package com.atlassian.crowd.manager.token.factory;

import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.crowd.exception.InvalidTokenException;
import com.atlassian.crowd.manager.proxy.TrustedProxyManager;
import com.atlassian.crowd.manager.validation.XForwardedForUtil;
import com.atlassian.crowd.model.authentication.ValidationFactor;
import com.google.common.base.Charsets;
import com.google.common.primitives.Longs;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/manager/token/factory/TokenKeyGeneratorImpl.class */
public class TokenKeyGeneratorImpl implements TokenKeyGenerator {
    private static final Logger LOGGER = LoggerFactory.getLogger(TokenKeyGeneratorImpl.class);
    private static final int USERNAME_HASHING_THRESHOLD = 128;
    private final String algorithm;
    private final TrustedProxyManager trustedProxyManager;
    private final Base64.Encoder encoder;

    public TokenKeyGeneratorImpl(TrustedProxyManager trustedProxyManager, String str, Base64.Encoder encoder) {
        this.trustedProxyManager = trustedProxyManager;
        this.algorithm = str;
        this.encoder = encoder;
    }

    @Override // com.atlassian.crowd.manager.token.factory.TokenKeyGenerator
    public String generateRandomHash(long j, String str, List<ValidationFactor> list) throws InvalidTokenException {
        LOGGER.debug("Generating random hash for principal: {}", str);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(generateDigest(j, str, list));
            byteArrayOutputStream.write(Longs.toByteArray(j));
            byteArrayOutputStream.write(digestIfNeeded(str));
            return this.encoder.encodeToString(byteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            throw new InvalidTokenException(e);
        }
    }

    @Override // com.atlassian.crowd.manager.token.factory.TokenKeyGenerator
    public String generateIdentifierHash(long j, String str, List<ValidationFactor> list) throws InvalidTokenException {
        LOGGER.debug("Generating identifier hash for principal: {}", str);
        return this.encoder.encodeToString(generateDigest(j, str, list));
    }

    private byte[] generateDigest(long j, String str, List<ValidationFactor> list) throws InvalidTokenException {
        return getMessageDigest().digest(constructMessage(j, str, list).getBytes());
    }

    private MessageDigest getMessageDigest() throws InvalidTokenException {
        try {
            return MessageDigest.getInstance(this.algorithm);
        } catch (NoSuchAlgorithmException e) {
            throw new InvalidTokenException(e);
        }
    }

    private String constructMessage(long j, String str, List<ValidationFactor> list) {
        StringBuilder sb = new StringBuilder();
        addValidationFactors(sb, list);
        sb.append(Long.toString(j));
        sb.append(StringUtils.lowerCase(str));
        return sb.toString();
    }

    private void addValidationFactors(StringBuilder sb, List<ValidationFactor> list) {
        if (list != null) {
            ValidationFactor factor = getFactor(list, "remote_address");
            if (factor != null) {
                ValidationFactor factor2 = getFactor(list, "X-Forwarded-For");
                String trustedAddress = XForwardedForUtil.getTrustedAddress(this.trustedProxyManager, factor.getValue(), factor2 == null ? null : factor2.getValue());
                LOGGER.debug("Adding remote address of {}", trustedAddress);
                sb.append(trustedAddress);
            }
            addValidationFactor(sb, list, "remote_host");
            addValidationFactor(sb, list, "NAME");
            addValidationFactor(sb, list, "PRIVILEGE_LEVEL");
            addValidationFactor(sb, list, "Random-Number");
        }
    }

    private ValidationFactor getFactor(List<ValidationFactor> list, String str) {
        for (ValidationFactor validationFactor : list) {
            if (str.equals(validationFactor.getName())) {
                return validationFactor;
            }
        }
        return null;
    }

    protected void addValidationFactor(StringBuilder sb, List<ValidationFactor> list, String str) {
        ValidationFactor factor = getFactor(list, str);
        if (factor != null) {
            LOGGER.debug("Adding {} of {}", str, factor);
            sb.append(factor.getValue());
        }
    }

    private byte[] digestIfNeeded(String str) throws InvalidTokenException {
        try {
            String lowerCase = IdentifierUtils.toLowerCase(str);
            return str.length() > USERNAME_HASHING_THRESHOLD ? MessageDigest.getInstance(this.algorithm).digest(lowerCase.getBytes(Charsets.UTF_8)) : lowerCase.getBytes(Charsets.UTF_8);
        } catch (NoSuchAlgorithmException e) {
            throw new InvalidTokenException(e);
        }
    }
}
