package de.otto.hmac.authentication;

import com.google.common.base.Strings;
import com.google.common.hash.Hashing;
import com.google.common.io.ByteSource;
import de.otto.hmac.HmacAttributes;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.format.DateTimeFormatter;
import java.time.temporal.TemporalAmount;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/otto/hmac/authentication/RequestSigningUtil.class */
public class RequestSigningUtil {
    private static final Logger LOG = LoggerFactory.getLogger(RequestSigningUtil.class);

    public static boolean checkRequest(WrappedRequest wrappedRequest, String str, Clock clock) {
        if (!hasValidRequestTimeStamp(wrappedRequest, clock)) {
            return false;
        }
        return createRequestSignature(wrappedRequest, str).equals(getSignature(wrappedRequest).split(":")[1]);
    }

    public static boolean hasValidRequestTimeStamp(WrappedRequest wrappedRequest, Clock clock) {
        String dateFromHeader = getDateFromHeader(wrappedRequest);
        if (dateFromHeader == null || dateFromHeader.isEmpty()) {
            LOG.error("Signierter Request enthält kein Datum.");
            return false;
        }
        Instant now = Instant.now(clock);
        Instant instant = (Instant) DateTimeFormatter.ISO_OFFSET_DATE_TIME.parse(dateFromHeader, Instant::from);
        Duration ofMinutes = Duration.ofMinutes(5L);
        boolean z = instant.isAfter(now.minus((TemporalAmount) ofMinutes)) && instant.isBefore(now.plus((TemporalAmount) ofMinutes));
        if (!z) {
            LOG.warn("Zeitstempel ausserhalb Serverzeit. Server: " + now + ". Request: " + dateFromHeader + ".");
        }
        return z;
    }

    public static String createSignatureBase(WrappedRequest wrappedRequest) {
        return createSignatureBase(wrappedRequest.getMethod(), getDateFromHeader(wrappedRequest), wrappedRequest.getRequestURI(), wrappedRequest.getBody());
    }

    public static String createSignatureBase(String str, String str2, String str3, ByteSource byteSource) {
        StringBuilder sb = new StringBuilder();
        sb.append(str).append("\n");
        sb.append(str2).append("\n");
        sb.append(str3).append("\n");
        sb.append(toMd5Hex(byteSource));
        return sb.toString();
    }

    public static String createRequestSignature(String str, String str2, String str3, ByteSource byteSource, String str4) {
        return createRequestSignature(createSignatureBase(str, str2, str3, byteSource), str4);
    }

    public static String createRequestSignature(String str, String str2) {
        if (Strings.isNullOrEmpty(str2)) {
            throw new IllegalArgumentException("Secret Key provided to HMAC SigningUtils was null or empty.");
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(str2.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            return encodeBase64WithoutLinefeed(mac.doFinal(str.getBytes(StandardCharsets.UTF_8)));
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new RuntimeException("should never happen", e);
        }
    }

    public static String createRequestSignature(WrappedRequest wrappedRequest, String str) {
        return createRequestSignature(createSignatureBase(wrappedRequest), str);
    }

    protected static String encodeBase64WithoutLinefeed(byte[] bArr) {
        return Base64.encodeBase64String(bArr).trim();
    }

    public static boolean hasSignature(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(HmacAttributes.X_HMAC_AUTH_SIGNATURE) != null;
    }

    public static String getSignature(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(HmacAttributes.X_HMAC_AUTH_SIGNATURE);
    }

    public static String getDateFromHeader(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(HmacAttributes.X_HMAC_AUTH_DATE);
        return header == null ? "" : header;
    }

    public static String toMd5Hex(ByteSource byteSource) {
        try {
            return byteSource.hash(Hashing.md5()).toString();
        } catch (IOException e) {
            throw new RuntimeException("error evaluating md5 sum", e);
        }
    }
}
