package org.mozilla.gecko.sync.net;

import ch.boye.httpclientandroidlib.Header;
import ch.boye.httpclientandroidlib.HttpEntity;
import ch.boye.httpclientandroidlib.HttpEntityEnclosingRequest;
import ch.boye.httpclientandroidlib.HttpHost;
import ch.boye.httpclientandroidlib.client.methods.HttpRequestBase;
import ch.boye.httpclientandroidlib.client.methods.HttpUriRequest;
import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
import ch.boye.httpclientandroidlib.message.BasicHeader;
import ch.boye.httpclientandroidlib.protocol.BasicHttpContext;
import com.adjust.sdk.Constants;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Locale;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.mozilla.apache.commons.codec.binary.Base64;
import org.mozilla.gecko.background.common.log.Logger;
import org.mozilla.gecko.sync.Utils;
import org.mozilla.gecko.util.StringUtils;

/* loaded from: classes.dex */
public class HawkAuthHeaderProvider implements AuthHeaderProvider {
    public static final int HAWK_HEADER_VERSION = 1;
    protected static final String HMAC_SHA256_ALGORITHM = "hmacSHA256";
    public static final String LOG_TAG = HawkAuthHeaderProvider.class.getSimpleName();
    protected static final int NONCE_LENGTH_IN_BYTES = 8;
    protected final String id;
    protected final boolean includePayloadHash;
    protected final byte[] key;
    protected final long skewSeconds;

    public HawkAuthHeaderProvider(String str, byte[] bArr, boolean z, long j) {
        if (str == null) {
            throw new IllegalArgumentException("id must not be null");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("key must not be null");
        }
        this.id = str;
        this.key = bArr;
        this.includePayloadHash = z;
        this.skewSeconds = j;
    }

    protected static String escapeExtraHeaderAttribute(String str) {
        return str.replaceAll("\\\\", "\\\\").replaceAll("\"", "\\\"");
    }

    protected static String escapeExtraString(String str) {
        return str.replaceAll("\\\\", "\\\\").replaceAll("\n", "\\n");
    }

    protected static String getBaseContentType(Header header) {
        if (header == null) {
            throw new IllegalArgumentException("contentTypeHeader must not be null.");
        }
        String value = header.getValue();
        if (value == null) {
            throw new IllegalArgumentException("contentTypeHeader value must not be null.");
        }
        int indexOf = value.indexOf(";");
        return indexOf < 0 ? value.trim() : value.substring(0, indexOf).trim();
    }

    protected static byte[] getPayloadHash(HttpEntity httpEntity) throws IOException, NoSuchAlgorithmException {
        if (!httpEntity.isRepeatable()) {
            throw new IllegalArgumentException("entity must be repeatable");
        }
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update("hawk.1.payload\n".getBytes(StringUtils.UTF_8));
        messageDigest.update(getBaseContentType(httpEntity.getContentType()).getBytes(StringUtils.UTF_8));
        messageDigest.update("\n".getBytes(StringUtils.UTF_8));
        InputStream content = httpEntity.getContent();
        try {
            byte[] bArr = new byte[4096];
            while (true) {
                int read = content.read(bArr);
                if (-1 == read) {
                    messageDigest.update("\n".getBytes(StringUtils.UTF_8));
                    return messageDigest.digest();
                }
                if (read > 0) {
                    messageDigest.update(bArr, 0, read);
                }
            }
        } finally {
            content.close();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected static String getPayloadHashString(HttpRequestBase httpRequestBase) throws NoSuchAlgorithmException, IOException, IllegalArgumentException {
        if (!(httpRequestBase instanceof HttpEntityEnclosingRequest)) {
            Logger.debug(LOG_TAG, "Not computing payload verification hash for non-enclosing request.");
            return null;
        }
        if (!(httpRequestBase instanceof HttpEntityEnclosingRequest)) {
            throw new IllegalArgumentException("Cannot compute payload verification hash for enclosing request without an entity");
        }
        HttpEntity entity = ((HttpEntityEnclosingRequest) httpRequestBase).getEntity();
        if (entity == null) {
            throw new IllegalArgumentException("Cannot compute payload verification hash for enclosing request with a null entity");
        }
        return Base64.encodeBase64String(getPayloadHash(entity));
    }

