package be.fedict.eid.applet.service.impl;

import java.io.Serializable;
import java.security.SecureRandom;
import java.util.Date;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:be/fedict/eid/applet/service/impl/AuthenticationChallenge.class */
public class AuthenticationChallenge implements Serializable {
    private static final long serialVersionUID = 1;
    public static final long DEFAULT_MAX_MATURITY = 300000;
    private final byte[] challenge = new byte[20];
    private final Date timestamp;
    private static final Log LOG = LogFactory.getLog(AuthenticationChallenge.class);
    public static final String AUTHN_CHALLENGE_SESSION_ATTRIBUTE = AuthenticationChallenge.class.getName();
    private static final SecureRandom secureRandom = new SecureRandom();

    private AuthenticationChallenge() {
        secureRandom.nextBytes(this.challenge);
        secureRandom.setSeed(System.currentTimeMillis());
        this.timestamp = new Date();
    }

    public static byte[] generateChallenge(HttpSession httpSession) {
        AuthenticationChallenge authenticationChallenge = new AuthenticationChallenge();
        if (null != httpSession.getAttribute(AUTHN_CHALLENGE_SESSION_ATTRIBUTE)) {
            LOG.warn("overwriting a previous authentication challenge");
        }
        httpSession.setAttribute(AUTHN_CHALLENGE_SESSION_ATTRIBUTE, authenticationChallenge);
        return authenticationChallenge.getChallenge();
    }

    private byte[] getChallenge() {
        return this.challenge;
    }

    private Date getTimestamp() {
        return this.timestamp;
    }

    public static byte[] getAuthnChallenge(HttpSession httpSession, Long l) {
        AuthenticationChallenge authenticationChallenge = (AuthenticationChallenge) httpSession.getAttribute(AUTHN_CHALLENGE_SESSION_ATTRIBUTE);
        if (null == authenticationChallenge) {
            throw new SecurityException("no challenge in session");
        }
        httpSession.removeAttribute(AUTHN_CHALLENGE_SESSION_ATTRIBUTE);
        Date date = new Date();
        if (null == l) {
            l = 300000L;
        }
        if (date.getTime() - authenticationChallenge.getTimestamp().getTime() > l.longValue()) {
            throw new SecurityException("maximum challenge maturity reached");
        }
        return authenticationChallenge.getChallenge();
    }

    public static byte[] getAuthnChallenge(HttpSession httpSession) {
        return getAuthnChallenge(httpSession, null);
    }

    static {
        secureRandom.setSeed(System.currentTimeMillis());
    }
}
