package org.eclipse.milo.opcua.sdk.server.identity;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import org.eclipse.milo.opcua.sdk.server.Session;
import org.eclipse.milo.opcua.stack.core.UaException;
import org.eclipse.milo.opcua.stack.core.security.SecurityAlgorithm;
import org.eclipse.milo.opcua.stack.core.types.builtin.ByteString;
import org.eclipse.milo.opcua.stack.core.types.structured.AnonymousIdentityToken;
import org.eclipse.milo.opcua.stack.core.types.structured.SignatureData;
import org.eclipse.milo.opcua.stack.core.types.structured.UserNameIdentityToken;
import org.eclipse.milo.opcua.stack.core.types.structured.UserTokenPolicy;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:org/eclipse/milo/opcua/sdk/server/identity/AbstractUsernameIdentityValidator.class */
public abstract class AbstractUsernameIdentityValidator<T> extends AbstractIdentityValidator<T> {
    @Override // org.eclipse.milo.opcua.sdk.server.identity.AbstractIdentityValidator
    protected T validateAnonymousToken(Session session, AnonymousIdentityToken anonymousIdentityToken, UserTokenPolicy userTokenPolicy, SignatureData signatureData) throws UaException {
        return authenticateAnonymousOrThrow(session);
    }

    @Override // org.eclipse.milo.opcua.sdk.server.identity.AbstractIdentityValidator
    protected T validateUsernameToken(Session session, UserNameIdentityToken userNameIdentityToken, UserTokenPolicy userTokenPolicy, SignatureData signatureData) throws UaException {
        SecurityAlgorithm asymmetricEncryptionAlgorithm;
        String userName = userNameIdentityToken.getUserName();
        ByteString lastNonce = session.getLastNonce();
        int length = lastNonce.length();
        if (userName == null || userName.isEmpty()) {
            throw new UaException(2149580800L);
        }
        String encryptionAlgorithm = userNameIdentityToken.getEncryptionAlgorithm();
        if (encryptionAlgorithm == null || encryptionAlgorithm.isEmpty()) {
            asymmetricEncryptionAlgorithm = session.getSecurityConfiguration().getSecurityPolicy().getAsymmetricEncryptionAlgorithm();
        } else {
            try {
                asymmetricEncryptionAlgorithm = SecurityAlgorithm.fromUri(encryptionAlgorithm);
                if (asymmetricEncryptionAlgorithm != SecurityAlgorithm.Rsa15 && asymmetricEncryptionAlgorithm != SecurityAlgorithm.RsaOaepSha1 && asymmetricEncryptionAlgorithm != SecurityAlgorithm.RsaOaepSha256) {
                    throw new UaException(2149580800L);
                }
            } catch (UaException e) {
                throw new UaException(2149580800L);
            }
        }
        byte[] bytesOrEmpty = userNameIdentityToken.getPassword().bytesOrEmpty();
        if (asymmetricEncryptionAlgorithm == SecurityAlgorithm.None) {
            return authenticateUsernameOrThrow(session, userName, new String(bytesOrEmpty, StandardCharsets.UTF_8));
        }
        byte[] decryptTokenData = decryptTokenData(session, asymmetricEncryptionAlgorithm, bytesOrEmpty);
        long j = ((decryptTokenData[3] & 255) << 24) | ((decryptTokenData[2] & 255) << 16) | ((decryptTokenData[1] & 255) << 8) | (decryptTokenData[0] & 255);
        if (j > decryptTokenData.length - 4) {
            throw new UaException(2149580800L, "invalid token data");
        }
        int i = ((int) j) - length;
        if (i < 0) {
            throw new UaException(2149580800L, "invalid password length");
        }
        if (i > session.getServer().getConfig().getLimits().getMaxPasswordLength().longValue()) {
            throw new UaException(2148007936L, "password length exceeds limits");
        }
        byte[] bArr = new byte[i];
        byte[] bArr2 = new byte[length];
        System.arraycopy(decryptTokenData, 4, bArr, 0, bArr.length);
        System.arraycopy(decryptTokenData, 4 + bArr.length, bArr2, 0, length);
        if (MessageDigest.isEqual(lastNonce.bytes(), bArr2)) {
            return authenticateUsernameOrThrow(session, userName, new String(bArr, StandardCharsets.UTF_8));
        }
        throw new UaException(2149515264L);
    }

    private T authenticateAnonymousOrThrow(Session session) throws UaException {
        T authenticateAnonymous = authenticateAnonymous(session);
        if (authenticateAnonymous != null) {
            return authenticateAnonymous;
        }
        throw new UaException(2149515264L);
    }

    private T authenticateUsernameOrThrow(Session session, String str, String str2) throws UaException {
        T authenticateUsernamePassword = authenticateUsernamePassword(session, str, str2);
        if (authenticateUsernamePassword != null) {
            return authenticateUsernamePassword;
        }
        throw new UaException(2149515264L);
    }

    @Nullable
    protected abstract T authenticateAnonymous(Session session);

    @Nullable
    protected abstract T authenticateUsernamePassword(Session session, String str, String str2);
}
