package org.apache.cxf.rs.security.httpsignature.filters;

import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.core.MultivaluedMap;
import java.io.IOException;
import java.io.InputStream;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.util.Objects;
import java.util.Properties;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rs.security.httpsignature.DigestVerifier;
import org.apache.cxf.rs.security.httpsignature.MessageVerifier;
import org.apache.cxf.rs.security.httpsignature.exception.DifferentAlgorithmsException;
import org.apache.cxf.rs.security.httpsignature.exception.DifferentDigestsException;
import org.apache.cxf.rs.security.httpsignature.exception.DigestFailureException;
import org.apache.cxf.rs.security.httpsignature.exception.InvalidDataToVerifySignatureException;
import org.apache.cxf.rs.security.httpsignature.exception.InvalidSignatureException;
import org.apache.cxf.rs.security.httpsignature.exception.InvalidSignatureHeaderException;
import org.apache.cxf.rs.security.httpsignature.exception.MissingDigestException;
import org.apache.cxf.rs.security.httpsignature.exception.MissingSignatureHeaderException;
import org.apache.cxf.rs.security.httpsignature.exception.MultipleSignatureHeaderException;
import org.apache.cxf.rs.security.httpsignature.exception.SignatureException;
import org.apache.cxf.rs.security.httpsignature.utils.DefaultSignatureConstants;
import org.apache.cxf.rs.security.httpsignature.utils.KeyManagementUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/httpsignature/filters/AbstractSignatureInFilter.class */
abstract class AbstractSignatureInFilter {
    private static final Logger LOG = LogUtils.getL7dLogger(AbstractSignatureInFilter.class);
    private MessageVerifier messageVerifier;
    private boolean enabled = true;

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] verifyDigest(MultivaluedMap<String, String> multivaluedMap, InputStream inputStream) {
        byte[] bArr = null;
        if (!this.enabled) {
            return null;
        }
        if (inputStream != null && multivaluedMap.containsKey("Digest")) {
            LOG.fine("Digesting message body");
            try {
                bArr = IOUtils.readBytesFromStream(inputStream);
                try {
                    new DigestVerifier().inspectDigest(bArr, multivaluedMap);
                } catch (DifferentDigestsException | DigestFailureException | MissingDigestException e) {
                    if (MessageUtils.isRequestor(PhaseInterceptorChain.getCurrentMessage())) {
                        throw e;
                    }
                    throw new BadRequestException(e);
                }
            } catch (IOException e2) {
                throw new DigestFailureException("failed to validate the digest", e2);
            }
        }
        LOG.fine("Finished digest message verification process");
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void verifySignature(MultivaluedMap<String, String> multivaluedMap, String str, String str2, byte[] bArr) {
        if (!this.enabled) {
            LOG.fine("Verify signature filter is disabled");
            return;
        }
        if (this.messageVerifier == null) {
            this.messageVerifier = createMessageVerifier();
        }
        LOG.fine("Starting filter message verification process");
        try {
            this.messageVerifier.verifyMessage(multivaluedMap, str2, str, PhaseInterceptorChain.getCurrentMessage(), bArr);
        } catch (DifferentAlgorithmsException | InvalidDataToVerifySignatureException | InvalidSignatureException | InvalidSignatureHeaderException | MissingSignatureHeaderException | MultipleSignatureHeaderException e) {
            LOG.warning(e.getMessage());
            handleException(e);
        }
        LOG.fine("Finished filter message verification process");
    }

    public void setMessageVerifier(MessageVerifier messageVerifier) {
        Objects.requireNonNull(messageVerifier);
        this.messageVerifier = messageVerifier;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    protected MessageVerifier createMessageVerifier() {
        Properties loadSignatureInProperties = KeyManagementUtils.loadSignatureInProperties();
        if (loadSignatureInProperties == null) {
            throw new SignatureException("Signature properties are not configured correctly");
        }
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        PublicKey loadPublicKey = KeyManagementUtils.loadPublicKey(currentMessage, loadSignatureInProperties);
        String str = (String) currentMessage.getContextualProperty("rs.security.signature.algorithm");
        if (str == null) {
            str = DefaultSignatureConstants.SIGNING_ALGORITHM;
        }
        String str2 = str;
        Provider provider = Security.getProvider(DefaultSignatureConstants.SECURITY_PROVIDER);
        return new MessageVerifier(str3 -> {
            return loadPublicKey;
        }, str4 -> {
            return provider;
        }, str5 -> {
            return str2;
        });
    }

    protected abstract void handleException(Exception exc);
}
