package org.apache.shindig.social.core.oauth;

import com.google.common.base.Strings;
import com.google.inject.Inject;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URISyntaxException;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthException;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.OAuthValidator;
import net.oauth.server.OAuthServlet;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shindig.auth.AuthenticationHandler;
import org.apache.shindig.auth.OAuthConstants;
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.util.CharsetUtil;
import org.apache.shindig.common.util.GenericDigestUtils;
import org.apache.shindig.social.opensocial.oauth.OAuthDataStore;
import org.apache.shindig.social.opensocial.oauth.OAuthEntry;

/* loaded from: input_file:WEB-INF/lib/shindig-social-api-2.5.2.jar:org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.class */
public class OAuthAuthenticationHandler implements AuthenticationHandler {
    public static final String REQUESTOR_ID_PARAM = "xoauth_requestor_id";
    private final OAuthDataStore store;
    private final OAuthValidator validator;

    @Inject
    public OAuthAuthenticationHandler(OAuthDataStore oAuthDataStore, OAuthValidator oAuthValidator) {
        this.store = oAuthDataStore;
        this.validator = oAuthValidator;
    }

    @Override // org.apache.shindig.auth.AuthenticationHandler
    public String getName() {
        return "OAuth";
    }

    @Override // org.apache.shindig.auth.AuthenticationHandler
    public String getWWWAuthenticateHeader(String str) {
        return String.format("OAuth realm=\"%s\"", str);
    }

    @Override // org.apache.shindig.auth.AuthenticationHandler
    public SecurityToken getSecurityTokenFromRequest(HttpServletRequest httpServletRequest) throws AuthenticationHandler.InvalidAuthenticationException {
        OAuthMessage message = OAuthServlet.getMessage(httpServletRequest, null);
        if (Strings.isNullOrEmpty(getParameter(message, OAuth.OAUTH_SIGNATURE))) {
            return null;
        }
        String parameter = getParameter(message, OAuthConstants.OAUTH_BODY_HASH);
        if (!Strings.isNullOrEmpty(parameter)) {
            verifyBodyHash(httpServletRequest, parameter);
        }
        try {
            return verifyMessage(message);
        } catch (OAuthProblemException e) {
            throw new AuthenticationHandler.InvalidAuthenticationException("OAuth Authentication Failure", e);
        }
    }

    protected SecurityToken verifyMessage(OAuthMessage oAuthMessage) throws OAuthProblemException {
        OAuthEntry oAuthEntry = getOAuthEntry(oAuthMessage);
        OAuthConsumer consumer = getConsumer(oAuthMessage);
        OAuthAccessor oAuthAccessor = new OAuthAccessor(consumer);
        if (oAuthEntry != null) {
            oAuthAccessor.tokenSecret = oAuthEntry.getTokenSecret();
            oAuthAccessor.accessToken = oAuthEntry.getToken();
        }
        try {
            this.validator.validateMessage(oAuthMessage, oAuthAccessor);
            return getTokenFromVerifiedRequest(oAuthMessage, oAuthEntry, consumer);
        } catch (IOException e) {
            OAuthProblemException oAuthProblemException = new OAuthProblemException(OAuth.Problems.SIGNATURE_INVALID);
            oAuthProblemException.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, e.getMessage());
            throw oAuthProblemException;
        } catch (URISyntaxException e2) {
            OAuthProblemException oAuthProblemException2 = new OAuthProblemException(OAuth.Problems.SIGNATURE_INVALID);
            oAuthProblemException2.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, e2.getMessage());
            throw oAuthProblemException2;
        } catch (OAuthProblemException e3) {
            throw e3;
        } catch (OAuthException e4) {
            OAuthProblemException oAuthProblemException3 = new OAuthProblemException(OAuth.Problems.SIGNATURE_INVALID);
            oAuthProblemException3.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, e4.getMessage());
            throw oAuthProblemException3;
        }
    }

