package com.nazdaq.noms.app.auth.check;

import com.nazdaq.core.helpers.AppConfig;
import com.nazdaq.core.helpers.RequestHelper;
import com.nazdaq.core.security.Passwords;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import models.users.User;
import org.jetbrains.annotations.Contract;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import play.mvc.Http;

/* loaded from: input_file:com/nazdaq/noms/app/auth/check/AuthApiCallCheck.class */
public class AuthApiCallCheck {
    private static final Logger log = LoggerFactory.getLogger(AuthApiCallCheck.class);
    private static final String HEADER_API_KEY = "X-API-KEY";
    private static final String HEADER_SIGN_DATE = "X-SIGN-DATE";
    private static final String HEADER_SIGN_TOKEN = "X-SIGN-TOKEN";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/nazdaq/noms/app/auth/check/AuthApiCallCheck$HashingType.class */
    public enum HashingType {
        MD5,
        SHA1
    }

    public static boolean isApiRequest(Http.Request request) {
        return RequestHelper.getHeaderValue(request, HEADER_API_KEY) != null;
    }

    @NotNull
    public static User isAPICallValid(Http.Request request) throws Exception {
        return isAPICallValid(request, RequestHelper.getHeaderValue(request, HEADER_API_KEY), RequestHelper.getHeaderValue(request, HEADER_SIGN_TOKEN), RequestHelper.getHeaderValue(request, HEADER_SIGN_DATE), RequestHelper.getHeaderValue(request, "User-Agent"));
    }

    @Contract("_, null, _, _, _ -> fail")
    @NotNull
    public static User isAPICallValid(Http.Request request, String str, String str2, String str3, String str4) throws Exception {
        HashingType hashingType = HashingType.SHA1;
        String str5 = "yyyy-MM-dd HH:mm";
        if (str == null) {
            throw new Exception("No API key provided!");
        }
        String ipAddress = RequestHelper.ipAddress(request);
        log.trace("New H-MAC Auth from {} Agent {}", ipAddress, str4);
        if (str.isEmpty()) {
            log.error("API - Got empty X-API-KEY from IP: " + ipAddress);
            throw new Exception("Got empty X-API-KEY");
        }
        if (str4 != null && str4.contains("curl")) {
            hashingType = HashingType.MD5;
            str5 = "yyyy-M-dd H:m";
        }
        if (str2 == null || str2.isEmpty()) {
            log.error("API - Got empty X-SIGN-TOKEN from IP: " + ipAddress);
            throw new Exception("Got empty X-SIGN-TOKEN");
        }
        User user = User.getuserbyAPIKey(str);
        if (user == null) {
            log.error("API - Got invalid X-API-Key '{}' from IP: {}, Path: {}", new Object[]{str, ipAddress, request.path()});
            throw new Exception("Got invalid X-API-Key '" + str + "'");
        }
        if (!user.isApiEnabled()) {
            log.error("API - User '" + user.getId() + ":" + user.getDisplayName() + "', IP: " + ipAddress + " - API usage not enabled!");
            throw new Exception("API usage not enabled");
        }
        if (AppConfig.isProd && !AppConfig.isNazdaqCustomer) {
            try {
                if (new Date(new SimpleDateFormat(str5).parse(str3).getTime() + (12 * 3600000)).before(new Date())) {
                    log.error("API - Got expired request: {}, From: '{}:{}', IP: {}", new Object[]{str3, Integer.valueOf(user.getId()), user.getDisplayName(), ipAddress});
                    throw new Exception("Got Expired Request!");
                }
            } catch (ParseException e) {
                log.error("API - Got expired request:{}, From: '{}:{}', IP: {}", new Object[]{str3, Integer.valueOf(user.getId()), user.getDisplayName(), ipAddress, e});
                throw new Exception("Got Expired Request!");
            }
        }
        if (getHMacSignature(hashingType, user, request, str3).equals(str2)) {
            return user;
        }
        log.error("API - Got invalid Signed hash from User: '" + user.getId() + ":" + user.getDisplayName() + "', IP: " + ipAddress);
        throw new Exception("Got invalid Signed Token!");
    }

    private static String getHMacSignature(@NotNull HashingType hashingType, @NotNull User user, @NotNull Http.Request request, String str) throws NoSuchAlgorithmException {
        String str2 = user.getSecretSignKey() + "-" + request.method() + "-" + request.path() + "-" + str;
        return hashingType.equals(HashingType.MD5) ? Passwords.generateMD5(str2) : Passwords.generateSHA1(str2).toUpperCase();
    }
}
