package io.syndesis.server.endpoint.v1.state;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.syndesis.server.credential.CredentialModule;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.Base64;
import java.util.Collection;
import java.util.Date;
import java.util.LinkedHashSet;
import java.util.Objects;
import java.util.Set;
import java.util.function.BiFunction;
import java.util.function.Function;
import java.util.function.LongSupplier;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.NewCookie;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/server-endpoint-1.7.9.jar:io/syndesis/server/endpoint/v1/state/ClientSideState.class */
public final class ClientSideState {
    public static final int DEFAULT_TIMEOUT = 1800;
    private static final int IV_LEN = 16;
    private final BiFunction<Class<?>, byte[], Object> deserialization;
    private final Edition edition;
    private final Supplier<byte[]> ivSource;
    private final Function<Object, byte[]> serialization;
    private final int timeout;
    private final LongSupplier timeSource;
    private static final Base64.Decoder DECODER = Base64.getUrlDecoder();
    private static final Base64.Encoder ENCODER = Base64.getUrlEncoder().withoutPadding();
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ClientSideState.class);
    private static final ObjectMapper MAPPER = new ObjectMapper().registerModule(new CredentialModule());

    /* loaded from: input_file:BOOT-INF/lib/server-endpoint-1.7.9.jar:io/syndesis/server/endpoint/v1/state/ClientSideState$RandomIvSource.class */
    protected static final class RandomIvSource implements Supplier<byte[]> {
        private static final SecureRandom RANDOM = new SecureRandom();

        protected RandomIvSource() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public byte[] get() {
            byte[] bArr = new byte[16];
            RANDOM.nextBytes(bArr);
            return bArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/server-endpoint-1.7.9.jar:io/syndesis/server/endpoint/v1/state/ClientSideState$TimestampedState.class */
    public static class TimestampedState<T> implements Comparable<TimestampedState<T>> {
        private final T state;
        private final long timestamp;

        TimestampedState(T t, long j) {
            this.state = (T) Objects.requireNonNull(t, "state");
            this.timestamp = j;
        }

        @Override // java.lang.Comparable
        public int compareTo(TimestampedState<T> timestampedState) {
            return Long.compare(timestampedState.timestamp, this.timestamp);
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof TimestampedState)) {
                return false;
            }
            TimestampedState timestampedState = (TimestampedState) obj;
            return this.timestamp == timestampedState.timestamp && Objects.equals(this.state, timestampedState.state);
        }

        public int hashCode() {
            return (int) ((31 * this.timestamp) + (31 * Objects.hashCode(this.state)));
        }
    }

    public ClientSideState(Edition edition) {
        this(edition, ClientSideState::currentTimestmpUtc, new RandomIvSource(), ClientSideState::serialize, ClientSideState::deserialize, DEFAULT_TIMEOUT);
    }

    public ClientSideState(Edition edition, int i) {
        this(edition, ClientSideState::currentTimestmpUtc, new RandomIvSource(), ClientSideState::serialize, ClientSideState::deserialize, i);
    }

    ClientSideState(Edition edition, LongSupplier longSupplier, int i) {
        this(edition, longSupplier, new RandomIvSource(), ClientSideState::serialize, ClientSideState::deserialize, i);
    }

    ClientSideState(Edition edition, LongSupplier longSupplier, Supplier<byte[]> supplier, Function<Object, byte[]> function, BiFunction<Class<?>, byte[], Object> biFunction, int i) {
        this.edition = edition;
        this.timeSource = longSupplier;
        this.ivSource = supplier;
        this.serialization = function;
        this.deserialization = biFunction;
        this.timeout = i;
    }

    public NewCookie persist(String str, String str2, Object obj) {
        return new NewCookie(str, protect(obj), str2, null, 1, null, this.timeout, Date.from(ZonedDateTime.now(ZoneOffset.UTC).plusSeconds(this.timeout).toInstant()), true, false);
    }

    public <T> Set<T> restoreFrom(Collection<Cookie> collection, Class<T> cls) {
        return (Set) collection.stream().flatMap(cookie -> {
            try {
                return Stream.of(restoreWithTimestamp(cookie, cls));
            } catch (IllegalArgumentException e) {
                LOG.warn("Unable to restore client side state: {}", e.getMessage());
                LOG.debug("Unable to restore client side state from cookie: {}", cookie, e);
                return Stream.empty();
            }
        }).sorted().map(timestampedState -> {
            return timestampedState.state;
        }).collect(Collectors.toCollection(LinkedHashSet::new));
    }

