package org.securityfilter.authenticator.persistent;

import java.io.IOException;
import java.io.Serializable;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.hibernate.dialect.Dialect;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:WEB-INF/lib/securityfilter-2.0.jar:org/securityfilter/authenticator/persistent/DefaultPersistentLoginManager.class */
public class DefaultPersistentLoginManager implements Serializable, PersistentLoginManagerInterface {
    protected String validationKey;
    protected String encryptionKey;
    protected String cipherParameters;
    protected SecretKey secretKey;
    protected static final String COOKIE_USERNAME = "username";
    protected static final String COOKIE_PASSWORD = "password";
    protected static final String COOKIE_REMEMBERME = "rememberme";
    protected static final String COOKIE_VALIDATION = "validation";
    protected static final String PROTECTION_ALL = "all";
    protected static final String PROTECTION_VALIDATION = "validation";
    protected static final String PROTECTION_ENCRYPTION = "encryption";
    protected static final String PROTECTION_NONE = "none";
    protected String cookieLife = Dialect.DEFAULT_BATCH_SIZE;
    protected String protection = "all";
    protected String useIP = "true";
    protected String encryptionAlgorithm = "DES";
    protected String encryptionMode = "ECB";
    protected String encryptionPadding = "PKCS5Padding";
    protected String valueBeforeMD5 = "";
    protected String valueAfterMD5 = "";

    public DefaultPersistentLoginManager() {
        initCypherParameters();
    }

    public void rememberLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws IOException, ServletException {
        if (this.protection.equals("all") || this.protection.equals(PROTECTION_ENCRYPTION)) {
            str = encryptText(str);
            str2 = encryptText(str2);
            if (str == null || str2 == null) {
                System.out.println("ERROR!!");
                System.out.println("There was a problem encrypting the username or password!!");
                System.out.println("Remember Me function will be disabled!!");
                return;
            }
        }
        Cookie cookie = new Cookie("username", str);
        cookie.setMaxAge(86400 * Integer.parseInt(this.cookieLife));
        httpServletResponse.addCookie(cookie);
        Cookie cookie2 = new Cookie("password", str2);
        cookie2.setMaxAge(86400 * Integer.parseInt(this.cookieLife));
        httpServletResponse.addCookie(cookie2);
        Cookie cookie3 = new Cookie(COOKIE_REMEMBERME, "true");
        cookie3.setMaxAge(86400 * Integer.parseInt(this.cookieLife));
        httpServletResponse.addCookie(cookie3);
        if (this.protection.equals("all") || this.protection.equals("validation")) {
            String validationHash = getValidationHash(str, str2, httpServletRequest.getRemoteAddr());
            if (validationHash != null) {
                Cookie cookie4 = new Cookie("validation", validationHash);
                cookie4.setMaxAge(86400 * Integer.parseInt(this.cookieLife));
                httpServletResponse.addCookie(cookie4);
            } else {
                System.out.println("WARNING!!! WARNING!!!");
                System.out.println("PROTECTION=ALL or PROTECTION=VALIDATION was specified");
                System.out.println("but Validation Hash could NOT be generated");
                System.out.println("Validation has been disabled!!!!");
            }
        }
    }

    public void forgetLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        removeCookie(httpServletRequest, httpServletResponse, "username");
        removeCookie(httpServletRequest, httpServletResponse, "password");
        removeCookie(httpServletRequest, httpServletResponse, COOKIE_REMEMBERME);
        removeCookie(httpServletRequest, httpServletResponse, "validation");
    }

    public boolean rememberingLogin(HttpServletRequest httpServletRequest) {
        return getCookieValue(httpServletRequest.getCookies(), COOKIE_REMEMBERME, "false").equals("true");
    }

