package org.alfresco.repo.security.authentication;

import java.io.Serializable;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.zip.CRC32;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.service.cmr.repository.datatype.Duration;
import org.alfresco.util.GUID;
import org.apache.commons.codec.binary.Hex;
import org.safehaus.uuid.UUIDGenerator;

/* loaded from: input_file:org/alfresco/repo/security/authentication/InMemoryTicketComponentImpl.class */
public class InMemoryTicketComponentImpl implements TicketComponent {
    public static final String GRANTED_AUTHORITY_TICKET_PREFIX = "TICKET_";
    private static ThreadLocal<String> currentTicket = new ThreadLocal<>();
    private boolean ticketsExpire;
    private Duration validDuration;
    private boolean oneOff;
    private SimpleCache<String, Ticket> ticketsCache;
    private ExpiryMode expiryMode = ExpiryMode.AFTER_FIXED_TIME;
    private String guid = GUID.generate();

    /* loaded from: input_file:org/alfresco/repo/security/authentication/InMemoryTicketComponentImpl$ExpiryMode.class */
    public enum ExpiryMode {
        AFTER_INACTIVITY,
        AFTER_FIXED_TIME,
        DO_NOT_EXPIRE
    }

    /* loaded from: input_file:org/alfresco/repo/security/authentication/InMemoryTicketComponentImpl$Ticket.class */
    public static class Ticket implements Serializable {
        private static final long serialVersionUID = -5904510560161261049L;
        private ExpiryMode expires;
        private Date expiryDate;
        private String userName;
        private String ticketId;
        private String guid = UUIDGenerator.getInstance().generateRandomBasedUUID().toString();
        private Duration validDuration;

        Ticket(ExpiryMode expiryMode, Date date, String str, Duration duration) {
            this.expires = expiryMode;
            this.expiryDate = date;
            this.userName = str;
            this.validDuration = duration;
            String str2 = expiryMode.toString() + (date == null ? new Date().toString() : date.toString()) + str + this.guid;
            try {
                this.ticketId = new String(Hex.encodeHex(MessageDigest.getInstance("SHA-1").digest(str2.getBytes())));
            } catch (NoSuchAlgorithmException e) {
                try {
                    this.ticketId = new String(Hex.encodeHex(MessageDigest.getInstance("MD5").digest(str2.getBytes())));
                } catch (NoSuchAlgorithmException e2) {
                    CRC32 crc32 = new CRC32();
                    crc32.update(str2.getBytes());
                    long value = (crc32.getValue() >>> 4) >>> 4;
                    this.ticketId = new String(Hex.encodeHex(new byte[]{(byte) (r0 & 255), (byte) (r0 & 255), (byte) (value & 255), (byte) ((value >>> 4) & 255)}));
                }
            }
        }

        boolean hasExpired() {
            switch (this.expires) {
                case AFTER_FIXED_TIME:
                    return this.expiryDate != null && this.expiryDate.compareTo(new Date()) < 0;
                case AFTER_INACTIVITY:
                    Date date = new Date();
                    if (this.expiryDate != null && this.expiryDate.compareTo(date) < 0) {
                        return true;
                    }
                    this.expiryDate = Duration.add(date, this.validDuration);
                    return false;
                case DO_NOT_EXPIRE:
                default:
                    return false;
            }
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof Ticket)) {
                return false;
            }
            Ticket ticket = (Ticket) obj;
            return this.expires == ticket.expires && this.expiryDate.equals(ticket.expiryDate) && this.userName.equals(ticket.userName) && this.ticketId.equals(ticket.ticketId);
        }

        public int hashCode() {
            return this.ticketId.hashCode();
        }

        protected ExpiryMode getExpires() {
            return this.expires;
        }

        protected Date getExpiryDate() {
            return this.expiryDate;
        }

        protected String getTicketId() {
            return this.ticketId;
        }

        protected String getUserName() {
            return this.userName;
        }
    }