    protected OAuthEntry getOAuthEntry(OAuthMessage oAuthMessage) throws OAuthProblemException {
        OAuthEntry oAuthEntry = null;
        String parameter = getParameter(oAuthMessage, OAuth.OAUTH_TOKEN);
        if (!Strings.isNullOrEmpty(parameter)) {
            oAuthEntry = this.store.getEntry(parameter);
            if (oAuthEntry == null) {
                OAuthProblemException oAuthProblemException = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
                oAuthProblemException.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, "cannot find token");
                throw oAuthProblemException;
            }
            if (oAuthEntry.getType() != OAuthEntry.Type.ACCESS) {
                OAuthProblemException oAuthProblemException2 = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
                oAuthProblemException2.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, "token is not an access token");
                throw oAuthProblemException2;
            }
            if (oAuthEntry.isExpired()) {
                throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
            }
        }
        return oAuthEntry;
    }

    protected OAuthConsumer getConsumer(OAuthMessage oAuthMessage) throws OAuthProblemException {
        OAuthConsumer consumer = this.store.getConsumer(getParameter(oAuthMessage, OAuth.OAUTH_CONSUMER_KEY));
        if (consumer == null) {
            throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
        }
        return consumer;
    }

    protected SecurityToken getTokenFromVerifiedRequest(OAuthMessage oAuthMessage, OAuthEntry oAuthEntry, OAuthConsumer oAuthConsumer) throws OAuthProblemException {
        if (oAuthEntry != null) {
            return new OAuthSecurityToken(oAuthEntry.getUserId(), oAuthEntry.getCallbackUrl(), oAuthEntry.getAppId(), oAuthEntry.getDomain(), oAuthEntry.getContainer(), Long.valueOf(oAuthEntry.expiresAt().getTime()));
        }
        return this.store.getSecurityTokenForConsumerRequest(oAuthConsumer.consumerKey, getParameter(oAuthMessage, REQUESTOR_ID_PARAM));
    }

    public static byte[] readBody(HttpServletRequest httpServletRequest) throws IOException {
        if (httpServletRequest.getAttribute(AuthenticationHandler.STASHED_BODY) != null) {
            return (byte[]) httpServletRequest.getAttribute(AuthenticationHandler.STASHED_BODY);
        }
        byte[] byteArray = IOUtils.toByteArray((InputStream) httpServletRequest.getInputStream());
        httpServletRequest.setAttribute(AuthenticationHandler.STASHED_BODY, byteArray);
        return byteArray;
    }

    public static String readBodyString(HttpServletRequest httpServletRequest) throws IOException {
        return IOUtils.toString(new ByteArrayInputStream(readBody(httpServletRequest)), httpServletRequest.getCharacterEncoding());
    }

    public static void verifyBodyHash(HttpServletRequest httpServletRequest, String str) throws AuthenticationHandler.InvalidAuthenticationException {
        if (httpServletRequest.getContentType() != null && httpServletRequest.getContentType().contains("application/x-www-form-urlencoded")) {
            throw new AuthenticationHandler.InvalidAuthenticationException("Cannot use oauth_body_hash with a Content-Type of application/x-www-form-urlencoded", null);
        }
        try {
            if (Arrays.equals(Base64.decodeBase64(CharsetUtil.getUtf8Bytes(str)), GenericDigestUtils.digest(readBody(httpServletRequest)))) {
            } else {
                throw new AuthenticationHandler.InvalidAuthenticationException("oauth_body_hash failed verification", null);
            }
        } catch (IOException e) {
            throw new AuthenticationHandler.InvalidAuthenticationException("Unable to read content body for oauth_body_hash verification", null);
        }
    }

    public static String getParameter(OAuthMessage oAuthMessage, String str) {
        try {
            return StringUtils.trim(oAuthMessage.getParameter(str));
        } catch (IOException e) {
            return null;
        }
    }
}