    public String getRememberedUsername(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String cookieValue = getCookieValue(httpServletRequest.getCookies(), "username", "false");
        String cookieValue2 = getCookieValue(httpServletRequest.getCookies(), "password", "false");
        String cookieValue3 = getCookieValue(httpServletRequest.getCookies(), "validation", "false");
        if (cookieValue.equals("false")) {
            return null;
        }
        if (cookieValue3.equals("false")) {
            if (this.protection.equals("all") || this.protection.equals(PROTECTION_ENCRYPTION)) {
                cookieValue = decryptText(cookieValue);
            }
            return cookieValue;
        }
        if (cookieValue3.equals(getValidationHash(cookieValue, cookieValue2, httpServletRequest.getRemoteAddr()))) {
            if (this.protection.equals("all") || this.protection.equals(PROTECTION_ENCRYPTION)) {
                cookieValue = decryptText(cookieValue);
            }
            return cookieValue;
        }
        System.out.println("!remember-me cookie validation hash mismatch! ");
        System.out.println("!remember-me cookie has been tampered with! ");
        System.out.println("!remember-me cookie is being deleted! ");
        removeCookie(httpServletRequest, httpServletResponse, "username");
        removeCookie(httpServletRequest, httpServletResponse, "password");
        removeCookie(httpServletRequest, httpServletResponse, COOKIE_REMEMBERME);
        removeCookie(httpServletRequest, httpServletResponse, "validation");
        return null;
    }

    public String getRememberedPassword(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String cookieValue = getCookieValue(httpServletRequest.getCookies(), "username", "false");
        String cookieValue2 = getCookieValue(httpServletRequest.getCookies(), "password", "false");
        String cookieValue3 = getCookieValue(httpServletRequest.getCookies(), "validation", "false");
        if (cookieValue2.equals("false")) {
            return null;
        }
        if (cookieValue3.equals("false")) {
            if (this.protection.equals("all") || this.protection.equals(PROTECTION_ENCRYPTION)) {
                cookieValue2 = decryptText(cookieValue2);
            }
            return cookieValue2;
        }
        if (cookieValue3.equals(getValidationHash(cookieValue, cookieValue2, httpServletRequest.getRemoteAddr()))) {
            if (this.protection.equals("all") || this.protection.equals(PROTECTION_ENCRYPTION)) {
                cookieValue2 = decryptText(cookieValue2);
            }
            return cookieValue2;
        }
        System.out.println("!remember-me cookie validation hash mismatch! ");
        System.out.println("!remember-me cookie has been tampered with! ");
        System.out.println("!remember-me cookie is being deleted! ");
        removeCookie(httpServletRequest, httpServletResponse, "username");
        removeCookie(httpServletRequest, httpServletResponse, "password");
        removeCookie(httpServletRequest, httpServletResponse, COOKIE_REMEMBERME);
        removeCookie(httpServletRequest, httpServletResponse, "validation");
        return null;
    }

    public void setCookieLife(String str) {
        this.cookieLife = str;
    }

    public void setProtection(String str) {
        if (str.toLowerCase().trim().equals("all") || str.toLowerCase().trim().equals("validation") || str.toLowerCase().trim().equals(PROTECTION_ENCRYPTION) || str.toLowerCase().trim().equals("none")) {
            this.protection = str.toLowerCase().trim();
            return;
        }
        System.out.println(new StringBuffer().append("*ERROR - Invalid protection setting!!!").append(str).toString());
        System.out.println("*ERROR - setting protection to default -->=all");
        this.protection = "all";
    }

    public void setValidationKey(String str) {
        this.validationKey = str;
    }

    public void setEncryptionKey(String str) {
        this.encryptionKey = str;
        try {
            this.secretKey = SecretKeyFactory.getInstance(this.encryptionAlgorithm).generateSecret(new DESKeySpec(str.getBytes()));
        } catch (Exception e) {
            System.out.println(new StringBuffer().append("Error: ").append(e).toString());
            e.printStackTrace();
        }
    }

    public void setUseIP(String str) {
        this.useIP = str.toLowerCase().trim();
    }

    public void setEncryptionAlgorithm(String str) {
        this.encryptionAlgorithm = str.trim();
        initCypherParameters();
    }

