package org.springframework.security.core.token;

import java.security.SecureRandom;
import java.util.Date;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.codec.Utf8;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:spg-admin-ui-war-2.1.41rel-2.1.24.war:WEB-INF/lib/spring-security-core-3.1.1.RELEASE.jar:org/springframework/security/core/token/KeyBasedPersistenceTokenService.class */
public class KeyBasedPersistenceTokenService implements TokenService, InitializingBean {
    private int pseudoRandomNumberBits = 256;
    private String serverSecret;
    private Integer serverInteger;
    private SecureRandom secureRandom;

    @Override // org.springframework.security.core.token.TokenService
    public Token allocateToken(String str) {
        Assert.notNull(str, "Must provided non-null extendedInformation (but it can be empty)");
        long time = new Date().getTime();
        String computeServerSecretApplicableAt = computeServerSecretApplicableAt(time);
        String str2 = Long.toString(time) + ":" + generatePseudoRandomNumber() + ":" + str;
        return new DefaultToken(Utf8.decode(Base64.encode(Utf8.encode(str2 + ":" + Sha512DigestUtils.shaHex(str2 + ":" + computeServerSecretApplicableAt)))), time, str);
    }

    @Override // org.springframework.security.core.token.TokenService
    public Token verifyToken(String str) {
        if (str == null || "".equals(str)) {
            return null;
        }
        String[] delimitedListToStringArray = StringUtils.delimitedListToStringArray(Utf8.decode(Base64.decode(Utf8.encode(str))), ":");
        Assert.isTrue(delimitedListToStringArray.length >= 4, "Expected 4 or more tokens but found " + delimitedListToStringArray.length);
        try {
            long longValue = Long.decode(delimitedListToStringArray[0]).longValue();
            String computeServerSecretApplicableAt = computeServerSecretApplicableAt(longValue);
            String str2 = delimitedListToStringArray[1];
            StringBuilder sb = new StringBuilder();
            for (int i = 2; i < delimitedListToStringArray.length - 1; i++) {
                if (i > 2) {
                    sb.append(":");
                }
                sb.append(delimitedListToStringArray[i]);
            }
            Assert.isTrue(Sha512DigestUtils.shaHex((Long.toString(longValue) + ":" + str2 + ":" + sb.toString()) + ":" + computeServerSecretApplicableAt).equals(delimitedListToStringArray[delimitedListToStringArray.length - 1]), "Key verification failure");
            return new DefaultToken(str, longValue, sb.toString());
        } catch (NumberFormatException e) {
            throw new IllegalArgumentException("Expected number but found " + delimitedListToStringArray[0]);
        }
    }

    private String generatePseudoRandomNumber() {
        byte[] bArr = new byte[this.pseudoRandomNumberBits];
        this.secureRandom.nextBytes(bArr);
        return new String(Hex.encode(bArr));
    }

    private String computeServerSecretApplicableAt(long j) {
        return this.serverSecret + ":" + new Long(j % this.serverInteger.intValue()).intValue();
    }

    public void setServerSecret(String str) {
        this.serverSecret = str;
    }

    public void setSecureRandom(SecureRandom secureRandom) {
        this.secureRandom = secureRandom;
    }

    public void setPseudoRandomNumberBits(int i) {
        Assert.isTrue(i >= 0, "Must have a positive pseudo random number bit size");
        this.pseudoRandomNumberBits = i;
    }

    public void setServerInteger(Integer num) {
        this.serverInteger = num;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.hasText(this.serverSecret, "Server secret required");
        Assert.notNull(this.serverInteger, "Server integer required");
        Assert.notNull(this.secureRandom, "SecureRandom instance required");
    }
}
