package com.zimbra.cs.account;

import com.zimbra.common.auth.ZAuthToken;
import com.zimbra.common.localconfig.LC;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.Element;
import com.zimbra.common.util.BlobMetaData;
import com.zimbra.common.util.BlobMetaDataEncodingException;
import com.zimbra.common.util.Log;
import com.zimbra.common.util.LogFactory;
import com.zimbra.common.util.MapUtil;
import com.zimbra.common.util.ZimbraCookie;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.service.UserServlet;
import com.zimbra.cs.zclient.ZMailbox;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.httpclient.Cookie;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.HttpState;

/* loaded from: input_file:com/zimbra/cs/account/ZimbraAuthToken.class */
public class ZimbraAuthToken extends AuthToken implements Cloneable {
    private static final String C_ID = "id";
    private static final String C_AID = "aid";
    private static final String C_EXP = "exp";
    private static final String C_ADMIN = "admin";
    private static final String C_DOMAIN = "domain";
    private static final String C_DLGADMIN = "dlgadmin";
    private static final String C_TYPE = "type";
    private static final String C_TYPE_ZIMBRA_USER = "zimbra";
    private static final String C_TYPE_EXTERNAL_USER = "external";
    private static final String C_EXTERNAL_USER_EMAIL = "email";
    private static final String C_DIGEST = "digest";
    private static final String C_VALIDITY_VALUE = "vv";
    private static Map mCache = MapUtil.newLruMap(LC.zimbra_authtoken_cache_size.intValue());
    private static Log mLog = LogFactory.getLog(AuthToken.class);
    private String mAccountId;
    private String mAdminAccountId;
    private int mValidityValue;
    private long mExpires;
    private String mEncoded;
    private boolean mIsAdmin;
    private boolean mIsDomainAdmin;
    private boolean mIsDelegatedAdmin;
    private String mType;
    private String mExternalUserEmail;
    private String mDigest;
    private String mAccessKey;
    private String mProxyAuthToken;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/zimbra/cs/account/ZimbraAuthToken$ByteKey.class */
    public static class ByteKey implements SecretKey {
        private static final long serialVersionUID = -7237091299729195624L;
        private byte[] mKey;

        ByteKey(byte[] bArr) {
            this.mKey = (byte[]) bArr.clone();
        }

        @Override // java.security.Key
        public byte[] getEncoded() {
            return this.mKey;
        }

        @Override // java.security.Key
        public String getAlgorithm() {
            return "HmacSHA1";
        }

        @Override // java.security.Key
        public String getFormat() {
            return "RAW";
        }
    }

    @Override // com.zimbra.cs.account.AuthToken
    public String toString() {
        return "AuthToken(acct=" + this.mAccountId + " admin=" + this.mAdminAccountId + " exp=" + this.mExpires + " isAdm=" + this.mIsAdmin + " isDomAd=" + this.mIsDomainAdmin + " isDlgAd=" + this.mIsDelegatedAdmin + ")";
    }

    protected static AuthTokenKey getCurrentKey() throws AuthTokenException {
        try {
            return AuthTokenKey.getCurrentKey();
        } catch (ServiceException e) {
            mLog.fatal("unable to get latest AuthTokenKey", e);
            throw new AuthTokenException("unable to get AuthTokenKey", e);
        }
    }

    public static synchronized AuthToken getAuthToken(String str) throws AuthTokenException {
        ZimbraAuthToken zimbraAuthToken = (ZimbraAuthToken) mCache.get(str);
        if (zimbraAuthToken == null) {
            zimbraAuthToken = new ZimbraAuthToken(str);
            if (!zimbraAuthToken.isExpired()) {
                mCache.put(str, zimbraAuthToken);
            }
        } else if (zimbraAuthToken.isExpired()) {
            mCache.remove(str);
        }
        return zimbraAuthToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ZimbraAuthToken() {
        this.mValidityValue = -1;
    }

    public static Map getInfo(String str) throws AuthTokenException {
        String[] split = str.split("_");
        if (split.length != 3) {
            throw new AuthTokenException("invalid authtoken format");
        }
        return getAttrs(split[2]);
    }

