package org.cassproject.kbac;

import com.eduworks.ec.crypto.EcAesCtr;
import com.eduworks.ec.crypto.EcPpk;
import com.eduworks.schema.ebac.EbacSignature;
import forge.pkcs5;
import forge.util;
import org.cassproject.ebac.identity.EcIdentityManager;
import org.cassproject.ebac.repository.EcEncryptedValue;
import org.stjs.javascript.Array;
import org.stjs.javascript.Global;
import org.stjs.javascript.JSFunctionAdapter;
import org.stjs.javascript.JSObjectAdapter;
import org.stjs.javascript.annotation.GlobalScope;
import org.stjs.javascript.functions.Function0;

@GlobalScope
/* loaded from: input_file:org/cassproject/kbac/SkyId.class */
public class SkyId {
    private static String usernameSalt;
    private static String passwordSalt;
    private static String secretSalt;
    public static String skyIdSalt;
    public static String skyIdSecretStr;
    public static String skyIdSecretKey;
    private static EcPpk skyIdPem;
    private static Object cachedSalts = new Object();
    public static Function0<String> salts = new Function0<String>() { // from class: org.cassproject.kbac.SkyId.1
        /* renamed from: $invoke, reason: merged with bridge method [inline-methods] */
        public String m1$invoke() {
            return Global.JSON.stringify(SkyId.cachedSalts);
        }
    };
    public static Function0<String> skyIdCreate = new Function0<String>() { // from class: org.cassproject.kbac.SkyId.2
        /* renamed from: $invoke, reason: merged with bridge method [inline-methods] */
        public String m2$invoke() {
            String str = null;
            String str2 = null;
            String str3 = null;
            Object parse = Global.JSON.parse(levr.fileToString(JSFunctionAdapter.call(levr.fileFromDatastream, this, new Object[]{"credentialCommit", null})));
            if (parse != null) {
                if (JSObjectAdapter.$get(parse, "username") != null) {
                    str = (String) JSObjectAdapter.$get(parse, "username");
                }
                if (JSObjectAdapter.$get(parse, "password") != null) {
                    str2 = (String) JSObjectAdapter.$get(parse, "password");
                }
                if (JSObjectAdapter.$get(parse, "credentials") != null) {
                    str3 = (String) JSObjectAdapter.$get(parse, "credentials");
                }
            }
            if (str == null) {
                levr.error("Missing username.", 422);
            }
            if (str2 == null) {
                levr.error("Missing password.", 422);
            }
            String str4 = str3;
            JSObjectAdapter.$put(str4, "password", util.encode64(pkcs5.pbkdf2(str2, SkyId.skyIdSalt, 10000, 64)));
            String encode64 = util.encode64(pkcs5.pbkdf2(str, SkyId.skyIdSalt, 10000, 16));
            Array array = new Array();
            array.push(new EbacSignature[]{EcIdentityManager.createSignature(60000L, (String) null, SkyId.skyIdPem)});
            ctx.put("signatureSheet", array);
            Object call = JSFunctionAdapter.call(SkyRepo.skyrepoGetParsed, this, new Object[]{encode64, null, "schema.cassproject.org.kbac.0.2.EncryptedValue", null});
            if (call != null) {
                call = Global.JSON.parse(EcAesCtr.decrypt((String) JSObjectAdapter.$get(call, "payload"), SkyId.skyIdSecretKey, encode64));
            }
            EcEncryptedValue ecEncryptedValue = new EcEncryptedValue();
            ecEncryptedValue.addOwner(SkyId.skyIdPem.toPk());
            ecEncryptedValue.payload = EcAesCtr.encrypt(Global.JSON.stringify(str4), SkyId.skyIdSecretKey, encode64);
            if (call == null) {
                JSFunctionAdapter.call(SkyRepo.skyrepoPutParsed, this, Global.JSON.parse(ecEncryptedValue.toJson()), encode64, (Object) null, "schema.cassproject.org.kbac.0.2.EncryptedValue");
                return null;
            }
            levr.error("Cannot create, account already exists.", 422);
            return null;
        }
    };
    public static Function0<String> skyIdCommit = new Function0<String>() { // from class: org.cassproject.kbac.SkyId.3
        /* renamed from: $invoke, reason: merged with bridge method [inline-methods] */
        public String m3$invoke() {
            String str = null;
            String str2 = null;
            String str3 = null;
            String str4 = null;
            Object parse = Global.JSON.parse(levr.fileToString(JSFunctionAdapter.call(levr.fileFromDatastream, this, new Object[]{"credentialCommit", null})));
            if (parse != null) {
                if (JSObjectAdapter.$get(parse, "username") != null) {
                    str = (String) JSObjectAdapter.$get(parse, "username");
                }
                if (JSObjectAdapter.$get(parse, "password") != null) {
                    str2 = (String) JSObjectAdapter.$get(parse, "password");
                }
