package org.apache.abdera.ext.oauth;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import org.apache.abdera.i18n.text.Rfc2047Helper;
import org.apache.abdera.protocol.client.AbderaClient;
import org.apache.abdera.protocol.client.util.MethodHelper;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.URIException;
import org.apache.commons.httpclient.auth.AuthScheme;
import org.apache.commons.httpclient.auth.AuthenticationException;
import org.apache.commons.httpclient.auth.RFC2617Scheme;
import org.apache.commons.httpclient.methods.DeleteMethod;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.HeadMethod;
import org.apache.commons.httpclient.methods.OptionsMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.PutMethod;

/* loaded from: input_file:org/apache/abdera/ext/oauth/OAuthScheme.class */
public class OAuthScheme extends RFC2617Scheme implements AuthScheme {
    private final int NONCE_LENGTH = 16;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/abdera/ext/oauth/OAuthScheme$OAUTH_KEYS.class */
    public enum OAUTH_KEYS {
        OAUTH_CONSUMER_KEY,
        OAUTH_TOKEN,
        OAUTH_SIGNATURE_METHOD,
        OAUTH_TIMESTAMP,
        OAUTH_NONCE,
        OAUTH_VERSION,
        OAUTH_SIGNATURE;

        public String toLowerCase() {
            return toString().toLowerCase();
        }
    }

    public static void register(AbderaClient abderaClient, boolean z) {
        AbderaClient.registerScheme("OAuth", OAuthScheme.class);
        if (z) {
            abderaClient.setAuthenticationSchemePriority("OAuth");
        } else {
            abderaClient.setAuthenticationSchemeDefaults();
        }
    }

    public String authenticate(Credentials credentials, String str, String str2) throws AuthenticationException {
        return authenticate(credentials, resolveMethod(str, str2));
    }

    public String authenticate(Credentials credentials, HttpMethod httpMethod) throws AuthenticationException {
        if (!(credentials instanceof OAuthCredentials)) {
            return null;
        }
        OAuthCredentials oAuthCredentials = (OAuthCredentials) credentials;
        String generateNonce = generateNonce();
        long time = new Date().getTime() / 1000;
        return "OAuth realm=\"" + oAuthCredentials.getRealm() + "\", " + OAUTH_KEYS.OAUTH_CONSUMER_KEY.toLowerCase() + "=\"" + oAuthCredentials.getConsumerKey() + "\", " + OAUTH_KEYS.OAUTH_TOKEN.toLowerCase() + "=\"" + oAuthCredentials.getToken() + "\", " + OAUTH_KEYS.OAUTH_SIGNATURE_METHOD.toLowerCase() + "=\"" + oAuthCredentials.getSignatureMethod() + "\", " + OAUTH_KEYS.OAUTH_SIGNATURE.toLowerCase() + "=\"" + generateSignature(oAuthCredentials, httpMethod, generateNonce, time) + "\", " + OAUTH_KEYS.OAUTH_TIMESTAMP.toLowerCase() + "=\"" + time + "\", " + OAUTH_KEYS.OAUTH_NONCE.toLowerCase() + "=\"" + generateNonce + "\", " + OAUTH_KEYS.OAUTH_VERSION.toLowerCase() + "=\"" + oAuthCredentials.getVersion() + "\"";
    }

    private HttpMethod resolveMethod(String str, String str2) throws AuthenticationException {
        return str.equalsIgnoreCase("get") ? new GetMethod(str2) : str.equalsIgnoreCase("post") ? new PostMethod(str2) : str.equalsIgnoreCase("put") ? new PutMethod(str2) : str.equalsIgnoreCase("delete") ? new DeleteMethod(str2) : str.equalsIgnoreCase("head") ? new HeadMethod(str2) : str.equalsIgnoreCase("options") ? new OptionsMethod(str2) : new MethodHelper.ExtensionMethod(str, str2);
    }

    private String generateSignature(OAuthCredentials oAuthCredentials, HttpMethod httpMethod, String str, long j) throws AuthenticationException {
        try {
            return sign(oAuthCredentials.getSignatureMethod(), URLEncoder.encode(httpMethod.getName().toUpperCase() + httpMethod.getURI().toString() + OAUTH_KEYS.OAUTH_CONSUMER_KEY.toLowerCase() + "=" + oAuthCredentials.getConsumerKey() + OAUTH_KEYS.OAUTH_TOKEN.toLowerCase() + "=" + oAuthCredentials.getToken() + OAUTH_KEYS.OAUTH_SIGNATURE_METHOD.toLowerCase() + "=" + oAuthCredentials.getSignatureMethod() + OAUTH_KEYS.OAUTH_TIMESTAMP.toLowerCase() + "=" + j + OAUTH_KEYS.OAUTH_NONCE.toLowerCase() + "=" + str + OAUTH_KEYS.OAUTH_VERSION.toLowerCase() + "=" + oAuthCredentials.getVersion(), Rfc2047Helper.DEFAULT_CHARSET), oAuthCredentials.getCert());
        } catch (UnsupportedEncodingException e) {
            throw new AuthenticationException(e.getMessage(), e);
        } catch (URIException e2) {
            throw new AuthenticationException(e2.getMessage(), e2);
        }
    }

    private String generateNonce() throws AuthenticationException {
        try {
            byte[] bArr = new byte[16];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
            return new String(Hex.encodeHex(bArr));
        } catch (Exception e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    private String sign(String str, String str2, Certificate certificate) throws AuthenticationException {
        if (str.equalsIgnoreCase("HMAC-MD5") || str.equalsIgnoreCase("HMAC-SHA1")) {
            try {
                String[] split = str.split("-");
                KeyGenerator keyGenerator = KeyGenerator.getInstance(split[0].substring(0, 1).toUpperCase() + split[0].substring(1).toLowerCase() + split[1]);
                Mac mac = Mac.getInstance(keyGenerator.getAlgorithm());
                mac.init(keyGenerator.generateKey());
                return new String(Base64.encodeBase64(mac.doFinal(str2.getBytes())));
            } catch (Exception e) {
                throw new AuthenticationException(e.getMessage(), e);
            }
        }
        if (str.equalsIgnoreCase("md5")) {
            return new String(Base64.encodeBase64(DigestUtils.md5(str2)));
        }
        if (str.equalsIgnoreCase("sha1")) {
            return new String(Base64.encodeBase64(DigestUtils.sha(str2)));
        }
        if (!str.equalsIgnoreCase("RSA-SHA1")) {
            throw new AuthenticationException("unsupported algorithm method: " + str);
        }
        if (certificate == null) {
            throw new AuthenticationException("a cert is mandatory to use SHA1 with RSA");
        }
        try {
            Cipher cipher = Cipher.getInstance("SHA1withRSA");
            cipher.init(1, certificate);
            return new String(Base64.encodeBase64(cipher.doFinal(str2.getBytes())));
        } catch (Exception e2) {
            throw new AuthenticationException(e2.getMessage(), e2);
        }
    }

    public String getSchemeName() {
        return "OAuth";
    }

    public boolean isComplete() {
        return true;
    }

    public boolean isConnectionBased() {
        return true;
    }
}
