package com.zimbra.cs.account;

import com.zimbra.common.service.ServiceException;
import java.security.SecureRandom;
import java.util.HashMap;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:com/zimbra/cs/account/CsrfTokenKey.class */
public class CsrfTokenKey {
    public static final int KEY_SIZE_BYTES = 32;
    private byte[] csrfTokenKey;
    private long keyVersion;
    private long keyCreatedAt;
    private static HashMap<String, CsrfTokenKey> tokenCache = new HashMap<>();
    private static CsrfTokenKey latestCsrfKey;

    public byte[] getKey() {
        return this.csrfTokenKey;
    }

    public long getVersion() {
        return this.keyVersion;
    }

    public long getCreated() {
        return this.keyCreatedAt;
    }

    void setKey(byte[] bArr) {
        this.csrfTokenKey = bArr;
    }

    CsrfTokenKey(long j, byte[] bArr) throws ServiceException {
        this.keyVersion = j;
        this.keyCreatedAt = System.currentTimeMillis();
        if (bArr != null) {
            this.csrfTokenKey = bArr;
            return;
        }
        SecureRandom secureRandom = new SecureRandom();
        this.csrfTokenKey = new byte[32];
        secureRandom.nextBytes(this.csrfTokenKey);
    }

    private CsrfTokenKey(String str) throws ServiceException {
        String[] split = str.split(":");
        if (split.length != 3) {
            throw ServiceException.INVALID_REQUEST("invalid auth token key", (Throwable) null);
        }
        String str2 = split[0];
        String str3 = split[1];
        String str4 = split[2];
        try {
            this.keyVersion = Long.parseLong(str2);
            try {
                this.keyCreatedAt = Long.parseLong(str3);
                try {
                    this.csrfTokenKey = Hex.decodeHex(str4.toCharArray());
                } catch (DecoderException e) {
                    throw ServiceException.INVALID_REQUEST("invalid auth token key data", e);
                }
            } catch (NumberFormatException e2) {
                throw ServiceException.INVALID_REQUEST("invalid auth token key created data", e2);
            }
        } catch (NumberFormatException e3) {
            throw ServiceException.INVALID_REQUEST("invalid auth token key version", e3);
        }
    }

    private static synchronized void refresh(boolean z) throws ServiceException {
        Provisioning provisioning = Provisioning.getInstance();
        Config config = provisioning.getConfig();
        if (z) {
            provisioning.reload(config);
        }
        String attr = config.getAttr("zimbraCsrfTokenKey");
        if (attr == null) {
            provisioning.reload(config);
            attr = config.getAttr("zimbraCsrfTokenKey");
        }
        if (attr == null) {
            CsrfTokenKey csrfTokenKey = new CsrfTokenKey(0L, null);
            HashMap hashMap = new HashMap();
            hashMap.put("zimbraCsrfTokenKey", csrfTokenKey.getEncoded());
            Provisioning.getInstance().modifyAttrs(config, hashMap);
            attr = config.getAttr("zimbraCsrfTokenKey");
        }
        if (tokenCache.get(attr) == null) {
            CsrfTokenKey csrfTokenKey2 = new CsrfTokenKey(attr);
            tokenCache.put(attr, csrfTokenKey2);
            tokenCache.put(Long.toString(csrfTokenKey2.keyVersion), csrfTokenKey2);
            if (latestCsrfKey == null || latestCsrfKey.keyVersion < csrfTokenKey2.keyVersion) {
                latestCsrfKey = csrfTokenKey2;
            }
        }
    }

    public static synchronized CsrfTokenKey getCurrentKey() throws ServiceException {
        if (latestCsrfKey == null) {
            refresh(false);
        }
        return latestCsrfKey;
    }

    public String getEncoded() {
        return this.keyVersion + ":" + this.keyCreatedAt + ":" + new String(Hex.encodeHex(this.csrfTokenKey));
    }

    public static CsrfTokenKey getVersion(String str) throws ServiceException {
        if (tokenCache.get(str) == null) {
            refresh(false);
        }
        if (tokenCache.get(str) == null) {
            refresh(true);
        }
        return tokenCache.get(str);
    }
}
