package com.nimbusds.common.oauth2;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.thetransactioncompany.util.PropertyParseException;
import com.thetransactioncompany.util.PropertyRetriever;
import java.io.IOException;
import java.util.Collections;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.WebApplicationException;
import net.jcip.annotations.ThreadSafe;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.Logger;

@ThreadSafe
/* loaded from: input_file:com/nimbusds/common/oauth2/SHA256BasedAccessTokenValidator.class */
public class SHA256BasedAccessTokenValidator extends AbstractAccessTokenValidator {
    public static final int MIN_TOKEN_LENGTH = 32;

    public SHA256BasedAccessTokenValidator(String str) {
        this(str);
    }

    public SHA256BasedAccessTokenValidator(String... strArr) {
        for (String str : strArr) {
            if (str != null) {
                try {
                    this.expectedTokenHashes.add(Hex.decodeHex(str.toCharArray()));
                } catch (DecoderException e) {
                    throw new IllegalArgumentException("Invalid hex for access token SHA-256: " + str);
                }
            }
        }
        this.hashSalt = null;
    }

    public SHA256BasedAccessTokenValidator(String str, List<String> list) {
        if (str == null) {
            return;
        }
        try {
            this.expectedTokenHashes.add(Hex.decodeHex(str.toCharArray()));
            if (list != null) {
                for (String str2 : list) {
                    if (str2 != null) {
                        try {
                            this.expectedTokenHashes.add(Hex.decodeHex(str2.toCharArray()));
                        } catch (DecoderException e) {
                            throw new IllegalArgumentException("Invalid hex for access token SHA-256: " + str2);
                        }
                    }
                }
            }
        } catch (DecoderException e2) {
            throw new IllegalArgumentException("Invalid hex for access token SHA-256: " + str);
        }
    }

    public static SHA256BasedAccessTokenValidator from(PropertyRetriever propertyRetriever, String str, boolean z, String str2) throws PropertyParseException {
        String string = z ? propertyRetriever.getString(str) : propertyRetriever.getOptString(str, (String) null);
        if (str2 == null) {
            return new SHA256BasedAccessTokenValidator(string);
        }
        return new SHA256BasedAccessTokenValidator(string, propertyRetriever.getOptStringListMulti(str2, Collections.emptyList()));
    }

    @Override // com.nimbusds.common.oauth2.MasterAccessTokenValidator
    public void validateBearerAccessToken(String str) throws WebApplicationException {
        if (accessIsDisabled()) {
            throw WEB_API_DISABLED.toWebAppException();
        }
        if (StringUtils.isBlank(str)) {
            throw MISSING_BEARER_TOKEN.toWebAppException();
        }
        try {
            BearerAccessToken parse = BearerAccessToken.parse(str);
            if (null != this.log) {
                this.log.trace("[CM3000] Validating bearer access token: {}", TokenAbbreviator.abbreviate(parse));
            }
            if (parse.getValue().length() < 32) {
                throw INVALID_BEARER_TOKEN.toWebAppException();
            }
            if (!isValid(parse)) {
                throw INVALID_BEARER_TOKEN.toWebAppException();
            }
        } catch (ParseException e) {
            throw MISSING_BEARER_TOKEN.toWebAppException();
        }
    }

    @Override // com.nimbusds.common.oauth2.MasterAccessTokenValidator
    public boolean validateBearerAccessToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        BearerAccessToken bearerAccessToken;
        if (accessIsDisabled()) {
            WEB_API_DISABLED.apply(httpServletResponse);
            return false;
        }
        if (httpServletRequest.getHeader("Authorization") != null) {
            String header = httpServletRequest.getHeader("Authorization");
            if (StringUtils.isBlank(header)) {
                MISSING_BEARER_TOKEN.apply(httpServletResponse);
                return false;
            }
            try {
                bearerAccessToken = BearerAccessToken.parse(header);
            } catch (ParseException e) {
                MISSING_BEARER_TOKEN.apply(httpServletResponse);
                return false;
            }
        } else {
            if (httpServletRequest.getParameter("access_token") == null) {
                MISSING_BEARER_TOKEN.apply(httpServletResponse);
                return false;
            }
            String parameter = httpServletRequest.getParameter("access_token");
            if (StringUtils.isBlank(parameter)) {
                MISSING_BEARER_TOKEN.apply(httpServletResponse);
                return false;
            }
            bearerAccessToken = new BearerAccessToken(parameter);
        }
        if (null != this.log) {
            this.log.trace("[CM3000] Validating bearer access token: {}", TokenAbbreviator.abbreviate(bearerAccessToken));
        }
        if (bearerAccessToken.getValue().length() < 32) {
            INVALID_BEARER_TOKEN.apply(httpServletResponse);
            return false;
        }
        if (isValid(bearerAccessToken)) {
            return true;
        }
        INVALID_BEARER_TOKEN.apply(httpServletResponse);
        return false;
    }

    @Override // com.nimbusds.common.oauth2.AbstractAccessTokenValidator
    public /* bridge */ /* synthetic */ int getNumberConfiguredTokens() {
        return super.getNumberConfiguredTokens();
    }

    @Override // com.nimbusds.common.oauth2.AbstractAccessTokenValidator, com.nimbusds.common.oauth2.MasterAccessTokenValidator
    public /* bridge */ /* synthetic */ void setLogger(Logger logger) {
        super.setLogger(logger);
    }

    @Override // com.nimbusds.common.oauth2.AbstractAccessTokenValidator, com.nimbusds.common.oauth2.MasterAccessTokenValidator
    public /* bridge */ /* synthetic */ Logger getLogger() {
        return super.getLogger();
    }

    @Override // com.nimbusds.common.oauth2.AbstractAccessTokenValidator, com.nimbusds.common.oauth2.MasterAccessTokenValidator
    public /* bridge */ /* synthetic */ boolean isValid(BearerAccessToken bearerAccessToken) {
        return super.isValid(bearerAccessToken);
    }

    @Override // com.nimbusds.common.oauth2.AbstractAccessTokenValidator, com.nimbusds.common.oauth2.MasterAccessTokenValidator
    public /* bridge */ /* synthetic */ boolean accessIsDisabled() {
        return super.accessIsDisabled();
    }
}
