package org.apache.cxf.rs.security.oauth2.tokens.mac;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.eclipse.persistence.internal.helper.Helper;

/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.class */
public class MacAccessTokenValidator implements AccessTokenValidator {
    private OAuthDataProvider dataProvider;
    private NonceVerifier nonceVerifier;

    @Override // org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator
    public List<String> getSupportedAuthorizationSchemes() {
        return Collections.singletonList(OAuthConstants.MAC_AUTHORIZATION_SCHEME);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator
    public AccessTokenValidation validateAccessToken(MessageContext messageContext, String str, String str2) throws OAuthServiceException {
        HttpRequestProperties httpRequestProperties = new HttpRequestProperties(messageContext.getUriInfo().getRequestUri(), messageContext.getHttpServletRequest().getMethod());
        Map<String, String> schemeParameters = getSchemeParameters(str2);
        MacAuthorizationScheme macAuthorizationScheme = new MacAuthorizationScheme(httpRequestProperties, schemeParameters);
        MacAccessToken validateSchemeData = validateSchemeData(macAuthorizationScheme, schemeParameters.get("mac"));
        validateTimestampNonce(validateSchemeData, macAuthorizationScheme.getTimestamp(), macAuthorizationScheme.getNonce());
        return new AccessTokenValidation(validateSchemeData);
    }

    private static Map<String, String> getSchemeParameters(String str) {
        String[] split = str.split(",");
        HashMap hashMap = new HashMap();
        for (String str2 : split) {
            String[] split2 = str2.trim().split("=", 2);
            hashMap.put(split2[0].trim(), split2[1].trim().replaceAll(Helper.DEFAULT_DATABASE_DELIMITER, ""));
        }
        return hashMap;
    }

    protected void validateTimestampNonce(MacAccessToken macAccessToken, String str, String str2) {
        if (this.nonceVerifier != null) {
            this.nonceVerifier.verifyNonce(macAccessToken.getTokenKey(), str2, str);
        }
    }

    private MacAccessToken validateSchemeData(MacAuthorizationScheme macAuthorizationScheme, String str) {
        ServerAccessToken accessToken = this.dataProvider.getAccessToken(macAuthorizationScheme.getMacKey());
        if (!(accessToken instanceof MacAccessToken)) {
            throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
        }
        MacAccessToken macAccessToken = (MacAccessToken) accessToken;
        String normalizedRequestString = macAuthorizationScheme.getNormalizedRequestString();
        try {
            if (!Arrays.equals(HmacUtils.computeHmac(macAccessToken.getMacKey(), HmacAlgorithm.toHmacAlgorithm(macAccessToken.getMacAlgorithm()), normalizedRequestString), Base64Utility.decode(str))) {
                AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(OAuthConstants.MAC_AUTHORIZATION_SCHEME));
            }
            return macAccessToken;
        } catch (Base64Exception e) {
            throw new OAuthServiceException(OAuthConstants.SERVER_ERROR, e);
        }
    }

    public void setDataProvider(OAuthDataProvider oAuthDataProvider) {
        this.dataProvider = oAuthDataProvider;
    }

    public void setNonceVerifier(NonceVerifier nonceVerifier) {
        this.nonceVerifier = nonceVerifier;
    }
}
