package info.magnolia.cms.security;

import info.magnolia.cms.beans.config.PropertiesInitializer;
import info.magnolia.cms.core.Path;
import info.magnolia.cms.core.SystemProperty;
import info.magnolia.cms.exchange.ActivationManager;
import info.magnolia.cms.security.auth.ACL;
import info.magnolia.cms.security.auth.PrincipalCollectionImpl;
import info.magnolia.cms.security.auth.login.FormLogin;
import info.magnolia.context.MgnlContext;
import info.magnolia.objectfactory.Components;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Writer;
import java.security.DigestInputStream;
import java.security.DigestOutputStream;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.security.auth.Subject;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.mindrot.jbcrypt.BCrypt;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/magnolia-core-5.3.3.jar:info/magnolia/cms/security/SecurityUtil.class */
public class SecurityUtil {
    private static final String PRIVATE_KEY = "key.private";
    private static final String PUBLIC_KEY = "key.public";
    private static final String KEY_LOCATION_PROPERTY = "magnolia.author.key.location";
    public static final String SHA1 = "SHA-1";
    public static final String MD5 = "MD5";
    public static final String SHA256 = "SHA-256";
    public static final String SHA384 = "SHA-384";
    public static final String SHA512 = "SHA-512";
    private static final String ALGORITHM = "RSA";
    private static Logger log = LoggerFactory.getLogger(SecurityUtil.class);
    private static final BouncyCastleProvider BC_PROVIDER = new BouncyCastleProvider();
    private static final String HEX = "0123456789ABCDEF";

    public static boolean isAnonymous() {
        User user = MgnlContext.getUser();
        return user != null && "anonymous".equals(user.getName());
    }

    public static boolean isAuthenticated() {
        User user = MgnlContext.getUser();
        return (user == null || "anonymous".equals(user.getName())) ? false : true;
    }

    public static String decrypt(String str) throws SecurityException {
        return decrypt(str, getPublicKey());
    }

    public static String decrypt(String str, String str2) throws SecurityException {
        try {
            if (StringUtils.isBlank(str2)) {
                throw new SecurityException("Activation key was not found. Please make sure your instance is correctly configured.");
            }
            byte[] hexToByteArray = hexToByteArray(str2);
            Cipher cipher = Cipher.getInstance(ALGORITHM, BC_PROVIDER);
            try {
                cipher.init(2, KeyFactory.getInstance(ALGORITHM, BC_PROVIDER).generatePublic(new X509EncodedKeySpec(hexToByteArray)));
            } catch (InvalidKeySpecException e) {
                cipher.init(2, KeyFactory.getInstance(ALGORITHM, BC_PROVIDER).generatePrivate(new PKCS8EncodedKeySpec(hexToByteArray)));
            }
            String[] split = StringUtils.split(str, ";");
            if (split == null) {
                throw new SecurityException("The encrypted information is corrupted or incomplete. Please make sure someone is not trying to intercept or modify encrypted message.");
            }
            StringBuilder sb = new StringBuilder();
            for (String str3 : split) {
                sb.append(new String(cipher.doFinal(hexToByteArray(str3)), "UTF-8"));
            }
            return sb.toString();
        } catch (IOException e2) {
            throw new SecurityException("Failed to read authentication string. Please use Java version with cryptography support.", e2);
        } catch (NumberFormatException e3) {
            throw new SecurityException("The encrypted information is corrupted or incomplete. Please make sure someone is not trying to intercept or modify encrypted message.", e3);
        } catch (InvalidKeyException e4) {
            throw new SecurityException("Failed to read authentication string. Please use Java version with cryptography support.", e4);
        } catch (NoSuchAlgorithmException e5) {
            throw new SecurityException("Failed to read authentication string. Please use Java version with cryptography support.", e5);
        } catch (InvalidKeySpecException e6) {
            throw new SecurityException("Failed to read authentication string. Please use Java version with cryptography support.", e6);
        } catch (BadPaddingException e7) {
            throw new SecurityException("Failed to decrypt message. It might have been corrupted during transport.", e7);
        } catch (IllegalBlockSizeException e8) {
            throw new SecurityException("Failed to decrypt message. It might have been corrupted during transport.", e8);
        } catch (NoSuchPaddingException e9) {
            throw new SecurityException("Failed to read authentication string. Please use Java version with cryptography support.", e9);
        }
    }