    public void setEncryptionMode(String str) {
        this.encryptionMode = str.trim();
        initCypherParameters();
    }

    public void setEncryptionPadding(String str) {
        this.encryptionPadding = str.trim();
        initCypherParameters();
    }

    private void initCypherParameters() {
        this.cipherParameters = new StringBuffer().append(this.encryptionAlgorithm).append("/").append(this.encryptionMode).append("/").append(this.encryptionPadding).toString();
    }

    private static String getCookieValue(Cookie[] cookieArr, String str, String str2) {
        if (cookieArr != null) {
            for (Cookie cookie : cookieArr) {
                if (str.equals(cookie.getName())) {
                    return cookie.getValue();
                }
            }
        }
        return str2;
    }

    private static Cookie getCookie(Cookie[] cookieArr, String str) {
        if (cookieArr == null) {
            return null;
        }
        for (Cookie cookie : cookieArr) {
            if (str.equals(cookie.getName())) {
                return cookie;
            }
        }
        return null;
    }

    private void removeCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        Cookie cookie = getCookie(httpServletRequest.getCookies(), str);
        if (cookie != null) {
            cookie.setMaxAge(0);
            httpServletResponse.addCookie(cookie);
        }
    }

    private String getValidationHash(String str, String str2, String str3) {
        if (this.validationKey == null) {
            System.out.println("ERROR! >> validationKey not spcified....");
            System.out.println("ERROR! >> you are REQUIRED to specify the validatonkey in the config xml");
            return null;
        }
        MessageDigest messageDigest = null;
        StringBuffer stringBuffer = new StringBuffer();
        try {
            messageDigest = MessageDigest.getInstance("MD5");
        } catch (NoSuchAlgorithmException e) {
            System.out.println(new StringBuffer().append("Error: ").append(e).toString());
        }
        try {
            stringBuffer.append(str.toString());
            stringBuffer.append(":");
            stringBuffer.append(str2.toString());
            stringBuffer.append(":");
            if (this.useIP.equals("true")) {
                stringBuffer.append(str3.toString());
                stringBuffer.append(":");
            }
            stringBuffer.append(this.validationKey.toString());
            this.valueBeforeMD5 = stringBuffer.toString();
            messageDigest.update(this.valueBeforeMD5.getBytes());
            byte[] digest = messageDigest.digest();
            StringBuffer stringBuffer2 = new StringBuffer();
            for (byte b : digest) {
                int i = b & 255;
                if (i < 16) {
                    stringBuffer2.append('0');
                }
                stringBuffer2.append(Integer.toHexString(i));
            }
            this.valueAfterMD5 = stringBuffer2.toString();
        } catch (Exception e2) {
            System.out.println(new StringBuffer().append("Error:").append(e2).toString());
        }
        return this.valueAfterMD5;
    }

    private String encryptText(String str) {
        BASE64Encoder bASE64Encoder = new BASE64Encoder();
        try {
            Cipher cipher = Cipher.getInstance(this.cipherParameters);
            if (this.secretKey != null) {
                cipher.init(1, this.secretKey);
                return bASE64Encoder.encode(cipher.doFinal(str.getBytes()));
            }
            System.out.println("ERROR! >> SecretKey not generated ....");
            System.out.println("ERROR! >> you are REQUIRED to specify the encryptionKey in the config xml");
            return null;
        } catch (Exception e) {
            System.out.println(new StringBuffer().append("Error: ").append(e).toString());
            e.printStackTrace();
            return null;
        }
    }

    private String decryptText(String str) {
        try {
            byte[] decodeBuffer = new BASE64Decoder().decodeBuffer(str);
            Cipher cipher = Cipher.getInstance(this.cipherParameters);
            cipher.init(2, this.secretKey);
            return new String(cipher.doFinal(decodeBuffer));
        } catch (Exception e) {
            System.out.println(new StringBuffer().append("Error: ").append(e).toString());
            e.printStackTrace();
            return null;
        }
    }
}
