package org.restlet.ext.crypto;

import java.security.GeneralSecurityException;
import java.util.logging.Level;
import org.restlet.Context;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.data.ChallengeResponse;
import org.restlet.data.ChallengeScheme;
import org.restlet.data.Cookie;
import org.restlet.data.CookieSetting;
import org.restlet.data.Form;
import org.restlet.data.Method;
import org.restlet.data.Parameter;
import org.restlet.data.Reference;
import org.restlet.engine.util.Base64;
import org.restlet.ext.crypto.internal.CryptoUtils;
import org.restlet.security.ChallengeAuthenticator;

/* loaded from: input_file:org/restlet/ext/crypto/CookieAuthenticator.class */
public class CookieAuthenticator extends ChallengeAuthenticator {
    private volatile String cookieName;
    private volatile String encryptAlgorithm;
    private volatile byte[] encryptSecretKey;
    private volatile String identifierFormName;
    private volatile boolean interceptingLogin;
    private volatile boolean interceptingLogout;
    private volatile String loginFormPath;
    private volatile String loginPath;
    private volatile String logoutPath;
    private volatile int maxCookieAge;
    private volatile String redirectQueryName;
    private volatile String secretFormName;

    public CookieAuthenticator(Context context, boolean z, String str, byte[] bArr) {
        super(context, z, ChallengeScheme.HTTP_COOKIE, str);
        this.cookieName = "Credentials";
        this.interceptingLogin = true;
        this.interceptingLogout = true;
        this.identifierFormName = "login";
        this.loginPath = "/login";
        this.logoutPath = "/logout";
        this.secretFormName = "password";
        this.encryptAlgorithm = "AES";
        this.encryptSecretKey = bArr;
        this.maxCookieAge = -1;
        this.redirectQueryName = "targetUri";
    }

    public CookieAuthenticator(Context context, String str, byte[] bArr) {
        this(context, false, str, bArr);
    }

    protected void attemptRedirect(Request request, Response response) {
        String firstValue = request.getResourceRef().getQueryAsForm().getFirstValue(getRedirectQueryName());
        if (firstValue != null) {
            response.redirectSeeOther(Reference.decode(firstValue));
        }
    }

    protected boolean authenticate(Request request, Response response) {
        Cookie first = request.getCookies().getFirst(getCookieName());
        if (first != null) {
            request.setChallengeResponse(parseCredentials(first.getValue()));
        }
        return super.authenticate(request, response);
    }

    protected int authenticated(Request request, Response response) {
        try {
            CookieSetting credentialsCookie = getCredentialsCookie(request, response);
            credentialsCookie.setValue(formatCredentials(request.getChallengeResponse()));
            credentialsCookie.setMaxAge(getMaxCookieAge());
        } catch (GeneralSecurityException e) {
            getLogger().log(Level.SEVERE, "Could not format credentials cookie", (Throwable) e);
        }
        return super.authenticated(request, response);
    }

    protected int beforeHandle(Request request, Response response) {
        if (isLoggingIn(request, response)) {
            login(request, response);
        } else if (isLoggingOut(request, response)) {
            return logout(request, response);
        }
        return super.beforeHandle(request, response);
    }

    public void challenge(Response response, boolean z) {
        if (getLoginFormPath() == null) {
            super.challenge(response, z);
            return;
        }
        Reference resourceRef = response.getRequest().getResourceRef();
        String redirectQueryName = getRedirectQueryName();
        String firstValue = resourceRef.getQueryAsForm().getFirstValue(redirectQueryName, "");
        if ("".equals(firstValue)) {
            firstValue = new Reference(getLoginFormPath()).addQueryParameter(redirectQueryName, resourceRef.toString()).toString();
        }
        response.redirectSeeOther(firstValue);
    }

    protected String formatCredentials(ChallengeResponse challengeResponse) throws GeneralSecurityException {
        StringBuffer stringBuffer = new StringBuffer();
        StringBuffer stringBuffer2 = new StringBuffer();
        String l = Long.toString(System.currentTimeMillis());
        int length = l.length();
        stringBuffer.append(l);
        stringBuffer2.append(length);
        String identifier = challengeResponse.getIdentifier();
        stringBuffer.append('/');
        stringBuffer.append(identifier);
        stringBuffer2.append(',').append(length + identifier.length() + 1);
        stringBuffer.append('/');
        stringBuffer.append(challengeResponse.getSecret());
        stringBuffer.append('/');
        stringBuffer.append(stringBuffer2);
        return Base64.encode(CryptoUtils.encrypt(getEncryptAlgorithm(), getEncryptSecretKey(), stringBuffer.toString()), false);
    }