                if (JSObjectAdapter.$get(parse, "token") != null) {
                    str3 = (String) JSObjectAdapter.$get(parse, "token");
                }
                if (JSObjectAdapter.$get(parse, "credentials") != null) {
                    str4 = (String) JSObjectAdapter.$get(parse, "credentials");
                }
            }
            if (str == null) {
                levr.error("Missing username.", 422);
            }
            if (str2 == null) {
                levr.error("Missing password.", 422);
            }
            if (str3 == null) {
                levr.error("Missing token.", 422);
            }
            String str5 = str4;
            JSObjectAdapter.$put(str5, "token", str3);
            JSObjectAdapter.$put(str5, "password", util.encode64(pkcs5.pbkdf2(str2, SkyId.skyIdSalt, 10000, 64)));
            String encode64 = util.encode64(pkcs5.pbkdf2(str, SkyId.skyIdSalt, 10000, 16));
            EcEncryptedValue ecEncryptedValue = new EcEncryptedValue();
            ecEncryptedValue.addOwner(SkyId.skyIdPem.toPk());
            ecEncryptedValue.payload = EcAesCtr.encrypt(Global.JSON.stringify(str5), SkyId.skyIdSecretKey, encode64);
            Array array = new Array();
            array.push(new EbacSignature[]{EcIdentityManager.createSignature(60000L, (String) null, SkyId.skyIdPem)});
            ctx.put("signatureSheet", array);
            Object call = JSFunctionAdapter.call(SkyRepo.skyrepoGetParsed, this, new Object[]{encode64, null, "schema.cassproject.org.kbac.0.2.EncryptedValue", null});
            if (call == null) {
                levr.error("User does not exist.", 404);
            }
            if (JSObjectAdapter.$get(Global.JSON.parse(EcAesCtr.decrypt((String) JSObjectAdapter.$get(call, "payload"), SkyId.skyIdSecretKey, encode64)), "token") != str3) {
                levr.error("An error in synchronization has occurred. Please re-login and try again.", 403);
            }
            JSFunctionAdapter.call(SkyRepo.skyrepoPutParsed, this, Global.JSON.parse(ecEncryptedValue.toJson()), encode64, (Object) null, "schema.cassproject.org.kbac.0.2.EncryptedValue");
            return null;
        }
    };
    public static Function0<String> skyIdLogin = new Function0<String>() { // from class: org.cassproject.kbac.SkyId.4
        /* renamed from: $invoke, reason: merged with bridge method [inline-methods] */
        public String m4$invoke() {
            String str = null;
            String str2 = null;
            Object parse = Global.JSON.parse(levr.fileToString(JSFunctionAdapter.call(levr.fileFromDatastream, this, new Object[]{"credentialRequest", null})));
            if (parse != null) {
                if (JSObjectAdapter.$get(parse, "username") != null) {
                    str = (String) JSObjectAdapter.$get(parse, "username");
                }
                if (JSObjectAdapter.$get(parse, "password") != null) {
                    str2 = (String) JSObjectAdapter.$get(parse, "password");
                }
                if (JSObjectAdapter.$get(parse, "credentials") != null) {
                }
            }
            if (str == null) {
                levr.error("Missing username.", 422);
            }
            if (str2 == null) {
                levr.error("Missing password.", 422);
            }
            String encode64 = util.encode64(pkcs5.pbkdf2(str2, SkyId.skyIdSalt, 10000, 64));
            String encode642 = util.encode64(pkcs5.pbkdf2(str, SkyId.skyIdSalt, 10000, 16));
            Array array = new Array();
            array.push(new EbacSignature[]{EcIdentityManager.createSignature(60000L, (String) null, SkyId.skyIdPem)});
            ctx.put("signatureSheet", array);
            Object call = JSFunctionAdapter.call(SkyRepo.skyrepoGetParsed, this, new Object[]{encode642, null, "schema.cassproject.org.kbac.0.2.EncryptedValue", null});
            if (call == null) {
                levr.error("User does not exist.", 404);
            }
            Object parse2 = Global.JSON.parse(EcAesCtr.decrypt((String) JSObjectAdapter.$get(call, "payload"), SkyId.skyIdSecretKey, encode642));
            if (JSObjectAdapter.$get(parse2, "password") != encode64) {
                levr.error("Invalid password.", 403);
            }
            JSObjectAdapter.$put(parse2, "token", levr.randomString(20));
            EcEncryptedValue ecEncryptedValue = new EcEncryptedValue();
            ecEncryptedValue.addOwner(SkyId.skyIdPem.toPk());
            ecEncryptedValue.payload = EcAesCtr.encrypt(Global.JSON.stringify(parse2), SkyId.skyIdSecretKey, encode642);
            JSFunctionAdapter.call(SkyRepo.skyrepoPutParsed, this, Global.JSON.parse(ecEncryptedValue.toJson()), encode642, (Object) null, "schema.cassproject.org.kbac.0.2.EncryptedValue");
            JSObjectAdapter.$properties(parse2).$delete("password");
            return Global.JSON.stringify(parse2);
        }
    };

