package com.iplanet.dpro.session;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.dpro.session.service.SessionServerConfig;
import com.iplanet.dpro.session.share.SessionEncodeURL;
import com.iplanet.services.naming.WebtopNaming;
import com.iplanet.services.util.Crypt;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.security.EncodeAction;
import com.sun.identity.shared.Constants;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.shared.encode.CookieUtils;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.Serializable;
import java.net.URL;
import java.security.AccessController;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.forgerock.openam.sdk.org.forgerock.http.swagger.SwaggerApiProducer;
import org.forgerock.openam.sdk.org.forgerock.util.Reject;
import org.forgerock.openam.session.SessionConstants;
import org.forgerock.openam.utils.PerThreadCache;
import org.forgerock.openam.utils.StringUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:com/iplanet/dpro/session/SessionID.class */
public class SessionID implements Serializable {
    public static final String SHANDLE_SCHEME_PREFIX = "shandle:";
    private String encryptedString;
    private boolean comingFromAuth;
    private String sessionServerProtocol;
    private String sessionServer;
    private String sessionServerPort;
    private String sessionServerURI;
    protected String sessionDomain;
    private String sessionServerID;
    private static String cookieName;
    private static Debug debug;
    private Boolean cookieMode;
    private transient boolean isParsed;
    private transient String tail;
    private transient SessionIDExtensions extensions;
    private static final PerThreadCache<SecureRandom, RuntimeException> secureRandom;

    public SessionID(HttpServletRequest httpServletRequest) {
        this.encryptedString = "";
        this.comingFromAuth = false;
        this.sessionServerProtocol = "";
        this.sessionServer = "";
        this.sessionServerPort = "";
        this.sessionServerURI = "";
        this.sessionDomain = "";
        this.sessionServerID = "";
        this.cookieMode = null;
        this.isParsed = false;
        this.tail = null;
        if (cookieName == null) {
            cookieName = SystemProperties.get(Constants.AM_COOKIE_NAME);
        }
        if (cookieName != null) {
            String str = (String) httpServletRequest.getAttribute("forwardrequest");
            if (debug.messageEnabled()) {
                debug.message("SessionID(HttpServletRequest) : is forward = " + str);
            }
            if (str == null || !str.equals("yes")) {
                String cookieValueFromReq = CookieUtils.getCookieValueFromReq(httpServletRequest, cookieName);
                if (cookieValueFromReq != null) {
                    this.cookieMode = Boolean.TRUE;
                    this.encryptedString = cookieValueFromReq;
                    return;
                } else {
                    String sidFromURL = SessionEncodeURL.getSidFromURL(httpServletRequest);
                    if (sidFromURL != null) {
                        this.encryptedString = sidFromURL;
                    }
                    this.cookieMode = Boolean.FALSE;
                    return;
                }
            }
            String sidFromURL2 = SessionEncodeURL.getSidFromURL(httpServletRequest);
            if (sidFromURL2 != null) {
                this.encryptedString = sidFromURL2;
                return;
            }
            String cookieValueFromReq2 = CookieUtils.getCookieValueFromReq(httpServletRequest, cookieName);
            if (cookieValueFromReq2 != null) {
                this.encryptedString = cookieValueFromReq2;
                this.cookieMode = Boolean.TRUE;
            }
        }
    }

    public SessionID() {
        this.encryptedString = "";
        this.comingFromAuth = false;
        this.sessionServerProtocol = "";
        this.sessionServer = "";
        this.sessionServerPort = "";
        this.sessionServerURI = "";
        this.sessionDomain = "";
        this.sessionServerID = "";
        this.cookieMode = null;
        this.isParsed = false;
        this.tail = null;
    }

    public SessionID(String str) {
        this.encryptedString = "";
        this.comingFromAuth = false;
        this.sessionServerProtocol = "";
        this.sessionServer = "";
        this.sessionServerPort = "";
        this.sessionServerURI = "";
        this.sessionDomain = "";
        this.sessionServerID = "";
        this.cookieMode = null;
        this.isParsed = false;
        this.tail = null;
        this.encryptedString = str;
    }