    private static Map getAttrs(String str) throws AuthTokenException {
        try {
            return BlobMetaData.decode(new String(Hex.decodeHex(str.toCharArray())));
        } catch (DecoderException e) {
            throw new AuthTokenException("decoding exception", e);
        } catch (BlobMetaDataEncodingException e2) {
            throw new AuthTokenException("blob decoding exception", e2);
        }
    }

    protected ZimbraAuthToken(String str) throws AuthTokenException {
        this.mValidityValue = -1;
        try {
            this.mEncoded = str;
            int indexOf = str.indexOf(95);
            if (indexOf == -1) {
                throw new AuthTokenException("invalid authtoken format");
            }
            String substring = str.substring(0, indexOf);
            int indexOf2 = str.indexOf(95, indexOf + 1);
            if (indexOf2 == -1) {
                throw new AuthTokenException("invalid authtoken format");
            }
            String substring2 = str.substring(indexOf + 1, indexOf2);
            String substring3 = str.substring(indexOf2 + 1);
            AuthTokenKey version = AuthTokenKey.getVersion(substring);
            if (version == null) {
                throw new AuthTokenException("unknown key version");
            }
            if (!getHmac(substring3, version.getKey()).equals(substring2)) {
                throw new AuthTokenException("hmac failure");
            }
            Map attrs = getAttrs(substring3);
            this.mAccountId = (String) attrs.get("id");
            this.mAdminAccountId = (String) attrs.get(C_AID);
            this.mExpires = Long.parseLong((String) attrs.get(C_EXP));
            this.mIsAdmin = "1".equals((String) attrs.get("admin"));
            this.mIsDomainAdmin = "1".equals((String) attrs.get(C_DOMAIN));
            this.mIsDelegatedAdmin = "1".equals((String) attrs.get(C_DLGADMIN));
            this.mType = (String) attrs.get("type");
            this.mExternalUserEmail = (String) attrs.get("email");
            this.mDigest = (String) attrs.get(C_DIGEST);
            String str2 = (String) attrs.get(C_VALIDITY_VALUE);
            if (str2 != null) {
                try {
                    this.mValidityValue = Integer.parseInt(str2);
                } catch (NumberFormatException e) {
                    this.mValidityValue = -1;
                }
            } else {
                this.mValidityValue = -1;
            }
        } catch (ServiceException e2) {
            throw new AuthTokenException("service exception", e2);
        }
    }

    public ZimbraAuthToken(Account account) {
        this(account, false);
    }

    public ZimbraAuthToken(Account account, boolean z) {
        this(account, 0L, z, null);
        this.mExpires = System.currentTimeMillis() + ((this.mIsAdmin || this.mIsDomainAdmin || this.mIsDelegatedAdmin) ? account.getTimeInterval(ZAttrProvisioning.A_zimbraAdminAuthTokenLifetime, 43200000L) : account.getTimeInterval(ZAttrProvisioning.A_zimbraAuthTokenLifetime, 43200000L));
    }

    public ZimbraAuthToken(Account account, long j) {
        this(account, j, false, null);
    }

    public ZimbraAuthToken(Account account, long j, boolean z, Account account2) {
        this.mValidityValue = -1;
        this.mAccountId = account.getId();
        this.mAdminAccountId = account2 != null ? account2.getId() : null;
        this.mValidityValue = account.getAuthTokenValidityValue();
        this.mExpires = j;
        this.mIsAdmin = z && "TRUE".equals(account.getAttr(ZAttrProvisioning.A_zimbraIsAdminAccount));
        this.mIsDomainAdmin = z && "TRUE".equals(account.getAttr(ZAttrProvisioning.A_zimbraIsDomainAdminAccount));
        this.mIsDelegatedAdmin = z && "TRUE".equals(account.getAttr(ZAttrProvisioning.A_zimbraIsDelegatedAdminAccount));
        this.mEncoded = null;
        if (!(account instanceof GuestAccount)) {
            this.mType = "zimbra";
            return;
        }
        this.mType = C_TYPE_EXTERNAL_USER;
        GuestAccount guestAccount = (GuestAccount) account;
        this.mDigest = guestAccount.getDigest();
        this.mAccessKey = guestAccount.getAccessKey();
        this.mExternalUserEmail = guestAccount.getName();
    }

    public ZimbraAuthToken(String str, String str2, String str3, String str4, long j) {
        this.mValidityValue = -1;
        this.mAccountId = str;
        this.mExpires = j;
        this.mExternalUserEmail = str2 == null ? "public" : str2;
        if (str4 != null) {
            this.mDigest = str4;
        } else {
            this.mDigest = generateDigest(str2, str3);
        }
        this.mType = C_TYPE_EXTERNAL_USER;
    }

