package org.guohai.fa4j.core;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/guohai/fa4j/core/FormsAuthentication.class */
public class FormsAuthentication {
    private static final Logger log = LoggerFactory.getLogger(FormsAuthentication.class);
    private final int MAX_TICKET_LENGTH = 4096;
    private final HashProvider hashProvider;
    private final MachineKeySection machineKeySection;
    private boolean useLegacyFormsAuthenticationTicketCompatibility;

    public FormsAuthentication(MachineKeySection machineKeySection, HashProvider hashProvider, boolean z) {
        this.useLegacyFormsAuthenticationTicketCompatibility = false;
        if (null == machineKeySection || null == hashProvider) {
            throw new NullPointerException("input machineKeySection or hashProvider is null");
        }
        this.hashProvider = hashProvider;
        this.machineKeySection = machineKeySection;
        this.useLegacyFormsAuthenticationTicketCompatibility = z;
    }

    public String encrypt(FormsAuthenticationTicket formsAuthenticationTicket) throws Exception {
        byte[] serialize;
        if (formsAuthenticationTicket == null) {
            throw new NullPointerException("ticket is null");
        }
        if (this.useLegacyFormsAuthenticationTicketCompatibility) {
            log.debug("user {} use unsafe serialize", formsAuthenticationTicket.getName());
            serialize = UnsafeFaTicketSerializer.cookieAuthConstructTicket(formsAuthenticationTicket);
        } else {
            serialize = FormsAuthenticationTicketSerializer.serialize(formsAuthenticationTicket);
        }
        if (serialize == null) {
            log.error("name {} serialize fail", formsAuthenticationTicket.getName());
            return null;
        }
        byte[] hMACSHAHash = this.hashProvider.getHMACSHAHash(serialize);
        if (hMACSHAHash == null) {
            log.error("name {} get iv hash fail", formsAuthenticationTicket.getName());
            return null;
        }
        byte[] bArr = new byte[hMACSHAHash.length + serialize.length];
        System.arraycopy(serialize, 0, bArr, 0, serialize.length);
        System.arraycopy(hMACSHAHash, 0, bArr, serialize.length, hMACSHAHash.length);
        byte[] encryptOrDecryptData = this.machineKeySection.encryptOrDecryptData(true, bArr);
        if (encryptOrDecryptData == null) {
            log.error("name {} encrypt fail", formsAuthenticationTicket.getName());
            return null;
        }
        byte[] hMACSHAHash2 = this.hashProvider.getHMACSHAHash(encryptOrDecryptData);
        byte[] bArr2 = new byte[hMACSHAHash2.length + encryptOrDecryptData.length];
        System.arraycopy(encryptOrDecryptData, 0, bArr2, 0, encryptOrDecryptData.length);
        System.arraycopy(hMACSHAHash2, 0, bArr2, encryptOrDecryptData.length, hMACSHAHash2.length);
        return CryptoUtil.binaryToHex(bArr2);
    }

    public FormsAuthenticationTicket decrypt(String str) throws Exception {
        if (null == str || str.length() > 4096) {
            throw new NullPointerException("in data is null");
        }
        byte[] bArr = null;
        if (str.length() % 2 == 0) {
            bArr = CryptoUtil.hexToBinary(str);
        }
        if (bArr == null || bArr.length < 1) {
            log.error("cookies data to byte array fail");
            throw new IllegalArgumentException("encryptedTicket");
        }
        byte[] checkHashAndRemove = this.hashProvider.checkHashAndRemove(this.machineKeySection.encryptOrDecryptData(false, this.hashProvider.checkHashAndRemove(bArr)));
        if (checkHashAndRemove != null) {
            return this.useLegacyFormsAuthenticationTicketCompatibility ? UnsafeFaTicketSerializer.cookieAuthByte(checkHashAndRemove) : FormsAuthenticationTicketSerializer.deserialize(checkHashAndRemove);
        }
        log.error("user cookies data Decrypt fail");
        return null;
    }
}