    public boolean isNull() {
        return isNull(this.encryptedString);
    }

    private static boolean isNull(String str) {
        return str == null || str.length() == 0;
    }

    public String getSessionServerURI() {
        if (isNull(this.sessionServerURI)) {
            parseSessionString();
        }
        return this.sessionServerURI;
    }

    public String getSessionServerURL() {
        parseSessionString();
        return this.sessionServerProtocol + ISAuthConstants.URL_SEPARATOR + this.sessionServer + ":" + this.sessionServerPort + this.sessionServerURI;
    }

    public boolean getComingFromAuth() {
        if (debug.messageEnabled()) {
            debug.message("SessionID.getComingFromAuth():comingFromAuth:" + this.comingFromAuth);
        }
        return this.comingFromAuth;
    }

    public void setComingFromAuth(boolean z) {
        this.comingFromAuth = z;
    }

    public String getSessionServerProtocol() {
        if (isNull(this.sessionServerProtocol)) {
            parseSessionString();
        }
        return this.sessionServerProtocol;
    }

    public String getSessionServerPort() {
        if (isNull(this.sessionServerPort)) {
            parseSessionString();
        }
        return this.sessionServerPort;
    }

    public String getSessionServer() {
        if (isNull(this.sessionServer)) {
            parseSessionString();
        }
        return this.sessionServer;
    }

    public String getSessionDomain() {
        return this.sessionDomain;
    }

    public String getSessionServerID() {
        if (isNull(this.sessionServerID)) {
            parseSessionString();
        }
        return this.sessionServerID;
    }

    public String toString() {
        return this.encryptedString;
    }

    public boolean equals(Object obj) {
        if (obj == null || !(obj instanceof SessionID)) {
            return false;
        }
        return this.encryptedString.equals(((SessionID) obj).encryptedString);
    }

    public int hashCode() {
        return this.encryptedString.hashCode();
    }

    private void parseSessionString() {
        if (this.isParsed) {
            return;
        }
        if (isNull()) {
            throw new IllegalArgumentException("sid value is null or empty");
        }
        try {
            String str = this.encryptedString;
            if (isC66Encoded()) {
                str = c66DecodeCookieString(this.encryptedString);
            }
            int lastIndexOf = str.lastIndexOf(Constants.AT);
            if (lastIndexOf == -1) {
                this.isParsed = true;
                return;
            }
            String substring = str.substring(lastIndexOf + 1);
            int indexOf = substring.indexOf(SwaggerApiProducer.VersionTransformer.PATH_FRAGMENT_MARKER);
            this.tail = substring.substring(indexOf + 1);
            if (indexOf != -1) {
                this.extensions = new DynamicSessionIDExtensions(new LegacySessionIDExtensions(substring.substring(0, indexOf)));
            } else {
                this.extensions = new LegacySessionIDExtensions();
            }
            String siteID = this.extensions.getSiteID();
            if (siteID != null) {
                setServerID(siteID);
            }
            this.isParsed = true;
        } catch (Exception e) {
            debug.error("Invalid sessionid format:[" + this.encryptedString + "]", e);
            throw new IllegalArgumentException("Invalid sessionid format:[" + this.encryptedString + "]" + e);
        }
    }

    protected void setServerID(String str) {
        try {
            URL url = new URL(WebtopNaming.getServerFromID(str));
            this.sessionServerID = str;
            this.sessionServerProtocol = url.getProtocol();
            this.sessionServer = url.getHost();
            this.sessionServerPort = String.valueOf(url.getPort());
            this.sessionServerURI = url.getPath();
            int lastIndexOf = this.sessionServerURI.lastIndexOf(47);
            while (lastIndexOf > 0) {
                this.sessionServerURI = this.sessionServerURI.substring(0, lastIndexOf);
                lastIndexOf = this.sessionServerURI.lastIndexOf(47);
            }
        } catch (Exception e) {
            debug.error("Could not get server info from sessionid: " + str + "]", e);
            throw new IllegalArgumentException("Invalid server id in session id:[" + str + "]" + e);
        }
    }

