package info.magnolia.publishing.authentication;

import info.magnolia.cms.security.MgnlKeyPair;
import info.magnolia.cms.security.SecurityUtil;
import info.magnolia.i18nsystem.SimpleTranslator;
import info.magnolia.publishing.PublishingCoreModule;
import info.magnolia.publishing.Status;
import info.magnolia.publishing.authentication.PrivatePublicKeyAuthenticator;
import java.security.NoSuchAlgorithmException;
import javax.inject.Inject;
import javax.inject.Provider;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:info/magnolia/publishing/authentication/DefaultPrivatePublicKeyAuthenticator.class */
public class DefaultPrivatePublicKeyAuthenticator implements PrivatePublicKeyAuthenticator {
    private static final Logger log = LoggerFactory.getLogger(DefaultPrivatePublicKeyAuthenticator.class);
    private MgnlKeyPair tempKeys;
    private final Provider<PublishingCoreModule> moduleProvider;
    private final Provider<HttpServletRequest> requestProvider;
    private final SimpleTranslator i18n;

    @Inject
    public DefaultPrivatePublicKeyAuthenticator(Provider<PublishingCoreModule> provider, Provider<HttpServletRequest> provider2, SimpleTranslator simpleTranslator) {
        this.moduleProvider = provider;
        this.requestProvider = provider2;
        this.i18n = simpleTranslator;
    }

    @Override // info.magnolia.publishing.authentication.PrivatePublicKeyAuthenticator
    public PrivatePublicKeyAuthenticator.AuthenticationResult authenticate(PrivatePublicKeyAuthenticator.Credentials credentials) {
        String authenticationString = credentials.getAuthenticationString();
        if (!isAuthorAuthenticated()) {
            return establishTrust(credentials);
        }
        String str = null;
        SecurityException securityException = null;
        String[] strArr = null;
        if (StringUtils.isBlank(authenticationString)) {
            return PrivatePublicKeyAuthenticator.AuthenticationResult.result(Status.FAILED).reason(this.i18n.translate("publishing-core.authentication.emptyCredentials", new Object[0])).build();
        }
        try {
            strArr = StringUtils.split(SecurityUtil.decrypt(authenticationString), ";");
            if (strArr.length != 3) {
                str = this.i18n.translate("publishing-core.authentication.incorrectHandshake", new Object[]{((HttpServletRequest) this.requestProvider.get()).getRemoteAddr()});
            }
        } catch (SecurityException e) {
            str = this.i18n.translate("publishing-core.authentication.incorrectHandshake", new Object[0]);
            securityException = e;
        }
        if (str != null || securityException != null) {
            return PrivatePublicKeyAuthenticator.AuthenticationResult.result(Status.FAILED).reason(str).exception(securityException).build();
        }
        long currentTimeMillis = System.currentTimeMillis();
        try {
            long parseLong = Long.parseLong(strArr[0]);
            return Math.abs(currentTimeMillis - parseLong) > ((PublishingCoreModule) this.moduleProvider.get()).getPublicationDelayTolerance() ? PrivatePublicKeyAuthenticator.AuthenticationResult.result(Status.FAILED).reason(this.i18n.translate("publishing-core.authentication.requestTooLate", new Object[0])).build() : PrivatePublicKeyAuthenticator.AuthenticationResult.result(Status.SUCCESS).timestamp(Long.valueOf(parseLong)).userName(strArr[1]).resourceMD5(strArr[2]).build();
        } catch (NumberFormatException e2) {
            return PrivatePublicKeyAuthenticator.AuthenticationResult.result(Status.FAILED).reason(this.i18n.translate("publishing-core.authentication.incorrectHandshake2", new Object[0])).build();
        }
    }

    protected PrivatePublicKeyAuthenticator.AuthenticationResult establishTrust(PrivatePublicKeyAuthenticator.Credentials credentials) {
        String authenticationKey = credentials.getAuthenticationKey();
        if (SecurityUtil.getPublicKey() == null) {
            log.debug("Establishing trust (author IP: [{}].", ((HttpServletRequest) this.requestProvider.get()).getRemoteAddr());
            if (this.tempKeys == null) {
                log.debug("Going to generate temporary keys.");
                try {
                    this.tempKeys = SecurityUtil.generateKeyPair(((PublishingCoreModule) this.moduleProvider.get()).getPublicationKeyLength());
                    return PrivatePublicKeyAuthenticator.AuthenticationResult.result(Status.HANDSHAKE).publicKey(this.tempKeys.getPublicKey()).build();
                } catch (NoSuchAlgorithmException e) {
                    log.debug("Failed to generate temporary keys", e);
                    return PrivatePublicKeyAuthenticator.AuthenticationResult.result(Status.FAILED).reason(this.i18n.translate("publishing-core.authentication.noAlgorithm", new Object[0])).exception(e).build();
                }
            }
            try {
                log.debug("Temporary keys are set, decrypting private key.");
                String decrypt = SecurityUtil.decrypt(authenticationKey, this.tempKeys.getPrivateKey());
                if (!StringUtils.isNotBlank(decrypt)) {
                    log.debug("Unable to decrypt author's public key.");
                    PrivatePublicKeyAuthenticator.AuthenticationResult build = PrivatePublicKeyAuthenticator.AuthenticationResult.result(Status.FAILED).reason(this.i18n.translate("publishing-core.authentication.establishTrustError", new Object[0])).build();
                    log.debug("Clearing temporary keys");
                    this.tempKeys = null;
                    return build;
                }
                SecurityUtil.updateKeys(new MgnlKeyPair((String) null, decrypt));
                log.debug("Clearing temporary keys");
                this.tempKeys = null;
                if (SecurityUtil.getPublicKey() == null) {
                    log.debug("Public key not yet set - waiting 3 for observation.");
                    try {
                        Thread.sleep(3000L);
                    } catch (InterruptedException e2) {
                        Thread.currentThread().interrupt();
                    }
                    if (SecurityUtil.getPublicKey() == null) {
                        log.debug("Public key is still not set - something went wrong.");
                        return PrivatePublicKeyAuthenticator.AuthenticationResult.result(Status.FAILED).reason(this.i18n.translate("publishing-core.authentication.establishTrustError", new Object[0])).build();
                    }
                }
            } catch (Throwable th) {
                log.debug("Clearing temporary keys");
                this.tempKeys = null;
                throw th;
            }
        }
        return authenticate(credentials);
    }

    @Override // info.magnolia.publishing.authentication.PrivatePublicKeyAuthenticator
    public boolean isAuthorAuthenticated() {
        return SecurityUtil.getPublicKey() != null;
    }
}
