package com.atlassian.bamboo.accesstoken;

import com.atlassian.security.password.DefaultPasswordEncoder;
import com.atlassian.security.password.PasswordEncoder;
import com.atlassian.security.random.DefaultSecureRandomService;
import com.atlassian.security.random.SecureRandomService;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import org.apache.commons.codec.binary.Base64;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/atlassian/bamboo/accesstoken/AccessTokenGenerator.class */
public class AccessTokenGenerator {
    private static final char DELIMITER = ':';
    private static final int ID_LENGTH = 12;
    private static final int SECRET_LENGTH = 20;
    private static final int TOKEN_LENGTH = 33;
    private final PasswordEncoder passwordEncoder = DefaultPasswordEncoder.getDefaultInstance();
    private final SecureRandomService secureRandomService = DefaultSecureRandomService.getInstance();

    public boolean authenticateToken(@NotNull String str, @NotNull String str2) {
        return this.passwordEncoder.isValidPassword(getSecret(str), str2);
    }

    @NotNull
    public String generateToken() {
        byte[] bArr = new byte[TOKEN_LENGTH];
        byte[] generateId = generateId();
        System.arraycopy(generateId, 0, bArr, 0, generateId.length);
        bArr[generateId.length] = DELIMITER;
        byte[] generateSecret = generateSecret();
        System.arraycopy(generateSecret, 0, bArr, generateId.length + 1, generateSecret.length);
        return Base64.encodeBase64String(bArr);
    }

    @NotNull
    public String getId(@NotNull String str) throws IllegalArgumentException {
        if (isValidToken(str)) {
            return new String(Arrays.copyOfRange(Base64.decodeBase64(str), 0, ID_LENGTH), StandardCharsets.UTF_8);
        }
        throw new IllegalArgumentException("The provided token is not a valid access token");
    }

    @NotNull
    public String hashToken(@NotNull String str) {
        if (!isValidToken(str)) {
            throw new IllegalArgumentException("The provided token is not a valid access token");
        }
        return this.passwordEncoder.encodePassword(getSecret(str));
    }

    public boolean isValidToken(@NotNull String str) {
        if (!Base64.isArrayByteBase64(str.getBytes(StandardCharsets.UTF_8))) {
            return false;
        }
        byte[] decodeBase64 = Base64.decodeBase64(str);
        return decodeBase64.length == TOKEN_LENGTH && decodeBase64[ID_LENGTH] == DELIMITER;
    }

    private byte[] generateId() {
        StringBuilder sb = new StringBuilder(ID_LENGTH);
        for (int i = 0; i < ID_LENGTH; i++) {
            sb.append(this.secureRandomService.nextInt(10));
        }
        return sb.toString().getBytes(StandardCharsets.UTF_8);
    }

    private byte[] generateSecret() {
        byte[] bArr = new byte[20];
        this.secureRandomService.nextBytes(bArr);
        return bArr;
    }

    private String getSecret(@NotNull String str) {
        byte[] decodeBase64 = Base64.decodeBase64(str);
        return Base64.encodeBase64String(Arrays.copyOfRange(decodeBase64, 13, decodeBase64.length));
    }
}