    public void setTicketsCache(SimpleCache<String, Ticket> simpleCache) {
        this.ticketsCache = simpleCache;
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public String getNewTicket(String str) throws AuthenticationException {
        Date date = null;
        if (this.ticketsExpire) {
            date = Duration.add(new Date(), this.validDuration);
        }
        Ticket ticket = new Ticket(this.ticketsExpire ? this.expiryMode : ExpiryMode.DO_NOT_EXPIRE, date, str, this.validDuration);
        this.ticketsCache.put(ticket.getTicketId(), ticket);
        String str2 = GRANTED_AUTHORITY_TICKET_PREFIX + ticket.getTicketId();
        currentTicket.set(str2);
        return str2;
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public String validateTicket(String str) throws AuthenticationException {
        Ticket ticketByTicketString = getTicketByTicketString(str);
        if (ticketByTicketString == null) {
            throw new AuthenticationException("Missing ticket for " + str);
        }
        if (ticketByTicketString.hasExpired()) {
            throw new TicketExpiredException("Ticket expired for " + str);
        }
        if (this.oneOff) {
            this.ticketsCache.remove(getTicketKey(str));
        }
        currentTicket.set(str);
        return ticketByTicketString.getUserName();
    }

    private Ticket getTicketByTicketString(String str) {
        return this.ticketsCache.get(getTicketKey(str));
    }

    private String getTicketKey(String str) {
        if (str.length() < GRANTED_AUTHORITY_TICKET_PREFIX.length()) {
            throw new AuthenticationException(str + " is an invalid ticket format");
        }
        return str.substring(GRANTED_AUTHORITY_TICKET_PREFIX.length());
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public void invalidateTicketById(String str) {
        this.ticketsCache.remove(str.substring(GRANTED_AUTHORITY_TICKET_PREFIX.length()));
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public Set<String> getUsersWithTickets(boolean z) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = this.ticketsCache.getKeys().iterator();
        while (it.hasNext()) {
            Ticket ticket = this.ticketsCache.get(it.next());
            if (!z || !ticket.hasExpired()) {
                hashSet.add(ticket.getUserName());
            }
        }
        return hashSet;
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public int countTickets(boolean z) {
        if (!z) {
            return this.ticketsCache.getKeys().size();
        }
        int i = 0;
        Iterator<String> it = this.ticketsCache.getKeys().iterator();
        while (it.hasNext()) {
            if (!this.ticketsCache.get(it.next()).hasExpired()) {
                i++;
            }
        }
        return i;
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public int invalidateTickets(boolean z) {
        int i = 0;
        if (z) {
            for (String str : this.ticketsCache.getKeys()) {
                if (this.ticketsCache.get(str).hasExpired()) {
                    i++;
                    this.ticketsCache.remove(str);
                }
            }
        } else {
            i = this.ticketsCache.getKeys().size();
            this.ticketsCache.clear();
        }
        return i;
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public void invalidateTicketByUser(String str) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = this.ticketsCache.getKeys().iterator();
        while (it.hasNext()) {
            Ticket ticket = this.ticketsCache.get(it.next());
            if (ticket.getUserName().equals(str)) {
                hashSet.add(ticket.getTicketId());
            }
        }
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            this.ticketsCache.remove((String) it2.next());
        }
    }

    public int hashCode() {
        return (31 * 1) + (this.guid == null ? 0 : this.guid.hashCode());
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        InMemoryTicketComponentImpl inMemoryTicketComponentImpl = (InMemoryTicketComponentImpl) obj;
        return this.guid == null ? inMemoryTicketComponentImpl.guid == null : this.guid.equals(inMemoryTicketComponentImpl.guid);
    }

    public void setOneOff(boolean z) {
        this.oneOff = z;
    }

    public void setTicketsExpire(boolean z) {
        this.ticketsExpire = z;
    }

    public void setExpiryMode(String str) {
        this.expiryMode = ExpiryMode.valueOf(str);
    }

    public void setValidDuration(String str) {
        this.validDuration = new Duration(str);
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public String getAuthorityForTicket(String str) {
        Ticket ticketByTicketString = getTicketByTicketString(str);
        if (ticketByTicketString == null) {
            return null;
        }
        return ticketByTicketString.getUserName();
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public String getCurrentTicket(String str) {
        String str2 = currentTicket.get();
        if (str2 != null && str.equals(getAuthorityForTicket(str2))) {
            return str2;
        }
        return getNewTicket(str);
    }

    @Override // org.alfresco.repo.security.authentication.TicketComponent
    public void clearCurrentTicket() {
        clearCurrentSecurityContext();
    }

    public static void clearCurrentSecurityContext() {
        currentTicket.set(null);
    }
}
