package com.xunyi.beast.security.authentication.servlet;

import com.google.common.base.Splitter;
import com.google.common.collect.Maps;
import com.xunyi.beast.security.authentication.ClientSignatureToken;
import java.time.Instant;
import java.util.HashMap;
import java.util.function.Function;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/xunyi/beast/security/authentication/servlet/ClientSignatureAuthenticationConverter.class */
public class ClientSignatureAuthenticationConverter implements Function<HttpServletRequest, ClientSignatureToken> {
    public static final String AUTHENTICATION_SCHEME_APP = "APP-SHA256-RSA2048";

    @Override // java.util.function.Function
    public ClientSignatureToken apply(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return null;
        }
        String trim = header.trim();
        if (!StringUtils.startsWithIgnoreCase(trim, "APP-SHA256-RSA2048")) {
            return null;
        }
        if (trim.equalsIgnoreCase("APP-SHA256-RSA2048")) {
            throw new BadCredentialsException("Empty app signature authentication token");
        }
        Iterable<String> split = Splitter.on(",").split(trim.substring("APP-SHA256-RSA2048".length() + 1));
        HashMap newHashMap = Maps.newHashMap();
        for (String str : split) {
            int indexOf = str.indexOf("=");
            if (indexOf == -1) {
                throw new BadCredentialsException("Invalid app signature authentication token");
            }
            newHashMap.put(str.substring(0, indexOf), str.substring(indexOf + 1));
        }
        try {
            return new ClientSignatureToken((String) newHashMap.get("appId"), (String) newHashMap.get("nonce"), Instant.ofEpochSecond(Integer.parseInt((String) newHashMap.get("timestamp"))), (String) newHashMap.get("signature"));
        } catch (NumberFormatException e) {
            throw new BadCredentialsException("Failed to parse app authentication timestamp");
        }
    }
}
