package net.solarnetwork.ocpp.xml.support;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.text.DateFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Base64;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.Set;
import java.util.TimeZone;
import java.util.regex.Pattern;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.namespace.QName;
import javax.xml.soap.Node;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPHeaderElement;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.Text;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/solarnetwork/ocpp/xml/support/HMACHandler.class */
public class HMACHandler implements SOAPHandler<SOAPMessageContext> {
    public static final String SN_WS_TIMESTAMP = "ts";
    public static final String DEFAULT_SECRET = "changeit";
    private Mac hmac;
    public static final String SN_WS_NS = "urn://SolarNetwork/SolarNode/WS";
    public static final QName SN_WS_AUTH = new QName(SN_WS_NS, "Authentication");
    public static final QName OCPP_CS_CHARGE_BOX_IDENTITY = new QName("urn://Ocpp/Cs/2012/06/", "chargeBoxIdentity");
    public static final QName OCPP_CP_CHARGE_BOX_IDENTITY = new QName("urn://Ocpp/Cp/2012/06/", "chargeBoxIdentity");
    private static final Pattern NON_WHITESPACE = Pattern.compile("\\S");
    private String secret = DEFAULT_SECRET;
    private boolean required = true;
    private long maximumTimeSkew = 300000;
    private final Logger log = LoggerFactory.getLogger(getClass());

    public boolean handleMessage(SOAPMessageContext sOAPMessageContext) {
        Boolean bool = (Boolean) sOAPMessageContext.get("javax.xml.ws.handler.message.outbound");
        if (bool == null || !bool.booleanValue()) {
            try {
                validateAuthenticationHeader(sOAPMessageContext);
                return true;
            } catch (SOAPException e) {
                this.log.error("Error validating Authentication SOAP header", e);
                return true;
            }
        }
        try {
            addAuthenticationHeader(sOAPMessageContext);
            return true;
        } catch (SOAPException e2) {
            this.log.error("Error adding Authentication SOAP header", e2);
            return true;
        }
    }

    private Mac getHMAC() {
        Mac mac = this.hmac;
        if (mac == null) {
            try {
                mac = Mac.getInstance("HmacSHA256");
                mac.init(new SecretKeySpec(this.secret.getBytes(), "HmacSHA256"));
                this.hmac = mac;
            } catch (InvalidKeyException e) {
                throw new RuntimeException(e);
            } catch (NoSuchAlgorithmException e2) {
                throw new RuntimeException(e2);
            }
        }
        return mac;
    }

    private DateFormat getTimestampDateFormat() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        return simpleDateFormat;
    }

    private String getTimestampString(long j) {
        return getTimestampDateFormat().format(new Date(j));
    }

    private void addAuthenticationHeader(SOAPMessageContext sOAPMessageContext) throws SOAPException {
        addAuthenticationHeader(sOAPMessageContext, System.currentTimeMillis());
    }

    private void addAuthenticationHeader(SOAPMessageContext sOAPMessageContext, long j) throws SOAPException {
        SOAPHeader sOAPHeader = sOAPMessageContext.getMessage().getSOAPHeader();
        SOAPHeaderElement authenticationHeader = getAuthenticationHeader(sOAPHeader);
        String hash = hash(calculateHashData(sOAPMessageContext, j));
        if (authenticationHeader == null) {
            authenticationHeader = sOAPHeader.addHeaderElement(SN_WS_AUTH);
        }
        authenticationHeader.setTextContent(hash);
        if (authenticationHeader.hasAttribute(SN_WS_TIMESTAMP)) {
            return;
        }
        authenticationHeader.setAttribute(SN_WS_TIMESTAMP, getTimestampString(j));
    }

