package coldfusion.security;

import coldfusion.filter.FusionContext;
import coldfusion.log.CFLogs;
import coldfusion.runtime.AppHelper;
import coldfusion.runtime.ApplicationException;
import coldfusion.runtime.Cast;
import coldfusion.runtime.ExpressionException;
import coldfusion.runtime.MD5;
import coldfusion.runtime.OleDateTime;
import coldfusion.runtime.RuntimeServiceImpl;
import coldfusion.runtime.Scope;
import coldfusion.runtime.SessionScope;
import coldfusion.runtime.SessionTracker;
import coldfusion.runtime.Struct;
import coldfusion.util.RB;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;

/* JADX WARN: Classes with same name are omitted:
  input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:config/cfsetup/cfsetup.jar:coldfusion/security/SecurityUtils.class
 */
/* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210020.jar:coldfusion/security/SecurityUtils.class */
public class SecurityUtils {
    private static final String CFMX_COMPAT = "CFMX_COMPAT";
    public static final String SHA_1 = "SHA-1";
    public static final String SHA_256 = "SHA-256";
    public static final String DEFAULT_HASH_ALGO = "SHA-256";
    private static final String DEFAULT_HMAC_ALGO = "HmacMD5";
    private static final String ROUNDS = "ROUNDS";
    private static final String VERSION = "VERSION";
    private static final String CPU_COST = "CPUCOST";
    private static final String MEMORY_COST = "MEMORYCOST";
    private static final String PARALLELIZATION_PARAMETER = "PARALLEL";
    private static final String KEY_LENGTH = "KEYLENGTH";
    private static final String SALT_LENGTH = "SALTLENGTH";
    private static final int CPU_COST_DEFAULT = 16384;
    private static final int MEMORY_COST_DEFAULT = 8;
    private static final int SALT_LENGTH_DEFAULT = 8;
    private static final int PARALLELIZATION_DEFAULT = 1;
    private static final int KEYLENGTH_DEFAULT = 32;
    private static final int ROUNDS_DEFAULT = 10;
    private static final String SESSION_START_TIME = "STARTTIME";
    private static Random secRandom = new SecureRandom();

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210020.jar:coldfusion/security/SecurityUtils$BCryptVersionException.class */
    public static class BCryptVersionException extends ApplicationException {
        private static final long serialVersionUID = 1;
    }

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210020.jar:coldfusion/security/SecurityUtils$CSRFTokenException.class */
    public static class CSRFTokenException extends ApplicationException {
        private static final long serialVersionUID = 1;
    }

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210020.jar:coldfusion/security/SecurityUtils$HmacException.class */
    public static class HmacException extends ExpressionException {
        private static final long serialVersionUID = 1;
        public String err;

        public HmacException(Throwable th) {
            this.err = th.getLocalizedMessage();
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:config/cfsetup/cfsetup.jar:coldfusion/security/SecurityUtils$InvalidAlgoException.class
     */
    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210020.jar:coldfusion/security/SecurityUtils$InvalidAlgoException.class */
    public static class InvalidAlgoException extends ExpressionException {
        private static final long serialVersionUID = 1;
        public String algorithm;
        public String function;

        InvalidAlgoException() {
            this.algorithm = "CFMX_COMPAT or null";
        }

        InvalidAlgoException(String str) {
            this.algorithm = str;
        }
    }

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210020.jar:coldfusion/security/SecurityUtils$SaltGenerationException.class */
    public static class SaltGenerationException extends ExpressionException {
        private static final long serialVersionUID = 1;
        public String err;

        SaltGenerationException(Throwable th) {
            this.err = th.getLocalizedMessage();
        }
    }

