package com.ibm.iaccess.base;

import com.ibm.iaccess.Copyright;
import com.ibm.iaccess.base.AcsSystemConfig;
import com.ibm.iaccess.base.LmSpi;
import com.ibm.iaccess.baselite.AcsByteBufferDynamic;
import com.ibm.iaccess.baselite.AcsConstants;
import com.ibm.iaccess.baselite.AcsFile;
import com.ibm.iaccess.baselite.AcsPair;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

/* JADX INFO: Access modifiers changed from: package-private */
@Copyright("Licensed Materials - Property of IBM\n5733-XJ1\n(C) Copyright IBM Corp. 2012, 2014.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n")
/* loaded from: input_file:lib/acsbase.jar:com/ibm/iaccess/base/AcsPasswordCache.class */
public class AcsPasswordCache implements Serializable, AcsConstants {
    private static final byte[] MAGIC_COOKIE_PREFIX = AcsPasswordCache.class.getName().getBytes();
    private static final long serialVersionUID = 2;
    private static final String SHARED_CREDS_SYSNAME = "*DEFAULT";
    private AcsSystemConfig.PromptMode m_cacheType;
    private final Map<String, byte[]> m_entries = new HashMap();
    private int m_lmServerPort = -1;
    private transient SecretKeySpec m_secretKeySpec = null;

    public static void clearAllCaches() throws IOException {
        for (AcsSystemConfig.PromptMode promptMode : AcsSystemConfig.PromptMode.values()) {
            clearCacheOfType(promptMode);
        }
    }

    public static void clearCacheOfType(AcsSystemConfig.PromptMode promptMode) throws IOException {
        try {
            getCache(promptMode).clear();
        } catch (Exception e) {
            AcsLogUtil.logWarning(e);
            new AcsFile(getFileName(promptMode)).delete();
        }
    }

    public static AcsPasswordCache getCache(AcsSystemConfig.PromptMode promptMode) throws LmSpi.LmServerNotReachableException {
        if (promptMode == AcsSystemConfig.PromptMode.PROMPT_EVERY_TIME) {
            return getPromptEveryTimeCache();
        }
        try {
            AcsPasswordCache fromFile = getFromFile(promptMode);
            if (null != fromFile && (promptMode == AcsSystemConfig.PromptMode.SESSION_DURATION || promptMode == AcsSystemConfig.PromptMode.SHARED_CREDS)) {
                if (!LmSpi.startLmServer().isSuccess()) {
                    throw new LmSpi.LmServerNotReachableException();
                }
                int port = LmSpi.getPort();
                if (-1 == fromFile.m_lmServerPort) {
                    fromFile.m_lmServerPort = port;
                } else if (port != fromFile.m_lmServerPort) {
                    fromFile = null;
                }
            }
            if (null == fromFile) {
                return new AcsPasswordCache(promptMode);
            }
            fromFile.m_cacheType = promptMode;
            return fromFile;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static String getFileName(AcsSystemConfig.PromptMode promptMode) throws IOException {
        try {
            String makeRestrictedDir = AcsUtilities.makeRestrictedDir();
            switch (promptMode) {
                case SHARED_CREDS:
                case SESSION_DURATION:
                    return makeRestrictedDir + FILESEP + ".function_admin_work";
                case ONCE_EVER:
                    return makeRestrictedDir + FILESEP + ".function_admin_log";
                case KERBEROS:
                    return makeRestrictedDir + FILESEP + ".function_admin_ros";
                default:
                    return makeRestrictedDir + FILESEP + ".function_admin_other";
            }
        } catch (IOException e) {
            throw e;
        }
    }

    private static synchronized AcsPasswordCache getFromFile(AcsSystemConfig.PromptMode promptMode) throws IOException {
        return getFromFile(getFileName(promptMode));
    }

    private static synchronized AcsPasswordCache getFromFile(String str) {
        try {
            ObjectInputStream objectInputStream = new ObjectInputStream(new FileInputStream(str));
            Object readObject = objectInputStream.readObject();
            objectInputStream.close();
            if (readObject instanceof AcsPasswordCache) {
                return (AcsPasswordCache) readObject;
            }
            return null;
        } catch (IOException e) {
            AcsLogUtil.logWarning(e);
            return null;
        } catch (ClassNotFoundException e2) {
            AcsLogUtil.logWarning(e2);
            return null;
        }
    }

    public AcsPasswordCache(AcsSystemConfig.PromptMode promptMode) {
        this.m_cacheType = promptMode;
    }

    public synchronized void clear() {
        if (this.m_cacheType == AcsSystemConfig.PromptMode.SHARED_CREDS) {
            ArrayList arrayList = new ArrayList(this.m_entries.size());
            for (String str : this.m_entries.keySet()) {
                if (str.startsWith("*DEFAULT")) {
                    arrayList.add(str);
                }
            }
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                this.m_entries.remove((String) it.next());
            }
        } else {
            this.m_entries.clear();
        }
        saveToFile();
    }

    public synchronized void clear(String str) {
        if (this.m_cacheType == AcsSystemConfig.PromptMode.SHARED_CREDS) {
            clear();
        } else {
            String str2 = str.toUpperCase(LOC_US) + AcsConstants.TILDE_STR;
            LinkedList linkedList = new LinkedList();
            for (String str3 : this.m_entries.keySet()) {
                if (str3.toLowerCase(LOC_US).startsWith(str2.toLowerCase(LOC_US))) {
                    linkedList.add(str3);
                }
            }
            Iterator it = linkedList.iterator();
            while (it.hasNext()) {
                this.m_entries.remove((String) it.next());
            }
        }
        saveToFile();
    }

