package com.stormpath.sdk.impl.http.authc;

import com.stormpath.sdk.client.ApiKey;
import com.stormpath.sdk.impl.http.Request;
import com.stormpath.sdk.impl.http.support.RequestAuthenticationException;
import com.stormpath.sdk.impl.util.RequestUtils;
import com.stormpath.sdk.impl.util.StringInputStream;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.security.MessageDigest;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Locale;
import java.util.NoSuchElementException;
import java.util.Scanner;
import java.util.SimpleTimeZone;
import java.util.UUID;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/stormpath-sdk-impl-0.9.3.jar:com/stormpath/sdk/impl/http/authc/SAuthc1RequestAuthenticator.class */
public class SAuthc1RequestAuthenticator implements RequestAuthenticator {
    public static final String DEFAULT_ENCODING = "UTF-8";
    public static final String HOST_HEADER = "Host";
    public static final String AUTHORIZATION_HEADER = "Authorization";
    public static final String STORMAPTH_DATE_HEADER = "X-Stormpath-Date";
    public static final String ID_TERMINATOR = "sauthc1_request";
    public static final String ALGORITHM = "HMAC-SHA-256";
    public static final String AUTHENTICATION_SCHEME = "SAuthc1";
    public static final String SAUTHC1_ID = "sauthc1Id";
    public static final String SAUTHC1_SIGNED_HEADERS = "sauthc1SignedHeaders";
    public static final String SAUTHC1_SIGNATURE = "sauthc1Signature";
    public static final String DATE_FORMAT = "yyyyMMdd";
    public static final String TIMESTAMP_FORMAT = "yyyyMMdd'T'HHmmss'Z'";
    public static final String TIME_ZONE = "UTC";
    private static final String NL = "\n";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SAuthc1RequestAuthenticator.class);

    @Override // com.stormpath.sdk.impl.http.authc.RequestAuthenticator
    public void authenticate(Request request, ApiKey apiKey) throws RequestAuthenticationException {
        authenticate(request, apiKey, new Date(), UUID.randomUUID().toString());
    }

    public void authenticate(Request request, ApiKey apiKey, Date date, String str) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMdd");
        simpleDateFormat.setTimeZone(new SimpleTimeZone(0, "UTC"));
        SimpleDateFormat simpleDateFormat2 = new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'");
        simpleDateFormat2.setTimeZone(new SimpleTimeZone(0, "UTC"));
        URI resourceUrl = request.getResourceUrl();
        String host = resourceUrl.getHost();
        if (!RequestUtils.isDefaultPort(resourceUrl)) {
            host = host + ":" + resourceUrl.getPort();
        }
        request.getHeaders().set("Host", host);
        String format = simpleDateFormat2.format(date);
        String format2 = simpleDateFormat.format(date);
        request.getHeaders().set("X-Stormpath-Date", format);
        String httpMethod = request.getMethod().toString();
        String canonicalizeResourcePath = canonicalizeResourcePath(resourceUrl.getPath());
        String canonicalizeQueryString = canonicalizeQueryString(request);
        String canonicalizeHeadersString = canonicalizeHeadersString(request);
        String signedHeadersString = getSignedHeadersString(request);
        String str2 = httpMethod + "\n" + canonicalizeResourcePath + "\n" + canonicalizeQueryString + "\n" + canonicalizeHeadersString + "\n" + signedHeadersString + "\n" + toHex(hash(getRequestPayload(request)));
        log.debug("{} Canonical Request: {}", AUTHENTICATION_SCHEME, str2);
        String str3 = apiKey.getId() + "/" + format2 + "/" + str + "/" + ID_TERMINATOR;
        String str4 = "HMAC-SHA-256\n" + format + "\n" + str3 + "\n" + toHex(hash(str2));
        log.debug("{} String to Sign: {}", AUTHENTICATION_SCHEME, str4);
        String str5 = "SAuthc1 " + createNameValuePair(SAUTHC1_ID, str3) + ", " + createNameValuePair(SAUTHC1_SIGNED_HEADERS, signedHeadersString) + ", " + createNameValuePair(SAUTHC1_SIGNATURE, toHex(sign(toUtf8Bytes(str4), sign(ID_TERMINATOR, sign(str, sign(format2, toUtf8Bytes(AUTHENTICATION_SCHEME + apiKey.getSecret()), MacAlgorithm.HmacSHA256), MacAlgorithm.HmacSHA256), MacAlgorithm.HmacSHA256), MacAlgorithm.HmacSHA256)));
        log.debug("{}: {}", "Authorization", str5);
        request.getHeaders().set("Authorization", str5);
    }