    public static String encrypt(String str) throws SecurityException {
        return encrypt(str, getPrivateKey());
    }

    public static String encrypt(String str, String str2) {
        try {
            if (StringUtils.isBlank(str2)) {
                throw new SecurityException("Activation key was not found. Please make sure your instance is correctly configured.");
            }
            byte[] hexToByteArray = hexToByteArray(str2);
            Cipher cipher = Cipher.getInstance(ALGORITHM, BC_PROVIDER);
            try {
                cipher.init(1, KeyFactory.getInstance(ALGORITHM, BC_PROVIDER).generatePrivate(new PKCS8EncodedKeySpec(hexToByteArray)));
            } catch (InvalidKeySpecException e) {
                cipher.init(1, KeyFactory.getInstance(ALGORITHM, BC_PROVIDER).generatePublic(new X509EncodedKeySpec(hexToByteArray)));
            }
            byte[] bytes = str.getBytes("UTF-8");
            int i = 0;
            StringBuilder sb = new StringBuilder();
            while (i < bytes.length) {
                byte[] bArr = new byte[Math.min(bytes.length - i, hexToByteArray.length / 8)];
                System.arraycopy(bytes, i, bArr, 0, bArr.length);
                i += bArr.length;
                sb.append(byteArrayToHex(cipher.doFinal(bArr)));
                sb.append(";");
            }
            sb.setLength(sb.length() - 1);
            return sb.toString();
        } catch (IOException e2) {
            throw new SecurityException("Failed to create authentication string. Please use Java version with cryptography support.", e2);
        } catch (InvalidKeyException e3) {
            throw new SecurityException("Failed to create authentication string. Please use Java version with cryptography support.", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new SecurityException("Failed to create authentication string. Please use Java version with cryptography support.", e4);
        } catch (InvalidKeySpecException e5) {
            throw new SecurityException("Failed to create authentication string. Please use Java version with cryptography support.", e5);
        } catch (BadPaddingException e6) {
            throw new SecurityException("Failed to encrypt string. Please use Java version with cryptography support.", e6);
        } catch (IllegalBlockSizeException e7) {
            throw new SecurityException("Failed to encrypt string. Please use Java version with cryptography support.", e7);
        } catch (NoSuchPaddingException e8) {
            throw new SecurityException("Failed to create authentication string. Please use Java version with cryptography support.", e8);
        }
    }

    public static String getPrivateKey() {
        String property = SystemProperty.getProperty(KEY_LOCATION_PROPERTY);
        checkPrivateKeyStoreExistence(property);
        FileInputStream fileInputStream = null;
        try {
            try {
                Properties properties = new Properties();
                fileInputStream = new FileInputStream(property);
                properties.load(fileInputStream);
                String property2 = properties.getProperty(PRIVATE_KEY);
                IOUtils.closeQuietly((InputStream) fileInputStream);
                return property2;
            } catch (FileNotFoundException e) {
                throw new SecurityException("Failed to retrieve private key. Please make sure the key is located in " + property, e);
            } catch (IOException e2) {
                throw new SecurityException("Failed to retrieve private key. Please make sure the key is located in " + property, e2);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) fileInputStream);
            throw th;
        }
    }

