package org.apache.shindig.gadgets;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthMessage;
import net.oauth.OAuthServiceProvider;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.oauth.GadgetOAuthTokenStore;
import org.apache.shindig.util.Crypto;
import org.apache.shindig.util.TimeSource;

/* loaded from: input_file:org/apache/shindig/gadgets/SigningFetcher.class */
public class SigningFetcher extends ChainedContentFetcher {
    protected static final String OPENSOCIAL_OWNERID = "opensocial_owner_id";
    protected static final String OPENSOCIAL_VIEWERID = "opensocial_viewer_id";
    protected static final String OPENSOCIAL_APPID = "opensocial_app_id";
    protected static final String XOAUTH_PUBLIC_KEY = "xoauth_signature_publickey";
    protected static final Pattern ALLOWED_PARAM_NAME = Pattern.compile("[-:\\w]+");
    protected final TimeSource clock;
    protected final GadgetToken authToken;
    protected final Object privateKeyObject;
    protected final String keyName;
    protected final ContentCache cache;

    protected SigningFetcher(ContentCache contentCache, ContentFetcher contentFetcher, GadgetToken gadgetToken) {
        this(contentCache, contentFetcher, gadgetToken, null, null);
    }

    public static SigningFetcher makeFromPrivateKey(ContentCache contentCache, ContentFetcher contentFetcher, GadgetToken gadgetToken, String str, PrivateKey privateKey) {
        return new SigningFetcher(contentCache, contentFetcher, gadgetToken, str, privateKey);
    }

    public static SigningFetcher makeFromB64PrivateKey(ContentCache contentCache, ContentFetcher contentFetcher, GadgetToken gadgetToken, String str, String str2) {
        return new SigningFetcher(contentCache, contentFetcher, gadgetToken, str, str2);
    }

    public static SigningFetcher makeFromPrivateKeyBytes(ContentCache contentCache, ContentFetcher contentFetcher, GadgetToken gadgetToken, String str, byte[] bArr) {
        return new SigningFetcher(contentCache, contentFetcher, gadgetToken, str, bArr);
    }

    protected SigningFetcher(ContentCache contentCache, ContentFetcher contentFetcher, GadgetToken gadgetToken, String str, Object obj) {
        super(contentFetcher);
        this.clock = new TimeSource();
        this.cache = contentCache;
        this.authToken = gadgetToken;
        this.keyName = str;
        this.privateKeyObject = obj;
    }

    @Override // org.apache.shindig.gadgets.ContentFetcher
    public RemoteContent fetch(RemoteContentRequest remoteContentRequest) throws GadgetException {
        try {
            RemoteContentRequest makeCacheableRequest = makeCacheableRequest(remoteContentRequest);
            RemoteContent content = this.cache.getContent(makeCacheableRequest);
            if (content != null) {
                return content;
            }
            RemoteContentRequest signRequest = signRequest(remoteContentRequest);
            signRequest.getOptions().ignoreCache = true;
            RemoteContent fetch = this.nextFetcher.fetch(signRequest);
            this.cache.addContent(makeCacheableRequest, fetch);
            return fetch;
        } catch (Exception e) {
            throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR, e);
        }
    }

    private RemoteContentRequest makeCacheableRequest(RemoteContentRequest remoteContentRequest) throws IOException, URISyntaxException {
        URI uri = remoteContentRequest.getUri();
        List<OAuth.Parameter> sanitize = sanitize(OAuth.decodeForm(uri.getRawQuery()));
        addOpenSocialParams(sanitize);
        addOAuthNonTemporalParams(sanitize);
        return new RemoteContentRequest(new URL(uri.getScheme(), uri.getHost(), uri.getPort(), uri.getRawPath() + "?" + OAuth.formEncode(sanitize)).toURI(), remoteContentRequest);
    }

