package com.nuxeo.edgecache.service;

import com.google.gson.Gson;
import com.nuxeo.edgecache.model.EdgeServerConfiguration;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Field;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.net.util.SubnetUtils;
import org.apache.xerces.impl.dv.util.Base64;
import org.nuxeo.connect.identity.LogicalInstanceIdentifier;
import org.nuxeo.ecm.core.api.Blob;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.DocumentModelList;
import org.nuxeo.ecm.core.api.NuxeoException;
import org.nuxeo.ecm.core.blob.BlobManager;
import org.nuxeo.ecm.core.blob.ManagedBlob;
import org.nuxeo.ecm.directory.Session;
import org.nuxeo.ecm.directory.api.DirectoryService;
import org.nuxeo.runtime.api.Framework;
import org.nuxeo.runtime.model.DefaultComponent;

/* loaded from: input_file:com/nuxeo/edgecache/service/EdgeCacheServiceImpl.class */
public class EdgeCacheServiceImpl extends DefaultComponent implements EdgeCacheService {
    private static final long serialVersionUID = 14861634984034462L;
    private static final Log log = LogFactory.getLog(EdgeCacheServiceImpl.class);
    public static final String DIRECTORY_NAME = "edgeCacheTokens";
    private static final String AES = "AES";
    protected static final String AES_CBC_PKCS5_PADDING = "AES/CBC/PKCS5Padding";
    protected long expirationInterval = 3600000;

    public EdgeCacheServiceImpl() {
        setUnlimitedJCEPolicy();
    }

    protected static void setUnlimitedJCEPolicy() {
        try {
            Field declaredField = Class.forName("javax.crypto.JceSecurity").getDeclaredField("isRestricted");
            declaredField.setAccessible(true);
            if (Boolean.TRUE.equals(declaredField.get(null))) {
                log.info("Setting JCE Unlimited Strength");
                declaredField.set(null, Boolean.FALSE);
            }
        } catch (IllegalArgumentException | ReflectiveOperationException | SecurityException e) {
            log.debug("Cannot check/set JCE Unlimited Strength", e);
        }
    }

    @Override // com.nuxeo.edgecache.service.EdgeCacheService
    public EdgeServerConfiguration pingServer(String str) {
        updateServer(str, null, null, null);
        return EdgeServerConfiguration.getSingleton();
    }

    @Override // com.nuxeo.edgecache.service.EdgeCacheService
    public void updateServer(String str, String str2, String str3, Integer num) {
        EdgeCacheServer token = getToken(str, EdgeCacheServer.TOKEN_FIELD);
        if (token == null) {
            return;
        }
        if (str3 != null) {
            token.setUrl(str3);
        }
        if (str2 != null) {
            if (!validateRanges(str2)) {
                throw new IllegalArgumentException(EdgeCacheServer.IPRANGE_FIELD);
            }
            token.setIpRanges(str2);
        }
        if (num != null) {
            token.setTTL(num);
        }
        token.ping();
        Framework.doPrivileged(() -> {
            Session open = ((DirectoryService) Framework.getService(DirectoryService.class)).open(DIRECTORY_NAME);
            Throwable th = null;
            try {
                try {
                    token.save(open);
                    if (open != null) {
                        if (0 == 0) {
                            open.close();
                            return;
                        }
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (open != null) {
                    if (th != null) {
                        try {
                            open.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        open.close();
                    }
                }
                throw th4;
            }
        });
    }

    @Override // com.nuxeo.edgecache.service.EdgeCacheService
    public EdgeCacheServer registerServer(String str, String str2, String str3, Integer num) {
        EdgeCacheServer token = getToken(str, EdgeCacheServer.DEVICE_ID_FIELD);
        if (token != null) {
            return token;
        }
        if (validateRanges(str2)) {
            return (EdgeCacheServer) Framework.doPrivileged(() -> {
                Session open = ((DirectoryService) Framework.getService(DirectoryService.class)).open(DIRECTORY_NAME);
                Throwable th = null;
                try {
                    try {
                        EdgeCacheServer edgeCacheServer = new EdgeCacheServer(str, str3, str2, num, open);
                        log.debug(String.format("Generated unique token for a Edge Cache (url, ipRanges, deviceId) triplet: ('%s', '%s', '%s'), returning it.", str3, str2, str));
                        if (open != null) {
                            if (0 != 0) {
                                try {
                                    open.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                open.close();
                            }
                        }
                        return edgeCacheServer;
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (open != null) {
                        if (th != null) {
                            try {
                                open.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            open.close();
                        }
                    }
                    throw th3;
                }
            });
        }
        throw new IllegalArgumentException("IP Ranges is invalid");
    }

    public boolean validateRanges(String str) {
        Boolean bool = true;
        Pattern compile = Pattern.compile("(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})(\\/(\\d{1,2}))?");
        for (String str2 : str.split(";")) {
            Matcher matcher = compile.matcher(str2.trim());
            if (!matcher.matches() || matcher.group(0).length() != str2.trim().length()) {
                bool = false;
                break;
            }
            for (int i = 1; i < 5; i++) {
                bool = Boolean.valueOf(bool.booleanValue() & (Integer.valueOf(matcher.group(i)).intValue() < 256));
            }
            if (matcher.group(6) != null) {
                bool = Boolean.valueOf(bool.booleanValue() & (Integer.valueOf(matcher.group(6)).intValue() < 33));
            }
        }
        return bool.booleanValue();
    }

