package org.apache.cxf.rs.security.httpsignature;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.httpsignature.exception.MissingSignatureHeaderException;
import org.apache.cxf.rs.security.httpsignature.exception.MultipleSignatureHeaderException;
import org.apache.cxf.rs.security.httpsignature.provider.AlgorithmProvider;
import org.apache.cxf.rs.security.httpsignature.provider.KeyProvider;
import org.apache.cxf.rs.security.httpsignature.provider.SecurityProvider;
import org.apache.cxf.rs.security.httpsignature.utils.DefaultSignatureConstants;
import org.apache.cxf.rs.security.httpsignature.utils.SignatureHeaderUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/httpsignature/MessageVerifier.class */
public class MessageVerifier {
    private static final Logger LOG = LogUtils.getL7dLogger(MessageVerifier.class);
    private AlgorithmProvider algorithmProvider;
    private KeyProvider keyProvider;
    private SecurityProvider securityProvider;
    private final SignatureValidator signatureValidator;
    private final List<String> requiredHeaders;
    private boolean addDefaultRequiredHeaders;

    public MessageVerifier(KeyProvider keyProvider) {
        this(keyProvider, (List<String>) null);
    }

    public MessageVerifier(KeyProvider keyProvider, List<String> list) {
        this(keyProvider, null, str -> {
            return DefaultSignatureConstants.SIGNING_ALGORITHM;
        }, list);
    }

    public MessageVerifier(KeyProvider keyProvider, AlgorithmProvider algorithmProvider) {
        this(keyProvider, null, algorithmProvider, Collections.emptyList());
    }

    public MessageVerifier(KeyProvider keyProvider, SecurityProvider securityProvider, AlgorithmProvider algorithmProvider) {
        this(keyProvider, securityProvider, algorithmProvider, Collections.emptyList());
    }

    public MessageVerifier(KeyProvider keyProvider, SecurityProvider securityProvider, AlgorithmProvider algorithmProvider, List<String> list) {
        this(keyProvider, securityProvider, algorithmProvider, list, new TomitribeSignatureValidator());
    }

    public MessageVerifier(KeyProvider keyProvider, SecurityProvider securityProvider, AlgorithmProvider algorithmProvider, List<String> list, SignatureValidator signatureValidator) {
        this.addDefaultRequiredHeaders = true;
        setkeyProvider(keyProvider);
        setSecurityProvider(securityProvider);
        setAlgorithmProvider(algorithmProvider);
        this.requiredHeaders = list == null ? Collections.emptyList() : list;
        this.signatureValidator = signatureValidator;
    }

    public final void setkeyProvider(KeyProvider keyProvider) {
        this.keyProvider = (KeyProvider) Objects.requireNonNull(keyProvider, "public key provider cannot be null");
    }

    public final void setSecurityProvider(SecurityProvider securityProvider) {
        this.securityProvider = securityProvider;
    }

    public final void setAlgorithmProvider(AlgorithmProvider algorithmProvider) {
        this.algorithmProvider = (AlgorithmProvider) Objects.requireNonNull(algorithmProvider, "algorithm provider cannot be null");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v46, types: [java.util.List] */
    public void verifyMessage(Map<String, List<String>> map, String str, String str2, Message message) {
        SignatureHeaderUtils.inspectMessageHeaders(map);
        inspectMissingSignatureHeader(map);
        inspectMultipleSignatureHeaders(map);
        ArrayList arrayList = new ArrayList(this.requiredHeaders);
        if (this.requiredHeaders.isEmpty() && message.getContextualProperty(HTTPSignatureConstants.RSSEC_HTTP_SIGNATURE_IN_HEADERS) != null) {
            arrayList = CastUtils.cast((List) message.getContextualProperty(HTTPSignatureConstants.RSSEC_HTTP_SIGNATURE_IN_HEADERS));
        }
        boolean isRequestor = MessageUtils.isRequestor(message);
        if (this.addDefaultRequiredHeaders) {
            if (!isRequestor && !arrayList.contains(HTTPSignatureConstants.REQUEST_TARGET)) {
                arrayList.add(HTTPSignatureConstants.REQUEST_TARGET);
            }
            if (!arrayList.contains("digest")) {
                arrayList.add("digest");
            }
        }
        Integer num = (Integer) message.get(Message.RESPONSE_CODE);
        if ((isRequestor && (num.intValue() < 200 || num.intValue() >= 300 || num.intValue() == 204)) || (!isRequestor && ("GET".equalsIgnoreCase(str) || "HEAD".equalsIgnoreCase(str)))) {
            arrayList.remove("digest");
        }
        LOG.fine("Starting signature verification");
        this.signatureValidator.validate(map, this.algorithmProvider, this.keyProvider, this.securityProvider, str, str2, arrayList);
        LOG.fine("Finished signature verification");
    }

    private void inspectMultipleSignatureHeaders(Map<String, List<String>> map) {
        if (map.get("Signature").size() > 1) {
            throw new MultipleSignatureHeaderException("there are multiple signature headers in request");
        }
    }

    private void inspectMissingSignatureHeader(Map<String, List<String>> map) {
        if (!map.containsKey("Signature")) {
            throw new MissingSignatureHeaderException("there is no signature header in request");
        }
    }

    public boolean isAddDefaultRequiredHeaders() {
        return this.addDefaultRequiredHeaders;
    }

    public void setAddDefaultRequiredHeaders(boolean z) {
        this.addDefaultRequiredHeaders = z;
    }
}