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210020.jar:coldfusion/security/SecurityUtils$SessionManipulationException.class */
    public static class SessionManipulationException extends ApplicationException {
        private static final long serialVersionUID = 1;
    }

    public static final byte[] generateRandom() {
        return generateRandom(20);
    }

    public static byte[] generateRandom(int i) {
        if (i <= 0) {
            i = 20;
        }
        byte[] bArr = new byte[i];
        secRandom.nextBytes(bArr);
        return bArr;
    }

    public static String hash(Object obj, String str, String str2, String str3) throws IOException {
        return hash(obj, str, str2, str3, 0);
    }

    public static String hash(Object obj, String str, String str2, String str3, int i) throws IOException {
        byte[] digest;
        if (obj == null) {
            return null;
        }
        if (str == null || str.equalsIgnoreCase("CFMX_COMPAT")) {
            MD5 md5 = obj instanceof byte[] ? new MD5((byte[]) obj) : new MD5(Cast._String(obj));
            md5.getDigest();
            return md5.getStringDigest();
        }
        if (str2 == null || str2.isEmpty()) {
            str2 = RuntimeServiceImpl.getDefaultCharset();
        }
        byte[] bytes = obj instanceof byte[] ? (byte[]) obj : Cast._String(obj).getBytes(str2);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.reset();
            if (str3 == null || str3.length() <= 0) {
                messageDigest.update(bytes);
                digest = messageDigest.digest();
            } else {
                messageDigest.update(str3.getBytes(str2));
                digest = messageDigest.digest(bytes);
            }
            if (i > 0) {
                for (int i2 = 0; i2 < i; i2++) {
                    messageDigest.reset();
                    digest = messageDigest.digest(digest);
                }
            }
            return MD5.stringify(digest);
        } catch (NoSuchAlgorithmException e) {
            CFLogs.SERVER_LOG.error(RB.getString(SecurityUtils.class, "InvalidAlgoException"), e);
            throw new InvalidAlgoException(str);
        }
    }

    public static String BCrypt(Object obj, Struct struct) {
        if (obj == null) {
            return null;
        }
        int i = 10;
        String str = "$2a";
        if (struct != null) {
            if (struct.containsKey(ROUNDS)) {
                i = ((Integer) struct.get(ROUNDS)).intValue();
            }
            if (struct.containsKey(VERSION)) {
                str = (String) struct.get(VERSION);
            }
        }
        String upperCase = str.toUpperCase();
        checkBCryptVerion(upperCase);
        return new BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion.valueOf(upperCase), i, (SecureRandom) secRandom).encode((String) obj);
    }

    private static void checkBCryptVerion(String str) {
        boolean z = false;
        for (BCryptPasswordEncoder.BCryptVersion bCryptVersion : BCryptPasswordEncoder.BCryptVersion.values()) {
            if (bCryptVersion.getVersion().toUpperCase().equals(str)) {
                z = true;
            }
        }
        if (!z) {
            throw new BCryptVersionException();
        }
    }

    public static boolean verifyBCrypt(Object obj, Object obj2) {
        return new BCryptPasswordEncoder().matches((String) obj, (String) obj2);
    }

    public static String SCrypt(Object obj, Struct struct) {
        if (obj == null) {
            return null;
        }
        int i = 16384;
        int i2 = 8;
        int i3 = 1;
        int i4 = 32;
        int i5 = 8;
        if (struct != null) {
            if (struct.containsKey(CPU_COST)) {
                i = ((Integer) struct.get(CPU_COST)).intValue();
            }
            if (struct.containsKey(MEMORY_COST)) {
                i2 = ((Integer) struct.get(MEMORY_COST)).intValue();
            }
            if (struct.containsKey(PARALLELIZATION_PARAMETER)) {
                i3 = ((Integer) struct.get(PARALLELIZATION_PARAMETER)).intValue();
            }
            if (struct.containsKey(KEY_LENGTH)) {
                i4 = ((Integer) struct.get(KEY_LENGTH)).intValue();
            }
            if (struct.containsKey(SALT_LENGTH)) {
                i5 = ((Integer) struct.get(SALT_LENGTH)).intValue();
            }
        }
        return new SCryptPasswordEncoder(i, i2, i3, i4, i5).encode((String) obj);
    }

    public static boolean verifySCrypt(Object obj, Object obj2, Struct struct) {
        int i = 32;
        if (struct != null && struct.containsKey(KEY_LENGTH)) {
            i = ((Integer) struct.get(KEY_LENGTH)).intValue();
        }
        return new SCryptPasswordEncoder(16384, 8, 1, i, 8).matches((String) obj, (String) obj2);
    }