    public String getTail() {
        parseSessionString();
        return this.tail;
    }

    public Boolean getCookieMode() {
        return this.cookieMode;
    }

    public SessionIDExtensions getExtension() {
        parseSessionString();
        return this.extensions;
    }

    static String makeSessionID(String str, SessionIDExtensions sessionIDExtensions, String str2) throws SessionException {
        try {
            StringBuilder sb = new StringBuilder();
            sb.append(str);
            if (sessionIDExtensions != null || str2 != null) {
                sb.append(Constants.AT);
            }
            if (sessionIDExtensions != null) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
                for (Map.Entry<String, String> entry : sessionIDExtensions.asMap().entrySet()) {
                    dataOutputStream.writeUTF(entry.getKey());
                    dataOutputStream.writeUTF(entry.getValue());
                }
                dataOutputStream.close();
                sb.append(Base64.encode(byteArrayOutputStream.toByteArray()));
                sb.append(SwaggerApiProducer.VersionTransformer.PATH_FRAGMENT_MARKER);
            }
            if (str2 != null) {
                sb.append(str2);
            }
            String sb2 = sb.toString();
            if (c66EncodeCookie()) {
                sb2 = c66EncodeSidString(sb2);
            }
            return sb2;
        } catch (Exception e) {
            throw new SessionException(e);
        }
    }

    public static String makeRelatedSessionID(String str, SessionID sessionID) throws SessionException {
        sessionID.parseSessionString();
        return makeSessionID(str, sessionID.getExtension(), sessionID.tail);
    }

    private static boolean c66EncodeCookie() {
        return Boolean.valueOf(SystemProperties.get(Constants.C66_ENCODE_AM_COOKIE, "false")).booleanValue();
    }

    private static String c66EncodeSidString(String str) {
        if (str == null || str.length() == 0) {
            return str;
        }
        int length = str.length();
        char[] cArr = new char[length];
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            if (charAt == '+') {
                cArr[i] = '-';
            } else if (charAt == '/') {
                cArr[i] = '_';
            } else if (charAt == '=') {
                cArr[i] = '.';
            } else if (charAt == '@') {
                cArr[i] = '*';
            } else if (charAt == '#') {
                cArr[i] = '*';
            } else {
                cArr[i] = charAt;
            }
        }
        return new String(cArr);
    }

    private static String c66DecodeCookieString(String str) {
        if (str == null || str.length() == 0) {
            return str;
        }
        int length = str.length();
        char[] cArr = new char[length];
        boolean z = true;
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            if (charAt == '-') {
                cArr[i] = '+';
            } else if (charAt == '_') {
                cArr[i] = '/';
            } else if (charAt == '.') {
                cArr[i] = '=';
            } else if (charAt != '*') {
                cArr[i] = charAt;
            } else if (z) {
                z = false;
                cArr[i] = '@';
            } else {
                cArr[i] = '#';
            }
        }
        return new String(cArr);
    }

    public boolean isC66Encoded() {
        return this.encryptedString != null && this.encryptedString.contains("*");
    }

    public SessionID generateRelatedSessionID(SessionServerConfig sessionServerConfig) throws SessionException {
        return new SessionID(makeRelatedSessionID(generateEncryptedID(sessionServerConfig), this));
    }

    public boolean isSessionHandle() {
        return toString().startsWith(SHANDLE_SCHEME_PREFIX);
    }

    public String generateSessionHandle(SessionServerConfig sessionServerConfig) throws SessionException {
        return SHANDLE_SCHEME_PREFIX + makeRelatedSessionID(generateEncryptedID(sessionServerConfig), this);
    }

    public static String generateAmCtxID(SessionServerConfig sessionServerConfig) {
        return Long.toHexString(secureRandom.getInstanceForCurrentThread().nextLong()) + sessionServerConfig.getLocalServerID();
    }

