package lucee.runtime.security;

import java.io.IOException;
import java.util.Set;
import lucee.commons.digest.MD5;
import lucee.commons.io.CharsetUtil;
import lucee.commons.io.IOUtil;
import lucee.commons.io.SystemUtil;
import lucee.commons.io.res.Resource;
import lucee.commons.lang.StringUtil;
import lucee.runtime.coder.Base64Coder;
import lucee.runtime.crypt.Cryptor;
import lucee.runtime.exp.ApplicationException;
import lucee.runtime.exp.PageException;
import lucee.runtime.op.Caster;
import lucee.runtime.type.Array;
import lucee.runtime.type.util.ListUtil;

/* loaded from: input_file:WEB-INF/lib/lucee.jar:core/core.lco:lucee/runtime/security/CredentialImpl.class */
public final class CredentialImpl implements Credential {
    String username;
    String password;
    String[] roles;
    private Resource rolesDir;
    private String privateKey;
    private byte[] salt;
    private int iter;
    private static final byte[] staticSalt;
    private static final int staticIter;
    private static final String staticPrivateKey;
    private static final char ONE = 1;
    private static final String ALGO = "Blowfish/CBC/PKCS5Padding";

    public CredentialImpl(String str, Resource resource) {
        this(str, null, new String[0], resource, null, null, 0);
    }

    private static byte[] toSalt(String str) {
        byte[] bytes = str.trim().getBytes(CharsetUtil.UTF8);
        if (bytes.length == 8) {
            return bytes;
        }
        if (bytes.length > 8) {
            byte[] bArr = new byte[8];
            for (int i = 0; i < bArr.length; i++) {
                bArr[i] = bytes[i];
            }
            return bArr;
        }
        byte[] bArr2 = new byte[8];
        int i2 = 0;
        while (true) {
            for (byte b : bytes) {
                if (i2 >= 8) {
                    return bArr2;
                }
                int i3 = i2;
                i2++;
                bArr2[i3] = b;
            }
        }
    }

    public CredentialImpl(String str, String str2, Resource resource) {
        this(str, str2, new String[0], resource, null, null, 0);
    }

    public CredentialImpl(String str, String str2, String str3, Resource resource) throws PageException {
        this(str, str2, toRole(str3), resource, null, null, 0);
    }

    public CredentialImpl(String str, String str2, Array array, Resource resource) throws PageException {
        this(str, str2, toRole(array), resource, null, null, 0);
    }

    public CredentialImpl(String str, String str2, String[] strArr, Resource resource) {
        this(str, str2, strArr, resource, null, null, 0);
    }

    public CredentialImpl(String str, String str2, String[] strArr, Resource resource, String str3, String str4, int i) {
        this.username = str;
        this.password = str2;
        this.roles = strArr;
        this.rolesDir = resource;
        this.privateKey = StringUtil.isEmpty(str3, true) ? staticPrivateKey : str3.trim();
        this.salt = StringUtil.isEmpty(str4, true) ? staticSalt : toSalt(str4);
        this.iter = i < 1 ? staticIter : i;
    }

    @Override // lucee.runtime.security.Credential
    public String getPassword() {
        return this.password;
    }

    @Override // lucee.runtime.security.Credential
    public String[] getRoles() {
        return this.roles;
    }

    @Override // lucee.runtime.security.Credential
    public String getUsername() {
        return this.username;
    }

    public static String[] toRole(Object obj) throws PageException {
        if (obj instanceof String) {
            obj = ListUtil.listToArrayRemoveEmpty(obj.toString(), ",");
        }
        if (!(obj instanceof Array)) {
            throw new ApplicationException("invalid roles definition for tag loginuser");
        }
        Array array = (Array) obj;
        String[] strArr = new String[array.size()];
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = Caster.toString(array.get(i + 1, ""));
        }
        return strArr;
    }

    @Override // lucee.runtime.converter.ScriptConvertable
    public String serialize() {
        return serialize(null);
    }

    @Override // lucee.runtime.converter.ScriptConvertable
    public String serialize(Set<Object> set) {
        return "createObject('java','lucee.runtime.security.Credential').init('" + this.username + "','" + this.password + "','" + ListUtil.arrayToList(this.roles, ",") + "')";
    }

