package org.apache.chemistry.opencmis.server.impl.browser.token;

import java.net.URL;
import java.security.SecureRandom;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:org/apache/chemistry/opencmis/server/impl/browser/token/SimpleTokenHandlerSessionHelper.class */
public class SimpleTokenHandlerSessionHelper {
    public static final String ATTR_CMIS_USER = "cmis-token.user";
    public static final String ATTR_CMIS_AUTH_TIMESTAMP = "cmis-token.timestamp";
    public static final String ATTR_CMIS_TOKEN = "cmis-token.token";
    public static final String ATTR_CMIS_LOGIN_KEY = "cmis-token.token.loginkey";
    public static final String ATTR_CMIS_FORM_KEY = "cmis-token.formkey";
    public static final String ATTR_CMIS_APP_URL = "cmis-token.appurl";
    public static final String ATTR_CMIS_APP_KEY = "cmis-token.appkey";
    public static final String ATTR_SEPARATOR = "\n";
    public static final String PARAM_KEY = "key";
    public static final String PARAM_TOKEN = "token";
    public static final String PARAM_URL = "url";
    public static final String PARAM_USER = "user";
    public static final String PARAM_PASSWORD = "password";
    public static final String PARAM_TRUSTAPP = "trustapp";
    public static final int APP_ID_BYTES = 10;
    public static final int APP_ID_LENGTH = 20;
    public static final int KEY_BYTES = 20;
    public static final int KEY_LENGTH = 40;

    public static String getApplicationIdFromKey(String str) {
        if (str == null || str.length() != 60) {
            return null;
        }
        return str.substring(0, 20);
    }

    public static String getLoginKey(HttpServletRequest httpServletRequest, String str) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        return (String) session.getAttribute(ATTR_CMIS_LOGIN_KEY + str);
    }

    public static void setLoginKey(HttpServletRequest httpServletRequest, String str, String str2, URL url) {
        HttpSession session = httpServletRequest.getSession();
        String applicationIdFromKey = getApplicationIdFromKey(str);
        session.setAttribute(ATTR_CMIS_LOGIN_KEY + applicationIdFromKey, str);
        session.setAttribute(ATTR_CMIS_FORM_KEY + applicationIdFromKey, str2);
        session.setAttribute(ATTR_CMIS_APP_URL + applicationIdFromKey, url);
    }

    public static boolean checkLoginKey(HttpServletRequest httpServletRequest) {
        String key;
        String applicationIdFromKey;
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || (key = getKey(httpServletRequest)) == null || (applicationIdFromKey = getApplicationIdFromKey(key)) == null) {
            return false;
        }
        return key.equals(session.getAttribute(ATTR_CMIS_LOGIN_KEY + applicationIdFromKey));
    }

    public static void removeLoginKey(HttpServletRequest httpServletRequest, String str) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return;
        }
        session.removeAttribute(ATTR_CMIS_LOGIN_KEY + str);
    }

    public static boolean checkFormKey(HttpServletRequest httpServletRequest) {
        String key;
        String applicationIdFromKey;
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || (key = getKey(httpServletRequest)) == null || (applicationIdFromKey = getApplicationIdFromKey(key)) == null) {
            return false;
        }
        return key.equals(session.getAttribute(ATTR_CMIS_FORM_KEY + applicationIdFromKey));
    }

    public static void removeFormKey(HttpServletRequest httpServletRequest, String str) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return;
        }
        session.removeAttribute(ATTR_CMIS_FORM_KEY + str);
    }

    public static String getUser(HttpServletRequest httpServletRequest, String str) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        return (String) session.getAttribute(ATTR_CMIS_USER + str);
    }

    public static void setUser(HttpServletRequest httpServletRequest, String str, String str2) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return;
        }
        session.setAttribute(ATTR_CMIS_USER + str, str2);
        session.setAttribute(ATTR_CMIS_AUTH_TIMESTAMP + str, Long.valueOf(System.currentTimeMillis()));
    }

    public static String getApplicationKey(HttpServletRequest httpServletRequest, String str) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        return (String) session.getAttribute(ATTR_CMIS_APP_KEY + str);
    }

    public static void setApplicationKey(HttpServletRequest httpServletRequest, String str) {
        httpServletRequest.getSession().setAttribute(ATTR_CMIS_APP_KEY + getApplicationIdFromKey(str), str);
    }

    public static boolean checkApplicationKey(HttpServletRequest httpServletRequest) {
        String key;
        String applicationIdFromKey;
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || (key = getKey(httpServletRequest)) == null || (applicationIdFromKey = getApplicationIdFromKey(key)) == null) {
            return false;
        }
        return key.equals(session.getAttribute(ATTR_CMIS_APP_KEY + applicationIdFromKey));
    }

    public static void removeApplicationKey(HttpServletRequest httpServletRequest, String str) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return;
        }
        session.removeAttribute(ATTR_CMIS_APP_KEY + str);
        session.removeAttribute(ATTR_CMIS_APP_URL + str);
        session.removeAttribute(ATTR_CMIS_USER + str);
        session.removeAttribute(ATTR_CMIS_AUTH_TIMESTAMP + str);
    }

    public static URL getApplicationURL(HttpServletRequest httpServletRequest, String str) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        return (URL) session.getAttribute(ATTR_CMIS_APP_URL + str);
    }

    public static boolean testAndInvalidateToken(HttpServletRequest httpServletRequest) {
        String token;
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || (token = getToken(httpServletRequest)) == null) {
            return false;
        }
        String str = ATTR_CMIS_TOKEN + token;
        Long l = (Long) session.getAttribute(str);
        if (l == null) {
            return false;
        }
        session.removeAttribute(str);
        return System.currentTimeMillis() - l.longValue() < 28800000;
    }

    public static void addToken(HttpServletRequest httpServletRequest, String str) {
        httpServletRequest.getSession().setAttribute(ATTR_CMIS_TOKEN + str, Long.valueOf(System.currentTimeMillis()));
    }

    public static String getKey(HttpServletRequest httpServletRequest) {
        return normalizeKey(httpServletRequest.getParameter(PARAM_KEY));
    }

    public static String getToken(HttpServletRequest httpServletRequest) {
        return normalizeKey(httpServletRequest.getParameter(PARAM_TOKEN));
    }

    public static String normalizeKey(String str) {
        if (str == null) {
            return null;
        }
        String trim = str.trim();
        if (trim.length() == 60 && trim.matches("^[0-9a-f]+$")) {
            return trim;
        }
        return null;
    }

    public static String generateAppId() {
        byte[] bArr = new byte[10];
        new SecureRandom().nextBytes(bArr);
        StringBuilder sb = new StringBuilder(20);
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b & 255);
            if (hexString.length() < 2) {
                sb.append('0');
            }
            sb.append(hexString);
        }
        return sb.toString();
    }

    public static String generateKey(String str) {
        byte[] bArr = new byte[20];
        new SecureRandom().nextBytes(bArr);
        StringBuilder sb = new StringBuilder(str + 40);
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b & 255);
            if (hexString.length() < 2) {
                sb.append('0');
            }
            sb.append(hexString);
        }
        return sb.toString();
    }
}