    public static String hmac(Object obj, Object obj2, String str, String str2) throws IOException, HmacException {
        if (obj == null || obj2 == null) {
            return null;
        }
        if (str == null) {
            str = DEFAULT_HMAC_ALGO;
        }
        if (str.equalsIgnoreCase("CFMX_COMPAT")) {
            throw new InvalidAlgoException();
        }
        if (str2 == null || str2.isEmpty()) {
            str2 = RuntimeServiceImpl.getDefaultCharset();
        }
        byte[] bytes = obj instanceof byte[] ? (byte[]) obj : Cast._String(obj).getBytes(str2);
        SecretKeySpec secretKeySpec = new SecretKeySpec(obj2 instanceof byte[] ? (byte[]) obj2 : Cast._String(obj2).getBytes(str2), str);
        try {
            Mac mac = Mac.getInstance(str);
            mac.init(secretKeySpec);
            mac.reset();
            mac.update(bytes, 0, bytes.length);
            return MD5.stringify(mac.doFinal());
        } catch (InvalidKeyException e) {
            CFLogs.SERVER_LOG.error(RB.getString(SecurityUtils.class, "HmacException"), e);
            throw new HmacException(e);
        } catch (NoSuchAlgorithmException e2) {
            CFLogs.SERVER_LOG.error(RB.getString(SecurityUtils.class, "HmacException"), e2);
            throw new HmacException(e2);
        }
    }

    public static void sessionRotate() {
        AppHelper appHelper = FusionContext.getCurrent().getAppHelper();
        if (appHelper != null) {
            appHelper.sessionRotate();
        } else {
            CFLogs.APPLICATION_LOG.warn(RB.getString(SecurityUtils.class, "SessionRotateFailure"));
        }
    }

    public static final void sessionInvalidate() {
        SessionTracker.sessionInvalidate();
    }

    public static Struct getSessionMetadata() {
        Struct struct = new Struct();
        SessionScope sessionScope = (Scope) FusionContext.getCurrent().hiddenScope.get("SESSION");
        if (sessionScope == null || !(sessionScope instanceof SessionScope)) {
            CFLogs.APPLICATION_LOG.warn(RB.getString(SecurityUtils.class, "NoSession"));
            throw new SessionManipulationException();
        }
        struct.put(SESSION_START_TIME, new OleDateTime(sessionScope.getCreatedTime()));
        return struct;
    }

    public static String generateCSRFToken(String str, boolean z) {
        SessionScope sessionScope = (Scope) FusionContext.getCurrent().hiddenScope.get("SESSION");
        if (sessionScope == null || !(sessionScope instanceof SessionScope)) {
            throw new CSRFTokenException();
        }
        return sessionScope.generateCSRFToken(str, z);
    }

    public static boolean verifyCSRFToken(String str, String str2) {
        SessionScope sessionScope = (Scope) FusionContext.getCurrent().hiddenScope.get("SESSION");
        if (sessionScope == null || !(sessionScope instanceof SessionScope)) {
            throw new CSRFTokenException();
        }
        return sessionScope.verifyCSRFToken(str, str2);
    }

    public boolean isPasswordComplex(String str) {
        if (str.length() < 6) {
            return false;
        }
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        for (char c : str.toCharArray()) {
            Character valueOf = Character.valueOf(c);
            if (!z) {
                z = Character.isDigit(valueOf.charValue());
            }
            if (!z2) {
                z2 = Character.isUpperCase(valueOf.charValue());
            }
            if (!z3) {
                z3 = "~!$%^&*()_=,./;[]{}|-@#".contains(valueOf + "");
            }
            if (z && z2 && z3) {
                return true;
            }
        }
        return false;
    }

    public static boolean isPolicyFilesInstalled() {
        try {
            return Cipher.getMaxAllowedKeyLength("AES") == Integer.MAX_VALUE;
        } catch (NoSuchAlgorithmException e) {
            return false;
        }
    }
}
