package ch.rasc.wampspring.cra;

import ch.rasc.wampspring.config.WampSession;
import ch.rasc.wampspring.message.CallMessage;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:ch/rasc/wampspring/cra/DefaultAuthenticationHandler.class */
public class DefaultAuthenticationHandler implements AuthenticationHandler {
    private final AuthenticationSecretProvider authenticationSecretProvider;

    public DefaultAuthenticationHandler(AuthenticationSecretProvider authenticationSecretProvider) {
        this.authenticationSecretProvider = authenticationSecretProvider;
    }

    @Override // ch.rasc.wampspring.cra.AuthenticationHandler
    public Object handleAuthReq(String str, Map<String, Object> map, CallMessage callMessage) {
        WampSession wampSession = callMessage.getWampSession();
        if (wampSession.isAuthRequested()) {
            throw new IllegalStateException("Already authenticated");
        }
        if (this.authenticationSecretProvider.getSecret(str) == null) {
            throw new IllegalStateException("Secret key does not exist");
        }
        try {
            String generateHMacSHA256 = generateHMacSHA256(callMessage.getWebSocketSessionId() + System.currentTimeMillis(), str);
            wampSession.setAuthKey(str);
            wampSession.setChallenge(generateHMacSHA256);
            return generateHMacSHA256;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new IllegalStateException("invalid key", e);
        }
    }

    @Override // ch.rasc.wampspring.cra.AuthenticationHandler
    public Object handleAuth(String str, CallMessage callMessage) {
        WampSession wampSession = callMessage.getWampSession();
        if (!wampSession.isAuthRequested()) {
            throw new IllegalStateException("No authentication previously requested");
        }
        try {
            String secret = this.authenticationSecretProvider.getSecret(wampSession.getAuthKey());
            if (!StringUtils.hasText(secret)) {
                throw new IllegalStateException("Secret does not exist");
            }
            if (str.equals(generateHMacSHA256(secret, wampSession.getChallenge()))) {
                wampSession.setSignature(str);
                return null;
            }
            wampSession.setAuthKey(null);
            wampSession.setChallenge(null);
            wampSession.setSignature(null);
            throw new SecurityException("Signature for authentication request is invalid");
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new IllegalStateException("invalid key", e);
        }
    }

    public static String generateHMacSHA256(String str, String str2) throws InvalidKeyException, NoSuchAlgorithmException {
        Assert.notNull(str, "key is required");
        Assert.notNull(str2, "data is required");
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(str.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
        return DatatypeConverter.printBase64Binary(mac.doFinal(str2.getBytes(StandardCharsets.UTF_8)));
    }
}