    @Override // com.nuxeo.edgecache.service.EdgeCacheService
    public EdgeCacheServer getServer(String str) {
        return getToken(str, EdgeCacheServer.TOKEN_FIELD);
    }

    public EdgeCacheServer getToken(String str, String str2) {
        return (EdgeCacheServer) Framework.doPrivileged(() -> {
            Session open = ((DirectoryService) Framework.getService(DirectoryService.class)).open(DIRECTORY_NAME);
            Throwable th = null;
            try {
                HashMap hashMap = new HashMap();
                hashMap.put(str2, str);
                DocumentModelList query = open.query(hashMap);
                if (query.isEmpty()) {
                    log.debug(String.format("No Edge Cache registration found for tokenId: '%s', returning null.", str));
                    if (open != null) {
                        if (0 != 0) {
                            try {
                                open.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            open.close();
                        }
                    }
                    return null;
                }
                if (query.size() > 1) {
                    throw new NuxeoException(String.format("Found multiple tokens for the tokenId '%s', this is inconsistent.", str));
                }
                EdgeCacheServer edgeCacheServer = new EdgeCacheServer((DocumentModel) query.get(0));
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        open.close();
                    }
                }
                return edgeCacheServer;
            } catch (Throwable th4) {
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        open.close();
                    }
                }
                throw th4;
            }
        });
    }

    @Override // com.nuxeo.edgecache.service.EdgeCacheService
    public void unregisterServer(String str) {
        Framework.doPrivileged(() -> {
            Session open = ((DirectoryService) Framework.getService(DirectoryService.class)).open(DIRECTORY_NAME);
            Throwable th = null;
            try {
                open.deleteEntry(str);
                log.info(String.format("Unregister Edge Cache: '%s' from the back-end.", str));
                if (open != null) {
                    if (0 == 0) {
                        open.close();
                        return;
                    }
                    try {
                        open.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        open.close();
                    }
                }
                throw th3;
            }
        });
    }

    protected Integer inRange(String str, String str2) {
        String str3 = "32";
        if (str.contains("/")) {
            str3 = str.split("/")[1];
            str = str.split("/")[0];
        } else if (str2.equals(str)) {
            return 32;
        }
        if (new SubnetUtils(str + "/" + str3).getInfo().isInRange(str2)) {
            return Integer.valueOf(str3);
        }
        return 0;
    }

    protected Integer inRanges(String str, String str2) {
        Integer num = 0;
        for (String str3 : str.split(";")) {
            Integer inRange = inRange(str3, str2);
            if (inRange.intValue() > num.intValue()) {
                num = inRange;
            }
        }
        return num;
    }

    @Override // com.nuxeo.edgecache.service.EdgeCacheService
    public EdgeCacheServer getEdgeCacheServerForIpV4(String str) {
        EdgeCacheServer edgeCacheServer = null;
        Integer num = 0;
        for (EdgeCacheServer edgeCacheServer2 : getEdgeCacheServers()) {
            if (edgeCacheServer2.alive()) {
                Integer inRanges = inRanges(edgeCacheServer2.getIpRanges(), str);
                if (inRanges.intValue() > num.intValue()) {
                    num = inRanges;
                    edgeCacheServer = edgeCacheServer2;
                }
            }
        }
        return edgeCacheServer;
    }

    @Override // com.nuxeo.edgecache.service.EdgeCacheService
    public List<EdgeCacheServer> getEdgeCacheServers() {
        return (List) Framework.doPrivileged(() -> {
            Session open = ((DirectoryService) Framework.getService(DirectoryService.class)).open(DIRECTORY_NAME);
            Throwable th = null;
            try {
                HashMap hashMap = new HashMap();
                HashMap hashMap2 = new HashMap();
                hashMap2.put(EdgeCacheServer.CREATION_DATE_FIELD, "desc");
                LinkedList linkedList = new LinkedList();
                Iterator it = open.query(hashMap, Collections.emptySet(), hashMap2).iterator();
                while (it.hasNext()) {
                    linkedList.add(new EdgeCacheServer((DocumentModel) it.next()));
                }
                return linkedList;
            } finally {
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
            }
        });
    }