    private static String generateEncryptedID(SessionServerConfig sessionServerConfig) {
        return (String) AccessController.doPrivileged(new EncodeAction(Long.toHexString(secureRandom.getInstanceForCurrentThread().nextLong()) + Constants.AT + sessionServerConfig.getPrimaryServerID(), Crypt.getHardcodedKeyEncryptor()));
    }

    public static SessionID generateSessionID(SessionServerConfig sessionServerConfig, String str) throws SessionException {
        return new SessionID(makeSessionID(generateEncryptedID(sessionServerConfig), new LegacySessionIDExtensions(getPrimaryId(sessionServerConfig), sessionServerConfig.getPrimaryServerID(), String.valueOf(secureRandom.getInstanceForCurrentThread().nextLong())), null), sessionServerConfig.getLocalServerID(), str);
    }

    public static SessionID generateStatelessSessionID(SessionServerConfig sessionServerConfig, String str, String str2) throws SessionException {
        Reject.ifNull(str2);
        return new SessionID(makeSessionID("", new LegacySessionIDExtensions(getPrimaryId(sessionServerConfig), sessionServerConfig.getPrimaryServerID(), null), str2), sessionServerConfig.getLocalServerID(), str);
    }

    private static String getPrimaryId(SessionServerConfig sessionServerConfig) {
        String str = "";
        if (sessionServerConfig.isSiteEnabled() && sessionServerConfig.getLocalServerID() != null && !sessionServerConfig.getLocalServerID().isEmpty()) {
            str = sessionServerConfig.getLocalServerID();
        }
        return str;
    }

    private SessionID(String str, String str2, String str3) {
        this(str);
        setServerID(str2);
        this.sessionDomain = str3;
    }

    public void validate() throws SessionException {
        String siteID = getExtension().getSiteID();
        String primaryID = getExtension().getPrimaryID();
        String str = null;
        if (StringUtils.isEmpty(siteID)) {
            str = "Invalid session ID, Site ID is null or empty";
        } else if (primaryID == null) {
            if (!WebtopNaming.isServer(siteID)) {
                str = "Invalid session ID, Site ID \"" + siteID + "\" either points to a non-existent server, or to a site";
            }
            String siteID2 = WebtopNaming.getSiteID(siteID);
            if (str == null && siteID2 != null && !siteID2.equals(siteID)) {
                str = "Invalid session ID, Site ID \"" + siteID + "\" points to a server, but its corresponding site ID is not present in the session ID";
            }
        } else {
            if (!WebtopNaming.isServer(primaryID)) {
                str = "Invalid session ID, Primary ID \"" + primaryID + "\" either points to a non-existent server, or to a site";
            }
            String siteID3 = WebtopNaming.getSiteID(primaryID);
            if (str == null) {
                if (siteID3 == null || siteID3.equals(primaryID)) {
                    str = "Invalid session ID, Primary ID \"" + primaryID + "\" server isn't member of Site ID \"" + siteID + "\"";
                } else if (!siteID3.equals(siteID)) {
                    str = "Invalid session ID, Primary ID \"" + primaryID + "\" server doesn't belong to Site ID \"" + siteID + "\"";
                }
            }
        }
        if (str != null) {
            if (debug.warningEnabled()) {
                debug.warning(str);
            }
            throw new SessionException(str);
        }
    }

    static {
        cookieName = null;
        cookieName = System.getProperty(Constants.AM_COOKIE_NAME);
        if (cookieName == null) {
            cookieName = SystemProperties.get(Constants.AM_COOKIE_NAME);
        }
        debug = Debug.getInstance(SessionConstants.SESSION_DEBUG);
        secureRandom = new PerThreadCache<SecureRandom, RuntimeException>(Integer.MAX_VALUE) { // from class: com.iplanet.dpro.session.SessionID.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.forgerock.openam.utils.PerThreadCache
            public SecureRandom initialValue() {
                try {
                    try {
                        return SecureRandom.getInstance("SHA1PRNG", "SUN");
                    } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
                        return SecureRandom.getInstance("SHA1PRNG");
                    }
                } catch (Exception e2) {
                    throw new IllegalStateException("Need SHA1PRNG algorithm to continue");
                }
            }
        };
    }
}
