package com.adobe.granite.license.impl.http;

import com.adobe.granite.license.License;
import com.adobe.granite.license.ProductInfoService;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Formatter;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.apache.sling.settings.SlingSettingsService;
import org.osgi.framework.BundleContext;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferencePolicyOption;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = Config.class)
@Component(name = "com.adobe.granite.license.impl.LicenseCheckFilter", service = {Filter.class}, property = {"osgi.http.whiteboard.filter.pattern=/", "osgi.http.whiteboard.context.select=(osgi.http.whiteboard.context.name=*)"})
/* loaded from: input_file:com/adobe/granite/license/impl/http/LicenseCheckFilter.class */
public class LicenseCheckFilter implements Filter {
    private static final String PUBLIC_KEY = "-----BEGIN CERTIFICATE-----\nMIIGOzCCBCOgAwIBAgIJAIT+aF3hJ30kMA0GCSqGSIb3DQEBBQUAMIGzMQswCQYD\nVQQGEwJDSDELMAkGA1UECAwCQlMxDjAMBgNVBAcMBUJhc2VsMSMwIQYDVQQKDBpB\nZG9iZSBTeXN0ZW1zIChTY2h3ZWl6KSBBRzEaMBgGA1UECwwRRGlnaXRhbCBNYXJr\nZXRpbmcxGDAWBgNVBAMMD2xpY2Vuc2UuZGF5LmNvbTEsMCoGCSqGSIb3DQEJARYd\nbGljZW5zZXNlcnZlci1hZG1pbkBhZG9iZS5jb20wHhcNMTQwMjEzMTYxNDQxWhcN\nMTcwMjEyMTYxNDQxWjCBszELMAkGA1UEBhMCQ0gxCzAJBgNVBAgMAkJTMQ4wDAYD\nVQQHDAVCYXNlbDEjMCEGA1UECgwaQWRvYmUgU3lzdGVtcyAoU2Nod2VpeikgQUcx\nGjAYBgNVBAsMEURpZ2l0YWwgTWFya2V0aW5nMRgwFgYDVQQDDA9saWNlbnNlLmRh\neS5jb20xLDAqBgkqhkiG9w0BCQEWHWxpY2Vuc2VzZXJ2ZXItYWRtaW5AYWRvYmUu\nY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAn4zpSbVcXmsPfMFU\n+Z+7tWstUDfKNa66jyJsVucXxjzwFArvHNe6UKT/mwkWuMVIXkzI5RQ/5QvIyEO1\nNzGpOeYQhcsVF8EsWUxtNI9NDhRo4TmM+1UivVoIGtRbKKF+73WCXdsfqIWV+66z\nF9L5TD+nrsyHGkvvPESr1qFwxS2fDWaHhyETE7JL00QpYUDGarv7PpVSlTZ8pXFY\noHAEUDuGOeO5Ea0c7mIlp3khXPTte7Yi23uneTR0Jz1zbdkJ4OZQzCeEdUa8vXnM\nLI1XA+NGHeXBdOA9UG4mL/T9kabiSOKO09QI+RQXXSEy7+wYqHQmrRnnN6SwzXjZ\nRmZyColHfSgI8bBsRSb2GVa/TMwbbnfeo/Jd1ZC5DQVynMgF8BAj+cxLA70etXAa\nqGf9nvGxhMntd8apQm61oIjnKhP+enPyFkhxvtqeZ7I3/CPVNd2cr674W3Mlt4Ax\nR0YR696U7JGBhsbexOjPWaNEuDweNmI3b9iOtQ8rq/9lBq/N7D7whVqrDD4XXD66\nBz9fi8Tf6KNmYiIqjJ7lkyiq7MMCL/Ssehcq6ZUVyOJXsbrQx24ZUylMFZJgG5kR\nmagB9WVKtyqoYtsLlhxUyUi9hugxfr7Zgc9vXfbjnLwZEmik1okZYH/s4Ke7oyK6\niNnAPnJJNl17wjlLPMWh3d8kXh0CAwEAAaNQME4wHQYDVR0OBBYEFIp3m8Oetk7Y\nyeAIOFrfgT37HDuLMB8GA1UdIwQYMBaAFIp3m8Oetk7YyeAIOFrfgT37HDuLMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggIBAH8ejJtVCUfDXuByAMb/zJec\nn6tlfSxArBC6Ce78DRK9db86ceROtxeJeqbIku8e1Mec3UIhiowgVMoneDMGAd5w\nm70LZN35UdC3uVn0dTQiEEuobe9L072H6nFLnYpziowyHBejI4ATrsj0kOwPVf+s\nn/kdMUeczmtsjxwZadRhkEiRNyn97A4LyChQS5Faln7Al+O1LS9Ljn4rCMDL9f6s\n+tCj6i8dhsNfqb5Csl5u+z98Ejl8+2PIgtgPbmcEwujozxRHohnVnOTqEwpQFXAe\nX9xajy8Aa7MI/BbTIz64eRFhiFfp4+/20Y6hQs5sgBFqO0+ctJpu3Pjm4fCV7SiE\nG9RIINH/ERJXD5AlglGwdZ1aQ9cHg6nLZJILSKfmXak9AAc+DSOD3nrKOtJ5JhQS\nHiEq3YWFgTQJPFWPUiUFviZjnyemazeDTi0rqegkbqCFJ/uGQDTxG3DtyKbXfjpY\nU1ch+tKIOjvSGa/DA9c9fwmfSc4c3Rw1hzPvgM8twCm5lYwIs0o8M/BJS5SFrDDB\nK768u4HqXsZyInryIEopTia6iOLHlQZutcnF0Gd+Q2ZJUnkUubZAo1p4FTZXMFP1\n7CdXfZECSZPSvPC/bOGslQo/P0v4Mw/6ioBxgqGj3+mVpj0SNqpcJA9looOttrxX\nPg6ou4w3Ui+pMcq5LKMW\n-----END CERTIFICATE-----\n";
    private final File timeStampFile;
    private final long startTime;
    private volatile long nextTime;
    private final long checkInterval;
    private final boolean excludePing;
    private final String slingId;
    private final boolean encryptPing;
    private final X509Certificate publicKey;
    private final BundleContext bundleContext;
    private final ProductInfoService productInfoService;
    private final Logger logger = LoggerFactory.getLogger(getClass());

