package com.appiancorp.publicportal.service;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.io.BaseEncoding;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.http.Header;
import org.apache.http.client.methods.HttpUriRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/appiancorp/publicportal/service/PortalRequestSigner.class */
public class PortalRequestSigner {
    private static final Logger LOG = LoggerFactory.getLogger(PortalRequestSigner.class);
    public static final String SIGNING_ALGORITHM = "SHA256withRSA";
    private static final String SEPARATOR = "\n";

    public String sign(HttpUriRequest httpUriRequest, List<String> list, PrivateKey privateKey) throws UnsupportedOperationException {
        String canonicalRequest = getCanonicalRequest(httpUriRequest, list);
        try {
            Signature signature = Signature.getInstance(SIGNING_ALGORITHM);
            signature.initSign(privateKey);
            signature.update(canonicalRequest.getBytes(StandardCharsets.UTF_8));
            return BaseEncoding.base16().encode(signature.sign());
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            LOG.error("Unable to sign request", e);
            throw new RuntimeException("Unable to sign request: " + e);
        }
    }

    public boolean verify(String str, HttpUriRequest httpUriRequest, List<String> list, PublicKey publicKey) {
        String canonicalRequest = getCanonicalRequest(httpUriRequest, list);
        try {
            Signature signature = Signature.getInstance(SIGNING_ALGORITHM);
            signature.initVerify(publicKey);
            signature.update(canonicalRequest.getBytes(StandardCharsets.UTF_8));
            return signature.verify(BaseEncoding.base16().decode(str));
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            LOG.error("Unable to verify request", e);
            return false;
        }
    }

    @VisibleForTesting
    public String getCanonicalRequest(HttpUriRequest httpUriRequest, List<String> list) {
        StringBuilder sb = new StringBuilder();
        sb.append(nullCoalesce(httpUriRequest.getMethod()));
        sb.append(SEPARATOR);
        URI uri = httpUriRequest.getURI();
        sb.append(uri != null ? nullCoalesce(uri.getPath(), "/") : "/");
        sb.append(SEPARATOR);
        sb.append(uri != null ? nullCoalesce(uri.getRawQuery()) : "");
        sb.append(SEPARATOR);
        sb.append(getCanonicalHeaders(httpUriRequest, list));
        sb.append(SEPARATOR);
        return sb.toString();
    }

    private String getCanonicalHeaders(HttpUriRequest httpUriRequest, List<String> list) {
        return (String) list.stream().map((v0) -> {
            return v0.trim();
        }).map((v0) -> {
            return v0.toLowerCase();
        }).map(str -> {
            return getCanonicalHeaderValues(str, httpUriRequest);
        }).sorted().collect(Collectors.joining(SEPARATOR));
    }

    private String getCanonicalHeaderValues(String str, HttpUriRequest httpUriRequest) {
        Header[] headers = httpUriRequest.getHeaders(str);
        return headers.length == 0 ? str + ":" : (String) Arrays.stream(headers).map(header -> {
            return getCanonicalHeaderValue(str, header);
        }).collect(Collectors.joining(SEPARATOR));
    }

    private String getCanonicalHeaderValue(String str, Header header) {
        return str + ":" + nullCoalesce(header.getValue());
    }

    private String nullCoalesce(String str) {
        return nullCoalesce(str, "");
    }

    private String nullCoalesce(String str, String str2) {
        return str != null ? str : str2;
    }
}
