package com.google.gerrit.httpd;

import com.google.gerrit.httpd.RestTokenVerifier;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gwtjsonrpc.server.SignedToken;
import com.google.gwtjsonrpc.server.ValidToken;
import com.google.gwtjsonrpc.server.XsrfException;
import com.google.inject.AbstractModule;
import com.google.inject.Inject;
import java.io.UnsupportedEncodingException;
import org.eclipse.jgit.util.Base64;

/* loaded from: input_file:WEB-INF/lib/gerrit-httpd-2.5.2.jar:com/google/gerrit/httpd/SignedTokenRestTokenVerifier.class */
public class SignedTokenRestTokenVerifier implements RestTokenVerifier {
    private final SignedToken restToken;

    /* loaded from: input_file:WEB-INF/lib/gerrit-httpd-2.5.2.jar:com/google/gerrit/httpd/SignedTokenRestTokenVerifier$Module.class */
    public static class Module extends AbstractModule {
        @Override // com.google.inject.AbstractModule
        protected void configure() {
            bind(RestTokenVerifier.class).to(SignedTokenRestTokenVerifier.class);
        }
    }

    @Inject
    SignedTokenRestTokenVerifier(AuthConfig authConfig) {
        this.restToken = authConfig.getRestToken();
    }

    @Override // com.google.gerrit.httpd.RestTokenVerifier
    public String sign(Account.Id id, String str) {
        try {
            return this.restToken.newToken(Base64.encodeBytes(String.format("%s:%s", id, str).getBytes("UTF-8")));
        } catch (XsrfException e) {
            throw new IllegalArgumentException(e);
        } catch (UnsupportedEncodingException e2) {
            throw new IllegalArgumentException(e2);
        }
    }

    @Override // com.google.gerrit.httpd.RestTokenVerifier
    public void verify(Account.Id id, String str, String str2) throws RestTokenVerifier.InvalidTokenException {
        try {
            ValidToken checkToken = this.restToken.checkToken(str2, null);
            if (checkToken == null || checkToken.getData() == null || checkToken.getData().isEmpty()) {
                throw new RestTokenVerifier.InvalidTokenException();
            }
            try {
                String str3 = new String(Base64.decode(checkToken.getData()), "UTF-8");
                int indexOf = str3.indexOf(58);
                if (indexOf == -1) {
                    throw new RestTokenVerifier.InvalidTokenException();
                }
                try {
                    Account.Id parse = Account.Id.parse(str3.substring(0, indexOf));
                    String substring = str3.substring(indexOf + 1);
                    if (!parse.equals(id) || !substring.equals(str)) {
                        throw new RestTokenVerifier.InvalidTokenException();
                    }
                } catch (IllegalArgumentException e) {
                    throw new RestTokenVerifier.InvalidTokenException(e);
                }
            } catch (UnsupportedEncodingException e2) {
                throw new RestTokenVerifier.InvalidTokenException(e2);
            }
        } catch (XsrfException e3) {
            throw new RestTokenVerifier.InvalidTokenException(e3);
        }
    }
}