    public static String skyIdSecret() {
        return skyIdSecretStr;
    }

    static String loadConfigurationFile(String str, Function0 function0) {
        if (levr.fileExists(str)) {
            return levr.fileToString(levr.fileLoad(str));
        }
        if (levr.fileExists("etc/" + str)) {
            return levr.fileToString(levr.fileLoad("etc/" + str));
        }
        levr.fileSave(function0.$invoke(), "etc/" + str);
        return levr.fileToString(levr.fileLoad("etc/" + str));
    }

    static {
        usernameSalt = null;
        passwordSalt = null;
        secretSalt = null;
        skyIdSalt = null;
        skyIdSecretStr = null;
        skyIdSecretKey = null;
        skyIdPem = null;
        usernameSalt = loadConfigurationFile("skyId.username.public.salt", new Function0() { // from class: org.cassproject.kbac.SkyId.5
            public Object $invoke() {
                return levr.randomString(2048);
            }
        });
        passwordSalt = loadConfigurationFile("skyId.password.public.salt", new Function0() { // from class: org.cassproject.kbac.SkyId.6
            public Object $invoke() {
                return levr.randomString(2048);
            }
        });
        secretSalt = loadConfigurationFile("skyId.secret.public.salt", new Function0() { // from class: org.cassproject.kbac.SkyId.7
            public Object $invoke() {
                return levr.randomString(2048);
            }
        });
        JSObjectAdapter.$put(cachedSalts, "usernameSalt", usernameSalt);
        JSObjectAdapter.$put(cachedSalts, "usernameIterations", 5000);
        JSObjectAdapter.$put(cachedSalts, "usernameLength", 64);
        JSObjectAdapter.$put(cachedSalts, "passwordSalt", passwordSalt);
        JSObjectAdapter.$put(cachedSalts, "passwordIterations", 5000);
        JSObjectAdapter.$put(cachedSalts, "passwordLength", 64);
        JSObjectAdapter.$put(cachedSalts, "secretSalt", secretSalt);
        JSObjectAdapter.$put(cachedSalts, "secretIterations", 5000);
        JSObjectAdapter.$put(cachedSalts, "secretLength", 64);
        skyIdSalt = loadConfigurationFile("skyId.salt", new Function0() { // from class: org.cassproject.kbac.SkyId.8
            public Object $invoke() {
                return levr.randomString(2048);
            }
        });
        skyIdSecretStr = loadConfigurationFile("skyId.secret", new Function0() { // from class: org.cassproject.kbac.SkyId.9
            public Object $invoke() {
                return levr.randomString(2048);
            }
        });
        skyIdSecretKey = util.encode64(pkcs5.pbkdf2(skyIdSecretStr, skyIdSalt, 10000, 16));
        skyIdPem = EcPpk.fromPem(loadConfigurationFile("skyId.pem", new Function0() { // from class: org.cassproject.kbac.SkyId.10
            public Object $invoke() {
                return EcPpk.fromPem(levr.rsaGenerate()).toPem();
            }
        }));
        levr.bindWebService("/sky/id/salts", salts);
        levr.bindWebService("/sky/id/create", skyIdCreate);
        levr.bindWebService("/sky/id/commit", skyIdCommit);
        levr.bindWebService("/sky/id/login", skyIdLogin);
    }
}
