package org.apache.cxf.rs.security.oauth2.tokens.mac;

import java.security.SecureRandom;
import java.util.Map;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties;
import org.apache.cxf.rs.security.oauth2.common.AccessToken;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;

/* loaded from: input_file:lib/cxf-rt-rs-security-oauth2-2.6.2.jar:org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.class */
public class MacAuthorizationScheme {
    private static final String SEPARATOR = "\n";
    private HttpRequestProperties props;
    private String macKey;
    private String timestamp;
    private String nonce;

    public MacAuthorizationScheme(HttpRequestProperties httpRequestProperties, AccessToken accessToken) {
        this.props = httpRequestProperties;
        this.macKey = accessToken.getTokenKey();
        this.timestamp = Long.toString(System.currentTimeMillis());
        this.nonce = generateNonce(accessToken.getIssuedAt());
    }

    public MacAuthorizationScheme(HttpRequestProperties httpRequestProperties, Map<String, String> map) {
        this.props = httpRequestProperties;
        this.macKey = map.get("id");
        this.timestamp = map.get(OAuthConstants.MAC_TOKEN_EXTENSION);
        this.nonce = map.get(OAuthConstants.MAC_TOKEN_NONCE);
    }

    public String getMacKey() {
        return this.macKey;
    }

    public String getTimestamp() {
        return this.timestamp;
    }

    public String getNonce() {
        return this.nonce;
    }

    public String toAuthorizationHeader(String str, String str2) {
        String computeSignature = HmacUtils.computeSignature(str, str2, getNormalizedRequestString());
        StringBuilder sb = new StringBuilder();
        sb.append(OAuthConstants.MAC_AUTHORIZATION_SCHEME).append(" ");
        addParameter(sb, "id", this.macKey, false);
        addParameter(sb, OAuthConstants.MAC_TOKEN_NONCE, this.nonce, false);
        addParameter(sb, "mac", computeSignature, false);
        addParameter(sb, OAuthConstants.MAC_TOKEN_EXTENSION, this.timestamp, false);
        return sb.toString();
    }

    private static void addParameter(StringBuilder sb, String str, String str2, boolean z) {
        sb.append(str).append('=').append('\"').append(str2).append('\"');
        if (z) {
            return;
        }
        sb.append(',');
    }

    public String getNormalizedRequestString() {
        String requestPath = this.props.getRequestPath();
        if (!StringUtils.isEmpty(this.props.getRequestQuery())) {
            requestPath = requestPath + "?" + normalizeQuery(this.props.getRequestQuery());
        }
        return this.nonce + SEPARATOR + this.props.getHttpMethod().toUpperCase() + SEPARATOR + requestPath + SEPARATOR + this.props.getHostName() + SEPARATOR + this.props.getPort() + SEPARATOR + "" + SEPARATOR + this.timestamp + SEPARATOR;
    }

    private static String normalizeQuery(String str) {
        return str;
    }

    private static String generateNonce(long j) {
        long currentTimeMillis = (System.currentTimeMillis() / 1000) - j;
        if (currentTimeMillis == 0) {
            currentTimeMillis = 1;
        }
        byte[] bArr = new byte[20];
        new SecureRandom().nextBytes(bArr);
        return Long.toString(currentTimeMillis) + ":" + Base64Utility.encode(bArr);
    }
}
