decrypt(KeyProvider.ALIAS_SOLR, decodeAlgorithmParameters(httpServletRequest), inputStream));
    }

    @Override // org.alfresco.encryption.EncryptionUtils
    public boolean authenticateResponse(HttpMethod httpMethod, String str, byte[] bArr) {
        try {
            byte[] responseMac = getResponseMac(httpMethod);
            Long responseTimestamp = getResponseTimestamp(httpMethod);
            if (responseTimestamp == null) {
                return false;
            }
            return authenticate(responseMac, new MACUtils.MACInput(bArr, responseTimestamp.longValue(), IPUtils.getRealIPAddress(str)));
        } catch (Exception e) {
            throw new RuntimeException("Unable to authenticate HTTP response", e);
        }
    }

    @Override // org.alfresco.encryption.EncryptionUtils
    public boolean authenticate(HttpServletRequest httpServletRequest, byte[] bArr) {
        try {
            byte[] mac = getMac(httpServletRequest);
            Long timestamp = getTimestamp(httpServletRequest);
            if (timestamp == null) {
                return false;
            }
            return authenticate(mac, new MACUtils.MACInput(bArr, timestamp.longValue(), IPUtils.getRealIPAddress(httpServletRequest.getRemoteAddr())));
        } catch (Exception e) {
            throw new AlfrescoRuntimeException("Unable to authenticate HTTP request", e);
        }
    }

    @Override // org.alfresco.encryption.EncryptionUtils
    public void setRequestAuthentication(HttpMethod httpMethod, byte[] bArr) throws IOException {
        long currentTimeMillis = System.currentTimeMillis();
        byte[] generateMAC = this.macUtils.generateMAC(KeyProvider.ALIAS_SOLR, new MACUtils.MACInput(bArr, currentTimeMillis, getLocalIPAddress()));
        if (logger.isDebugEnabled()) {
            logger.debug("Setting MAC " + Arrays.toString(generateMAC) + " on HTTP request " + httpMethod.getPath());
            Log log = logger;
            httpMethod.getPath();
            log.debug("Setting timestamp " + currentTimeMillis + " on HTTP request " + log);
        }
        setRequestMac(httpMethod, generateMAC);
        setRequestTimestamp(httpMethod, currentTimeMillis);
    }

    @Override // org.alfresco.encryption.EncryptionUtils
    public void setResponseAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, byte[] bArr, AlgorithmParameters algorithmParameters) throws IOException {
        long currentTimeMillis = System.currentTimeMillis();
        byte[] generateMAC = this.macUtils.generateMAC(KeyProvider.ALIAS_SOLR, new MACUtils.MACInput(bArr, currentTimeMillis, getLocalIPAddress()));
        if (logger.isDebugEnabled()) {
            logger.debug("Setting MAC " + Arrays.toString(generateMAC) + " on HTTP response to request " + httpServletRequest.getRequestURI());
            Log log = logger;
            httpServletRequest.getRequestURI();
            log.debug("Setting timestamp " + currentTimeMillis + " on HTTP response to request " + log);
        }
        setAlgorithmParameters(httpServletResponse, algorithmParameters);
        setMac(httpServletResponse, generateMAC);
        setTimestamp(httpServletResponse, currentTimeMillis);
    }

    protected boolean authenticate(byte[] bArr, MACUtils.MACInput mACInput) {
        return this.macUtils.validateMAC(KeyProvider.ALIAS_SOLR, bArr, mACInput) && validateTimestamp(mACInput.getTimestamp());
    }

    protected boolean validateTimestamp(long j) {
        return System.currentTimeMillis() - j < this.messageTimeout;
    }
}