    public String getCookieName() {
        return this.cookieName;
    }

    protected CookieSetting getCredentialsCookie(Request request, Response response) {
        CookieSetting first = response.getCookieSettings().getFirst(getCookieName());
        if (first == null) {
            first = new CookieSetting(getCookieName(), (String) null);
            first.setAccessRestricted(true);
            if (request.getRootRef() != null) {
                String path = request.getRootRef().getPath();
                first.setPath(path == null ? "/" : path);
            }
            response.getCookieSettings().add(first);
        }
        return first;
    }

    public String getEncryptAlgorithm() {
        return this.encryptAlgorithm;
    }

    public byte[] getEncryptSecretKey() {
        return this.encryptSecretKey;
    }

    public String getIdentifierFormName() {
        return this.identifierFormName;
    }

    public String getLoginFormPath() {
        return this.loginFormPath;
    }

    public String getLoginPath() {
        return this.loginPath;
    }

    public String getLogoutPath() {
        return this.logoutPath;
    }

    public int getMaxCookieAge() {
        return this.maxCookieAge;
    }

    public String getRedirectQueryName() {
        return this.redirectQueryName;
    }

    public String getSecretFormName() {
        return this.secretFormName;
    }

    public boolean isInterceptingLogin() {
        return this.interceptingLogin;
    }

    public boolean isInterceptingLogout() {
        return this.interceptingLogout;
    }

    protected boolean isLoggingIn(Request request, Response response) {
        return isInterceptingLogin() && getLoginPath().equals(request.getResourceRef().getRemainingPart(false, false)) && Method.POST.equals(request.getMethod());
    }

    protected boolean isLoggingOut(Request request, Response response) {
        return isInterceptingLogout() && getLogoutPath().equals(request.getResourceRef().getRemainingPart(false, false)) && (Method.GET.equals(request.getMethod()) || Method.POST.equals(request.getMethod()));
    }

    protected void login(Request request, Response response) {
        Form form = new Form(request.getEntity());
        Parameter first = form.getFirst(getIdentifierFormName());
        Parameter first2 = form.getFirst(getSecretFormName());
        request.setChallengeResponse(new ChallengeResponse(getScheme(), first != null ? first.getValue() : null, first2 != null ? first2.getValue() : null));
        attemptRedirect(request, response);
    }

    protected int logout(Request request, Response response) {
        request.setChallengeResponse((ChallengeResponse) null);
        getCredentialsCookie(request, response).setMaxAge(0);
        attemptRedirect(request, response);
        return 2;
    }

    protected ChallengeResponse parseCredentials(String str) {
        byte[] decode = Base64.decode(str);
        if (decode == null) {
            getLogger().warning("Cannot decode cookie credentials : " + str);
        }
        try {
            String decrypt = CryptoUtils.decrypt(getEncryptAlgorithm(), getEncryptSecretKey(), decode);
            int lastIndexOf = decrypt.lastIndexOf(47);
            String[] split = decrypt.substring(lastIndexOf + 1).split(",");
            int parseInt = Integer.parseInt(split[0]);
            int parseInt2 = Integer.parseInt(split[1]);
            ChallengeResponse challengeResponse = new ChallengeResponse(getScheme());
            challengeResponse.setRawValue(str);
            challengeResponse.setTimeIssued(Long.parseLong(decrypt.substring(0, parseInt)));
            challengeResponse.setIdentifier(decrypt.substring(parseInt + 1, parseInt2));
            challengeResponse.setSecret(decrypt.substring(parseInt2 + 1, lastIndexOf));
            return challengeResponse;
        } catch (Exception e) {
            getLogger().log(Level.INFO, "Unable to decrypt cookie credentials", (Throwable) e);
            return null;
        }
    }

    public void setCookieName(String str) {
        this.cookieName = str;
    }

    public void setEncryptAlgorithm(String str) {
        this.encryptAlgorithm = str;
    }

    public void setEncryptSecretKey(byte[] bArr) {
        this.encryptSecretKey = bArr;
    }

    public void setIdentifierFormName(String str) {
        this.identifierFormName = str;
    }

    public void setInterceptingLogin(boolean z) {
        this.interceptingLogin = z;
    }

    public void setInterceptingLogout(boolean z) {
        this.interceptingLogout = z;
    }

    public void setLoginFormPath(String str) {
        this.loginFormPath = str;
    }

    public void setLoginPath(String str) {
        this.loginPath = str;
    }

    public void setLogoutPath(String str) {
        this.logoutPath = str;
    }

    public void setMaxCookieAge(int i) {
        this.maxCookieAge = i;
    }

    public void setRedirectQueryName(String str) {
        this.redirectQueryName = str;
    }

    public void setSecretFormName(String str) {
        this.secretFormName = str;
    }
}