    /* loaded from: input_file:com/adobe/granite/license/impl/http/LicenseCheckFilter$BufferingResponse.class */
    private final class BufferingResponse extends HttpServletResponseWrapper {
        private StringWriter writer;

        public BufferingResponse(HttpServletResponse httpServletResponse) {
            super(httpServletResponse);
        }

        public PrintWriter getWriter() throws IOException {
            if (this.writer == null) {
                this.writer = new StringWriter();
            }
            return new PrintWriter(this.writer);
        }

        public String getContents() {
            if (this.writer != null) {
                return this.writer.toString();
            }
            return null;
        }

        public void resetBuffer() {
            if (this.writer != null) {
                this.writer = new StringWriter();
            }
            super.resetBuffer();
        }
    }

    @ObjectClassDefinition(name = "Adobe Granite License Filter", description = "This filter handles all license related tasks.")
    /* loaded from: input_file:com/adobe/granite/license/impl/http/LicenseCheckFilter$Config.class */
    public @interface Config {
        @AttributeDefinition(name = "Ping Interval", description = "The time in milliseconds between two license pings.")
        long checkInternval() default 86400000;

        @AttributeDefinition(name = "Exclude Ids", description = "List of server ids to be excluded from the license ping.")
        String[] excludeIds();

        @AttributeDefinition(name = "Encrypt Ping", description = "Controls whether the ping is sent as plain text or encrypted.")
        boolean encryptPing() default true;
    }

    @Activate
    public LicenseCheckFilter(BundleContext bundleContext, @Reference(policyOption = ReferencePolicyOption.GREEDY) SlingSettingsService slingSettingsService, @Reference(policyOption = ReferencePolicyOption.GREEDY) ProductInfoService productInfoService, Config config) {
        this.bundleContext = bundleContext;
        this.slingId = slingSettingsService.getSlingId();
        this.productInfoService = productInfoService;
        this.checkInterval = config.checkInternval();
        if (this.checkInterval < 1000) {
            this.excludePing = true;
        } else {
            boolean z = false;
            String[] excludeIds = config.excludeIds();
            if (excludeIds != null) {
                int length = excludeIds.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (this.slingId.equals(excludeIds[i])) {
                        z = true;
                        break;
                    }
                    i++;
                }
            }
            this.excludePing = z;
        }
        this.startTime = System.currentTimeMillis();
        this.timeStampFile = bundleContext.getDataFile(".checker.tmp");
        if (this.timeStampFile.exists()) {
            this.nextTime = this.timeStampFile.lastModified() + this.checkInterval;
        } else {
            this.nextTime = System.currentTimeMillis();
        }
        this.encryptPing = config.encryptPing();
        X509Certificate x509Certificate = null;
        if (this.encryptPing) {
            try {
                x509Certificate = loadPublicX509();
            } catch (GeneralSecurityException e) {
                this.logger.error("Unable to read public key.", e);
            }
        }
        this.publicKey = x509Certificate;
    }

