package com.digitalpetri.opcua.sdk.server.identity;

import com.digitalpetri.opcua.sdk.server.Session;
import com.digitalpetri.opcua.stack.core.UaException;
import com.digitalpetri.opcua.stack.core.channel.SecureChannel;
import com.digitalpetri.opcua.stack.core.security.SecurityAlgorithm;
import com.digitalpetri.opcua.stack.core.security.SecurityPolicy;
import com.digitalpetri.opcua.stack.core.types.builtin.ByteString;
import com.digitalpetri.opcua.stack.core.types.structured.AnonymousIdentityToken;
import com.digitalpetri.opcua.stack.core.types.structured.UserNameIdentityToken;
import com.digitalpetri.opcua.stack.core.types.structured.UserTokenPolicy;
import java.util.Arrays;
import java.util.function.Predicate;

/* loaded from: input_file:com/digitalpetri/opcua/sdk/server/identity/UsernameIdentityValidator.class */
public class UsernameIdentityValidator extends IdentityValidator {
    private static final Object ANON_IDENTITY_OBJECT = new Object();
    private final boolean allowAnonymous;
    private final Predicate<AuthenticationChallenge> predicate;

    /* loaded from: input_file:com/digitalpetri/opcua/sdk/server/identity/UsernameIdentityValidator$AuthenticationChallenge.class */
    public static final class AuthenticationChallenge {
        private final String username;
        private final String password;

        public AuthenticationChallenge(String str, String str2) {
            this.username = str;
            this.password = str2;
        }

        public String getUsername() {
            return this.username;
        }

        public String getPassword() {
            return this.password;
        }
    }

    public UsernameIdentityValidator(boolean z, Predicate<AuthenticationChallenge> predicate) {
        this.allowAnonymous = z;
        this.predicate = predicate;
    }

    @Override // com.digitalpetri.opcua.sdk.server.identity.IdentityValidator
    public Object validateAnonymousToken(AnonymousIdentityToken anonymousIdentityToken, UserTokenPolicy userTokenPolicy, SecureChannel secureChannel, Session session) throws UaException {
        if (this.allowAnonymous) {
            return ANON_IDENTITY_OBJECT;
        }
        throw new UaException(2149515264L);
    }

    @Override // com.digitalpetri.opcua.sdk.server.identity.IdentityValidator
    public Object validateUsernameToken(UserNameIdentityToken userNameIdentityToken, UserTokenPolicy userTokenPolicy, SecureChannel secureChannel, Session session) throws UaException {
        return validateUserNameIdentityToken(userNameIdentityToken, secureChannel, session);
    }

    private String validateUserNameIdentityToken(UserNameIdentityToken userNameIdentityToken, SecureChannel secureChannel, Session session) throws UaException {
        SecurityAlgorithm asymmetricEncryptionAlgorithm;
        SecurityPolicy securityPolicy = secureChannel.getSecurityPolicy();
        String userName = userNameIdentityToken.getUserName();
        ByteString lastNonce = session.getLastNonce();
        int length = lastNonce.length();
        if (userName == null || userName.isEmpty()) {
            throw new UaException(2149580800L);
        }
        String encryptionAlgorithm = userNameIdentityToken.getEncryptionAlgorithm();
        if (encryptionAlgorithm == null || encryptionAlgorithm.isEmpty()) {
            asymmetricEncryptionAlgorithm = secureChannel.getSecurityPolicy().getAsymmetricEncryptionAlgorithm();
        } else {
            try {
                asymmetricEncryptionAlgorithm = SecurityAlgorithm.fromUri(encryptionAlgorithm);
                if (asymmetricEncryptionAlgorithm != SecurityAlgorithm.Rsa15 && asymmetricEncryptionAlgorithm != SecurityAlgorithm.RsaOaep) {
                    throw new UaException(2149580800L);
                }
            } catch (UaException e) {
                throw new UaException(2149580800L);
            }
        }
        byte[] bytes = userNameIdentityToken.getPassword().bytes();
        if (bytes == null) {
            bytes = new byte[0];
        }
        if (securityPolicy == SecurityPolicy.None) {
            if (this.predicate.test(new AuthenticationChallenge(userName, new String(bytes)))) {
                return userName;
            }
            throw new UaException(2149515264L);
        }
        byte[] decryptTokenData = decryptTokenData(secureChannel, asymmetricEncryptionAlgorithm, bytes);
        byte[] bArr = new byte[(((((decryptTokenData[3] & 255) << 24) | ((decryptTokenData[2] & 255) << 16)) | ((decryptTokenData[1] & 255) << 8)) | (decryptTokenData[0] & 255)) - length];
        byte[] bArr2 = new byte[length];
        System.arraycopy(decryptTokenData, 4, bArr, 0, bArr.length);
        System.arraycopy(decryptTokenData, 4 + bArr.length, bArr2, 0, length);
        AuthenticationChallenge authenticationChallenge = new AuthenticationChallenge(userName, new String(bArr));
        if (Arrays.equals(lastNonce.bytes(), bArr2) && this.predicate.test(authenticationChallenge)) {
            return userName;
        }
        throw new UaException(2149515264L);
    }
}
