package org.mule.session;

import java.io.IOException;
import java.io.InvalidClassException;
import java.io.StreamCorruptedException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang.SerializationException;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.mule.api.MuleException;
import org.mule.api.MuleMessage;
import org.mule.api.MuleRuntimeException;
import org.mule.api.MuleSession;
import org.mule.api.config.MuleProperties;
import org.mule.api.model.SessionException;
import org.mule.config.i18n.CoreMessages;
import org.mule.config.i18n.Message;
import org.mule.config.i18n.MessageFactory;
import org.mule.util.Base64;
import org.mule.util.ClassSpecificObjectInputStream;
import org.mule.util.SerializationUtils;

/* loaded from: input_file:org/mule/session/SerializeAndEncodeSessionHandler.class */
public class SerializeAndEncodeSessionHandler extends SerializeOnlySessionHandler {
    private static final byte[] SECRET_KEY;
    private static final int SIGNATURE_LENGTH = 32;
    private static final Mac MAC_SIGNER;
    public static final String SESSION_SIGN_SECRET_KEY = "mule.session.sign.secretKey";
    public static final String SESSION_SIGN_CH_SECRET_KEY = "mule.session.sign.cloudHub.secretKey";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/mule/session/SerializeAndEncodeSessionHandler$SessionSignatureException.class */
    public static final class SessionSignatureException extends MuleRuntimeException {
        private static final long serialVersionUID = 2605972894599363699L;

        public SessionSignatureException(Message message) {
            super(message);
        }
    }

    @Override // org.mule.session.SerializeOnlySessionHandler, org.mule.api.transport.SessionHandler
    public MuleSession retrieveSessionInfoFromMessage(MuleMessage muleMessage) throws MuleException {
        MuleSession muleSession = null;
        String str = (String) muleMessage.getInboundProperty(MuleProperties.MULE_SESSION_PROPERTY);
        if (str != null) {
            byte[] decode = Base64.decode(str);
            if (decode != null) {
                String endpoint = getEndpoint(muleMessage);
                boolean z = false;
                boolean z2 = false;
                try {
                    decode = getSigned(decode, endpoint);
                    z2 = true;
                } catch (SessionSignatureException e) {
                    if (isFallbackAllowed(endpoint)) {
                        z = true;
                    } else {
                        logger.warn("Session could not be deserialized: " + e.getMessage());
                        muleSession = null;
                    }
                }
                if ((z || z2) && decode != null) {
                    try {
                        muleSession = (MuleSession) SerializationUtils.deserialize(decode, muleMessage.getMuleContext(), new ClassSpecificObjectInputStream.Provider(DefaultMuleSession.class));
                    } catch (SerializationException e2) {
                        Throwable rootCause = ExceptionUtils.getRootCause(e2);
                        if (rootCause == null || !((rootCause instanceof InvalidClassException) || (rootCause instanceof StreamCorruptedException))) {
                            throw e2;
                        }
                        logger.warn("Session could not be deserialized due to class incompatibility: " + e2.getCause().getMessage());
                        muleSession = null;
                    }
                    if (z && muleSession != null && !muleSession.getPropertyNamesAsSet().isEmpty()) {
                        logger.warn("Deserialized a non-empty session in grace period.");
                    }
                }
            }
        }
        return muleSession;
    }

    @Override // org.mule.session.SerializeOnlySessionHandler, org.mule.api.transport.SessionHandler
    public void storeSessionInfoToMessage(MuleSession muleSession, MuleMessage muleMessage) throws MuleException {
        byte[] serialize = org.apache.commons.lang.SerializationUtils.serialize((SECRET_KEY != null || this.ACTIVATE_NATIVE_SESSION_SERIALIZATION) ? removeNonSerializableProperties(muleSession, muleMessage.getMuleContext()) : new DefaultMuleSession());
        if (SECRET_KEY != null && System.currentTimeMillis() > ENFORCE_SERIALIZATION_SINCE_TIMESTAMP.longValue()) {
            serialize = sign(serialize);
        }
        try {
            String encodeBytes = Base64.encodeBytes(serialize, 8);
            if (logger.isDebugEnabled()) {
                logger.debug("Adding serialized and base64-encoded Session header to message: " + encodeBytes);
            }
            muleMessage.setOutboundProperty(MuleProperties.MULE_SESSION_PROPERTY, encodeBytes);
        } catch (IOException e) {
            throw new SessionException(MessageFactory.createStaticMessage("Unable to serialize MuleSession"), e);
        }
    }