    private X509Certificate loadPublicX509() throws GeneralSecurityException {
        byte[] bytes;
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            bytes = PUBLIC_KEY.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            bytes = PUBLIC_KEY.getBytes();
        }
        try {
            byteArrayInputStream = new ByteArrayInputStream(bytes);
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
            if (byteArrayInputStream != null) {
                try {
                    byteArrayInputStream.close();
                } catch (IOException e2) {
                }
            }
            return x509Certificate;
        } catch (Throwable th) {
            if (byteArrayInputStream != null) {
                try {
                    byteArrayInputStream.close();
                } catch (IOException e3) {
                }
            }
            throw th;
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String createtLicenseSnippet;
        String contentType;
        int indexOf;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!shouldIncludeLicensePing(httpServletRequest, httpServletResponse, httpServletRequest.getServletPath() + (httpServletRequest.getPathInfo() != null ? httpServletRequest.getPathInfo() : "")) || (createtLicenseSnippet = createtLicenseSnippet()) == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        BufferingResponse bufferingResponse = new BufferingResponse(httpServletResponse);
        filterChain.doFilter(servletRequest, bufferingResponse);
        String contents = bufferingResponse.getContents();
        if (contents == null || (contentType = httpServletResponse.getContentType()) == null || contentType.indexOf("html") == -1 || (indexOf = contents.indexOf("</body>")) == -1) {
            if (contents != null) {
                httpServletResponse.getWriter().write(contents);
            }
        } else {
            PrintWriter writer = httpServletResponse.getWriter();
            writer.write(contents.substring(0, indexOf));
            writer.write(createtLicenseSnippet);
            writer.write(contents.substring(indexOf));
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    private boolean shouldIncludeLicensePing(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        String header = httpServletRequest.getHeader("User-Agent");
        boolean z = "GET".equals(httpServletRequest.getMethod()) && str.endsWith(".html") && header != null && header.startsWith("Mozilla") && header.indexOf("Quickstart") < 0 && canCreateSnippet();
        if (z) {
            httpServletResponse.setHeader("Cache-Control", "no-cache");
            httpServletResponse.setHeader("dispatcher", "no-cache");
        }
        return z;
    }

    private boolean canCreateSnippet() {
        return (this.slingId == null || this.excludePing || this.productInfoService.getLicense() == null || System.currentTimeMillis() < this.nextTime) ? false : true;
    }

    private String encode(String str) {
        if (str == null) {
            return null;
        }
        try {
            return URLEncoder.encode(str, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            return str;
        }
    }

    private String createtLicenseSnippet() {
        long currentTimeMillis = System.currentTimeMillis();
        boolean z = this.nextTime <= currentTimeMillis;
        if (z) {
            synchronized (this) {
                if (this.nextTime <= currentTimeMillis) {
                    this.nextTime = currentTimeMillis + this.checkInterval;
                } else {
                    z = false;
                }
            }
        }
        if (!z) {
            return null;
        }
        StringBuilder sb = new StringBuilder(256);
        sb.append("<script type=\"text/javascript\">");
        sb.append("/* <![CDATA[ */");
        sb.append("var i=new Image();i.src=(\"https:\" == document.location.protocol ? \"https://\" : \"http://\") + \"dev.day.com/cq6.gif?");
        sb.append(encryptData(createDataString(currentTimeMillis)));
        sb.append("\";");
        sb.append("/* ]]> */");
        sb.append("</script>\n");
        if (this.timeStampFile.exists()) {
            this.timeStampFile.setLastModified(currentTimeMillis);
        } else {
            try {
                this.timeStampFile.createNewFile();
            } catch (IOException e) {
            }
        }
        return sb.toString();
    }

