package com.orientechnologies.orient.server.token;

import com.orientechnologies.common.exception.OException;
import com.orientechnologies.common.exception.OSystemException;
import com.orientechnologies.common.util.OCommonConst;
import com.orientechnologies.orient.core.config.OContextConfiguration;
import com.orientechnologies.orient.core.config.OGlobalConfiguration;
import com.orientechnologies.orient.core.db.ODatabaseDocumentInternal;
import com.orientechnologies.orient.core.db.document.ODatabaseDocument;
import com.orientechnologies.orient.core.id.ORecordId;
import com.orientechnologies.orient.core.metadata.security.OSecurityUser;
import com.orientechnologies.orient.core.metadata.security.OToken;
import com.orientechnologies.orient.core.metadata.security.OTokenException;
import com.orientechnologies.orient.core.metadata.security.binary.OBinaryToken;
import com.orientechnologies.orient.core.metadata.security.binary.OBinaryTokenPayloadImpl;
import com.orientechnologies.orient.core.metadata.security.binary.OBinaryTokenSerializer;
import com.orientechnologies.orient.core.metadata.security.jwt.OJwtPayload;
import com.orientechnologies.orient.core.metadata.security.jwt.OTokenHeader;
import com.orientechnologies.orient.core.metadata.security.jwt.OrientJwtHeader;
import com.orientechnologies.orient.core.record.impl.ODocument;
import com.orientechnologies.orient.core.security.OParsedToken;
import com.orientechnologies.orient.core.security.OTokenSign;
import com.orientechnologies.orient.core.security.OTokenSignImpl;
import com.orientechnologies.orient.server.OClientConnection;
import com.orientechnologies.orient.server.OTokenHandler;
import com.orientechnologies.orient.server.network.protocol.ONetworkProtocolData;
import com.orientechnologies.orient.server.network.protocol.http.command.OServerCommandAuthProxy;
import com.orientechnologies.orient.server.network.protocol.http.command.OServerCommandAuthenticatedDbAbstract;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.util.Base64;
import java.util.UUID;

/* loaded from: input_file:com/orientechnologies/orient/server/token/OTokenHandlerImpl.class */
public class OTokenHandlerImpl implements OTokenHandler {
    protected static final int JWT_DELIMITER = 46;
    private OBinaryTokenSerializer binarySerializer;
    private long sessionInMills;
    private final OTokenSign sign;

    public OTokenHandlerImpl(OContextConfiguration oContextConfiguration) {
        this((OTokenSign) new OTokenSignImpl(oContextConfiguration), oContextConfiguration.getValueAsLong(OGlobalConfiguration.NETWORK_TOKEN_EXPIRE_TIMEOUT));
    }

    protected OTokenHandlerImpl(byte[] bArr, long j, String str) {
        this((OTokenSign) new OTokenSignImpl(bArr, str), j);
    }

    public OTokenHandlerImpl(OTokenSign oTokenSign, OContextConfiguration oContextConfiguration) {
        this(oTokenSign, oContextConfiguration.getValueAsLong(OGlobalConfiguration.NETWORK_TOKEN_EXPIRE_TIMEOUT));
    }

    protected OTokenHandlerImpl(OTokenSign oTokenSign, long j) {
        this.sessionInMills = 3600000L;
        this.sign = oTokenSign;
        this.sessionInMills = j * 1000 * 60;
        this.binarySerializer = new OBinaryTokenSerializer(new String[]{"plocal", "memory"}, this.sign.getKeys(), new String[]{this.sign.getAlgorithm()}, new String[]{"OrientDB", "node"});
    }