    @Override // com.nuxeo.edgecache.service.EdgeCacheService
    public byte[] getBinaryKey(String str) {
        try {
            return DigestUtils.sha256(LogicalInstanceIdentifier.instance().getCLID2() + str);
        } catch (LogicalInstanceIdentifier.NoCLID e) {
            log.error("EdgeCache Service requires a registered instance of Nuxeo");
            throw new NuxeoException(e);
        }
    }

    @Override // com.nuxeo.edgecache.service.EdgeCacheService
    public String getDownloadToken(EdgeCacheServer edgeCacheServer, Blob blob) {
        return getDownloadToken(edgeCacheServer, blob, BlobManager.UsageHint.DOWNLOAD);
    }

    @Override // com.nuxeo.edgecache.service.EdgeCacheService
    public String getDownloadToken(EdgeCacheServer edgeCacheServer, Blob blob, BlobManager.UsageHint usageHint) {
        if (!(blob instanceof ManagedBlob) || edgeCacheServer == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("binaryKey", Base64.encode(getBinaryKey(blob.getDigest())));
        hashMap.put("digest", blob.getDigest());
        hashMap.put("providerId", ((ManagedBlob) blob).getProviderId());
        hashMap.put("mimetype", blob.getMimeType());
        hashMap.put("filename", blob.getFilename());
        hashMap.put("expire", String.valueOf(new Date().getTime() + this.expirationInterval));
        hashMap.put("usage", usageHint.name());
        return encryptString(getTokenKey(edgeCacheServer, blob.getDigest()), new Gson().toJson(hashMap));
    }

    @Override // com.nuxeo.edgecache.service.EdgeCacheService
    public byte[] getTokenKey(EdgeCacheServer edgeCacheServer, String str) {
        return DigestUtils.sha256(edgeCacheServer.getDeviceId() + str);
    }

    private SecretKeySpec getKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return new SecretKeySpec(bArr, AES);
    }

    @Override // com.nuxeo.edgecache.service.EdgeCacheService
    public String decryptString(byte[] bArr, String str) {
        try {
            Cipher cipher = Cipher.getInstance(AES);
            cipher.init(2, getKey(bArr));
            return new String(cipher.doFinal(Base64.decode(str)), "UTF-8");
        } catch (UnsupportedEncodingException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new NuxeoException(e);
        }
    }

    @Override // com.nuxeo.edgecache.service.EdgeCacheService
    public String encryptString(byte[] bArr, String str) {
        try {
            Cipher cipher = Cipher.getInstance(AES);
            cipher.init(1, getKey(bArr));
            return Base64.encode(cipher.doFinal(str.getBytes("UTF-8")));
        } catch (UnsupportedEncodingException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new NuxeoException(e);
        }
    }

    @Override // com.nuxeo.edgecache.service.EdgeCacheService
    public OutputStream encryptStream(byte[] bArr, OutputStream outputStream) {
        try {
            DataOutputStream dataOutputStream = new DataOutputStream(outputStream);
            Cipher cipher = Cipher.getInstance(AES_CBC_PKCS5_PADDING);
            cipher.init(1, getKey(bArr));
            byte[] iv = cipher.getIV();
            dataOutputStream.writeInt(iv.length);
            dataOutputStream.write(iv);
            return new CipherOutputStream(outputStream, cipher);
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | NoSuchPaddingException e) {
            throw new NuxeoException(e);
        }
    }

    @Override // com.nuxeo.edgecache.service.EdgeCacheService
    public void decryptStream(byte[] bArr, InputStream inputStream, OutputStream outputStream) {
        try {
            DataInputStream dataInputStream = new DataInputStream(inputStream);
            int readInt = dataInputStream.readInt();
            if (readInt <= 0) {
                throw new NuxeoException("Invalid IV length: " + readInt);
            }
            byte[] bArr2 = new byte[readInt];
            dataInputStream.read(bArr2, 0, readInt);
            Cipher cipher = Cipher.getInstance(AES_CBC_PKCS5_PADDING);
            cipher.init(2, getKey(bArr), new IvParameterSpec(bArr2));
            try {
                CipherInputStream cipherInputStream = new CipherInputStream(inputStream, cipher);
                Throwable th = null;
                try {
                    try {
                        IOUtils.copy(cipherInputStream, outputStream);
                        if (cipherInputStream != null) {
                            if (0 != 0) {
                                try {
                                    cipherInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                cipherInputStream.close();
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (cipherInputStream != null) {
                        if (th != null) {
                            try {
                                cipherInputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            cipherInputStream.close();
                        }
                    }
                    throw th3;
                }
            } catch (IOException e) {
                Throwable cause = e.getCause();
                if (cause != null && (cause instanceof BadPaddingException)) {
                    throw new NuxeoException(cause.getMessage(), e);
                }
            }
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | NoSuchPaddingException e2) {
            throw new NuxeoException(e2);
        }
    }
}
