package com.atlassian.crowd.manager.token.factory;

import com.atlassian.crowd.exception.InvalidTokenException;
import com.atlassian.crowd.manager.proxy.TrustedProxyManager;
import com.atlassian.crowd.model.authentication.ValidationFactor;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/crowd/manager/token/factory/TokenKeyGeneratorImpl.class */
public class TokenKeyGeneratorImpl implements TokenKeyGenerator {
    private final Logger logger = Logger.getLogger(getClass());
    private final String algorithm;
    private final TrustedProxyManager trustedProxyManager;

    public TokenKeyGeneratorImpl(TrustedProxyManager trustedProxyManager, String str) {
        this.trustedProxyManager = trustedProxyManager;
        this.algorithm = str;
    }

    @Override // com.atlassian.crowd.manager.token.factory.TokenKeyGenerator
    public String generateKey(long j, String str, List<ValidationFactor> list) throws InvalidTokenException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Generating Token for principal: " + str);
        }
        try {
            return makeUrlSafe(base64Encode(MessageDigest.getInstance(this.algorithm).digest(constructMessage(j, str, list).getBytes()))).trim();
        } catch (NoSuchAlgorithmException e) {
            throw new InvalidTokenException(e);
        }
    }

    private String constructMessage(long j, String str, List<ValidationFactor> list) {
        StringBuffer stringBuffer = new StringBuffer();
        addValidationFactors(stringBuffer, list);
        stringBuffer.append(Long.toString(j));
        stringBuffer.append(StringUtils.lowerCase(str));
        return stringBuffer.toString();
    }

    private String base64Encode(byte[] bArr) {
        try {
            return new String(Base64.encodeBase64(bArr), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Could not encode token: this Java VM does not support UTF-8", e);
        }
    }

    private String makeUrlSafe(String str) {
        return str.replaceAll("\\+|/|=|\\*", "0");
    }

    private void addValidationFactors(StringBuffer stringBuffer, List<ValidationFactor> list) {
        String value;
        if (list != null) {
            ValidationFactor factor = getFactor(list, "remote_address");
            if (factor != null) {
                ValidationFactor factor2 = getFactor(list, "X-Forwarded-For");
                if (factor2 == null || !isTrustedProxy(factor.getValue())) {
                    if (this.logger.isDebugEnabled() && factor2 != null && !isTrustedProxy(factor.getValue())) {
                        this.logger.debug("The Proxy forwarding the Client remote address is not trusted. Please, check if requests coming from" + factor.getValue() + "are safe and if this address should be added to Crowd Trusted Proxy Servers list. See http://confluence.atlassian.com/x/U4ZsCQ");
                    }
                    value = factor.getValue();
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("Adding remote address of " + value);
                    }
                } else {
                    value = getLastXFF(factor2.getValue());
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("Adding X-Forwarded-For remote address of " + value);
                    }
                }
                stringBuffer.append(value);
            }
            addValidationFactor(stringBuffer, list, "remote_host");
            addValidationFactor(stringBuffer, list, "NAME");
            addValidationFactor(stringBuffer, list, "Random-Number");
        }
    }

    private ValidationFactor getFactor(List<ValidationFactor> list, String str) {
        for (ValidationFactor validationFactor : list) {
            if (str.equals(validationFactor.getName())) {
                return validationFactor;
            }
        }
        return null;
    }

    private boolean isTrustedProxy(String str) {
        return this.trustedProxyManager.isTrusted(str);
    }

    private String getLastXFF(String str) {
        int lastIndexOf = str.lastIndexOf(44);
        return (lastIndexOf == -1 || lastIndexOf >= str.length() - 2) ? str : str.substring(lastIndexOf + 1);
    }

    protected void addValidationFactor(StringBuffer stringBuffer, List<ValidationFactor> list, String str) {
        ValidationFactor factor = getFactor(list, str);
        if (factor != null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Adding " + str + " of " + factor);
            }
            stringBuffer.append(factor.getValue());
        }
    }
}
