package com.wealdtech.hawk.jersey;

import com.google.common.base.Optional;
import com.google.common.collect.ImmutableMap;
import com.google.common.io.CharStreams;
import com.google.inject.Inject;
import com.sun.jersey.spi.container.ContainerRequest;
import com.wealdtech.DataError;
import com.wealdtech.Preconditions;
import com.wealdtech.hawk.Hawk;
import com.wealdtech.hawk.HawkCredentials;
import com.wealdtech.hawk.HawkServer;
import com.wealdtech.hawk.jersey.HawkCredentialsProvider;
import com.wealdtech.jersey.auth.Authenticator;
import com.wealdtech.jersey.auth.PrincipalProvider;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URI;
import java.util.List;

/* loaded from: input_file:com/wealdtech/hawk/jersey/HawkAuthenticator.class */
public class HawkAuthenticator<T extends HawkCredentialsProvider> implements Authenticator<T> {
    private final transient HawkServer server;
    private final transient PrincipalProvider<T, String> provider;

    @Inject
    public HawkAuthenticator(HawkServer hawkServer, PrincipalProvider<T, String> principalProvider) {
        this.server = hawkServer;
        this.provider = principalProvider;
    }

    public boolean canAuthenticate(ContainerRequest containerRequest) {
        boolean z = false;
        try {
            this.server.splitAuthorizationHeader(containerRequest.getHeaderValue("Authorization"));
            z = true;
        } catch (DataError e) {
        }
        return z;
    }

    public Optional<T> authenticate(ContainerRequest containerRequest) {
        return containerRequest.getQueryParameters().containsKey("bewit") ? authenticateFromBewit(containerRequest) : authenticateFromHeader(containerRequest);
    }

    private Optional<T> authenticateFromBewit(ContainerRequest containerRequest) {
        Preconditions.checkState(containerRequest.getMethod().equals("GET"), "HTTP method %s not supported with bewit", new Object[]{containerRequest.getMethod()});
        ImmutableMap splitBewit = this.server.splitBewit(this.server.extractBewit(containerRequest.getRequestUri()));
        Optional<T> fromKey = this.provider.getFromKey(splitBewit.get("id"));
        if (!fromKey.isPresent()) {
            return Optional.absent();
        }
        this.server.authenticate(((HawkCredentialsProvider) fromKey.get()).getHawkCredentials((String) splitBewit.get("id")), containerRequest.getRequestUri());
        return fromKey;
    }

    private Optional<T> authenticateFromHeader(ContainerRequest containerRequest) {
        ImmutableMap splitAuthorizationHeader = this.server.splitAuthorizationHeader(containerRequest.getHeaderValue("Authorization"));
        Preconditions.checkNotNull(splitAuthorizationHeader.get("id"), "Missing required Hawk authorization header \"id\"");
        Preconditions.checkNotNull(splitAuthorizationHeader.get("ts"), "Missing required Hawk authorization header \"ts\"");
        Preconditions.checkNotNull(splitAuthorizationHeader.get("mac"), "Missing required Hawk authorization header \"mac\"");
        Preconditions.checkNotNull(splitAuthorizationHeader.get("nonce"), "Missing required Hawk authorization header \"nonce\"");
        String str = null;
        URI requestUri = containerRequest.getRequestUri();
        String method = containerRequest.getMethod();
        Optional<T> fromKey = this.provider.getFromKey(splitAuthorizationHeader.get("id"));
        if (!fromKey.isPresent()) {
            return Optional.absent();
        }
        HawkCredentials hawkCredentials = ((HawkCredentialsProvider) fromKey.get()).getHawkCredentials((String) splitAuthorizationHeader.get("id"));
        if (splitAuthorizationHeader.get("hash") != null) {
            try {
                List requestHeader = containerRequest.getRequestHeader("Content-Type");
                if (requestHeader == null || requestHeader.size() == 0) {
                    throw new DataError.Bad("Missing content type header for body verification");
                }
                str = Hawk.calculateBodyMac(hawkCredentials, (String) requestHeader.get(0), CharStreams.toString(new InputStreamReader(containerRequest.getEntityInputStream(), "UTF-8")));
            } catch (IOException e) {
                throw new DataError.Bad("Failed to read the message body to calculate hash", e);
            }
        }
        this.server.authenticate(hawkCredentials, requestUri, method, splitAuthorizationHeader, str, containerRequest.getHeaderValue("Content-Length") != null);
        return fromKey;
    }
}