    protected OTokenHandlerImpl() {
        this.sessionInMills = 3600000L;
        this.sign = null;
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public OToken parseWebToken(byte[] bArr) {
        OParsedToken parseOnlyWebToken = parseOnlyWebToken(bArr);
        OToken token = parseOnlyWebToken.getToken();
        token.setIsVerified(this.sign.verifyTokenSign(parseOnlyWebToken));
        return token;
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public OParsedToken parseOnlyWebToken(byte[] bArr) {
        int i = -1;
        int i2 = -1;
        int i3 = 0;
        while (true) {
            if (i3 >= bArr.length) {
                break;
            }
            if (bArr[i3] == JWT_DELIMITER) {
                if (i != -1) {
                    i2 = i3;
                    break;
                }
                i = i3;
            }
            i3++;
        }
        if (i == -1) {
            throw new RuntimeException("Token data too short: missed header");
        }
        if (i2 == -1) {
            throw new RuntimeException("Token data too short: missed signature");
        }
        byte[] array = Base64.getUrlDecoder().decode(ByteBuffer.wrap(bArr, 0, i)).array();
        byte[] array2 = Base64.getUrlDecoder().decode(ByteBuffer.wrap(bArr, i + 1, i2 - (i + 1))).array();
        byte[] array3 = Base64.getUrlDecoder().decode(ByteBuffer.wrap(bArr, i2 + 1, bArr.length - (i2 + 1))).array();
        OrientJwtHeader deserializeWebHeader = deserializeWebHeader(array);
        JsonWebToken jsonWebToken = new JsonWebToken(deserializeWebHeader, deserializeWebPayload(deserializeWebHeader.getType(), array2));
        byte[] bArr2 = new byte[i2];
        System.arraycopy(bArr, 0, bArr2, 0, i2);
        return new OParsedToken(jsonWebToken, bArr2, array3);
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public boolean validateToken(OParsedToken oParsedToken, String str, String str2) {
        if (!oParsedToken.getToken().getIsVerified()) {
            oParsedToken.getToken().setIsVerified(this.sign.verifyTokenSign(oParsedToken));
        }
        return oParsedToken.getToken().getIsVerified() && validateToken(oParsedToken.getToken(), str, str2);
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public boolean validateToken(OToken oToken, String str, String str2) {
        boolean z = false;
        if (!(oToken instanceof JsonWebToken)) {
            return false;
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (oToken.getDatabase().equalsIgnoreCase(str2) && oToken.getExpiry() > currentTimeMillis && oToken.getExpiry() - (this.sessionInMills + 1) < currentTimeMillis) {
            z = true;
        }
        oToken.setIsValid(z);
        return z;
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public boolean validateBinaryToken(OParsedToken oParsedToken) {
        if (!oParsedToken.getToken().getIsVerified()) {
            oParsedToken.getToken().setIsVerified(this.sign.verifyTokenSign(oParsedToken));
        }
        return oParsedToken.getToken().getIsVerified() && validateBinaryToken(oParsedToken.getToken());
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public boolean validateBinaryToken(OToken oToken) {
        boolean z = false;
        if ("node".equals(oToken.getHeader().getType())) {
            z = true;
        } else {
            long currentTimeMillis = System.currentTimeMillis();
            if (oToken.getExpiry() > currentTimeMillis && oToken.getExpiry() - (this.sessionInMills + 1) < currentTimeMillis) {
                z = true;
            }
        }
        oToken.setIsValid(z);
        return z;
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public byte[] getSignedWebToken(ODatabaseDocument oDatabaseDocument, OSecurityUser oSecurityUser) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(1024);
        OrientJwtHeader orientJwtHeader = new OrientJwtHeader();
        orientJwtHeader.setAlgorithm("HS256");
        orientJwtHeader.setKeyId("");
        OJwtPayload createPayload = createPayload(oDatabaseDocument, oSecurityUser);
        orientJwtHeader.setType(getPayloadType(createPayload));
        try {
            byte[] serializeWebHeader = serializeWebHeader(orientJwtHeader);
            byteArrayOutputStream.write(Base64.getUrlEncoder().encode(ByteBuffer.wrap(serializeWebHeader, 0, serializeWebHeader.length)).array());
            byteArrayOutputStream.write(JWT_DELIMITER);
            byte[] serializeWebPayload = serializeWebPayload(createPayload);
            byteArrayOutputStream.write(Base64.getUrlEncoder().encode(ByteBuffer.wrap(serializeWebPayload, 0, serializeWebPayload.length)).array());
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArrayOutputStream.write(JWT_DELIMITER);
            byte[] signToken = this.sign.signToken(orientJwtHeader, byteArray);
            byteArrayOutputStream.write(Base64.getUrlEncoder().encode(ByteBuffer.wrap(signToken, 0, signToken.length)).array());
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw OException.wrapException(new OSystemException("Error on token parsing"), e);
        }
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public byte[] getSignedWebTokenServerUser(OSecurityUser oSecurityUser) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(1024);
        OrientJwtHeader orientJwtHeader = new OrientJwtHeader();
        orientJwtHeader.setAlgorithm("HS256");
        orientJwtHeader.setKeyId("");
        OJwtPayload createPayloadServerUser = createPayloadServerUser(oSecurityUser);
        orientJwtHeader.setType(getPayloadType(createPayloadServerUser));
        try {
            byte[] serializeWebHeader = serializeWebHeader(orientJwtHeader);
            byteArrayOutputStream.write(Base64.getUrlEncoder().encode(ByteBuffer.wrap(serializeWebHeader, 0, serializeWebHeader.length)).array());
            byteArrayOutputStream.write(JWT_DELIMITER);
            byte[] serializeWebPayload = serializeWebPayload(createPayloadServerUser);
            byteArrayOutputStream.write(Base64.getUrlEncoder().encode(ByteBuffer.wrap(serializeWebPayload, 0, serializeWebPayload.length)).array());
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArrayOutputStream.write(JWT_DELIMITER);
            byte[] signToken = this.sign.signToken(orientJwtHeader, byteArray);
            byteArrayOutputStream.write(Base64.getUrlEncoder().encode(ByteBuffer.wrap(signToken, 0, signToken.length)).array());
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw OException.wrapException(new OSystemException("Error on token parsing"), e);
        }
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public boolean validateServerUserToken(OToken oToken, String str, String str2) {
        boolean z = false;
        if (!(oToken instanceof JsonWebToken)) {
            return false;
        }
        if (oToken.isNowValid()) {
            z = true;
        }
        oToken.setIsValid(z);
        return z;
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public byte[] getSignedBinaryToken(ODatabaseDocumentInternal oDatabaseDocumentInternal, OSecurityUser oSecurityUser, ONetworkProtocolData oNetworkProtocolData) {
        try {
            OBinaryToken oBinaryToken = new OBinaryToken();
            long currentTimeMillis = System.currentTimeMillis();
            OrientJwtHeader orientJwtHeader = new OrientJwtHeader();
            orientJwtHeader.setAlgorithm(this.sign.getAlgorithm());
            orientJwtHeader.setKeyId(this.sign.getDefaultKey());
            orientJwtHeader.setType("OrientDB");
            oBinaryToken.setHeader(orientJwtHeader);
            OBinaryTokenPayloadImpl oBinaryTokenPayloadImpl = new OBinaryTokenPayloadImpl();
            if (oDatabaseDocumentInternal != null) {
                oBinaryTokenPayloadImpl.setDatabase(oDatabaseDocumentInternal.getName());
                oBinaryTokenPayloadImpl.setDatabaseType(oDatabaseDocumentInternal.getStorage().getType());
            }
            if (oNetworkProtocolData.serverUser) {
                oBinaryTokenPayloadImpl.setServerUser(true);
                oBinaryTokenPayloadImpl.setUserName(oNetworkProtocolData.serverUsername);
            }
            if (oSecurityUser != null) {
                oBinaryTokenPayloadImpl.setUserRid(oSecurityUser.getIdentity().getIdentity());
            }
            oBinaryTokenPayloadImpl.setExpiry(currentTimeMillis + this.sessionInMills);
            oBinaryTokenPayloadImpl.setProtocolVersion(oNetworkProtocolData.protocolVersion);
            oBinaryTokenPayloadImpl.setSerializer(oNetworkProtocolData.getSerializationImpl());
            oBinaryTokenPayloadImpl.setDriverName(oNetworkProtocolData.driverName);
            oBinaryTokenPayloadImpl.setDriverVersion(oNetworkProtocolData.driverVersion);
            oBinaryToken.setPayload(oBinaryTokenPayloadImpl);
            return serializeSignedToken(oBinaryToken);
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw OException.wrapException(new OSystemException("Error on token parsing"), e2);
        }
    }

