package ru.runa.wfe.security.auth;

import com.google.common.base.Preconditions;
import java.security.Key;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.security.auth.Subject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import ru.runa.wfe.security.AuthenticationException;
import ru.runa.wfe.security.AuthenticationExpiredException;
import ru.runa.wfe.user.Actor;
import ru.runa.wfe.user.User;

/* loaded from: input_file:ru/runa/wfe/security/auth/SubjectPrincipalsHelper.class */
public class SubjectPrincipalsHelper {
    private static Key securedKey;
    private static final Log log = LogFactory.getLog(SubjectPrincipalsHelper.class);
    private static String encryptionType = "DES";

    private SubjectPrincipalsHelper() {
    }

    private static byte[] getActorKey(Actor actor) {
        return actor.getName().getBytes();
    }

    public static User createUser(Actor actor) {
        try {
            Cipher cipher = Cipher.getInstance(encryptionType);
            cipher.init(1, securedKey);
            return new User(actor, cipher.doFinal(getActorKey(actor)));
        } catch (Exception e) {
            log.warn("Can't create subject cipher");
            return null;
        }
    }

    public static void validateUser(User user) throws AuthenticationExpiredException {
        try {
            Cipher cipher = Cipher.getInstance(encryptionType);
            cipher.init(2, securedKey);
            if (Arrays.equals(getActorKey(user.getActor()), cipher.doFinal(user.getSecuredKey()))) {
            } else {
                throw new AuthenticationExpiredException("Incorrect user principal: secured key validation has been failed");
            }
        } catch (Exception e) {
            log.warn("Error in subject decryption: " + e);
            throw new AuthenticationExpiredException("Error in subject decryption");
        }
    }

    public static User getUser(Subject subject) throws AuthenticationException {
        Preconditions.checkNotNull(subject);
        for (User user : subject.getPrincipals(User.class)) {
            if (user != null) {
                return user;
            }
        }
        throw new AuthenticationException("Subject does not contain user principal");
    }

    static {
        securedKey = null;
        try {
            securedKey = KeyGenerator.getInstance(encryptionType).generateKey();
        } catch (Exception e) {
            log.error("Unable to get instance of KeyGenerator", e);
        }
    }
}