    protected static String getRequestString(HttpUriRequest httpUriRequest, String str, long j, String str2, String str3, String str4, String str5, String str6) {
        String upperCase = httpUriRequest.getMethod().toUpperCase(Locale.US);
        URI uri = httpUriRequest.getURI();
        String host = uri.getHost();
        String rawPath = uri.getRawPath();
        if (uri.getRawQuery() != null) {
            rawPath = (rawPath + "?") + uri.getRawQuery();
        }
        if (uri.getRawFragment() != null) {
            rawPath = (rawPath + "#") + uri.getRawFragment();
        }
        int port = uri.getPort();
        String scheme = uri.getScheme();
        if (port == -1) {
            if (HttpHost.DEFAULT_SCHEME_NAME.equalsIgnoreCase(scheme)) {
                port = 80;
            } else {
                if (!Constants.SCHEME.equalsIgnoreCase(scheme)) {
                    throw new IllegalArgumentException("Unsupported URI scheme: " + scheme + ".");
                }
                port = 443;
            }
        }
        StringBuilder sb = new StringBuilder();
        sb.append("hawk.");
        sb.append(1);
        sb.append('.');
        sb.append(str);
        sb.append('\n');
        sb.append(j);
        sb.append('\n');
        sb.append(str2);
        sb.append('\n');
        sb.append(upperCase);
        sb.append('\n');
        sb.append(rawPath);
        sb.append('\n');
        sb.append(host);
        sb.append('\n');
        sb.append(port);
        sb.append('\n');
        if (str3 != null) {
            sb.append(str3);
        }
        sb.append("\n");
        if (str4 != null && str4.length() > 0) {
            sb.append(escapeExtraString(str4));
        }
        sb.append("\n");
        if (str5 != null) {
            sb.append(str5);
            sb.append("\n");
            if (str6 != null) {
                sb.append(str6);
            }
            sb.append("\n");
        }
        return sb.toString();
    }

    protected static String getSignature(byte[] bArr, byte[] bArr2) throws InvalidKeyException, NoSuchAlgorithmException, UnsupportedEncodingException {
        return Base64.encodeBase64String(hmacSha256(bArr, bArr2));
    }

    protected static byte[] hmacSha256(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "hmacSHA256");
        Mac mac = Mac.getInstance("hmacSHA256");
        mac.init(secretKeySpec);
        mac.update(bArr);
        return mac.doFinal();
    }

    @Override // org.mozilla.gecko.sync.net.AuthHeaderProvider
    public Header getAuthHeader(HttpRequestBase httpRequestBase, BasicHttpContext basicHttpContext, DefaultHttpClient defaultHttpClient) throws GeneralSecurityException {
        try {
            return getAuthHeader(httpRequestBase, basicHttpContext, defaultHttpClient, getTimestampSeconds(), Base64.encodeBase64String(Utils.generateRandomBytes(8)), "", this.includePayloadHash);
        } catch (Exception e) {
            throw new GeneralSecurityException(e);
        }
    }

    protected Header getAuthHeader(HttpRequestBase httpRequestBase, BasicHttpContext basicHttpContext, DefaultHttpClient defaultHttpClient, long j, String str, String str2, boolean z) throws InvalidKeyException, NoSuchAlgorithmException, IOException {
        if (j < 0) {
            throw new IllegalArgumentException("timestamp must contain only [0-9].");
        }
        if (str == null) {
            throw new IllegalArgumentException("nonce must not be null.");
        }
        if (str.length() == 0) {
            throw new IllegalArgumentException("nonce must not be empty.");
        }
        String str3 = null;
        if (z) {
            str3 = getPayloadHashString(httpRequestBase);
        } else {
            Logger.debug(LOG_TAG, "Configured to not include payload hash for this request.");
        }
        String signature = getSignature(getRequestString(httpRequestBase, "header", j, str, str3, str2, null, null).getBytes(StringUtils.UTF_8), this.key);
        StringBuilder sb = new StringBuilder();
        sb.append("Hawk id=\"");
        sb.append(this.id);
        sb.append("\", ");
        sb.append("ts=\"");
        sb.append(j);
        sb.append("\", ");
        sb.append("nonce=\"");
        sb.append(str);
        sb.append("\", ");
        if (str3 != null) {
            sb.append("hash=\"");
            sb.append(str3);
            sb.append("\", ");
        }
        if (str2 != null && str2.length() > 0) {
            sb.append("ext=\"");
            sb.append(escapeExtraHeaderAttribute(str2));
            sb.append("\", ");
        }
        sb.append("mac=\"");
        sb.append(signature);
        sb.append("\"");
        return new BasicHeader("Authorization", sb.toString());
    }

    protected long getTimestampSeconds() {
        return (now() / 1000) + this.skewSeconds;
    }

    protected long now() {
        return System.currentTimeMillis();
    }
}
