package org.apache.cxf.rs.security.oauth2.tokens.hawk;

import java.net.URI;
import java.security.MessageDigest;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rt.security.crypto.HmacUtils;

/* loaded from: input_file:lib/cxf-rt-rs-security-oauth2-3.1.15.jar:org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.class */
public abstract class AbstractHawkAccessTokenValidator implements AccessTokenValidator {
    protected static final String HTTP_VERB = "http.verb";
    protected static final String HTTP_URI = "http.uri";
    private NonceVerifier nonceVerifier;
    private boolean remoteSignatureValidation;

    @Override // org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator
    public List<String> getSupportedAuthorizationSchemes() {
        return Collections.singletonList(OAuthConstants.HAWK_AUTHORIZATION_SCHEME);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator
    public AccessTokenValidation validateAccessToken(MessageContext messageContext, String str, String str2, MultivaluedMap<String, String> multivaluedMap) throws OAuthServiceException {
        Map<String, String> schemeParameters = getSchemeParameters(str2);
        AccessTokenValidation accessTokenValidation = getAccessTokenValidation(messageContext, str, str2, multivaluedMap, schemeParameters);
        if (isRemoteSignatureValidation()) {
            return accessTokenValidation;
        }
        String str3 = accessTokenValidation.getExtraProps().get(OAuthConstants.HAWK_TOKEN_KEY);
        String str4 = accessTokenValidation.getExtraProps().get(OAuthConstants.HAWK_TOKEN_ALGORITHM);
        HawkAuthorizationScheme hawkAuthorizationScheme = new HawkAuthorizationScheme((multivaluedMap != null && multivaluedMap.containsKey(HTTP_VERB) && multivaluedMap.containsKey(HTTP_URI)) ? new HttpRequestProperties(URI.create(multivaluedMap.getFirst(HTTP_URI)), multivaluedMap.getFirst(HTTP_VERB)) : new HttpRequestProperties(messageContext.getUriInfo().getRequestUri(), messageContext.getHttpServletRequest().getMethod()), schemeParameters);
        try {
            if (!MessageDigest.isEqual(HmacUtils.computeHmac(str3, HmacAlgorithm.toHmacAlgorithm(str4).getJavaName(), hawkAuthorizationScheme.getNormalizedRequestString()), Base64Utility.decode(schemeParameters.get(OAuthConstants.HAWK_TOKEN_SIGNATURE)))) {
                AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(OAuthConstants.HAWK_AUTHORIZATION_SCHEME));
            }
            validateTimestampNonce(str3, hawkAuthorizationScheme.getTimestamp(), hawkAuthorizationScheme.getNonce());
            return accessTokenValidation;
        } catch (Base64Exception e) {
            throw new OAuthServiceException(OAuthConstants.SERVER_ERROR, e);
        }
    }

    protected abstract AccessTokenValidation getAccessTokenValidation(MessageContext messageContext, String str, String str2, MultivaluedMap<String, String> multivaluedMap, Map<String, String> map);

    protected static Map<String, String> getSchemeParameters(String str) {
        String[] split = str.split(",");
        HashMap hashMap = new HashMap();
        for (String str2 : split) {
            String[] split2 = str2.trim().split("=", 2);
            hashMap.put(split2[0].trim(), split2[1].trim().replaceAll("\"", ""));
        }
        return hashMap;
    }

    protected void validateTimestampNonce(String str, String str2, String str3) {
        if (this.nonceVerifier != null) {
            this.nonceVerifier.verifyNonce(str, str3, str2);
        }
    }

    public void setNonceVerifier(NonceVerifier nonceVerifier) {
        this.nonceVerifier = nonceVerifier;
    }

    public boolean isRemoteSignatureValidation() {
        return this.remoteSignatureValidation;
    }

    public void setRemoteSignatureValidation(boolean z) {
        this.remoteSignatureValidation = z;
    }
}
