package org.codingmatters.poom.ci.github.webhook;

import java.io.IOException;
import java.io.InputStreamReader;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Formatter;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.codingmatters.poom.services.logging.CategorizedLogger;
import org.codingmatters.rest.api.Processor;
import org.codingmatters.rest.api.RequestDelegate;
import org.codingmatters.rest.api.ResponseDelegate;
import org.codingmatters.rest.api.processors.GuardedProcessor;

/* loaded from: input_file:org/codingmatters/poom/ci/github/webhook/GithubWebhookGuard.class */
public class GithubWebhookGuard extends GuardedProcessor {
    private static final CategorizedLogger log = CategorizedLogger.getLogger(GithubWebhookGuard.class);
    private static final String HMAC_SHA1_ALGORITHM = "HmacSHA1";
    private final String token;

    public GithubWebhookGuard(Processor processor, String str) {
        super(processor);
        this.token = str;
    }

    protected boolean passed(RequestDelegate requestDelegate, ResponseDelegate responseDelegate) throws IOException {
        try {
            String signature = signature(readPayload(requestDelegate));
            if (requestDelegate.headers().get("X-Hub-Signature") == null || ((List) requestDelegate.headers().get("X-Hub-Signature")).isEmpty()) {
                errorResponse(responseDelegate, log.tokenized().error("X-Hub-Signature not provided"));
            } else {
                if (((String) ((List) requestDelegate.headers().get("X-Hub-Signature")).get(0)).equals("sha1=" + signature)) {
                    return true;
                }
                errorResponse(responseDelegate, log.tokenized().error("signature doesn't match, expected sha1={} but was {}", new Object[]{signature, ((List) requestDelegate.headers().get("X-Hub-Signature")).get(0)}));
            }
            return false;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            errorResponse(responseDelegate, log.tokenized().error("error verifying signature", e));
            return false;
        }
    }

    private void errorResponse(ResponseDelegate responseDelegate, String str) {
        responseDelegate.contenType("text/plain");
        responseDelegate.status(403);
        responseDelegate.payload(String.format("signature doesn't match, see logs (%s)", str).getBytes());
    }

    private String readPayload(RequestDelegate requestDelegate) throws IOException {
        InputStreamReader inputStreamReader = new InputStreamReader(requestDelegate.payload());
        Throwable th = null;
        try {
            try {
                StringBuilder sb = new StringBuilder();
                char[] cArr = new char[1024];
                for (int read = inputStreamReader.read(cArr); read != -1; read = inputStreamReader.read(cArr)) {
                    sb.append(cArr, 0, read);
                }
                String sb2 = sb.toString();
                if (inputStreamReader != null) {
                    if (0 != 0) {
                        try {
                            inputStreamReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        inputStreamReader.close();
                    }
                }
                return sb2;
            } finally {
            }
        } catch (Throwable th3) {
            if (inputStreamReader != null) {
                if (th != null) {
                    try {
                        inputStreamReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    inputStreamReader.close();
                }
            }
            throw th3;
        }
    }

    private String signature(String str) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.token.getBytes(), HMAC_SHA1_ALGORITHM);
        Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
        mac.init(secretKeySpec);
        return toHexString(mac.doFinal(str.getBytes()));
    }

    private String toHexString(byte[] bArr) {
        Formatter formatter = new Formatter();
        for (byte b : bArr) {
            formatter.format("%02x", Byte.valueOf(b));
        }
        return formatter.toString();
    }
}