    public static void updateKeys(MgnlKeyPair mgnlKeyPair) throws IllegalArgumentException {
        if (mgnlKeyPair.getPrivateKey() != null) {
            String property = SystemProperty.getProperty(KEY_LOCATION_PROPERTY);
            if (property == null) {
                log.error("magnolia.author.key.location is not specified. Please set the location of the key store file in your 'magnolia.properties'.");
                throw new IllegalStateException("magnolia.author.key.location is not specified. Please set the location of the key store file in your 'magnolia.properties'.");
            }
            FileWriter fileWriter = null;
            try {
                try {
                    Properties properties = new Properties();
                    properties.put(PRIVATE_KEY, mgnlKeyPair.getPrivateKey());
                    properties.put(PUBLIC_KEY, mgnlKeyPair.getPublicKey());
                    File file = new File(property);
                    File parentFile = file.getParentFile();
                    if (parentFile != null) {
                        parentFile.mkdirs();
                    }
                    fileWriter = new FileWriter(file);
                    properties.store(fileWriter, "generated " + new SimpleDateFormat("dd.MMM.yyyy hh:mm").format(new Date()) + " by " + MgnlContext.getUser().getName());
                    IOUtils.closeQuietly((Writer) fileWriter);
                } catch (FileNotFoundException e) {
                    throw new SecurityException("Failed to store private key. Please make sure the key is located in " + property, e);
                } catch (IOException e2) {
                    throw new SecurityException("Failed to store private key. Please make sure the key is located in " + property, e2);
                }
            } catch (Throwable th) {
                IOUtils.closeQuietly((Writer) fileWriter);
                throw th;
            }
        }
        try {
            Session jCRSession = MgnlContext.getSystemContext().getJCRSession("config");
            jCRSession.getNode("/server/activation").setProperty("publicKey", mgnlKeyPair.getPublicKey());
            jCRSession.save();
        } catch (RepositoryException e3) {
            throw new SecurityException("Failed to store public key.", e3);
        }
    }

    public static String getPublicKey() {
        return ((ActivationManager) Components.getComponentProvider().getComponent(ActivationManager.class)).getPublicKey();
    }

    public static String byteArrayToHex(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder(2 * bArr.length);
        for (byte b : bArr) {
            sb.append(HEX.charAt((b & 240) >> 4)).append(HEX.charAt(b & 15));
        }
        return sb.toString();
    }

    public static byte[] hexToByteArray(String str) {
        byte[] bArr = new byte[str.length() / 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = i * 2;
            bArr[i] = (byte) Integer.parseInt(str.substring(i2, i2 + 2), 16);
        }
        return bArr;
    }

    public static MgnlKeyPair generateKeyPair(int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM);
        keyPairGenerator.initialize(i);
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        return new MgnlKeyPair(byteArrayToHex(genKeyPair.getPrivate().getEncoded()), byteArrayToHex(genKeyPair.getPublic().getEncoded()));
    }

    public static String stripPasswordFromCacheLog(String str) {
        return stripParameterFromCacheLog(stripParameterFromCacheLog(stripParameterFromCacheLog(str, FormLogin.PARAMETER_PSWD), "passwordConfirmation"), "password");
    }

    public static String stripPasswordFromUrl(String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        return StringUtils.removeEnd(StringUtils.substringBefore(str, FormLogin.PARAMETER_PSWD) + StringUtils.substringAfter(StringUtils.substringAfter(str, FormLogin.PARAMETER_PSWD), "&"), "&");
    }

    public static String stripParameterFromCacheLog(String str, String str2) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        if (!StringUtils.contains(str, str2)) {
            return str;
        }
        String substringBefore = StringUtils.substringBefore(str, str2);
        String substringAfter = StringUtils.substringAfter(str, str2);
        return StringUtils.indexOf(substringAfter, " ") < StringUtils.indexOf(substringAfter, PropertiesInitializer.PLACEHOLDER_SUFFIX) ? substringBefore + StringUtils.substringAfter(substringAfter, " ") : substringBefore + PropertiesInitializer.PLACEHOLDER_SUFFIX + StringUtils.substringAfter(substringAfter, PropertiesInitializer.PLACEHOLDER_SUFFIX);
    }