    @Override // lucee.runtime.security.Credential
    public String encode() throws PageException {
        String arrayToList = ListUtil.arrayToList(this.roles, ",");
        if (arrayToList.length() > 100) {
            try {
                if (!this.rolesDir.exists()) {
                    this.rolesDir.mkdirs();
                }
                String digestAsString = MD5.getDigestAsString(arrayToList);
                IOUtil.write(this.rolesDir.getRealResource(digestAsString), arrayToList, CharsetUtil.UTF8, false);
                return encrypt(this.username + (char) 1 + this.password + "\u0001md5:" + digestAsString, this.privateKey, this.salt, this.iter, true);
            } catch (IOException e) {
            }
        }
        try {
            return encrypt(this.username + (char) 1 + this.password + (char) 1 + arrayToList, this.privateKey, this.salt, this.iter, true);
        } catch (Exception e2) {
            throw Caster.toPageException(e2);
        }
    }

    private static String encrypt(String str, String str2, byte[] bArr, int i, boolean z) throws PageException {
        if (StringUtil.isEmpty(str2, true)) {
            return Caster.toB64(str.getBytes(CharsetUtil.UTF8));
        }
        try {
            return Cryptor.encrypt(str, str2, ALGO, bArr, i, "Base64", "UTF-8", z);
        } catch (Exception e) {
            throw Caster.toPageException(e);
        }
    }

    private static String decrypt(Object obj, String str, byte[] bArr, int i, boolean z) throws PageException {
        if (StringUtil.isEmpty(str, true)) {
            try {
                return Base64Coder.decodeToString(Caster.toString(obj), "UTF-8", true);
            } catch (Exception e) {
                throw Caster.toPageException(e);
            }
        }
        try {
            return Cryptor.decrypt(Caster.toString(obj), str, ALGO, bArr, i, "Base64", "UTF-8", z);
        } catch (Exception e2) {
            throw Caster.toPageException(e2);
        }
    }

    public static Credential decode(Object obj, Resource resource, boolean z) {
        try {
            return decode(obj, resource, null, null, 0, z);
        } catch (Exception e) {
            return null;
        }
    }

    public static Credential decode(Object obj, Resource resource, String str, String str2, int i, boolean z) throws PageException {
        Array listToArray = ListUtil.listToArray(decrypt(obj, StringUtil.isEmpty(str, true) ? staticPrivateKey : str.trim(), StringUtil.isEmpty(str2, true) ? staticSalt : toSalt(str2), i < 1 ? staticIter : i, z), "\u0001");
        int size = listToArray.size();
        if (size != 3) {
            if (size == 2) {
                return new CredentialImpl(Caster.toString(listToArray.get(1, "")), Caster.toString(listToArray.get(2, "")), resource);
            }
            if (size == 1) {
                return new CredentialImpl(Caster.toString(listToArray.get(1, "")), resource);
            }
            return null;
        }
        String caster = Caster.toString(listToArray.get(3, ""));
        if (caster.startsWith("md5:")) {
            if (!resource.exists()) {
                resource.mkdirs();
            }
            try {
                caster = IOUtil.toString(resource.getRealResource(caster.substring(4)), CharsetUtil.UTF8);
            } catch (IOException e) {
                caster = "";
            }
        }
        return new CredentialImpl(Caster.toString(listToArray.get(1, "")), Caster.toString(listToArray.get(2, "")), caster, resource);
    }

    public String toString() {
        return "username:" + this.username + ";password:" + this.password + ";roles:" + this.roles;
    }

    static {
        String systemPropOrEnvVar = SystemUtil.getSystemPropOrEnvVar("lucee.loginstorage.salt", null);
        staticSalt = toSalt(StringUtil.isEmpty(systemPropOrEnvVar, true) ? "nkhuvghc" : systemPropOrEnvVar.trim());
        int intValue = Caster.toIntValue(SystemUtil.getSystemPropOrEnvVar("lucee.loginstorage.iterations", null), 0);
        if (intValue < 1) {
            intValue = 10;
        }
        staticIter = intValue;
        String systemPropOrEnvVar2 = SystemUtil.getSystemPropOrEnvVar("lucee.loginstorage.privatekey", null);
        if (StringUtil.isEmpty(systemPropOrEnvVar2, true)) {
            staticPrivateKey = null;
        } else {
            staticPrivateKey = systemPropOrEnvVar2.trim();
        }
    }
}
