package com.pingidentity.pf.pcv;

import com.unboundid.util.ssl.SSLUtil;
import java.io.BufferedReader;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Null;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.logging.Log;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;

/* loaded from: input_file:com/pingidentity/pf/pcv/HIBPPool.class */
public class HIBPPool implements Closeable {
    private static final String SHA1_ALGORITHM = "SHA-1";
    private static final int SHA1_LENGTH = 20;
    private static final String PROTOCOL_HTTPS = "https";
    private String serviceURL;
    private Runnable noiseGenerator;
    private MessageDigest messageDigest;
    private CloseableHttpClient liveCloseableHttpClient;
    private ExecutorService executorService;
    Log logger;

    private HIBPPool(CloseableHttpClient closeableHttpClient) throws NoSuchAlgorithmException {
        initializeDigest();
        this.liveCloseableHttpClient = closeableHttpClient;
    }

    public static HIBPPool build(@NotNull SSLUtil sSLUtil, @Null Integer num, @Null Integer num2, @Null Long l, @NotNull String str, @NotNull Log log) {
        if (num == null) {
            num = Integer.valueOf(HIBP.MAX_POOL_SIZE_DEFAULT.intValue());
        }
        try {
            PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(RegistryBuilder.create().register(PROTOCOL_HTTPS, new SSLConnectionSocketFactory(sSLUtil.createSSLContext())).build());
            poolingHttpClientConnectionManager.setMaxTotal(num.intValue());
            return new HIBPPool(HttpClients.custom().setConnectionManager(poolingHttpClientConnectionManager).setConnectionManagerShared(true).build()).withLogger(log).withServiceURL(str).startNoiseThread(num2, l);
        } catch (GeneralSecurityException e) {
            log.error(e.getMessage());
            return null;
        }
    }

    private HIBPPool withServiceURL(String str) {
        this.serviceURL = str;
        return this;
    }

    private HIBPPool startNoiseThread(@Null Integer num, @Null Long l) {
        if (num != null && num.intValue() > 0) {
            this.executorService = Executors.newSingleThreadExecutor();
            this.noiseGenerator = new HIBPPoolNoiseGenerator(this, num, l);
            this.executorService.execute(this.noiseGenerator);
        }
        return this;
    }

    private HIBPPool withLogger(@NotNull Log log) {
        this.logger = log;
        return this;
    }

    private void initializeDigest() throws NoSuchAlgorithmException {
        this.messageDigest = MessageDigest.getInstance(SHA1_ALGORITHM);
    }

    public boolean isCompromised(byte[] bArr, boolean z) {
        if (bArr == null || bArr.length == 0) {
            return false;
        }
        this.logger.debug("Initiating compromised credentials lookup");
        if (this.messageDigest == null) {
            this.logger.fatal("Message Digest not initialized");
            return false;
        }
        byte[] digest = this.messageDigest.digest(bArr);
        if (digest == null) {
            this.logger.fatal("A digest could not be obtained");
            return false;
        }
        if (digest.length != SHA1_LENGTH) {
            this.logger.error("Digest is not the right size (size:" + digest.length + ")");
            return false;
        }
        String printHexBinary = DatatypeConverter.printHexBinary(digest);
        String substring = printHexBinary.substring(0, 5);
        String substring2 = printHexBinary.substring(5, printHexBinary.length());
        this.logger.debug("finished computing lookup key: " + substring);
        CloseableHttpResponse closeableHttpResponse = null;
        boolean z2 = false;
        try {
            try {
                CloseableHttpResponse execute = this.liveCloseableHttpClient.execute(new HttpGet(this.serviceURL + substring));
                if (!z) {
                    this.logger.debug("Request sent but ignoring response");
                } else if (200 == execute.getStatusLine().getStatusCode()) {
                    this.logger.debug("Lookup successful");
                    HttpEntity entity = execute.getEntity();
                    if (entity != null) {
                        this.logger.debug("Attempting response parsing  ...");
                        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(entity.getContent()));
                        while (true) {
                            String readLine = bufferedReader.readLine();
                            if (readLine == null) {
                                break;
                            }
                            if (substring2.equals(readLine.substring(0, 35))) {
                                this.logger.debug("Found credentials in list from HIBP");
                                z2 = true;
                                break;
                            }
                        }
                        bufferedReader.close();
                        this.logger.debug("response  parsing  complete");
                    } else {
                        this.logger.debug(" ... but no response to parse");
                    }
                } else {
                    this.logger.debug("Lookup unsuccessful: " + execute.getStatusLine());
                }
                if (execute != null) {
                    this.logger.debug("attempting to close HTTP response stream");
                    try {
                        execute.close();
                        this.logger.debug("HTTP response stream closed");
                    } catch (IOException e) {
                        this.logger.debug("Could not close HTTP response stream.");
                    }
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    this.logger.debug("attempting to close HTTP response stream");
                    try {
                        closeableHttpResponse.close();
                        this.logger.debug("HTTP response stream closed");
                    } catch (IOException e2) {
                        this.logger.debug("Could not close HTTP response stream.");
                    }
                }
                throw th;
            }
        } catch (IOException e3) {
            this.logger.error("Could not send request to HIBP - " + e3.getMessage());
            if (0 != 0) {
                this.logger.debug("attempting to close HTTP response stream");
                try {
                    closeableHttpResponse.close();
                    this.logger.debug("HTTP response stream closed");
                } catch (IOException e4) {
                    this.logger.debug("Could not close HTTP response stream.");
                }
            }
        }
        return z2;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        this.logger.info("Shutdown initiated...");
        if (this.executorService != null) {
            this.executorService.shutdown();
        }
        if (this.noiseGenerator != null) {
            ((HIBPPoolNoiseGenerator) this.noiseGenerator).shutdown();
        }
        this.liveCloseableHttpClient.close();
        this.logger.debug("Shutdown done.");
    }
}
