package org.apache.cxf.rs.security.httpsignature;

import java.security.Security;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.rs.security.httpsignature.exception.MissingSignatureHeaderException;
import org.apache.cxf.rs.security.httpsignature.exception.MultipleSignatureHeaderException;
import org.apache.cxf.rs.security.httpsignature.provider.AlgorithmProvider;
import org.apache.cxf.rs.security.httpsignature.provider.PublicKeyProvider;
import org.apache.cxf.rs.security.httpsignature.provider.SecurityProvider;
import org.apache.cxf.rs.security.httpsignature.utils.DefaultSignatureConstants;
import org.apache.cxf.rs.security.httpsignature.utils.SignatureHeaderUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/httpsignature/MessageVerifier.class */
public class MessageVerifier {
    private static final Logger LOG = LogUtils.getL7dLogger(MessageVerifier.class);
    private AlgorithmProvider algorithmProvider;
    private PublicKeyProvider publicKeyProvider;
    private SecurityProvider securityProvider;
    private final SignatureValidator signatureValidator;

    public MessageVerifier(PublicKeyProvider publicKeyProvider) {
        this(publicKeyProvider, str -> {
            return Security.getProvider(DefaultSignatureConstants.SECURITY_PROVIDER);
        }, str2 -> {
            return DefaultSignatureConstants.SIGNING_ALGORITHM;
        });
    }

    public MessageVerifier(PublicKeyProvider publicKeyProvider, SecurityProvider securityProvider, AlgorithmProvider algorithmProvider) {
        setPublicKeyProvider(publicKeyProvider);
        setSecurityProvider(securityProvider);
        setAlgorithmProvider(algorithmProvider);
        this.signatureValidator = new TomitribeSignatureValidator();
    }

    public final void setPublicKeyProvider(PublicKeyProvider publicKeyProvider) {
        this.publicKeyProvider = (PublicKeyProvider) Objects.requireNonNull(publicKeyProvider, "public key provider cannot be null");
    }

    public final void setSecurityProvider(SecurityProvider securityProvider) {
        this.securityProvider = (SecurityProvider) Objects.requireNonNull(securityProvider, "security provider cannot be null");
    }

    public final void setAlgorithmProvider(AlgorithmProvider algorithmProvider) {
        this.algorithmProvider = (AlgorithmProvider) Objects.requireNonNull(algorithmProvider, "algorithm provider cannot be null");
    }

    public void verifyMessage(Map<String, List<String>> map, String str, String str2) {
        SignatureHeaderUtils.inspectMessageHeaders(map);
        inspectMissingSignatureHeader(map);
        inspectMultipleSignatureHeaders(map);
        LOG.fine("Starting signature verification");
        this.signatureValidator.validate(map, this.algorithmProvider, this.publicKeyProvider, this.securityProvider, str, str2);
        LOG.fine("Finished signature verification");
    }

    private void inspectMultipleSignatureHeaders(Map<String, List<String>> map) {
        if (map.get("Signature").size() > 1) {
            throw new MultipleSignatureHeaderException("there are multiple signature headers in request");
        }
    }

    private void inspectMissingSignatureHeader(Map<String, List<String>> map) {
        if (!map.containsKey("Signature")) {
            throw new MissingSignatureHeaderException("there is no signature header in request");
        }
    }
}
