package com.joyaether.datastore.rest.oauth;

import com.dd.plist.ASCIIPropertyListParser;
import com.joyaether.datastore.exception.NotAuthorizedException;
import com.joyaether.datastore.rest.oauth.hmac.HmacUtils;
import com.joyaether.datastore.schema.Query;
import java.net.URI;
import java.util.Date;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.restlet.Context;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.data.ChallengeResponse;
import org.restlet.data.Form;
import org.restlet.data.MediaType;
import org.restlet.data.Method;
import org.restlet.data.Reference;
import org.restlet.data.Status;
import org.restlet.engine.header.HeaderConstants;
import org.restlet.representation.Representation;
import org.restlet.resource.ClientResource;
import org.restlet.resource.ResourceException;
import org.restlet.util.Series;

/* loaded from: classes.dex */
public class OAuthProtectedClientResource extends ClientResource {
    public static final int DEFAULT_NONCE_LENGTH = 10;
    private volatile Token token;
    private volatile boolean useBodyMethod;

    public OAuthProtectedClientResource(String str, Token token) {
        this(Context.getCurrent(), Method.GET, str, token);
    }

    public OAuthProtectedClientResource(URI uri, Token token) {
        this(Context.getCurrent(), (Method) null, uri, token);
    }

    public OAuthProtectedClientResource(Context context, Request request, Response response, Token token) {
        super(context, request, response);
        setToken(token);
    }

    public OAuthProtectedClientResource(Context context, Method method, String str, Token token) {
        this(context, method, new Reference(str), token);
    }

    public OAuthProtectedClientResource(Context context, Method method, URI uri, Token token) {
        this(context, method, new Reference(uri), token);
    }

    public OAuthProtectedClientResource(Context context, Method method, Reference reference, Token token) {
        this(context, new Request(method, reference), new Response(null), token);
    }

    public OAuthProtectedClientResource(Request request, Token token) {
        super(request);
        setToken(token);
    }

    public OAuthProtectedClientResource(Method method, URI uri, Token token) {
        this(Context.getCurrent(), method, uri, token);
    }

    public OAuthProtectedClientResource(Method method, Reference reference, Token token) {
        this(Context.getCurrent(), method, reference, token);
    }

    public OAuthProtectedClientResource(Reference reference, Token token) {
        super(reference);
        setToken(token);
    }

    @Override // org.restlet.resource.ClientResource, org.restlet.resource.Resource
    public void doError(Status status) {
        if (Status.CLIENT_ERROR_UNAUTHORIZED.equals(status)) {
            throw new NotAuthorizedException(status.getDescription());
        }
        super.doError(status);
    }

    protected String getCanonicalizedHeaders(Request request) {
        Object obj;
        String str = StringUtils.EMPTY;
        if (request != null && (obj = request.getAttributes().get(HeaderConstants.ATTRIBUTE_HEADERS)) != null && Series.class.isAssignableFrom(obj.getClass())) {
            Series series = (Series) obj;
            if (series.size() > 0) {
                str = StringUtils.join(series.getNames(), ASCIIPropertyListParser.DATE_TIME_FIELD_DELIMITER);
            }
        }
        return str.isEmpty() ? OAuthConstants.DEFAULT_HEADER : str;
    }

