package com.atlassian.bitbucket.internal.webhook;

import com.atlassian.webhooks.WebhookInvocation;
import com.atlassian.webhooks.WebhookRequestEnricher;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.annotation.Nonnull;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-webhooks-5.16.0.jar:com/atlassian/bitbucket/internal/webhook/WebhookBodySigner.class */
public class WebhookBodySigner implements WebhookRequestEnricher {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) WebhookBodySigner.class);
    private static final String HEADER_NAME = "X-Hub-Signature";
    private static final int WEIGHT = 1000;
    private final InternalWebhooksConfiguration config;

    public WebhookBodySigner(InternalWebhooksConfiguration internalWebhooksConfiguration) {
        this.config = internalWebhooksConfiguration;
    }

    @Override // com.atlassian.webhooks.WebhookRequestEnricher
    public void enrich(@Nonnull WebhookInvocation webhookInvocation) {
        String str = webhookInvocation.getWebhook().getConfiguration().get("secret");
        if (StringUtils.isNotEmpty(str)) {
            signBody(webhookInvocation, str);
        } else if (str != null) {
            log.warn("Secret provided to webhook signature provider is an empty string and will be ignored for invocation [{}]", webhookInvocation.getId());
        }
    }

    @Override // com.atlassian.webhooks.WebhookRequestEnricher
    public int getWeight() {
        return 1000;
    }

    private void signBody(@Nonnull WebhookInvocation webhookInvocation, String str) {
        String hubSignatureAlgorithm = this.config.getHubSignatureAlgorithm();
        String str2 = "Hmac" + hubSignatureAlgorithm.toUpperCase();
        String str3 = hubSignatureAlgorithm.toLowerCase() + "=";
        byte[] body = webhookInvocation.getRequestBuilder().getBody();
        try {
            Mac mac = Mac.getInstance(str2);
            mac.init(new SecretKeySpec(str.getBytes(StandardCharsets.UTF_8), str2));
            webhookInvocation.getRequestBuilder().header(HEADER_NAME, str3 + Hex.encodeHexString(mac.doFinal(body)));
        } catch (InvalidKeyException e) {
            log.warn("Secret provided to webhook signature is invalid and will be ignored for invocation [{}]", webhookInvocation.getId());
        } catch (NoSuchAlgorithmException e2) {
            log.error("Unable to initialize the signing algorithm [{}]. Webhooks will not be signed", hubSignatureAlgorithm);
        }
    }
}