    private byte[] serializeSignedToken(OBinaryToken oBinaryToken) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        this.binarySerializer.serialize(oBinaryToken, byteArrayOutputStream);
        byteArrayOutputStream.write(this.sign.signToken(oBinaryToken.getHeader(), byteArrayOutputStream.toByteArray()));
        return byteArrayOutputStream.toByteArray();
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public ONetworkProtocolData getProtocolDataFromToken(OClientConnection oClientConnection, OToken oToken) {
        if (!(oToken instanceof OBinaryToken)) {
            return null;
        }
        OBinaryToken oBinaryToken = (OBinaryToken) oToken;
        ONetworkProtocolData oNetworkProtocolData = new ONetworkProtocolData();
        oNetworkProtocolData.protocolVersion = oBinaryToken.getProtocolVersion();
        oNetworkProtocolData.setSerializationImpl(oBinaryToken.getSerializer());
        oNetworkProtocolData.driverName = oBinaryToken.getDriverName();
        oNetworkProtocolData.driverVersion = oBinaryToken.getDriverVersion();
        oNetworkProtocolData.serverUser = oBinaryToken.isServerUser();
        oNetworkProtocolData.serverUsername = oBinaryToken.getUserName();
        oNetworkProtocolData.serverUsername = oBinaryToken.getUserName();
        oNetworkProtocolData.supportsLegacyPushMessages = oClientConnection.getData().supportsLegacyPushMessages;
        oNetworkProtocolData.collectStats = oClientConnection.getData().collectStats;
        return oNetworkProtocolData;
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public OToken parseNotVerifyBinaryToken(byte[] bArr) {
        return deserializeBinaryToken(new ByteArrayInputStream(bArr));
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public OParsedToken parseOnlyBinary(byte[] bArr) {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            OBinaryToken deserializeBinaryToken = deserializeBinaryToken(byteArrayInputStream);
            int length = bArr.length - byteArrayInputStream.available();
            byte[] bArr2 = new byte[byteArrayInputStream.available()];
            byteArrayInputStream.read(bArr2);
            byte[] bArr3 = new byte[length];
            System.arraycopy(bArr, 0, bArr3, 0, length);
            return new OParsedToken(deserializeBinaryToken, bArr3, bArr2);
        } catch (Exception e) {
            throw OException.wrapException(new OSystemException("Error on token parsing"), e);
        }
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public OToken parseBinaryToken(byte[] bArr) {
        OParsedToken parseOnlyBinary = parseOnlyBinary(bArr);
        OToken token = parseOnlyBinary.getToken();
        token.setIsVerified(this.sign.verifyTokenSign(parseOnlyBinary));
        return token;
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public byte[] renewIfNeeded(OToken oToken) {
        if (oToken == null) {
            throw new IllegalArgumentException("Token is null");
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (oToken.getExpiry() - currentTimeMillis >= this.sessionInMills / 2 || oToken.getExpiry() < currentTimeMillis) {
            return OCommonConst.EMPTY_BYTE_ARRAY;
        }
        oToken.setExpiry(System.currentTimeMillis() + this.sessionInMills);
        try {
            if (oToken instanceof OBinaryToken) {
                return serializeSignedToken((OBinaryToken) oToken);
            }
            throw new OTokenException("renew of web token not supported");
        } catch (IOException e) {
            throw OException.wrapException(new OSystemException("Error on token parsing"), e);
        }
    }

