package org.geoserver.web;

import java.security.GeneralSecurityException;
import java.util.logging.Logger;
import javax.servlet.http.HttpSession;
import org.apache.wicket.RequestCycle;
import org.apache.wicket.protocol.http.servlet.ServletWebRequest;
import org.apache.wicket.util.crypt.AbstractCrypt;
import org.apache.wicket.util.crypt.ICrypt;
import org.apache.wicket.util.crypt.ICryptFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.GeoServerSecurityManager;
import org.geotools.util.logging.Logging;
import org.jasypt.encryption.pbe.StandardPBEByteEncryptor;

/* loaded from: input_file:WEB-INF/lib/web-core-2.4-SNAPSHOT.jar:org/geoserver/web/GeoserverWicketEncrypterFactory.class */
public class GeoserverWicketEncrypterFactory implements ICryptFactory {
    static ICryptFactory Factory;
    protected static Logger LOGGER = Logging.getLogger("org.geoserver.security");
    static final String ICRYPT_ATTR_NAME = "__ICRYPT";
    ICrypt NoCrypt = new ICrypt() { // from class: org.geoserver.web.GeoserverWicketEncrypterFactory.1
        @Override // org.apache.wicket.util.crypt.ICrypt
        public String decryptUrlSafe(String str) {
            return str;
        }

        @Override // org.apache.wicket.util.crypt.ICrypt
        public String encryptUrlSafe(String str) {
            return str;
        }

        @Override // org.apache.wicket.util.crypt.ICrypt
        public void setKey(String str) {
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/web-core-2.4-SNAPSHOT.jar:org/geoserver/web/GeoserverWicketEncrypterFactory$CryptImpl.class */
    public class CryptImpl extends AbstractCrypt {
        protected StandardPBEByteEncryptor enc;

        CryptImpl(StandardPBEByteEncryptor standardPBEByteEncryptor) {
            this.enc = standardPBEByteEncryptor;
        }

        @Override // org.apache.wicket.util.crypt.AbstractCrypt
        protected byte[] crypt(byte[] bArr, int i) throws GeneralSecurityException {
            return i == 1 ? this.enc.encrypt(bArr) : this.enc.decrypt(bArr);
        }
    }

    public static ICryptFactory get() {
        if (Factory != null) {
            return Factory;
        }
        Factory = (ICryptFactory) GeoServerExtensions.bean(ICryptFactory.class);
        if (Factory == null) {
            Factory = new GeoserverWicketEncrypterFactory();
        }
        return Factory;
    }

    protected GeoserverWicketEncrypterFactory() {
    }

    @Override // org.apache.wicket.util.crypt.ICryptFactory
    public ICrypt newCrypt() {
        HttpSession session = ((ServletWebRequest) RequestCycle.get().getRequest()).getHttpServletRequest().getSession(false);
        if (session != null) {
            return getEncrypterFromSession(session);
        }
        LOGGER.warning("No session availabe to get url parameter encrypter");
        return this.NoCrypt;
    }

    protected ICrypt getEncrypterFromSession(HttpSession httpSession) {
        ICrypt iCrypt = (ICrypt) httpSession.getAttribute(ICRYPT_ATTR_NAME);
        if (iCrypt != null) {
            return iCrypt;
        }
        GeoServerSecurityManager securityManager = GeoServerApplication.get().getSecurityManager();
        char[] randomPasswordWithDefaultLength = securityManager.getRandomPassworddProvider().getRandomPasswordWithDefaultLength();
        StandardPBEByteEncryptor standardPBEByteEncryptor = new StandardPBEByteEncryptor();
        standardPBEByteEncryptor.setPasswordCharArray(randomPasswordWithDefaultLength);
        securityManager.disposePassword(randomPasswordWithDefaultLength);
        if (securityManager.isStrongEncryptionAvailable()) {
            standardPBEByteEncryptor.setProvider(new BouncyCastleProvider());
            standardPBEByteEncryptor.setAlgorithm("PBEWITHSHA256AND128BITAES-CBC-BC");
        } else {
            standardPBEByteEncryptor.setAlgorithm("PBEWITHMD5ANDDES");
        }
        CryptImpl cryptImpl = new CryptImpl(standardPBEByteEncryptor);
        httpSession.setAttribute(ICRYPT_ATTR_NAME, cryptImpl);
        return cryptImpl;
    }
}
