package org.apache.shindig.auth;

import com.google.common.collect.Maps;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.io.File;
import java.io.IOException;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.shindig.common.crypto.BasicBlobCrypter;
import org.apache.shindig.common.crypto.BlobCrypter;
import org.apache.shindig.common.crypto.BlobCrypterException;
import org.apache.shindig.config.ContainerConfig;

@Singleton
/* loaded from: input_file:org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.class */
public class BlobCrypterSecurityTokenCodec implements SecurityTokenCodec {
    public static final String SECURITY_TOKEN_KEY_FILE = "gadgets.securityTokenKeyFile";
    public static final String SIGNED_FETCH_DOMAIN = "gadgets.signedFetchDomain";
    protected final Map<String, BlobCrypter> crypters = Maps.newHashMap();
    protected final Map<String, String> domains = Maps.newHashMap();

    @Inject
    public BlobCrypterSecurityTokenCodec(ContainerConfig containerConfig) {
        try {
            for (String str : containerConfig.getContainers()) {
                String string = containerConfig.getString(str, SECURITY_TOKEN_KEY_FILE);
                if (string != null) {
                    this.crypters.put(str, loadCrypterFromFile(new File(string)));
                }
                this.domains.put(str, containerConfig.getString(str, SIGNED_FETCH_DOMAIN));
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    protected BlobCrypter loadCrypterFromFile(File file) throws IOException {
        return new BasicBlobCrypter(file);
    }

    @Override // org.apache.shindig.auth.SecurityTokenCodec
    public SecurityToken createToken(Map<String, String> map) throws SecurityTokenException {
        String str = map.get(SecurityTokenCodec.SECURITY_TOKEN_NAME);
        if (StringUtils.isBlank(str)) {
            return new AnonymousSecurityToken();
        }
        String[] split = StringUtils.split(str, ':');
        if (split.length != 2) {
            throw new SecurityTokenException("Invalid security token " + str);
        }
        String str2 = split[0];
        BlobCrypter blobCrypter = this.crypters.get(str2);
        if (blobCrypter == null) {
            throw new SecurityTokenException("Unknown container " + str);
        }
        try {
            return BlobCrypterSecurityToken.decrypt(blobCrypter, str2, this.domains.get(str2), split[1], map.get(SecurityTokenCodec.ACTIVE_URL_NAME));
        } catch (BlobCrypterException e) {
            throw new SecurityTokenException(e);
        }
    }

    @Override // org.apache.shindig.auth.SecurityTokenCodec
    public String encodeToken(SecurityToken securityToken) throws SecurityTokenException {
        if (!(securityToken instanceof BlobCrypterSecurityToken)) {
            throw new SecurityTokenException("Can only encode BlogCrypterSecurityTokens");
        }
        try {
            return ((BlobCrypterSecurityToken) securityToken).encrypt();
        } catch (BlobCrypterException e) {
            throw new SecurityTokenException(e);
        }
    }
}