    private static String createNameValuePair(String str, String str2) {
        return str + "=" + str2;
    }

    public static byte[] toUtf8Bytes(String str) {
        if (str == null) {
            return null;
        }
        try {
            return str.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("Unable to UTF-8 encode!", e);
        }
    }

    public static String toHex(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b);
            if (hexString.length() == 1) {
                sb.append("0");
            } else if (hexString.length() == 8) {
                hexString = hexString.substring(6);
            }
            sb.append(hexString);
        }
        return sb.toString().toLowerCase(Locale.getDefault());
    }

    protected byte[] hash(String str) throws RequestAuthenticationException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(str.getBytes("UTF-8"));
            return messageDigest.digest();
        } catch (Exception e) {
            throw new RequestAuthenticationException("Unable to compute hash while signing request.", e);
        }
    }

    protected byte[] sign(String str, byte[] bArr, MacAlgorithm macAlgorithm) throws RequestAuthenticationException {
        try {
            return sign(str.getBytes("UTF-8"), bArr, macAlgorithm);
        } catch (Exception e) {
            throw new RequestAuthenticationException("Unable to calculate a request signature: " + e.getMessage(), e);
        }
    }

    protected byte[] sign(byte[] bArr, byte[] bArr2, MacAlgorithm macAlgorithm) throws RequestAuthenticationException {
        try {
            Mac mac = Mac.getInstance(macAlgorithm.toString());
            mac.init(new SecretKeySpec(bArr2, macAlgorithm.toString()));
            return mac.doFinal(bArr);
        } catch (Exception e) {
            throw new RequestAuthenticationException("Unable to calculate a request signature: " + e.getMessage(), e);
        }
    }

    protected String getRequestPayload(Request request) {
        return getRequestPayloadWithoutQueryParams(request);
    }

    protected String getRequestPayloadWithoutQueryParams(Request request) {
        String str;
        try {
            InputStream body = request.getBody();
            if (body == null) {
                return "";
            }
            if (body instanceof StringInputStream) {
                return body.toString();
            }
            if (!body.markSupported()) {
                throw new RequestAuthenticationException("Unable to read request payload to authenticate request (mark not supported).");
            }
            body.mark(-1);
            try {
                str = new Scanner(body, "UTF-8").useDelimiter("\\A").next();
            } catch (NoSuchElementException e) {
                str = "";
            }
            body.reset();
            return str;
        } catch (Exception e2) {
            throw new RequestAuthenticationException("Unable to read request payload to authenticate request: " + e2.getMessage(), e2);
        }
    }

    protected String canonicalizeQueryString(Request request) {
        return request.getQueryString().toString(true);
    }

    private String canonicalizeResourcePath(String str) {
        return (str == null || str.length() == 0) ? "/" : RequestUtils.encodeUrl(str, true, true);
    }

    private String canonicalizeHeadersString(Request request) {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(request.getHeaders().keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            sb.append(str.toLowerCase()).append(":");
            List<String> list = request.getHeaders().get((Object) str);
            boolean z = true;
            if (list != null) {
                for (String str2 : list) {
                    if (!z) {
                        sb.append(",");
                    }
                    sb.append(str2);
                    z = false;
                }
            }
            sb.append("\n");
        }
        return sb.toString();
    }

    private String getSignedHeadersString(Request request) {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(request.getHeaders().keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        StringBuilder sb = new StringBuilder();
        for (String str : arrayList) {
            if (sb.length() > 0) {
                sb.append(";");
            }
            sb.append(str.toLowerCase());
        }
        return sb.toString();
    }
}
