package com.huawei.dap.auth.rest.handler;

import com.huawei.dap.auth.rest.auth.AuthConst;
import com.huawei.dap.auth.rest.auth.algo.AuthAlgo;
import com.huawei.dap.auth.rest.auth.algo.AuthException;
import com.huawei.dap.auth.rest.auth.algo.AuthRequest;
import com.huawei.dap.auth.rest.auth.impl.AppAuthKeysFactory;
import com.huawei.dap.auth.rest.auth.impl.HmacSha256AuthAlgo;
import com.huawei.dap.auth.rest.context.RestContext;
import com.huawei.dap.auth.rest.response.CommonErrorCode;
import com.huawei.dap.auth.security.workkey.WorkKeyMgr;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.restlet.data.Parameter;
import org.restlet.engine.header.HeaderReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/dap/auth/rest/handler/HmacAuthHandler.class */
public class HmacAuthHandler {
    private static final Logger LOGGER = LoggerFactory.getLogger(HmacAuthHandler.class);
    private static final int INITIAL_CAPACITY = 8;
    private AuthAlgo algo;

    public HmacAuthHandler(WorkKeyMgr workKeyMgr, long j) {
        this.algo = new HmacSha256AuthAlgo(new AppAuthKeysFactory(workKeyMgr), j, LOGGER);
    }

    public boolean authRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        RestContext initRestContext = initRestContext();
        try {
            this.algo.handleServer(getAuthRequest(httpServletRequest, getAuthParams(httpServletRequest)));
            return true;
        } catch (AuthException e) {
            handleAuthException(httpServletResponse, initRestContext, e);
            return false;
        }
    }

    private Map<String, String> getAuthParams(HttpServletRequest httpServletRequest) throws AuthException {
        String header = httpServletRequest.getHeader(AuthConst.AUTH_HEADER);
        if (StringUtils.isEmpty(header)) {
            throw new AuthException("AuthorizationHeaderNotExists", 401, CommonErrorCode.INVALID_SIGNATURE);
        }
        HashMap hashMap = new HashMap(INITIAL_CAPACITY);
        try {
            HeaderReader headerReader = new HeaderReader(header);
            headerReader.readToken();
            headerReader.skipSpaces();
            Parameter readParameter = headerReader.readParameter();
            while (readParameter != null) {
                hashMap.put(readParameter.getName(), readParameter.getValue());
                readParameter = headerReader.skipValueSeparator() ? headerReader.readParameter() : null;
            }
            return hashMap;
        } catch (IOException e) {
            LOGGER.error("Read authrization header parameter failed.", e);
            throw new AuthException("InvalidAuthrizationHeader", 401, CommonErrorCode.INVALID_SIGNATURE);
        }
    }

    private RestContext initRestContext() {
        RestContext restContext = new RestContext();
        RestContext.setCurrent(restContext);
        return restContext;
    }

    private static AuthRequest getAuthRequest(final HttpServletRequest httpServletRequest, final Map<String, String> map) {
        return new AuthRequest() { // from class: com.huawei.dap.auth.rest.handler.HmacAuthHandler.1
            @Override // com.huawei.dap.auth.rest.auth.algo.AuthRequest
            public String getMethod() {
                return httpServletRequest.getMethod();
            }

            @Override // com.huawei.dap.auth.rest.auth.algo.AuthRequest
            public String getUrl() {
                return httpServletRequest.getHeader(AuthConst.ORIG_URI_HEADER) != null ? httpServletRequest.getHeader(AuthConst.ORIG_URI_HEADER) : httpServletRequest.getRequestURI();
            }

            @Override // com.huawei.dap.auth.rest.auth.algo.AuthRequest
            public String getQuery() {
                return httpServletRequest.getQueryString();
            }

            @Override // com.huawei.dap.auth.rest.auth.algo.AuthRequest
            public String getPayload() {
                BufferedReader bufferedReader = null;
                try {
                    bufferedReader = httpServletRequest.getReader();
                    if (bufferedReader == null) {
                        IOUtils.closeQuietly(bufferedReader);
                        return "";
                    }
                    String iOUtils = IOUtils.toString(bufferedReader);
                    IOUtils.closeQuietly(bufferedReader);
                    return iOUtils;
                } catch (IOException e) {
                    IOUtils.closeQuietly(bufferedReader);
                    return "";
                } catch (Throwable th) {
                    IOUtils.closeQuietly(bufferedReader);
                    throw th;
                }
            }

            @Override // com.huawei.dap.auth.rest.auth.algo.AuthRequest
            public String getHeader(String str) {
                return httpServletRequest.getHeader(str);
            }

            @Override // com.huawei.dap.auth.rest.auth.algo.AuthRequest
            public Map<String, String> getAuthParams() {
                return map;
            }
        };
    }

    private void handleAuthException(HttpServletResponse httpServletResponse, RestContext restContext, AuthException authException) throws IOException {
        LOGGER.info("Auth request failed, appId={} send response with status code={} with message={}", new Object[]{restContext.getAppId(), Integer.valueOf(authException.getHttpStatusCode()), authException.getMessage()});
        httpServletResponse.sendError(authException.getHttpStatusCode(), authException.getMessage());
        RestContext.clearCurrent();
    }
}
