package org.apache.shindig.gadgets.oauth2.handler;

import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import org.apache.commons.codec.binary.Base64;
import org.apache.shindig.common.crypto.Crypto;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.util.HMACType;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.oauth2.OAuth2Accessor;
import org.apache.shindig.gadgets.oauth2.OAuth2Error;
import org.apache.shindig.gadgets.oauth2.OAuth2Message;
import org.apache.shindig.gadgets.oauth2.OAuth2Token;

/* loaded from: input_file:WEB-INF/lib/shindig-gadgets-2.5.2-wso2v6.jar:org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.class */
public class MacTokenHandler implements ResourceRequestHandler {
    public static final String TOKEN_TYPE = "mac";
    private static final OAuth2Error ERROR = OAuth2Error.MAC_TOKEN_PROBLEM;

    @Override // org.apache.shindig.gadgets.oauth2.handler.ResourceRequestHandler
    public OAuth2HandlerError addOAuth2Params(OAuth2Accessor oAuth2Accessor, HttpRequest httpRequest) {
        try {
            OAuth2HandlerError validateOAuth2Params = validateOAuth2Params(oAuth2Accessor, httpRequest);
            if (validateOAuth2Params != null) {
                return validateOAuth2Params;
            }
            OAuth2Token accessToken = oAuth2Accessor.getAccessToken();
            String macExt = accessToken.getMacExt();
            if (macExt == null || macExt.length() == 0) {
                macExt = "";
            }
            String str = new String(accessToken.getSecret(), "UTF-8");
            String str2 = Long.toString((System.currentTimeMillis() / 1000) - accessToken.getIssuedAt()) + ':' + String.valueOf(Math.abs(Crypto.RAND.nextLong()));
            String bodyHash = getBodyHash(httpRequest, accessToken.getMacSecret(), accessToken.getMacAlgorithm());
            if (bodyHash == null) {
                bodyHash = "";
            }
            Uri uri = httpRequest.getUri();
            String path = uri.getPath();
            if (uri.getQuery() != null) {
                path = path + '?' + uri.getQuery();
            }
            String authority = uri.getAuthority();
            String str3 = "80";
            int indexOf = authority.indexOf(58);
            if (indexOf > 0) {
                str3 = authority.substring(indexOf + 1);
                authority = authority.substring(0, indexOf);
            } else if ("https".equals(uri.getScheme())) {
                str3 = "443";
            }
            httpRequest.setHeader("Authorization", buildHeaderString(str, str2, bodyHash, macExt, getMac(str2, httpRequest.getMethod(), path, authority, str3, bodyHash, macExt, accessToken.getMacSecret(), accessToken.getMacAlgorithm())));
            return null;
        } catch (Exception e) {
            return getError("Exception occurred " + e.getMessage(), e);
        }
    }

    private static String buildHeaderString(String str, String str2, String str3, String str4, String str5) {
        StringBuilder sb = new StringBuilder();
        sb.append(OAuth2Message.MAC_HEADER);
        sb.append(" id = \"");
        sb.append(str);
        sb.append("\",");
        sb.append(OAuth2Message.NONCE);
        sb.append("=\"");
        sb.append(str2);
        if (str3.length() > 0) {
            sb.append("\",");
            sb.append(OAuth2Message.BODYHASH);
            sb.append("=\"");
            sb.append(str3);
        }
        if (str4.length() > 0) {
            sb.append("\",");
            sb.append("ext");
            sb.append("=\"");
            sb.append(str4);
        }
        sb.append("\",");
        sb.append("mac");
        sb.append("=\"");
        sb.append(str5);
        sb.append('\"');
        return sb.toString();
    }

    private static OAuth2HandlerError validateOAuth2Params(OAuth2Accessor oAuth2Accessor, HttpRequest httpRequest) {
        if (oAuth2Accessor == null || !oAuth2Accessor.isValid() || oAuth2Accessor.isErrorResponse()) {
            return getError("accessor is invalid " + oAuth2Accessor);
        }
        if (httpRequest == null) {
            return getError("request is null");
        }
        OAuth2Token accessToken = oAuth2Accessor.getAccessToken();
        if (accessToken == null || accessToken.getTokenType().length() == 0) {
            return getError("accessToken is invalid " + accessToken);
        }
        if (!"mac".equalsIgnoreCase(accessToken.getTokenType())) {
            return getError("token type mismatch expected mac but got " + accessToken.getTokenType());
        }
        String macAlgorithm = accessToken.getMacAlgorithm();
        if (macAlgorithm == null || macAlgorithm.length() == 0) {
            return getError("invalid mac algorithm " + macAlgorithm);
        }
        if (!OAuth2Message.HMAC_SHA_1.equalsIgnoreCase(macAlgorithm)) {
            return getError("unsupported algorithm " + macAlgorithm);
        }
        byte[] macSecret = accessToken.getMacSecret();
        if (macSecret == null) {
            return getError("mac secret is null");
        }
        if (macSecret.length == 0) {
            return getError("invalid mac secret");
        }
        return null;
    }

    @Override // org.apache.shindig.gadgets.oauth2.handler.ResourceRequestHandler
    public String getTokenType() {
        return "mac";
    }

    private static String getBodyHash(HttpRequest httpRequest, byte[] bArr, String str) throws UnsupportedEncodingException, GeneralSecurityException {
        return httpRequest.getPostBodyLength() > 0 ? new String(hash(getBody(httpRequest), bArr, str), "UTF-8") : "";
    }

    private static byte[] getBody(HttpRequest httpRequest) throws UnsupportedEncodingException {
        return httpRequest.getPostBodyAsString().getBytes("UTF-8");
    }

    private static String getMac(String str, String str2, String str3, String str4, String str5, String str6, String str7, byte[] bArr, String str8) throws UnsupportedEncodingException, GeneralSecurityException {
        return new String(Base64.encodeBase64(hash(getNormalizedRequestString(str, str2, str3, str4, str5, str6, str7).toString().getBytes("UTF-8"), bArr, str8)), "UTF-8");
    }

    private static byte[] hash(byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException {
        return OAuth2Message.HMAC_SHA_1.equalsIgnoreCase(str) ? Crypto.hmacSha(bArr2, bArr, HMACType.HMACSHA1.getName()) : new byte[0];
    }

    private static StringBuilder getNormalizedRequestString(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        sb.append('\n');
        sb.append(str2);
        sb.append('\n');
        sb.append(str3);
        sb.append('\n');
        sb.append(str4);
        sb.append('\n');
        sb.append(str5);
        sb.append('\n');
        sb.append(str6);
        sb.append('\n');
        sb.append(str7);
        sb.append('\n');
        return sb;
    }

    private static OAuth2HandlerError getError(String str) {
        return getError(str, null);
    }

    private static OAuth2HandlerError getError(String str, Exception exc) {
        return new OAuth2HandlerError(ERROR, str, exc);
    }
}