    @Override // com.zimbra.cs.account.AuthToken
    public String getAccountId() {
        return this.mAccountId;
    }

    @Override // com.zimbra.cs.account.AuthToken
    public String getAdminAccountId() {
        return this.mAdminAccountId;
    }

    @Override // com.zimbra.cs.account.AuthToken
    public long getExpires() {
        return this.mExpires;
    }

    @Override // com.zimbra.cs.account.AuthToken
    public int getValidityValue() {
        return this.mValidityValue;
    }

    @Override // com.zimbra.cs.account.AuthToken
    public boolean isExpired() {
        return System.currentTimeMillis() > this.mExpires;
    }

    @Override // com.zimbra.cs.account.AuthToken
    public boolean isAdmin() {
        return this.mIsAdmin;
    }

    @Override // com.zimbra.cs.account.AuthToken
    public boolean isDomainAdmin() {
        return this.mIsDomainAdmin;
    }

    @Override // com.zimbra.cs.account.AuthToken
    public boolean isDelegatedAdmin() {
        return this.mIsDelegatedAdmin;
    }

    @Override // com.zimbra.cs.account.AuthToken
    public boolean isZimbraUser() {
        return this.mType == null || this.mType.compareTo("zimbra") == 0;
    }

    @Override // com.zimbra.cs.account.AuthToken
    public String getExternalUserEmail() {
        return this.mExternalUserEmail;
    }

    @Override // com.zimbra.cs.account.AuthToken
    public String getDigest() {
        return this.mDigest;
    }

    @Override // com.zimbra.cs.account.AuthToken
    public String getAccessKey() {
        return this.mAccessKey;
    }

    @Override // com.zimbra.cs.account.AuthToken
    public String getEncoded() throws AuthTokenException {
        if (this.mEncoded == null) {
            StringBuffer stringBuffer = new StringBuffer(64);
            BlobMetaData.encodeMetaData("id", this.mAccountId, stringBuffer);
            BlobMetaData.encodeMetaData(C_EXP, Long.toString(this.mExpires), stringBuffer);
            if (this.mAdminAccountId != null) {
                BlobMetaData.encodeMetaData(C_AID, this.mAdminAccountId, stringBuffer);
            }
            if (this.mIsAdmin) {
                BlobMetaData.encodeMetaData("admin", "1", stringBuffer);
            }
            if (this.mIsDomainAdmin) {
                BlobMetaData.encodeMetaData(C_DOMAIN, "1", stringBuffer);
            }
            if (this.mIsDelegatedAdmin) {
                BlobMetaData.encodeMetaData(C_DLGADMIN, "1", stringBuffer);
            }
            if (this.mValidityValue != -1) {
                BlobMetaData.encodeMetaData(C_VALIDITY_VALUE, this.mValidityValue, stringBuffer);
            }
            BlobMetaData.encodeMetaData("type", this.mType, stringBuffer);
            BlobMetaData.encodeMetaData("email", this.mExternalUserEmail, stringBuffer);
            BlobMetaData.encodeMetaData(C_DIGEST, this.mDigest, stringBuffer);
            String str = new String(Hex.encodeHex(stringBuffer.toString().getBytes()));
            AuthTokenKey currentKey = getCurrentKey();
            this.mEncoded = currentKey.getVersion() + "_" + getHmac(str, currentKey.getKey()) + "_" + str;
        }
        return this.mEncoded;
    }

    private String getHmac(String str, byte[] bArr) {
        try {
            ByteKey byteKey = new ByteKey(bArr);
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(byteKey);
            return new String(Hex.encodeHex(mac.doFinal(str.getBytes())));
        } catch (InvalidKeyException e) {
            throw new RuntimeException("fatal error", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("fatal error", e2);
        }
    }