    private String calculateHashData(SOAPMessageContext sOAPMessageContext, long j) throws SOAPException {
        String textContent;
        SOAPMessage message = sOAPMessageContext.getMessage();
        SOAPHeader sOAPHeader = message.getSOAPHeader();
        SOAPBody sOAPBody = message.getSOAPBody();
        StringBuilder sb = new StringBuilder("\n");
        sb.append(getTimestampString(j)).append('\n');
        String str = null;
        Iterator examineAllHeaderElements = sOAPHeader.examineAllHeaderElements();
        while (examineAllHeaderElements.hasNext()) {
            SOAPHeaderElement sOAPHeaderElement = (SOAPHeaderElement) examineAllHeaderElements.next();
            QName elementQName = sOAPHeaderElement.getElementQName();
            String qName = elementQName.toString();
            if (WSAddressingFromHandler.WSA_NS.equals(elementQName.getNamespaceURI())) {
                Node node = null;
                Iterator childElements = sOAPHeaderElement.getChildElements(WSAddressingFromHandler.WSA_ADDRESS);
                if (childElements.hasNext()) {
                    node = (Node) childElements.next();
                }
                if (node != null) {
                    node.normalize();
                    textContent = node.getTextContent();
                } else {
                    sOAPHeaderElement.normalize();
                    textContent = sOAPHeaderElement.getTextContent();
                }
            } else if (!SN_WS_AUTH.equals(elementQName)) {
                sOAPHeaderElement.normalize();
                textContent = sOAPHeaderElement.getTextContent();
            }
            if (str == null && (OCPP_CS_CHARGE_BOX_IDENTITY.equals(elementQName) || OCPP_CP_CHARGE_BOX_IDENTITY.equals(elementQName))) {
                str = textContent;
            }
            sb.append(qName).append('=').append(textContent).append('\n');
        }
        appendHashData(sOAPBody, sb);
        if (str != null) {
            sb.insert(0, str);
        }
        return sb.toString();
    }

    private SOAPElement getAuthenticationHeader(SOAPHeader sOAPHeader) throws SOAPException {
        SOAPElement sOAPElement = null;
        Iterator childElements = sOAPHeader.getChildElements(SN_WS_AUTH);
        if (childElements.hasNext()) {
            sOAPElement = (SOAPElement) childElements.next();
        }
        return sOAPElement;
    }

    private void validateAuthenticationHeader(SOAPMessageContext sOAPMessageContext) throws SOAPException {
        SOAPElement authenticationHeader = getAuthenticationHeader(sOAPMessageContext.getMessage().getSOAPHeader());
        if (authenticationHeader == null) {
            return;
        }
        try {
            Date date = (Date) getTimestampDateFormat().parseObject(authenticationHeader.getAttribute(SN_WS_TIMESTAMP));
            long abs = Math.abs(date.getTime() - System.currentTimeMillis());
            if (abs > this.maximumTimeSkew) {
                throw new RuntimeException("Time skew too big: " + abs);
            }
            if (!hash(calculateHashData(sOAPMessageContext, date.getTime())).equals(authenticationHeader.getTextContent())) {
                throw new RuntimeException("Invalid Authentication value");
            }
        } catch (ParseException e) {
            throw new RuntimeException("Invalid date: " + e.getMessage());
        }
    }

    private String hash(String str) {
        byte[] doFinal;
        this.log.debug("HMAC hash input:\n{}", str);
        Mac hmac = getHMAC();
        synchronized (hmac) {
            hmac.reset();
            doFinal = hmac.doFinal(str.getBytes());
        }
        return Base64.getEncoder().encodeToString(doFinal);
    }

    private void appendHashData(SOAPElement sOAPElement, StringBuilder sb) {
        QName elementQName = sOAPElement.getElementQName();
        boolean z = true;
        Iterator childElements = sOAPElement.getChildElements();
        while (childElements.hasNext()) {
            Object next = childElements.next();
            if (next instanceof SOAPElement) {
                if (z) {
                    sb.append(elementQName.toString()).append('\n');
                    z = false;
                }
                appendHashData((SOAPElement) next, sb);
            } else if (next instanceof Text) {
                Text text = (Text) next;
                if (!text.isComment()) {
                    text.normalize();
                    if (NON_WHITESPACE.matcher(text.getTextContent()).find()) {
                        sb.append(elementQName.toString()).append('=').append(text.getTextContent()).append('\n');
                    }
                }
            }
        }
    }

    public boolean handleFault(SOAPMessageContext sOAPMessageContext) {
        return true;
    }

    public void close(MessageContext messageContext) {
    }

    public Set<QName> getHeaders() {
        return Collections.singleton(SN_WS_AUTH);
    }

    public void setSecret(String str) {
        if (str == null) {
            str = "";
        }
        this.secret = str;
        this.hmac = null;
    }

    public void setMaximumTimeSkew(long j) {
        this.maximumTimeSkew = j;
    }

    public long getMaximumTimeSkew() {
        return this.maximumTimeSkew;
    }

    public boolean isRequired() {
        return this.required;
    }

    public void setRequired(boolean z) {
        this.required = z;
    }
}