    protected String getMacInputString(Request request, long j) {
        try {
            StringBuilder sb = new StringBuilder();
            if (request.getMethod() != null) {
                sb.append(request.getMethod().toString());
            }
            sb.append(' ');
            Reference targetRef = request.getResourceRef() == null ? null : request.getResourceRef().getTargetRef();
            if (targetRef != null) {
                String path = targetRef.getPath();
                if (targetRef.getQuery() != null) {
                    if (path.endsWith(Query.FIELD_SEPARATOR)) {
                        path = path.substring(0, path.length() - 1);
                    }
                    path = String.valueOf(path) + "?" + targetRef.getQuery();
                    if (targetRef.getFragment() != null) {
                        path = String.valueOf(path) + "#" + targetRef.getFragment();
                    }
                }
                sb.append(path);
            }
            sb.append(' ');
            if (targetRef != null) {
                sb.append(targetRef.getSchemeProtocol().toString());
            }
            String canonicalizedHeaders = getCanonicalizedHeaders(request);
            if (OAuthConstants.DEFAULT_HEADER.equalsIgnoreCase(canonicalizedHeaders)) {
                canonicalizedHeaders = request.getResourceRef().getTargetRef().getHostDomain();
            }
            return String.valueOf(sb.toString()) + IOUtils.LINE_SEPARATOR_UNIX + j + IOUtils.LINE_SEPARATOR_UNIX + canonicalizedHeaders + IOUtils.LINE_SEPARATOR_UNIX;
        } catch (Exception e) {
            throw new ResourceException(e);
        }
    }

    protected String getMessageDigest(Request request, MacToken macToken, long j) {
        if (macToken == null) {
            throw new ResourceException(Status.CLIENT_ERROR_UNAUTHORIZED, "Invalid token.");
        }
        try {
            return HmacUtils.computeSignature(macToken.getMacAlgorithm(), macToken.getMacKey(), getMacInputString(request, j));
        } catch (OAuthException e) {
            throw new ResourceException(Status.CLIENT_ERROR_UNAUTHORIZED, e.getErrorDescription(), e);
        }
    }

    public Token getToken() {
        return this.token;
    }

    @Override // org.restlet.resource.ClientResource
    public Response handleOutbound(Request request) {
        if (getToken() == null || getToken().isExpired()) {
            throw new NotAuthorizedException("Token expired");
        }
        if (OAuthConstants.TOKEN_TYPE_BEARER.equalsIgnoreCase(getToken().getTokenType())) {
            if (isUseBodyMethod()) {
                Representation entity = request.getEntity();
                if (entity == null || !entity.getMediaType().equals(MediaType.APPLICATION_WWW_FORM)) {
                    request.getResourceRef().addQueryParameter("access_token", getToken().getAccessToken());
                } else {
                    Form form = new Form(entity);
                    form.add("access_token", getToken().getAccessToken());
                    request.setEntity(form.getWebRepresentation());
                }
            } else {
                ChallengeResponse challengeResponse = new ChallengeResponse(OAuthChallengeScheme.HTTP_OAUTH_BEARER);
                challengeResponse.setRawValue(getToken().getAccessToken());
                request.setChallengeResponse(challengeResponse);
            }
        } else {
            if (!"mac".equalsIgnoreCase(getToken().getTokenType())) {
                throw new ResourceException(Status.CLIENT_ERROR_UNAUTHORIZED, "Unsupported token type.");
            }
            if (!(getToken() instanceof MacToken)) {
                throw new NotAuthorizedException("Invalid token type.");
            }
            MacToken macToken = (MacToken) getToken();
            Date date = new Date();
            MacChallengeResponse macChallengeResponse = new MacChallengeResponse();
            macChallengeResponse.setKeyId(macToken.getKeyId());
            macChallengeResponse.setTimestamp(date.getTime());
            macChallengeResponse.setHeaders(getCanonicalizedHeaders(request));
            if (macToken.isFirstAccess()) {
                macChallengeResponse.setAccessToken(macToken.getAccessToken());
                macToken.setFirstAccess(false);
            }
            macChallengeResponse.setMac(getMessageDigest(request, macToken, date.getTime()));
            ChallengeResponse challengeResponse2 = new ChallengeResponse(OAuthChallengeScheme.HTTP_OAUTH_MAC);
            challengeResponse2.setRawValue(macChallengeResponse.getAuthenticator());
            request.setChallengeResponse(challengeResponse2);
        }
        return super.handleOutbound(request);
    }

    public boolean isUseBodyMethod() {
        return this.useBodyMethod;
    }

    public void setToken(Token token) {
        this.token = token;
    }

    public void setUseBodyMethod(boolean z) {
        this.useBodyMethod = z;
    }
}