    private RemoteContentRequest signRequest(RemoteContentRequest remoteContentRequest) throws GadgetException {
        try {
            URI uri = remoteContentRequest.getUri();
            String rawQuery = uri.getRawQuery();
            URI removeQuery = removeQuery(uri);
            List<OAuth.Parameter> sanitize = sanitize(OAuth.decodeForm(rawQuery));
            List<OAuth.Parameter> sanitize2 = sanitize(OAuth.decodeForm(remoteContentRequest.getPostBodyAsString()));
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(sanitize);
            arrayList.addAll(sanitize2);
            addOpenSocialParams(arrayList);
            addOAuthParams(arrayList);
            OAuthMessage oAuthMessage = new OAuthMessage(remoteContentRequest.getMethod(), removeQuery.toString(), arrayList);
            signMessage(oAuthMessage);
            HashSet hashSet = new HashSet();
            Iterator<OAuth.Parameter> it = sanitize2.iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().getKey());
            }
            ArrayList arrayList2 = new ArrayList();
            for (Map.Entry entry : oAuthMessage.getParameters()) {
                if (!hashSet.contains(entry.getKey())) {
                    arrayList2.add(entry);
                }
            }
            return new RemoteContentRequest(new URL(removeQuery.getScheme(), removeQuery.getHost(), removeQuery.getPort(), removeQuery.getRawPath() + "?" + OAuth.formEncode(arrayList2)).toURI(), remoteContentRequest);
        } catch (Exception e) {
            throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR, e);
        }
    }

    private URI removeQuery(URI uri) throws URISyntaxException {
        return new URI(uri.getScheme(), null, uri.getHost(), uri.getPort(), uri.getRawPath(), null, null);
    }

    private void addOpenSocialParams(List<OAuth.Parameter> list) {
        String ownerId = this.authToken.getOwnerId();
        if (ownerId != null) {
            list.add(new OAuth.Parameter(OPENSOCIAL_OWNERID, ownerId));
        }
        String viewerId = this.authToken.getViewerId();
        if (viewerId != null) {
            list.add(new OAuth.Parameter(OPENSOCIAL_VIEWERID, viewerId));
        }
        String appId = this.authToken.getAppId();
        if (appId != null) {
            list.add(new OAuth.Parameter(OPENSOCIAL_APPID, appId));
        }
    }

    private void addOAuthParams(List<OAuth.Parameter> list) {
        addOAuthNonTemporalParams(list);
        list.add(new OAuth.Parameter("oauth_nonce", Long.toHexString(Crypto.rand.nextLong())));
        list.add(new OAuth.Parameter("oauth_timestamp", Long.toString(this.clock.currentTimeMillis() / 1000)));
    }

    private void addOAuthNonTemporalParams(List<OAuth.Parameter> list) {
        list.add(new OAuth.Parameter("oauth_token", ""));
        String domain = this.authToken.getDomain();
        if (domain != null) {
            list.add(new OAuth.Parameter("oauth_consumer_key", domain));
        }
        if (this.keyName != null) {
            list.add(new OAuth.Parameter(XOAUTH_PUBLIC_KEY, this.keyName));
        }
        list.add(new OAuth.Parameter("oauth_signature_method", "RSA-SHA1"));
    }

    protected void signMessage(OAuthMessage oAuthMessage) throws Exception {
        OAuthConsumer oAuthConsumer = new OAuthConsumer((String) null, (String) null, (String) null, (OAuthServiceProvider) null);
        oAuthConsumer.setProperty("RSA-SHA1.PrivateKey", this.privateKeyObject);
        oAuthMessage.sign(new OAuthAccessor(oAuthConsumer));
    }

    private List<OAuth.Parameter> sanitize(List<OAuth.Parameter> list) {
        ArrayList arrayList = new ArrayList();
        for (OAuth.Parameter parameter : list) {
            if (allowParam(parameter.getKey())) {
                arrayList.add(parameter);
            }
        }
        return arrayList;
    }

    private boolean allowParam(String str) {
        String lowerCase = str.toLowerCase();
        return (lowerCase.startsWith(GadgetOAuthTokenStore.OAUTH_FEATURE) || lowerCase.startsWith("xoauth") || lowerCase.startsWith("opensocial") || !ALLOWED_PARAM_NAME.matcher(lowerCase).matches()) ? false : true;
    }
}
