package com.caucho.cloud.security;

import com.caucho.config.AdminLiteral;
import com.caucho.config.inject.InjectManager;
import com.caucho.env.service.AbstractResinService;
import com.caucho.env.service.ResinSystem;
import com.caucho.security.Authenticator;
import com.caucho.security.DigestCredentials;
import com.caucho.util.Base64;
import com.caucho.util.L10N;
import java.security.MessageDigest;
import java.util.Set;
import javax.enterprise.inject.spi.Bean;

/* loaded from: input_file:com/caucho/cloud/security/SecurityService.class */
public class SecurityService extends AbstractResinService {
    public static final int START_PRIORITY = 30;
    private static final L10N L = new L10N(SecurityService.class);
    private String _signatureSecret;
    private Authenticator _authenticator;

    public static SecurityService create() {
        SecurityService securityService;
        ResinSystem current = ResinSystem.getCurrent();
        if (current == null) {
            throw new IllegalStateException(L.l("ResinSystem is not active in {0}", Thread.currentThread().getContextClassLoader()));
        }
        synchronized (current) {
            SecurityService securityService2 = (SecurityService) current.getService(SecurityService.class);
            if (securityService2 == null) {
                securityService2 = new SecurityService();
                current.addService(securityService2);
            }
            securityService = securityService2;
        }
        return securityService;
    }

    public static SecurityService getCurrent() {
        return (SecurityService) ResinSystem.getCurrentService(SecurityService.class);
    }

    public void setSignatureSecret(String str) {
        this._signatureSecret = str;
    }

    public boolean isSystemAuthKey() {
        return this._signatureSecret != null;
    }

    public void setAuthenticator(Authenticator authenticator) {
        this._authenticator = authenticator;
    }

    public Authenticator getAuthenticator() {
        return this._authenticator;
    }

    public String signSystem(String str, String str2) {
        try {
            String str3 = this._signatureSecret;
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            if (str != null) {
                messageDigest.update(str.getBytes("UTF-8"));
            }
            messageDigest.update(str2.getBytes("UTF-8"));
            if (str3 != null) {
                messageDigest.update(str3.getBytes("UTF-8"));
            }
            return Base64.encode(messageDigest.digest());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public String sign(String str, String str2, String str3) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            if (str != null) {
                messageDigest.update(str.getBytes("UTF-8"));
            }
            messageDigest.update(str2.getBytes("UTF-8"));
            if (str3 != null) {
                messageDigest.update(str3.getBytes("UTF-8"));
            }
            return Base64.encode(messageDigest.digest());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public byte[] sign(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            if (this._signatureSecret != null) {
                messageDigest.update(this._signatureSecret.getBytes("UTF-8"));
            }
            return messageDigest.digest();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public DigestCredentials createCredentials(String str, String str2, String str3) {
        DigestCredentials digestCredentials = new DigestCredentials(str, str3, createDigest(str, str2, str3));
        digestCredentials.setRealm("resin");
        return digestCredentials;
    }

    public byte[] createDigest(String str, String str2, String str3) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            if (str != null) {
                messageDigest.update(str.getBytes("UTF-8"));
            }
            messageDigest.update((byte) 58);
            messageDigest.update("resin".getBytes("UTF-8"));
            messageDigest.update((byte) 58);
            if (str2 != null) {
                messageDigest.update(str2.getBytes("UTF-8"));
            }
            byte[] digest = messageDigest.digest();
            messageDigest.reset();
            updateHex(messageDigest, digest);
            messageDigest.update((byte) 58);
            messageDigest.update(str3.getBytes("UTF-8"));
            return messageDigest.digest();
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private void updateHex(MessageDigest messageDigest, byte[] bArr) {
        for (int i = 0; i < bArr.length; i++) {
            updateHex(messageDigest, bArr[i] >> 4);
            updateHex(messageDigest, bArr[i]);
        }
    }

    private void updateHex(MessageDigest messageDigest, int i) {
        int i2 = i & 15;
        if (i2 < 10) {
            messageDigest.update((byte) (i2 + 48));
        } else {
            messageDigest.update((byte) ((i2 - 10) + 97));
        }
    }

    @Override // com.caucho.env.service.AbstractResinService, com.caucho.env.service.ResinService
    public int getStartPriority() {
        return 30;
    }

    @Override // com.caucho.env.service.AbstractResinService, com.caucho.env.service.ResinService
    public void start() {
        Bean<Authenticator> findAuthenticator;
        InjectManager current = InjectManager.getCurrent();
        if (this._authenticator != null || (findAuthenticator = findAuthenticator(current)) == null) {
            return;
        }
        this._authenticator = (Authenticator) current.getReference(findAuthenticator, Authenticator.class, current.createCreationalContext(findAuthenticator));
    }

    private Bean<Authenticator> findAuthenticator(InjectManager injectManager) {
        Set<Bean<?>> beans = injectManager.getBeans(Authenticator.class, new AdminLiteral());
        if (beans.size() > 0) {
            return injectManager.resolve(beans);
        }
        return null;
    }
}