    public <T> T restoreFrom(Cookie cookie, Class<T> cls) {
        return (T) ((TimestampedState) restoreWithTimestamp(cookie, cls)).state;
    }

    byte[] atime() {
        return Long.toString(this.timeSource.getAsLong()).getBytes(StandardCharsets.US_ASCII);
    }

    byte[] iv() {
        return this.ivSource.get();
    }

    String protect(Object obj) {
        byte[] apply = this.serialization.apply(obj);
        byte[] iv = iv();
        KeySource keySource = this.edition.keySource();
        StringBuilder append = new StringBuilder().append(ENCODER.encodeToString(encrypt(this.edition.encryptionAlgorithm, iv, apply, keySource.encryptionKey()))).append('|').append(ENCODER.encodeToString(atime())).append('|').append(ENCODER.encodeToString(this.edition.tid)).append('|').append(ENCODER.encodeToString(iv));
        append.append('|').append(ENCODER.encodeToString(mac(this.edition.authenticationAlgorithm, append, keySource.authenticationKey())));
        return append.toString();
    }

    <T> TimestampedState<T> restoreWithTimestamp(Cookie cookie, Class<T> cls) {
        String value = cookie.getValue();
        String[] split = value.split("\\|", 5);
        long atime = atime(DECODER.decode(split[1]));
        if (atime + this.timeout < this.timeSource.getAsLong()) {
            throw new IllegalArgumentException("Given value has timed out at: " + Instant.ofEpochSecond(atime));
        }
        byte[] decode = DECODER.decode(split[2]);
        if (!MessageDigest.isEqual(decode, this.edition.tid)) {
            throw new IllegalArgumentException(String.format("Given TID `%s`, mismatches current TID `%s`", new BigInteger(decode).toString(16), new BigInteger(this.edition.tid).toString(16)));
        }
        KeySource keySource = this.edition.keySource();
        if (MessageDigest.isEqual(DECODER.decode(split[4]), mac(this.edition.authenticationAlgorithm, value.substring(0, value.lastIndexOf(124)), keySource.authenticationKey()))) {
            return new TimestampedState<>(this.deserialization.apply(cls, decrypt(this.edition.encryptionAlgorithm, DECODER.decode(split[3]), DECODER.decode(split[0]), keySource.encryptionKey())), atime);
        }
        throw new IllegalArgumentException("Cookie value fails authenticity check");
    }

    static long atime(byte[] bArr) {
        return Long.parseLong(new String(bArr, StandardCharsets.US_ASCII));
    }

    static long currentTimestmpUtc() {
        return Instant.now().toEpochMilli() / 1000;
    }

    static byte[] decrypt(String str, byte[] bArr, byte[] bArr2, SecretKey secretKey) {
        try {
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(2, secretKey, new IvParameterSpec(bArr));
            return cipher.doFinal(bArr2);
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException("Unable to encrypt the given value", e);
        }
    }

    static Object deserialize(Class<?> cls, byte[] bArr) {
        try {
            return MAPPER.readerFor(cls).readValue(bArr);
        } catch (IOException e) {
            throw new IllegalArgumentException("Unable to deserialize given pickle to value", e);
        }
    }

    static byte[] encrypt(String str, byte[] bArr, byte[] bArr2, SecretKey secretKey) {
        try {
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(1, secretKey, new IvParameterSpec(bArr));
            return cipher.doFinal(bArr2);
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException("Unable to encrypt the given value", e);
        }
    }

    static byte[] mac(String str, CharSequence charSequence, SecretKey secretKey) {
        try {
            String charSequence2 = charSequence.toString();
            Mac mac = Mac.getInstance(str);
            mac.init(secretKey);
            return mac.doFinal(charSequence2.getBytes(StandardCharsets.US_ASCII));
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException("Unable to compute MAC of the given value", e);
        }
    }

    static byte[] serialize(Object obj) {
        try {
            return MAPPER.writerFor(obj.getClass()).writeValueAsBytes(obj);
        } catch (JsonProcessingException e) {
            throw new IllegalArgumentException("Unable to serialize given value: " + obj, e);
        }
    }
}
