package de.otto.hmac.authentication;

import de.otto.hmac.HmacAttributes;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.joda.time.Instant;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/otto/hmac/authentication/RequestSigningUtil.class */
public class RequestSigningUtil {
    private static final Logger LOG = LoggerFactory.getLogger(RequestSigningUtil.class);

    public static boolean checkRequest(WrappedRequest wrappedRequest, String str) {
        if (!hasValidRequestTimeStamp(wrappedRequest)) {
            return false;
        }
        return createRequestSignature(wrappedRequest, str).equals(wrappedRequest.getHeader(HmacAttributes.X_HMAC_AUTH_SIGNATURE).split(":")[1]);
    }

    public static boolean hasValidRequestTimeStamp(WrappedRequest wrappedRequest) {
        String dateFromHeader = getDateFromHeader(wrappedRequest);
        if (dateFromHeader == null || dateFromHeader.isEmpty()) {
            LOG.error("Signierter Request enthält kein Datum.");
            return false;
        }
        Instant instant = new Instant();
        Instant instant2 = new Instant(dateFromHeader);
        boolean z = instant2.isAfter(instant.minus(300000L)) && instant2.isBefore(instant.plus(300000L));
        if (!z) {
            LOG.warn("Zeitstempel ausserhalb Serverzeit. Server: " + instant + ". Request: " + dateFromHeader + ".");
        }
        return z;
    }

    public static String createSignatureBase(WrappedRequest wrappedRequest) {
        return createSignatureBase(wrappedRequest.getMethod(), wrappedRequest.getHeader(HmacAttributes.X_HMAC_AUTH_DATE), wrappedRequest.getRequestURI(), wrappedRequest.getBody());
    }

    public static String createSignatureBase(String str, String str2, String str3, String str4) {
        StringBuilder sb = new StringBuilder();
        sb.append(str).append("\n");
        sb.append(str2).append("\n");
        sb.append(str3).append("\n");
        sb.append(toMd5(str4));
        return sb.toString();
    }

    public static String createRequestSignature(String str, String str2, String str3, String str4, String str5) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(str5.getBytes(), "HmacSHA256");
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            return Base64.encodeBase64String(mac.doFinal(createSignatureBase(str, str2, str3, str4).getBytes()));
        } catch (Exception e) {
            throw new RuntimeException("should never happen", e);
        }
    }

    public static String createRequestSignature(WrappedRequest wrappedRequest, String str) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(str.getBytes(), "HmacSHA256");
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            return Base64.encodeBase64String(mac.doFinal(createSignatureBase(wrappedRequest).getBytes()));
        } catch (Exception e) {
            throw new RuntimeException("should never happen", e);
        }
    }

    private static String toMd5(String str) {
        try {
            return Hex.encodeHexString(MessageDigest.getInstance("MD5").digest(str.getBytes("UTF-8")));
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
            throw new RuntimeException("should never happen", e);
        }
    }

    public static boolean hasSignature(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(HmacAttributes.X_HMAC_AUTH_SIGNATURE) != null;
    }

    public static String getSignature(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(HmacAttributes.X_HMAC_AUTH_SIGNATURE);
    }

    public static String getDateFromHeader(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(HmacAttributes.X_HMAC_AUTH_DATE);
        return header == null ? "" : header;
    }
}
