package org.apache.rave.provider.opensocial.service.impl;

import java.io.File;
import java.io.IOException;
import java.util.HashMap;
import org.apache.commons.io.FileUtils;
import org.apache.rave.model.RegionWidget;
import org.apache.rave.model.User;
import org.apache.rave.model.Widget;
import org.apache.rave.portal.model.impl.PageImpl;
import org.apache.rave.portal.model.impl.RegionImpl;
import org.apache.rave.portal.model.impl.RegionWidgetImpl;
import org.apache.rave.portal.model.impl.WidgetImpl;
import org.apache.rave.portal.service.UserService;
import org.apache.rave.provider.opensocial.exception.SecurityTokenException;
import org.apache.rave.provider.opensocial.service.SecurityTokenService;
import org.apache.shindig.auth.AbstractSecurityToken;
import org.apache.shindig.auth.BlobCrypterSecurityToken;
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.crypto.BasicBlobCrypter;
import org.apache.shindig.common.crypto.BlobCrypter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.io.ClassPathResource;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:org/apache/rave/provider/opensocial/service/impl/EncryptedBlobSecurityTokenService.class */
public class EncryptedBlobSecurityTokenService implements SecurityTokenService {
    private static Logger logger = LoggerFactory.getLogger(EncryptedBlobSecurityTokenService.class);
    public static final String EMBEDDED_KEY_PREFIX = "embedded:";
    public static final String CLASSPATH_KEY_PREFIX = "classpath:";
    private UserService userService;
    private String container;
    private String domain;
    private BlobCrypter blobCrypter;

    @Autowired
    public EncryptedBlobSecurityTokenService(UserService userService, @Value("${portal.opensocial_security.container}") String str, @Value("${portal.opensocial_security.domain}") String str2, @Value("${portal.opensocial_security.encryptionkey}") String str3) {
        this.userService = userService;
        this.container = str;
        this.domain = str2;
        if (str3.startsWith(EMBEDDED_KEY_PREFIX)) {
            this.blobCrypter = new BasicBlobCrypter(str3.substring(EMBEDDED_KEY_PREFIX.length()));
        } else if (str3.startsWith(CLASSPATH_KEY_PREFIX)) {
            try {
                this.blobCrypter = new BasicBlobCrypter(FileUtils.readFileToString(new ClassPathResource(str3.substring(CLASSPATH_KEY_PREFIX.length())).getFile(), "UTF-8"));
            } catch (IOException e) {
                throw new SecurityException("Unable to load encryption key from classpath resource: " + str3);
            }
        } else {
            try {
                this.blobCrypter = new BasicBlobCrypter(FileUtils.readFileToString(new File(str3), "UTF-8"));
            } catch (IOException e2) {
                throw new SecurityException("Unable to load encryption key from file: " + str3);
            }
        }
    }

    @Override // org.apache.rave.provider.opensocial.service.SecurityTokenService
    public SecurityToken getSecurityToken(RegionWidget regionWidget, Widget widget) throws SecurityTokenException {
        return getBlobCrypterSecurityToken(regionWidget, widget);
    }

    @Override // org.apache.rave.provider.opensocial.service.SecurityTokenService
    public String getEncryptedSecurityToken(RegionWidget regionWidget, Widget widget) throws SecurityTokenException {
        try {
            return encryptSecurityToken(getBlobCrypterSecurityToken(regionWidget, widget));
        } catch (Exception e) {
            throw new SecurityTokenException("Error creating security token from regionWidget", e);
        }
    }

    @Override // org.apache.rave.provider.opensocial.service.SecurityTokenService
    public SecurityToken decryptSecurityToken(String str) throws SecurityTokenException {
        try {
            if (logger.isTraceEnabled()) {
                logger.trace("Decrypting security token: " + str);
            }
            str = str.substring((this.container + ":").length());
            return new BlobCrypterSecurityToken(this.container, this.domain, (String) null, this.blobCrypter.unwrap(str));
        } catch (Exception e) {
            throw new SecurityTokenException("Error creating security token from encrypted string: " + str, e);
        }
    }

    @Override // org.apache.rave.provider.opensocial.service.SecurityTokenService
    public String refreshEncryptedSecurityToken(String str) throws SecurityTokenException {
        SecurityToken decryptSecurityToken = decryptSecurityToken(str);
        String valueOf = String.valueOf(this.userService.getAuthenticatedUser().getUsername());
        if (decryptSecurityToken.getViewerId().equalsIgnoreCase(valueOf)) {
            return getEncryptedSecurityToken(new RegionWidgetImpl(Long.toString(decryptSecurityToken.getModuleId()), "-1", new RegionImpl("-1", new PageImpl("-1", this.userService.getUserByUsername(decryptSecurityToken.getOwnerId()).getId()), -1)), new WidgetImpl("-1", decryptSecurityToken.getAppUrl()));
        }
        throw new SecurityTokenException("Illegal attempt by user " + valueOf + " to refresh security token with a viewerId of " + decryptSecurityToken.getViewerId());
    }

    @Override // org.apache.rave.provider.opensocial.service.SecurityTokenService
    public String getEncryptedSecurityToken(String str, String str2, String str3) {
        try {
            return encryptSecurityToken(getBlobCrypterSecurityToken(str2, str, str3, this.userService.getAuthenticatedUser()));
        } catch (Exception e) {
            throw new SecurityTokenException("Error creating security token from regionWidget", e);
        }
    }

    private BlobCrypterSecurityToken getBlobCrypterSecurityToken(RegionWidget regionWidget, Widget widget) throws SecurityTokenException {
        String url = widget != null ? widget.getUrl() : "";
        String valueOf = String.valueOf(regionWidget.getId());
        String ownerId = regionWidget.getRegion().getPage().getOwnerId();
        User authenticatedUser = this.userService.getAuthenticatedUser();
        BlobCrypterSecurityToken blobCrypterSecurityToken = getBlobCrypterSecurityToken(url, valueOf, ownerId, authenticatedUser);
        if (logger.isTraceEnabled()) {
            logger.trace("Token created for regionWidget " + regionWidget.toString() + " and user " + authenticatedUser.toString());
        }
        return blobCrypterSecurityToken;
    }

    private BlobCrypterSecurityToken getBlobCrypterSecurityToken(String str, String str2, String str3, User user) {
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractSecurityToken.Keys.APP_URL.getKey(), str);
        hashMap.put(AbstractSecurityToken.Keys.MODULE_ID.getKey(), str2);
        hashMap.put(AbstractSecurityToken.Keys.OWNER.getKey(), String.valueOf(this.userService.getUserById(str3).getUsername()));
        hashMap.put(AbstractSecurityToken.Keys.VIEWER.getKey(), String.valueOf(user.getUsername()));
        hashMap.put(AbstractSecurityToken.Keys.TRUSTED_JSON.getKey(), "");
        hashMap.put(AbstractSecurityToken.Keys.EXPIRES.getKey(), String.valueOf(System.currentTimeMillis() + 86400000));
        return new BlobCrypterSecurityToken(this.container, this.domain, (String) null, hashMap);
    }

    private String encryptSecurityToken(BlobCrypterSecurityToken blobCrypterSecurityToken) throws SecurityTokenException {
        try {
            String str = this.container + ":" + this.blobCrypter.wrap(blobCrypterSecurityToken.toMap());
            if (logger.isTraceEnabled()) {
                logger.trace("Encrypted token created from security token: " + blobCrypterSecurityToken.toString() + " -- encrypted token is: " + str);
            }
            return str;
        } catch (Exception e) {
            throw new SecurityTokenException("Error creating security token from person gadget", e);
        }
    }
}