    public long getSessionInMills() {
        return this.sessionInMills;
    }

    @Override // com.orientechnologies.orient.server.OTokenHandler
    public boolean isEnabled() {
        return true;
    }

    protected OrientJwtHeader deserializeWebHeader(byte[] bArr) {
        ODocument oDocument = new ODocument();
        try {
            oDocument.fromJSON(new String(bArr, "UTF-8"));
            OrientJwtHeader orientJwtHeader = new OrientJwtHeader();
            orientJwtHeader.setType((String) oDocument.field("typ"));
            orientJwtHeader.setAlgorithm((String) oDocument.field("alg"));
            orientJwtHeader.setKeyId((String) oDocument.field("kid"));
            return orientJwtHeader;
        } catch (UnsupportedEncodingException e) {
            throw OException.wrapException(new OSystemException("Header is not encoded in UTF-8 format"), e);
        }
    }

    protected OJwtPayload deserializeWebPayload(String str, byte[] bArr) {
        if (!"OrientDB".equals(str)) {
            throw new OSystemException("Payload class not registered:" + str);
        }
        ODocument oDocument = new ODocument();
        try {
            oDocument.fromJSON(new String(bArr, "UTF-8"));
            OrientJwtPayload orientJwtPayload = new OrientJwtPayload();
            orientJwtPayload.setUserName((String) oDocument.field(OServerCommandAuthProxy.USERNAME_CONF));
            orientJwtPayload.setIssuer((String) oDocument.field("iss"));
            orientJwtPayload.setExpiry(((Long) oDocument.field("exp")).longValue());
            orientJwtPayload.setIssuedAt(((Long) oDocument.field("iat")).longValue());
            orientJwtPayload.setNotBefore(((Long) oDocument.field("nbf")).longValue());
            orientJwtPayload.setDatabase((String) oDocument.field("sub"));
            orientJwtPayload.setAudience((String) oDocument.field("aud"));
            orientJwtPayload.setTokenId((String) oDocument.field("jti"));
            orientJwtPayload.setUserRid(new ORecordId(((Integer) oDocument.field("uidc")).intValue(), ((Long) oDocument.field("uidp")).longValue()));
            orientJwtPayload.setDatabaseType((String) oDocument.field("bdtyp"));
            return orientJwtPayload;
        } catch (UnsupportedEncodingException e) {
            throw OException.wrapException(new OSystemException("Payload encoding format differs from UTF-8"), e);
        }
    }