    private byte[] getSigned(byte[] bArr, String str) {
        if (SECRET_KEY == null && !this.ACTIVATE_NATIVE_SESSION_SERIALIZATION) {
            if (isFallbackAllowed(str)) {
                throw new SessionSignatureException(CoreMessages.createStaticMessage("Trying to deserialize a session but no signature validation key specified."));
            }
            if (bArr.length <= 0) {
                return null;
            }
            logger.warn("Trying to deserialize a session but no signature validation key specified.");
            return null;
        }
        if (bArr.length < 33 || bArr[0] != 1) {
            throw new SessionSignatureException(CoreMessages.createStaticMessage("Serialized session data does not contain a signature!"));
        }
        byte[] bArr2 = new byte[SIGNATURE_LENGTH];
        byte[] bArr3 = new byte[(bArr.length - SIGNATURE_LENGTH) - 1];
        System.arraycopy(bArr, 1, bArr2, 0, SIGNATURE_LENGTH);
        System.arraycopy(bArr, 33, bArr3, 0, (bArr.length - SIGNATURE_LENGTH) - 1);
        if (Arrays.equals(bArr2, calcHmac(SECRET_KEY, bArr3))) {
            return bArr3;
        }
        throw new SessionSignatureException(CoreMessages.createStaticMessage("Signatures do not match for deserializing session!"));
    }

    private byte[] sign(byte[] bArr) {
        byte[] calcHmac = calcHmac(SECRET_KEY, bArr);
        byte[] bArr2 = new byte[33 + bArr.length];
        bArr2[0] = 1;
        System.arraycopy(calcHmac, 0, bArr2, 1, SIGNATURE_LENGTH);
        System.arraycopy(bArr, 0, bArr2, 33, bArr.length);
        return bArr2;
    }

    public static synchronized byte[] calcHmac(byte[] bArr, byte[] bArr2) {
        try {
            return MAC_SIGNER.doFinal(bArr2);
        } catch (Exception e) {
            throw new RuntimeException("Failed to calculate hmac", e);
        }
    }

    static {
        Log log = LogFactory.getLog(SerializeAndEncodeSessionHandler.class);
        try {
            if (System.getProperty(SESSION_SIGN_SECRET_KEY) != null) {
                SECRET_KEY = System.getProperty(SESSION_SIGN_SECRET_KEY).getBytes(Base64.PREFERRED_ENCODING);
            } else if (System.getProperty(SESSION_SIGN_CH_SECRET_KEY) != null) {
                SECRET_KEY = System.getProperty(SESSION_SIGN_CH_SECRET_KEY).getBytes(Base64.PREFERRED_ENCODING);
            } else {
                SECRET_KEY = null;
            }
            if (SECRET_KEY != null) {
                try {
                    MAC_SIGNER = Mac.getInstance("HmacSHA256");
                    MAC_SIGNER.init(new SecretKeySpec(SECRET_KEY, "HmacSHA256"));
                } catch (InvalidKeyException e) {
                    log.error("Could not init class 'SerializeAndEncodeSessionHandler'", e);
                    throw new MuleRuntimeException(e);
                } catch (NoSuchAlgorithmException e2) {
                    log.error("Could not init class 'SerializeAndEncodeSessionHandler'", e2);
                    throw new MuleRuntimeException(e2);
                }
            } else {
                MAC_SIGNER = null;
            }
        } catch (UnsupportedEncodingException e3) {
            throw new MuleRuntimeException(e3);
        }
    }
}
