package org.deegree.services.config;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.MessageDigest;
import java.util.Base64;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import java.util.Random;
import javax.servlet.http.HttpServletRequest;
import org.apache.axiom.soap.SOAPConstants;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.deegree.commons.config.DeegreeWorkspace;
import org.deegree.commons.utils.TunableParameter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;

/* loaded from: input_file:WEB-INF/lib/deegree-services-config-3.5.10.jar:org/deegree/services/config/ApiKey.class */
public class ApiKey {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ApiKey.class);
    private static final String API_TOKEN_FILE = "config.apikey";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/deegree-services-config-3.5.10.jar:org/deegree/services/config/ApiKey$Token.class */
    public class Token {
        final boolean allowAll;
        private final String key;

        public Token(String str) {
            this.allowAll = str != null && Marker.ANY_MARKER.equals(str.trim());
            this.key = (str == null || str.trim().length() <= 0) ? str : str.trim();
        }

        public Token() {
            this.allowAll = false;
            this.key = null;
        }

        public boolean matches(String str) {
            if (this.allowAll) {
                return true;
            }
            if (this.key == null) {
                return false;
            }
            return this.key.matches(str != null ? str.trim() : str);
        }

        public boolean isAnyAllowed() {
            return this.allowAll;
        }
    }

    private Path getPasswordFile() {
        return Paths.get(DeegreeWorkspace.getWorkspaceRoot(), API_TOKEN_FILE);
    }

    private String generateRandomApiKey() {
        try {
            MessageDigest sha1Digest = DigestUtils.getSha1Digest();
            byte[] bArr = new byte[128];
            new Random().nextBytes(bArr);
            sha1Digest.update(bArr);
            sha1Digest.update(new Date().toString().getBytes());
            return Hex.encodeHexString(sha1Digest.digest());
        } catch (Exception e) {
            LOG.warn("Could not generate random key with SHA-1: {}", e.getMessage());
            LOG.trace(SOAPConstants.SOAP_FAULT_DETAIL_EXCEPTION_ENTRY, (Throwable) e);
            return null;
        }
    }

    public Token getCurrentToken() throws SecurityException {
        Path passwordFile = getPasswordFile();
        Token token = null;
        String lineSeparator = System.lineSeparator();
        String str = "*************************************************************" + lineSeparator;
        try {
            if (Files.isReadable(passwordFile)) {
                List<String> readAllLines = Files.readAllLines(passwordFile);
                if (readAllLines.size() != 1) {
                    LOG.warn("{}API Key file '{}' has an incorrect format (multiple lines). {} The REST API will not be accessible.  {}", lineSeparator + lineSeparator + str + str + str + lineSeparator, passwordFile, lineSeparator, lineSeparator + str + str + str);
                } else {
                    token = new Token(readAllLines.get(0));
                }
            } else if (Files.exists(passwordFile, new LinkOption[0])) {
                LOG.warn("{}API Key file '{}' is not a regular file or not readable. {} The REST API will not be accessible.{}", lineSeparator + lineSeparator + str + str + str + lineSeparator, passwordFile, lineSeparator, lineSeparator + str + str + str);
            } else {
                String generateRandomApiKey = generateRandomApiKey();
                Files.write(passwordFile, Collections.singleton(generateRandomApiKey), new OpenOption[0]);
                token = new Token(generateRandomApiKey);
                LOG.warn("{}An API Key file with an random key was generated at '{}'.{}", lineSeparator + lineSeparator + str + str + str + lineSeparator, passwordFile, lineSeparator, lineSeparator + str + str + str);
            }
        } catch (IOException e) {
            LOG.warn("{}API Key file '{}' could not be accessed. {} The REST API will not be accessible.{}", lineSeparator + lineSeparator + str + str + str + lineSeparator, passwordFile, lineSeparator, lineSeparator + str + str + str);
            LOG.debug("API key file could not be accessed", (Throwable) e);
        }
        if (token == null) {
            token = new Token();
        } else if (!token.isAnyAllowed()) {
            LOG.info("***");
            LOG.info("*** NOTE: The REST API is secured, so that the key set in file '{}' is required to access it.", passwordFile);
            LOG.info("***");
        } else if (TunableParameter.get("deegree.config.apikey.warn-when-disabled", true)) {
            LOG.warn("{}The REST API is currently configured insecure. We strongly recommend to use a key value instead at '{}'.{}", lineSeparator + lineSeparator + str + str + str + lineSeparator, passwordFile, lineSeparator + str + str + str);
        }
        return token;
    }

    public void validate(HttpServletRequest httpServletRequest) throws SecurityException {
        String str = null;
        if (0 == 0) {
            str = httpServletRequest.getHeader("X-API-Key");
        }
        if (str == null) {
            String header = httpServletRequest.getHeader("Authorization");
            if (header != null && header.toLowerCase().startsWith("bearer ")) {
                str = header.substring(7);
            } else if (header != null && header.toLowerCase().startsWith("basic ")) {
                String[] split = new String(Base64.getDecoder().decode(header.substring(6)), StandardCharsets.UTF_8).split(":", 2);
                if (split.length == 2 && split[1] != null) {
                    str = split[1];
                }
            }
        }
        if (str == null) {
            Enumeration parameterNames = httpServletRequest.getParameterNames();
            while (parameterNames.hasMoreElements()) {
                String str2 = (String) parameterNames.nextElement();
                if (SchemaSymbols.ATTVAL_TOKEN.equalsIgnoreCase(str2) || "api_key".equalsIgnoreCase(str2)) {
                    str = httpServletRequest.getParameter(str2);
                    break;
                }
            }
        }
        Token currentToken = getCurrentToken();
        if (currentToken.isAnyAllowed()) {
            return;
        }
        if (str == null || str.trim().length() == 0) {
            throw new SecurityException("Please specify API Key");
        }
        if (!currentToken.matches(str)) {
            throw new SecurityException("Invalid API Key specified");
        }
    }
}
