package leap.web.security.authc;

import javax.servlet.http.Cookie;
import leap.core.security.Authentication;
import leap.core.security.UserPrincipal;
import leap.lang.Result;
import leap.lang.Strings;
import leap.lang.codec.Base64;
import leap.lang.codec.MD5;
import leap.lang.convert.Converts;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;
import leap.web.Request;
import leap.web.Response;
import leap.web.security.user.UserDetails;
import leap.web.security.user.UserStore;

/* loaded from: input_file:leap/web/security/authc/DefaultRememberMeManager.class */
public class DefaultRememberMeManager extends CookieBasedAuthenticationResolver implements RememberMeManager {
    private static final Log log = LogFactory.get(DefaultRememberMeManager.class);

    @Override // leap.web.security.authc.AuthenticationResolver
    public Result<Authentication> resolveAuthentication(Request request, Response response, AuthenticationContext authenticationContext) {
        String[] decodeRememberMeTokens;
        Cookie cookie = getCookie(request);
        if (null != cookie && !Strings.isEmpty(cookie.getValue()) && null != (decodeRememberMeTokens = decodeRememberMeTokens(cookie))) {
            log.debug("A valid remember-me cookie detected, authenticates it");
            Authentication authenticateRememberMeTokens = authenticateRememberMeTokens(request, response, authenticationContext, decodeRememberMeTokens);
            if (null != authenticateRememberMeTokens) {
                log.debug("Successful to authenticating the remember-me cookie");
                return Result.of(authenticateRememberMeTokens);
            }
            log.debug("Failed authenticating the remember-me cookie, removes it");
            removeCookie(request, response, cookie);
            return Result.empty();
        }
        return Result.empty();
    }

    @Override // leap.web.security.authc.RememberMeManager
    public void forgetRememberedUser(Request request, Response response) {
        removeCookie(request, response);
    }

    @Override // leap.web.security.authc.AuthenticationResolver
    public void onLoginSuccess(Request request, Response response, Authentication authentication) {
        UserPrincipal user = authentication.getUser();
        if (user instanceof UserDetails) {
            if (Converts.toBoolean(request.getParameter(this.securityConfig.getRememberMeParameterName()), false)) {
                setRememberMeCookie(request, response, user.getLoginName(), ((UserDetails) user).getPassword());
            } else {
                removeCookie(request, response);
            }
        }
    }

    @Override // leap.web.security.authc.CookieBasedAuthenticationResolver, leap.web.security.authc.AuthenticationResolver
    public void onLogoutSuccess(Request request, Response response) {
        forgetRememberedUser(request, response);
    }

    protected void setRememberMeCookie(Request request, Response response, String str, String str2) {
        int cookieMaxAge = getCookieMaxAge(request);
        setCookie(request, response, encodeRememberMeTokens(str, str2, System.currentTimeMillis() + (cookieMaxAge * 1000)), cookieMaxAge);
    }

    protected String encodeRememberMeTokens(String str, String str2, long j) {
        if (Strings.isEmpty(this.securityConfig.getRememberMeSecret())) {
            throw new RememberMeException("Cannot sign the remember-me tokens, secret must be provided");
        }
        StringBuilder sb = new StringBuilder(Base64.encode(str + ":" + String.valueOf(j) + ":" + sign(str, str2, j)));
        while (sb.charAt(sb.length() - 1) == '=') {
            sb.deleteCharAt(sb.length() - 1);
        }
        return sb.toString();
    }

    protected String[] decodeRememberMeTokens(Cookie cookie) {
        String value = cookie.getValue();
        for (int i = 0; i < value.length() % 4; i++) {
            value = value + "=";
        }
        if (!Base64.isBase64(value)) {
            log.debug("The remember-me cookie is not a valid base64 string");
            return null;
        }
        String[] split = Strings.split(Base64.decode(value), ':');
        if (split.length != 3) {
            return null;
        }
        return split;
    }

    protected Authentication authenticateRememberMeTokens(Request request, Response response, AuthenticationContext authenticationContext, String[] strArr) {
        try {
            long longValue = new Long(strArr[1]).longValue();
            if (isTokenExpired(longValue)) {
                log.debug("Remember-me token has expired");
                return null;
            }
            UserStore userStore = this.securityConfig.getUserStore();
            String str = strArr[0];
            UserDetails loadUserDetailsByLoginName = userStore.loadUserDetailsByLoginName(str);
            if (null == loadUserDetailsByLoginName) {
                log.debug("The remembered user '{}' not found", new Object[]{str});
                return null;
            }
            String sign = sign(str, loadUserDetailsByLoginName.getPassword(), longValue);
            if (null == sign) {
                return null;
            }
            if (!sign.equals(strArr[2])) {
                log.debug("The remembered user's signed is invalid, may be the user's password was changed");
                return null;
            }
            SimpleAuthentication simpleAuthentication = new SimpleAuthentication(loadUserDetailsByLoginName);
            simpleAuthentication.setRememberMe(true);
            return simpleAuthentication;
        } catch (NumberFormatException e) {
            log.debug("Remember-me token[1] did not contain a valid expires number, actual is : {}", new Object[]{strArr[1]});
            return null;
        }
    }

    protected String sign(String str, String str2, long j) {
        String rememberMeSecret = this.securityConfig.getRememberMeSecret();
        if (!Strings.isEmpty(rememberMeSecret)) {
            return MD5.hex(Strings.getBytesUtf8(str + ":" + j + ":" + str2 + ":" + rememberMeSecret));
        }
        log.debug("Remember-me secret not exists, cannot sign user tokens");
        return null;
    }

    public String getCookieExpiresParameter() {
        return this.securityConfig.getRememberMeExpiresParameterName();
    }

    public int getCookieExpires() {
        return this.securityConfig.getDefaultRememberMeExpires();
    }

    public String getCookieName() {
        return this.securityConfig.getRememberMeCookieName();
    }

    protected boolean isTokenExpired(long j) {
        return j < System.currentTimeMillis();
    }
}