    @Override // com.zimbra.cs.account.AuthToken
    public String getCrumb() throws AuthTokenException {
        String encoded = getEncoded();
        try {
            ByteKey byteKey = new ByteKey(getCurrentKey().getKey());
            Mac mac = Mac.getInstance("HmacMD5");
            mac.init(byteKey);
            return new String(Hex.encodeHex(mac.doFinal(encoded.getBytes())));
        } catch (InvalidKeyException e) {
            throw new RuntimeException("fatal error", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("fatal error", e2);
        }
    }

    private String getOrigAuthData() throws ServiceException {
        try {
            String encoded = getEncoded();
            if (encoded == null) {
                throw ServiceException.FAILURE("unable to get encoded auth token", (Throwable) null);
            }
            return encoded;
        } catch (AuthTokenException e) {
            throw ServiceException.FAILURE("unable to get encoded auth token", e);
        }
    }

    @Override // com.zimbra.cs.account.AuthToken
    public void encode(HttpClient httpClient, HttpMethod httpMethod, boolean z, String str) throws ServiceException {
        String origAuthData = getOrigAuthData();
        HttpState httpState = new HttpState();
        httpClient.setState(httpState);
        httpState.addCookie(new Cookie(str, ZimbraCookie.authTokenCookieName(z), origAuthData, ZMailbox.PATH_SEPARATOR, (Date) null, false));
        httpClient.getParams().setCookiePolicy("compatibility");
    }

    @Override // com.zimbra.cs.account.AuthToken
    public void encode(HttpState httpState, boolean z, String str) throws ServiceException {
        httpState.addCookie(new Cookie(str, ZimbraCookie.authTokenCookieName(z), getOrigAuthData(), ZMailbox.PATH_SEPARATOR, (Date) null, false));
    }

    @Override // com.zimbra.cs.account.AuthToken
    public void encode(HttpServletResponse httpServletResponse, boolean z, boolean z2) throws ServiceException {
        ZimbraCookie.addHttpOnlyCookie(httpServletResponse, ZimbraCookie.authTokenCookieName(z), getOrigAuthData(), ZimbraCookie.PATH_ROOT, (Integer) null, z2);
    }

    @Override // com.zimbra.cs.account.AuthToken
    public void encodeAuthResp(Element element, boolean z) throws ServiceException {
        if (z) {
            element.addElement(UserServlet.QP_AUTHTOKEN).setText(getOrigAuthData());
        } else {
            element.addElement(UserServlet.QP_AUTHTOKEN).setText(getOrigAuthData());
        }
    }

    @Override // com.zimbra.cs.account.AuthToken
    public ZAuthToken toZAuthToken() throws ServiceException {
        return new ZAuthToken(getOrigAuthData(), this.mProxyAuthToken);
    }

    @Override // com.zimbra.cs.account.AuthToken
    public void setProxyAuthToken(String str) {
        this.mProxyAuthToken = str;
    }

    @Override // com.zimbra.cs.account.AuthToken
    public String getProxyAuthToken() {
        return this.mProxyAuthToken;
    }

    @Override // com.zimbra.cs.account.AuthToken
    public void resetProxyAuthToken() {
        this.mProxyAuthToken = null;
    }

    public Object clone() throws CloneNotSupportedException {
        return super.clone();
    }

    public static void main(String[] strArr) throws ServiceException, AuthTokenException {
        ZimbraAuthToken zimbraAuthToken = new ZimbraAuthToken(Provisioning.getInstance().get(Provisioning.AccountBy.name, "user1@example.zimbra.com"));
        long currentTimeMillis = System.currentTimeMillis();
        String encoded = zimbraAuthToken.getEncoded();
        for (int i = 0; i < 1000; i++) {
            new ZimbraAuthToken(encoded);
        }
        System.out.println(System.currentTimeMillis() - currentTimeMillis);
        long currentTimeMillis2 = System.currentTimeMillis();
        for (int i2 = 0; i2 < 1000; i2++) {
            getAuthToken(encoded);
        }
        System.out.println(System.currentTimeMillis() - currentTimeMillis2);
    }
}