    private static void checkPrivateKeyStoreExistence(String str) throws SecurityException {
        if (StringUtils.isBlank(str)) {
            throw new SecurityException("Private key store path is either null or empty. Please, check [magnolia.author.key.location] value in magnolia.properties");
        }
        File file = new File(Path.getAbsoluteFileSystemPath(str));
        if (!file.exists()) {
            throw new SecurityException("Private key store doesn't exist at [" + file.getAbsolutePath() + "]. Please, ensure that [" + KEY_LOCATION_PROPERTY + "] actually points to the correct location");
        }
    }

    public static String getBCrypt(String str) {
        return BCrypt.hashpw(str, BCrypt.gensalt(12));
    }

    public static boolean matchBCrypted(String str, String str2) {
        return BCrypt.checkpw(str, str2);
    }

    public static String getDigest(String str, String str2) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(str2);
        messageDigest.reset();
        return new String(messageDigest.digest(str.getBytes()));
    }

    public static byte[] getDigest(byte[] bArr, String str) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        messageDigest.reset();
        return messageDigest.digest(bArr);
    }

    public static DigestInputStream getDigestInputStream(InputStream inputStream) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.reset();
            return new DigestInputStream(inputStream, messageDigest);
        } catch (NoSuchAlgorithmException e) {
            throw new SecurityException("Couldn't digest with MD5 algorithm!");
        }
    }

    public static DigestOutputStream getDigestOutputStream(OutputStream outputStream) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.reset();
            return new DigestOutputStream(outputStream, messageDigest);
        } catch (NoSuchAlgorithmException e) {
            throw new SecurityException("Couldn't digest with MD5 algorithm!");
        }
    }

    public static String getSHA1Hex(byte[] bArr) {
        try {
            return byteArrayToHex(getDigest(bArr, "SHA-1"));
        } catch (NoSuchAlgorithmException e) {
            throw new SecurityException("Couldn't digest with SHA-1 algorithm!");
        }
    }

    public static String getSHA1Hex(String str) {
        return getSHA1Hex(str.getBytes());
    }

    public static String getMD5Hex(byte[] bArr) {
        try {
            return byteArrayToHex(getDigest(bArr, "MD5"));
        } catch (NoSuchAlgorithmException e) {
            throw new SecurityException("Couldn't digest with MD5 algorithm!");
        }
    }

    public static String getMD5Hex(String str) {
        return getMD5Hex(str.getBytes());
    }

    public static String getMD5Hex(DigestInputStream digestInputStream) {
        return byteArrayToHex(digestInputStream.getMessageDigest().digest());
    }

    public static String getMD5Hex(DigestOutputStream digestOutputStream) {
        return byteArrayToHex(digestOutputStream.getMessageDigest().digest());
    }

    public static Subject createSubjectAndPopulate(User user) {
        RoleManager roleManager = ((SecuritySupport) Components.getComponent(SecuritySupport.class)).getRoleManager();
        ArrayList arrayList = new ArrayList();
        Iterator<String> it2 = user.getAllRoles().iterator();
        while (it2.hasNext()) {
            arrayList.addAll(roleManager.getACLs(it2.next()).values());
        }
        PrincipalCollectionImpl principalCollectionImpl = new PrincipalCollectionImpl();
        mergePrincipals(principalCollectionImpl, arrayList);
        Subject subject = new Subject();
        subject.getPrincipals().add(user);
        subject.getPrincipals().add(principalCollectionImpl);
        return subject;
    }

    private static void mergePrincipals(PrincipalCollectionImpl principalCollectionImpl, List<Principal> list) {
        Iterator<Principal> it2 = list.iterator();
        while (it2.hasNext()) {
            ACL acl = (ACL) it2.next();
            if (principalCollectionImpl.contains(acl.getName())) {
                ACL acl2 = (ACL) principalCollectionImpl.get(acl.getName());
                HashSet hashSet = new HashSet(acl2.getList());
                hashSet.addAll(acl.getList());
                principalCollectionImpl.remove(acl2);
                acl = new ACLImpl(acl.getName(), new ArrayList(hashSet));
            }
            principalCollectionImpl.add(acl);
        }
    }
}
