package cern.accsoft.security.rba.spi.login;

import cern.accsoft.security.rba.RBASubject;
import cern.accsoft.security.rba.RBAToken;
import cern.accsoft.security.rba.TokenFormat;
import cern.accsoft.security.rba.TokenType;
import cern.accsoft.security.rba.keys.RBAKeyStore;
import cern.accsoft.security.rba.spi.Configuration;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.security.GeneralSecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cern/accsoft/security/rba/spi/login/TokenCache.class */
public class TokenCache {
    private static final int MAX_FILE_SIZE = 32768;
    private static final String LOCAL_IP = "127.0.0.1";
    private static final Logger LOGGER = LoggerFactory.getLogger(TokenCache.class);
    private final RBASubject rbaSubject;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenCache(RBASubject rBASubject) {
        this.rbaSubject = rBASubject;
    }

    public static synchronized void clear() {
        File file = new File(Configuration.getInstance().getTokenCache());
        if (!file.exists()) {
            LOGGER.debug("Token cache doesn't exist");
        } else {
            if (file.delete()) {
                return;
            }
            LOGGER.error("Can't delete token cache: {}", Configuration.getInstance().getTokenCache());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean load() throws IOException {
        File file = new File(Configuration.getInstance().getTokenCache());
        if (!file.exists()) {
            LOGGER.debug("Token cache doesn't exist");
            return false;
        }
        if (!file.canRead()) {
            LOGGER.error("Token cache {} is not readable", Configuration.getInstance().getTokenCache());
            return false;
        }
        long length = file.length();
        if (length < 32) {
            throw new IOException("Token cache file '" + Configuration.getInstance().getTokenCache() + "' is invalid, file length < 32");
        }
        if (length > 32768) {
            throw new IOException("Illegal cache file '" + Configuration.getInstance().getTokenCache() + "' length: " + length);
        }
        byte[] bArr = new byte[(int) length];
        int i = 0;
        FileInputStream fileInputStream = new FileInputStream(file);
        do {
            try {
                int read = fileInputStream.read(bArr, i, ((int) length) - i);
                if (read > 0) {
                    i += read;
                }
                if (read < 0) {
                    break;
                }
            } finally {
                fileInputStream.close();
            }
        } while (i < length);
        RBAToken rBAToken = new RBAToken(TokenFormat.TEXT, bArr, 0, i);
        if (rBAToken.getType() != TokenType.MASTER) {
            LOGGER.warn("Incorrect cached token type: {}", rBAToken.getType().name());
            return false;
        }
        if (!rBAToken.getLocation().getAddress().equals(InetAddress.getLocalHost()) && !isLocalHost(rBAToken.getLocation().getAddress())) {
            LOGGER.warn("Cached token location '{}' is different from the current local host '{}'", rBAToken.getLocation().getAddress(), InetAddress.getLocalHost());
            return false;
        }
        if (!rBAToken.isValid()) {
            LOGGER.info("Cached token has expired");
            return false;
        }
        String hexString = Integer.toHexString(rBAToken.getSerialId());
        try {
            if (rBAToken.verify(RBAKeyStore.getPublicKeys())) {
                LOGGER.info("Token {} #0x{} is loaded from cache", rBAToken.getType().name(), hexString);
                this.rbaSubject.setMasterToken(rBAToken);
            } else {
                LOGGER.error("Cached token {} #0x{} can't be verified", rBAToken.getType().name(), hexString);
            }
            return true;
        } catch (GeneralSecurityException e) {
            IOException iOException = new IOException("Token verification failed");
            iOException.initCause(e);
            throw iOException;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void save() throws IOException {
        RBAToken masterToken = this.rbaSubject.getMasterToken();
        if (masterToken == null || masterToken.getType() != TokenType.MASTER) {
            LOGGER.debug("Nothing to save in cache");
            return;
        }
        FileOutputStream fileOutputStream = new FileOutputStream(new File(Configuration.getInstance().getTokenCache()));
        try {
            fileOutputStream.write(masterToken.getEncoded());
            LOGGER.info("Token {} #0x{} is saved in cache", masterToken.getType().name(), Integer.toHexString(masterToken.getSerialId()));
            fileOutputStream.close();
        } catch (Throwable th) {
            fileOutputStream.close();
            throw th;
        }
    }

    private boolean isLocalHost(InetAddress inetAddress) {
        return inetAddress != null && LOCAL_IP.equals(inetAddress.getHostAddress());
    }
}
