package aQute.bnd.url;

import aQute.bnd.annotation.plugin.BndPlugin;
import aQute.bnd.url.DefaultURLConnectionHandler;
import aQute.lib.base64.Base64;
import aQute.lib.date.Dates;
import aQute.lib.hex.Hex;
import aQute.lib.settings.Settings;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.URLConnection;
import java.net.UnknownHostException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.time.Instant;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import org.eclipse.core.internal.boot.PlatformURLHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@BndPlugin(name = "url.bnd.authentication", hide = true, parameters = Config.class)
/* loaded from: input_file:aQute/bnd/url/BndAuthentication.class */
public class BndAuthentication extends DefaultURLConnectionHandler {
    private static final Logger logger = LoggerFactory.getLogger(BndAuthentication.class);
    private static final String MACHINE = "machine";
    private static final String PRIVATE_KEY = "privateKey";
    private static final String PUBLIC_KEY = "publicKey";
    private static final String EMAIL = "email";
    private static final String X_A_QUTE_AUTHORIZATION = "X-aQute-Authorization";
    private String identity;
    private String email;
    private String machine;
    private PrivateKey privateKey;
    private PublicKey publicKey;

    /* loaded from: input_file:aQute/bnd/url/BndAuthentication$Config.class */
    interface Config extends DefaultURLConnectionHandler.Config {
        String machine();

        byte[] privateKey();

        byte[] publicKey();

        String email();
    }

    @Override // aQute.bnd.url.DefaultURLConnectionHandler, aQute.bnd.service.url.URLConnectionHandler
    public void handle(URLConnection uRLConnection) throws Exception {
        if ((uRLConnection instanceof HttpURLConnection) && matches(uRLConnection)) {
            if (!(uRLConnection instanceof HttpsURLConnection)) {
                logger.debug("bnd authentication should only be used with https: {}", uRLConnection.getURL());
            }
            init();
            StringBuilder sb = new StringBuilder(this.identity);
            String requestProperty = uRLConnection.getRequestProperty("Date");
            if (requestProperty == null) {
                requestProperty = Dates.RFC_7231_DATE_TIME.format(Instant.now());
                uRLConnection.setRequestProperty("Date", requestProperty);
            }
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initSign(this.privateKey);
            signature.update(requestProperty.getBytes());
            sb.append(Base64.encodeBase64(signature.sign()));
            uRLConnection.setRequestProperty(X_A_QUTE_AUTHORIZATION, sb.toString());
        }
    }

    private synchronized void init() throws UnknownHostException {
        if (this.identity != null) {
            return;
        }
        this.machine = InetAddress.getLocalHost().getHostName();
        StringBuilder sb = new StringBuilder();
        sb.append(this.email).append("!");
        if (this.machine != null) {
            sb.append(this.machine);
        }
        sb.append("!").append(Base64.encodeBase64(this.publicKey.getEncoded())).append(PlatformURLHandler.PROTOCOL_SEPARATOR);
        this.identity = sb.toString();
    }

    @Override // aQute.bnd.url.DefaultURLConnectionHandler, aQute.bnd.service.Plugin
    public void setProperties(Map<String, String> map) throws Exception {
        super.setProperties(map);
        String str = map.get(EMAIL);
        if (str == null) {
            Settings settings = (Settings) this.registry.getPlugin(Settings.class);
            String email = settings.getEmail();
            if (email == null) {
                error("The bnd authentication URL connection handler has no email set as property, nor have the bnd settings been set", new Object[0]);
                return;
            }
            credentials(email, settings.getPublicKey(), settings.getPrivateKey());
        } else {
            String str2 = map.get(PUBLIC_KEY);
            String str3 = map.get(PRIVATE_KEY);
            if (str2 == null || !Hex.isHex(str2)) {
                error("The bnd authentication URL public key for email %s is not a hex string %s", str, str2);
                return;
            } else {
                if (str3 == null || !Hex.isHex(str3)) {
                    error("The bnd authentication URL private key for email %s is not a hex string", str);
                    return;
                }
                credentials(str, Hex.toByteArray(str2), Hex.toByteArray(str3));
            }
        }
        this.machine = map.get(MACHINE);
    }

    private void credentials(String str, byte[] bArr, byte[] bArr2) throws InvalidKeySpecException, NoSuchAlgorithmException {
        this.email = str;
        if (bArr == null || bArr2 == null) {
            return;
        }
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(bArr2);
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(bArr);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        this.privateKey = keyFactory.generatePrivate(pKCS8EncodedKeySpec);
        this.publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
    }
}
