package org.eclipse.milo.opcua.sdk.server.identity;

import java.nio.charset.Charset;
import java.util.Arrays;
import java.util.function.Predicate;
import org.eclipse.milo.opcua.sdk.server.Session;
import org.eclipse.milo.opcua.stack.core.UaException;
import org.eclipse.milo.opcua.stack.core.channel.ServerSecureChannel;
import org.eclipse.milo.opcua.stack.core.security.SecurityAlgorithm;
import org.eclipse.milo.opcua.stack.core.types.builtin.ByteString;
import org.eclipse.milo.opcua.stack.core.types.structured.AnonymousIdentityToken;
import org.eclipse.milo.opcua.stack.core.types.structured.SignatureData;
import org.eclipse.milo.opcua.stack.core.types.structured.UserNameIdentityToken;
import org.eclipse.milo.opcua.stack.core.types.structured.UserTokenPolicy;

/* loaded from: input_file:org/eclipse/milo/opcua/sdk/server/identity/UsernameIdentityValidator.class */
public class UsernameIdentityValidator extends AbstractIdentityValidator {
    private final boolean allowAnonymous;
    private final Predicate<AuthenticationChallenge> predicate;

    /* loaded from: input_file:org/eclipse/milo/opcua/sdk/server/identity/UsernameIdentityValidator$AuthenticationChallenge.class */
    public static final class AuthenticationChallenge {
        private final String username;
        private final String password;

        public AuthenticationChallenge(String str, String str2) {
            this.username = str;
            this.password = str2;
        }

        public String getUsername() {
            return this.username;
        }

        public String getPassword() {
            return this.password;
        }
    }

    public UsernameIdentityValidator(boolean z, Predicate<AuthenticationChallenge> predicate) {
        this.allowAnonymous = z;
        this.predicate = predicate;
    }

    @Override // org.eclipse.milo.opcua.sdk.server.identity.AbstractIdentityValidator
    public Object validateAnonymousToken(ServerSecureChannel serverSecureChannel, Session session, AnonymousIdentityToken anonymousIdentityToken, UserTokenPolicy userTokenPolicy, SignatureData signatureData) throws UaException {
        if (this.allowAnonymous) {
            return String.format("anonymous_%s_%s", session.getSessionName(), session.getSessionId().toParseableString());
        }
        throw new UaException(2149515264L);
    }

    @Override // org.eclipse.milo.opcua.sdk.server.identity.AbstractIdentityValidator
    public Object validateUsernameToken(ServerSecureChannel serverSecureChannel, Session session, UserNameIdentityToken userNameIdentityToken, UserTokenPolicy userTokenPolicy, SignatureData signatureData) throws UaException {
        return validateUserNameIdentityToken(serverSecureChannel, session, userNameIdentityToken);
    }

    private String validateUserNameIdentityToken(ServerSecureChannel serverSecureChannel, Session session, UserNameIdentityToken userNameIdentityToken) throws UaException {
        SecurityAlgorithm asymmetricEncryptionAlgorithm;
        serverSecureChannel.getSecurityPolicy();
        String userName = userNameIdentityToken.getUserName();
        ByteString lastNonce = session.getLastNonce();
        int length = lastNonce.length();
        if (userName == null || userName.isEmpty()) {
            throw new UaException(2149580800L);
        }
        String encryptionAlgorithm = userNameIdentityToken.getEncryptionAlgorithm();
        if (encryptionAlgorithm == null || encryptionAlgorithm.isEmpty()) {
            asymmetricEncryptionAlgorithm = serverSecureChannel.getSecurityPolicy().getAsymmetricEncryptionAlgorithm();
        } else {
            try {
                asymmetricEncryptionAlgorithm = SecurityAlgorithm.fromUri(encryptionAlgorithm);
                if (asymmetricEncryptionAlgorithm != SecurityAlgorithm.Rsa15 && asymmetricEncryptionAlgorithm != SecurityAlgorithm.RsaOaepSha1 && asymmetricEncryptionAlgorithm != SecurityAlgorithm.RsaOaepSha256) {
                    throw new UaException(2149580800L);
                }
            } catch (UaException e) {
                throw new UaException(2149580800L);
            }
        }
        byte[] bytes = userNameIdentityToken.getPassword().bytes();
        if (bytes == null) {
            bytes = new byte[0];
        }
        if (asymmetricEncryptionAlgorithm == SecurityAlgorithm.None) {
            if (this.predicate.test(new AuthenticationChallenge(userName, new String(bytes, Charset.forName("UTF-8"))))) {
                return userName;
            }
            throw new UaException(2149515264L);
        }
        byte[] decryptTokenData = decryptTokenData(serverSecureChannel, session, asymmetricEncryptionAlgorithm, bytes);
        byte[] bArr = new byte[(((((decryptTokenData[3] & 255) << 24) | ((decryptTokenData[2] & 255) << 16)) | ((decryptTokenData[1] & 255) << 8)) | (decryptTokenData[0] & 255)) - length];
        byte[] bArr2 = new byte[length];
        System.arraycopy(decryptTokenData, 4, bArr, 0, bArr.length);
        System.arraycopy(decryptTokenData, 4 + bArr.length, bArr2, 0, length);
        AuthenticationChallenge authenticationChallenge = new AuthenticationChallenge(userName, new String(bArr, Charset.forName("UTF-8")));
        if (Arrays.equals(lastNonce.bytes(), bArr2) && this.predicate.test(authenticationChallenge)) {
            return userName;
        }
        throw new UaException(2149515264L);
    }
}