    public synchronized void clear(String str, String str2) {
        if (this.m_cacheType == AcsSystemConfig.PromptMode.SHARED_CREDS) {
            clear();
        } else {
            this.m_entries.remove(str.toUpperCase(LOC_US) + AcsConstants.TILDE_STR + str2.toUpperCase(LOC_US));
        }
        saveToFile();
    }

    private byte[] decrypt(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance(AcsConstants.AES_STR);
            cipher.init(2, getSecretKeySpec());
            AcsByteBufferDynamic acsByteBufferDynamic = new AcsByteBufferDynamic(cipher.doFinal(bArr));
            if (acsByteBufferDynamic.startsWith(MAGIC_COOKIE_PREFIX)) {
                return acsByteBufferDynamic.subSequence(MAGIC_COOKIE_PREFIX.length);
            }
            clear();
            return null;
        } catch (Exception e) {
            AcsLogUtil.logWarning(e);
            return null;
        }
    }

    private byte[] encrypt(byte[] bArr) {
        byte[] bArr2 = null;
        byte[] byteArray = new AcsByteBufferDynamic(MAGIC_COOKIE_PREFIX).put(bArr).getByteArray();
        try {
            Cipher cipher = Cipher.getInstance(AcsConstants.AES_STR);
            cipher.init(1, getSecretKeySpec());
            bArr2 = cipher.doFinal(byteArray);
        } catch (Exception e) {
            AcsLogUtil.logWarning(e);
        }
        return bArr2;
    }

    public AcsSystemConfig.PromptMode getCachePromptMode() {
        return this.m_cacheType;
    }

    public synchronized byte[] getPassword(String str, String str2) {
        String str3 = (this.m_cacheType == AcsSystemConfig.PromptMode.SHARED_CREDS ? "*DEFAULT" : str.toUpperCase(LOC_US)) + AcsConstants.TILDE_STR + str2.toUpperCase(LOC_US);
        for (Map.Entry<String, byte[]> entry : this.m_entries.entrySet()) {
            if (entry.getKey().equalsIgnoreCase(str3)) {
                return decrypt(entry.getValue());
            }
        }
        return null;
    }

    private synchronized SecretKeySpec getSecretKeySpec() {
        byte[] bytes;
        if (null != this.m_secretKeySpec) {
            return this.m_secretKeySpec;
        }
        switch (this.m_cacheType) {
            case SHARED_CREDS:
            case SESSION_DURATION:
                bytes = ("Thanatos" + LmSpi.getPwKeyData()).getBytes();
                break;
            case ONCE_EVER:
                bytes = "ThanatosBehemoth".getBytes();
                break;
            default:
                bytes = "EnsiferumNotOdin".getBytes();
                break;
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(bytes, AcsConstants.AES_STR);
        this.m_secretKeySpec = secretKeySpec;
        return secretKeySpec;
    }

    private synchronized void saveToFile() {
        if (this.m_cacheType == AcsSystemConfig.PromptMode.PROMPT_EVERY_TIME) {
            return;
        }
        try {
            AcsFile acsFile = new AcsFile(getFileName(this.m_cacheType));
            FileOutputStream fileOutputStream = null;
            try {
                fileOutputStream = new FileOutputStream((File) acsFile, false);
                ObjectOutputStream objectOutputStream = new ObjectOutputStream(fileOutputStream);
                objectOutputStream.writeObject(this);
                objectOutputStream.flush();
                objectOutputStream.close();
            } catch (IOException e) {
                AcsLogUtil.logSevere(e);
                if (null != fileOutputStream) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e2) {
                        AcsLogUtil.logSevere(e2);
                    }
                }
            }
            if (this.m_entries.isEmpty()) {
                acsFile.delete();
            }
        } catch (IOException e3) {
            AcsLogUtil.logSevere(e3);
        }
    }

    public synchronized void storePassword(String str, String str2, byte[] bArr) {
        if (this.m_cacheType == AcsSystemConfig.PromptMode.SHARED_CREDS) {
            clear();
        }
        String str3 = (this.m_cacheType == AcsSystemConfig.PromptMode.SHARED_CREDS ? "*DEFAULT" : str.toUpperCase(LOC_US)) + AcsConstants.TILDE_STR + str2.toUpperCase(LOC_US);
        byte[] bArr2 = this.m_entries.get(str3);
        byte[] encrypt = encrypt(bArr);
        if (null == bArr2 || !Arrays.equals(bArr2, encrypt)) {
            this.m_entries.put(str3, encrypt);
            saveToFile();
        }
    }

    public String toString() {
        return super.toString() + this.m_cacheType.toString();
    }

    public static String getSharedCredsUserIdOrNull() throws LmSpi.LmServerNotReachableException {
        for (String str : getCache(AcsSystemConfig.PromptMode.SHARED_CREDS).m_entries.keySet()) {
            if (str.startsWith("*DEFAULT")) {
                return str.replace("*DEFAULT", "").substring(1);
            }
        }
        return null;
    }

    public static AcsPasswordCache getPromptEveryTimeCache() {
        return new AcsPasswordCache(AcsSystemConfig.PromptMode.PROMPT_EVERY_TIME);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<AcsPair<String, String>> getEntries() {
        LinkedList linkedList = new LinkedList();
        for (String str : this.m_entries.keySet()) {
            try {
                int indexOf = str.indexOf(126);
                linkedList.add(new AcsPair(str.substring(0, indexOf), str.substring(1 + indexOf)));
            } catch (IndexOutOfBoundsException e) {
                AcsLogUtil.logSevere(e);
            }
        }
        return linkedList;
    }
}