    private String encryptData(String str) {
        if (this.publicKey == null) {
            if (this.encryptPing) {
                this.logger.error("Unable to encrypt license ping - no public key available");
            }
            return str;
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, generateKey);
            Cipher cipher2 = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
            cipher2.init(1, this.publicKey);
            byte[] doFinal = cipher2.doFinal(generateKey.getEncoded());
            StringBuilder sb = new StringBuilder();
            sb.append("sk=");
            Formatter formatter = new Formatter(sb);
            for (byte b : doFinal) {
                formatter.format("%02x", Byte.valueOf(b));
            }
            formatter.flush();
            sb.append("&iv=");
            for (byte b2 : cipher.getIV()) {
                formatter.format("%02x", Byte.valueOf(b2));
            }
            formatter.flush();
            byte[] doFinal2 = cipher.doFinal(str.getBytes("UTF-8"));
            sb.append("&data=");
            for (byte b3 : doFinal2) {
                formatter.format("%02x", Byte.valueOf(b3));
            }
            formatter.close();
            return sb.toString();
        } catch (Exception e) {
            this.logger.error("Unable to encrypt license ping.", e);
            return str;
        }
    }

    private String createDataString(long j) {
        License license = this.productInfoService.getLicense();
        StringBuilder sb = new StringBuilder();
        sb.append("s=");
        sb.append(encode(this.slingId));
        sb.append("&u=");
        sb.append((j - this.startTime) / 1000);
        if (license.getProductVersion() != null) {
            sb.append("&v=");
            sb.append(encode(this.productInfoService.getInfos()[0].getVersion().toString()));
        }
        sb.append("&d=");
        sb.append(encode(license.getDownloadId()));
        sb.append("&j=");
        String property = System.getProperty("java.vendor");
        if (property != null) {
            int indexOf = property.indexOf(32);
            if (indexOf != -1) {
                property = property.substring(0, indexOf);
            }
            property = property + " ";
        }
        sb.append(encode(property + System.getProperty("java.version")));
        sb.append("&o=");
        sb.append(encode(System.getProperty("os.name") + " " + System.getProperty("os.version")));
        Map<String, String> loadStoreProperties = loadStoreProperties(this.bundleContext);
        sb.append("&nt=");
        sb.append(encode(loadStoreProperties.get("nodeStoreType")));
        sb.append("&nd=");
        sb.append(encode(loadStoreProperties.get("nodeStoreDescription")));
        sb.append("&bt=");
        sb.append(encode(loadStoreProperties.get("blobStoreType")));
        return sb.toString();
    }

    private Map<String, String> loadStoreProperties(BundleContext bundleContext) {
        Map map;
        String str;
        Map map2;
        HashMap hashMap = new HashMap();
        if (bundleContext == null) {
            return hashMap;
        }
        try {
            ServiceReference[] allServiceReferences = bundleContext.getAllServiceReferences("org.apache.jackrabbit.oak.spi.state.NodeStore", (String) null);
            if (allServiceReferences != null && allServiceReferences.length > 0 && (map2 = PropertiesUtil.toMap(allServiceReferences[0].getProperty("oak.nodestore.description"), (String[]) null)) != null) {
                String str2 = (String) map2.get("nodeStoreType");
                String str3 = (String) map2.get("type");
                String str4 = (String) map2.get("version");
                String str5 = (String) map2.get("db");
                if (str2 != null || str3 != null) {
                    hashMap.put("nodeStoreType", str3 == null ? str2 : str2 + " " + str3);
                }
                if (str5 == null && "mongo".equals(str3)) {
                    str5 = "MongoDB";
                }
                if (str5 != null || str4 != null) {
                    hashMap.put("nodeStoreDescription", str5 + " " + str4);
                }
            }
            ServiceReference[] allServiceReferences2 = bundleContext.getAllServiceReferences("org.apache.jackrabbit.oak.spi.blob.BlobStore", (String) null);
            if (allServiceReferences2 != null && allServiceReferences2.length > 0 && (map = PropertiesUtil.toMap(allServiceReferences2[0].getProperty("oak.blobstore.description"), (String[]) null)) != null && (str = (String) map.get("type")) != null) {
                hashMap.put("blobStoreType", str);
            }
        } catch (InvalidSyntaxException e) {
            this.logger.error("Unable to load store info");
        }
        return hashMap;
    }
}
