package org.apache.shindig.auth;

import com.google.common.collect.Maps;
import com.google.inject.Inject;
import com.google.inject.name.Named;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.apache.shindig.auth.AuthenticationHandler;

/* loaded from: input_file:org/apache/shindig/auth/UrlParameterAuthenticationHandler.class */
public class UrlParameterAuthenticationHandler implements AuthenticationHandler {
    private static final String SECURITY_TOKEN_PARAM = "st";
    private final SecurityTokenCodec securityTokenCodec;
    private final Boolean oauthSSLrequired;
    private static final Pattern AUTHORIZATION_REGEX = Pattern.compile("\\s*OAuth2\\s+(\\S*)\\s*.*");

    @Inject
    public UrlParameterAuthenticationHandler(SecurityTokenCodec securityTokenCodec, @Named("org.apache.shindig.auth.oauth2-require-ssl") Boolean bool) {
        this.securityTokenCodec = securityTokenCodec;
        this.oauthSSLrequired = bool;
    }

    @Override // org.apache.shindig.auth.AuthenticationHandler
    public String getName() {
        return AuthenticationMode.SECURITY_TOKEN_URL_PARAMETER.name();
    }

    @Override // org.apache.shindig.auth.AuthenticationHandler
    public SecurityToken getSecurityTokenFromRequest(HttpServletRequest httpServletRequest) throws AuthenticationHandler.InvalidAuthenticationException {
        Map<String, String> mappedParameters = getMappedParameters(httpServletRequest);
        try {
            if (mappedParameters.get(SecurityTokenCodec.SECURITY_TOKEN_NAME) == null) {
                return null;
            }
            return this.securityTokenCodec.createToken(mappedParameters);
        } catch (SecurityTokenException e) {
            throw new AuthenticationHandler.InvalidAuthenticationException("Malformed security token " + mappedParameters.get(SecurityTokenCodec.SECURITY_TOKEN_NAME), e);
        }
    }

    @Override // org.apache.shindig.auth.AuthenticationHandler
    public String getWWWAuthenticateHeader(String str) {
        return null;
    }

    protected SecurityTokenCodec getSecurityTokenCodec() {
        return this.securityTokenCodec;
    }

    protected Map<String, String> getMappedParameters(HttpServletRequest httpServletRequest) {
        HashMap newHashMap = Maps.newHashMap();
        boolean isSecure = this.oauthSSLrequired.booleanValue() ? httpServletRequest.isSecure() : true;
        String parameter = httpServletRequest.getParameter(SECURITY_TOKEN_PARAM);
        if (parameter == null && isSecure && httpServletRequest.getParameter("oauth_signature_method") == null) {
            parameter = httpServletRequest.getParameter("oauth_token");
        }
        if (parameter == null && isSecure) {
            Enumeration headers = httpServletRequest.getHeaders("Authorization");
            while (headers != null && headers.hasMoreElements()) {
                String str = (String) headers.nextElement();
                if (str != null) {
                    Matcher matcher = AUTHORIZATION_REGEX.matcher(str);
                    if (matcher.matches()) {
                        parameter = matcher.group(1);
                    }
                }
            }
        }
        newHashMap.put(SecurityTokenCodec.SECURITY_TOKEN_NAME, parameter);
        newHashMap.put(SecurityTokenCodec.ACTIVE_URL_NAME, getActiveUrl(httpServletRequest));
        return newHashMap;
    }

    protected String getActiveUrl(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURL().toString();
    }
}