    protected byte[] serializeWebHeader(OTokenHeader oTokenHeader) throws Exception {
        if (oTokenHeader == null) {
            throw new IllegalArgumentException("Token header is null");
        }
        ODocument oDocument = new ODocument();
        oDocument.field("typ", oTokenHeader.getType());
        oDocument.field("alg", oTokenHeader.getAlgorithm());
        oDocument.field("kid", oTokenHeader.getKeyId());
        return oDocument.toJSON().getBytes("UTF-8");
    }

    protected byte[] serializeWebPayload(OJwtPayload oJwtPayload) throws Exception {
        if (oJwtPayload == null) {
            throw new IllegalArgumentException("Token payload is null");
        }
        ODocument oDocument = new ODocument();
        oDocument.field(OServerCommandAuthProxy.USERNAME_CONF, oJwtPayload.getUserName());
        oDocument.field("iss", oJwtPayload.getIssuer());
        oDocument.field("exp", Long.valueOf(oJwtPayload.getExpiry()));
        oDocument.field("iat", Long.valueOf(oJwtPayload.getIssuedAt()));
        oDocument.field("nbf", Long.valueOf(oJwtPayload.getNotBefore()));
        oDocument.field("sub", oJwtPayload.getDatabase());
        oDocument.field("aud", oJwtPayload.getAudience());
        oDocument.field("jti", oJwtPayload.getTokenId());
        oDocument.field("uidc", Integer.valueOf(((OrientJwtPayload) oJwtPayload).getUserRid().getClusterId()));
        oDocument.field("uidp", Long.valueOf(((OrientJwtPayload) oJwtPayload).getUserRid().getClusterPosition()));
        oDocument.field("bdtyp", ((OrientJwtPayload) oJwtPayload).getDatabaseType());
        return oDocument.toJSON().getBytes("UTF-8");
    }

    protected OJwtPayload createPayloadServerUser(OSecurityUser oSecurityUser) {
        if (oSecurityUser == null) {
            throw new IllegalArgumentException("User is null");
        }
        OrientJwtPayload orientJwtPayload = new OrientJwtPayload();
        orientJwtPayload.setAudience("OrientDBServer");
        orientJwtPayload.setDatabase(OServerCommandAuthenticatedDbAbstract.SESSIONID_UNAUTHORIZED);
        orientJwtPayload.setUserRid(ORecordId.EMPTY_RECORD_ID);
        long j = this.sessionInMills;
        long currentTimeMillis = System.currentTimeMillis();
        orientJwtPayload.setIssuedAt(currentTimeMillis);
        orientJwtPayload.setNotBefore(currentTimeMillis);
        orientJwtPayload.setUserName(oSecurityUser.getName());
        orientJwtPayload.setTokenId(UUID.randomUUID().toString());
        orientJwtPayload.setExpiry(currentTimeMillis + j);
        return orientJwtPayload;
    }

    protected OJwtPayload createPayload(ODatabaseDocument oDatabaseDocument, OSecurityUser oSecurityUser) {
        if (oSecurityUser == null) {
            throw new IllegalArgumentException("User is null");
        }
        OrientJwtPayload orientJwtPayload = new OrientJwtPayload();
        orientJwtPayload.setAudience("OrientDB");
        orientJwtPayload.setDatabase(oDatabaseDocument.getName());
        orientJwtPayload.setUserRid(oSecurityUser.getIdentity().getIdentity());
        long j = this.sessionInMills;
        long currentTimeMillis = System.currentTimeMillis();
        orientJwtPayload.setIssuedAt(currentTimeMillis);
        orientJwtPayload.setNotBefore(currentTimeMillis);
        orientJwtPayload.setUserName(oSecurityUser.getName());
        orientJwtPayload.setTokenId(UUID.randomUUID().toString());
        orientJwtPayload.setExpiry(currentTimeMillis + j);
        return orientJwtPayload;
    }

    protected String getPayloadType(OJwtPayload oJwtPayload) {
        return "OrientDB";
    }

    private OBinaryToken deserializeBinaryToken(InputStream inputStream) {
        try {
            return this.binarySerializer.deserialize(inputStream);
        } catch (Exception e) {
            throw OException.wrapException(new OSystemException("Cannot deserialize binary token"), e);
        }
    }

    public void setSessionInMills(long j) {
        this.sessionInMills = j;
    }
}
