package com.mdsol.mauth;

import com.mdsol.mauth.exception.MAuthValidationException;
import com.mdsol.mauth.util.CurrentEpochTimeProvider;
import com.mdsol.mauth.util.EpochTimeProvider;
import com.mdsol.mauth.util.MAuthSignatureHelper;
import com.mdsol.mauth.utils.ClientPublicKeyProvider;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.security.Security;
import java.util.Arrays;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mdsol/mauth/RequestAuthenticator.class */
public class RequestAuthenticator implements Authenticator {
    private static final Logger logger = LoggerFactory.getLogger(RequestAuthenticator.class);
    private final ClientPublicKeyProvider clientPublicKeyProvider;
    private final long requestValidationTimeoutSeconds;
    private final EpochTimeProvider epochTimeProvider;
    private final boolean v2OnlyAuthenticate;

    public RequestAuthenticator(ClientPublicKeyProvider clientPublicKeyProvider) {
        this(clientPublicKeyProvider, 10L);
    }

    public RequestAuthenticator(ClientPublicKeyProvider clientPublicKeyProvider, boolean z) {
        this(clientPublicKeyProvider, 10L, z);
    }

    public RequestAuthenticator(ClientPublicKeyProvider clientPublicKeyProvider, long j) {
        this(clientPublicKeyProvider, j, (EpochTimeProvider) new CurrentEpochTimeProvider());
    }

    public RequestAuthenticator(ClientPublicKeyProvider clientPublicKeyProvider, long j, boolean z) {
        this(clientPublicKeyProvider, j, new CurrentEpochTimeProvider(), z);
    }

    public RequestAuthenticator(ClientPublicKeyProvider clientPublicKeyProvider, long j, EpochTimeProvider epochTimeProvider) {
        this(clientPublicKeyProvider, j, epochTimeProvider, false);
    }

    public RequestAuthenticator(ClientPublicKeyProvider clientPublicKeyProvider, long j, EpochTimeProvider epochTimeProvider, boolean z) {
        this.clientPublicKeyProvider = clientPublicKeyProvider;
        this.requestValidationTimeoutSeconds = j;
        this.epochTimeProvider = epochTimeProvider;
        this.v2OnlyAuthenticate = z;
    }

    @Override // com.mdsol.mauth.Authenticator
    public boolean authenticate(MAuthRequest mAuthRequest) {
        if (!validateTime(mAuthRequest.getRequestTime())) {
            String str = "MAuth request validation failed because of timeout " + this.requestValidationTimeoutSeconds + "s";
            logger.error(str);
            throw new MAuthValidationException(str);
        }
        if (this.v2OnlyAuthenticate && !mAuthRequest.getMauthVersion().equals(MAuthVersion.MWSV2)) {
            logger.error("The service requires mAuth v2 authentication headers.");
            throw new MAuthValidationException("The service requires mAuth v2 authentication headers.");
        }
        PublicKey publicKey = this.clientPublicKeyProvider.getPublicKey(mAuthRequest.getAppUUID());
        if (!mAuthRequest.getMauthVersion().equals(MAuthVersion.MWSV2)) {
            return validateSignatureV1(mAuthRequest, publicKey);
        }
        boolean validateSignatureV2 = validateSignatureV2(mAuthRequest, publicKey);
        if (!this.v2OnlyAuthenticate && !validateSignatureV2) {
            return fallbackValidateSignatureV1(mAuthRequest, publicKey);
        }
        return validateSignatureV2;
    }

    private boolean validateTime(long j) {
        return this.epochTimeProvider.inSeconds() - j < this.requestValidationTimeoutSeconds;
    }

    private boolean validateSignatureV1(MAuthRequest mAuthRequest, PublicKey publicKey) {
        logAuthenticationRequest(mAuthRequest);
        try {
            return Arrays.equals(MAuthSignatureHelper.getHexEncodedDigestedString(MAuthSignatureHelper.generateUnencryptedSignature(mAuthRequest.getAppUUID(), mAuthRequest.getHttpMethod(), mAuthRequest.getResourcePath(), mAuthRequest.getMessagePayload(), String.valueOf(mAuthRequest.getRequestTime()))).getBytes(StandardCharsets.UTF_8), MAuthSignatureHelper.decryptSignature(publicKey, mAuthRequest.getRequestSignature()));
        } catch (Exception e) {
            logger.error("MAuth request validation failed for V1", e);
            throw new MAuthValidationException("MAuth request validation failed for V1", e);
        }
    }

    private boolean validateSignatureV2(MAuthRequest mAuthRequest, PublicKey publicKey) {
        logAuthenticationRequest(mAuthRequest);
        try {
            return MAuthSignatureHelper.verifyRSA(MAuthSignatureHelper.generateStringToSignV2(mAuthRequest.getAppUUID(), mAuthRequest.getHttpMethod(), mAuthRequest.getResourcePath(), mAuthRequest.getQueryParameters(), mAuthRequest.getMessagePayload(), String.valueOf(mAuthRequest.getRequestTime())), mAuthRequest.getRequestSignature(), publicKey);
        } catch (Exception e) {
            logger.error("MAuth request validation failed for V2", e);
            throw new MAuthValidationException("MAuth request validation failed for V2", e);
        }
    }

    private boolean fallbackValidateSignatureV1(MAuthRequest mAuthRequest, PublicKey publicKey) {
        boolean z = false;
        if (mAuthRequest.getXmwsSignature() != null && mAuthRequest.getXmwsTime() != null) {
            z = validateSignatureV1(new MAuthRequest(mAuthRequest.getXmwsSignature(), mAuthRequest.getMessagePayload(), mAuthRequest.getHttpMethod(), mAuthRequest.getXmwsTime(), mAuthRequest.getResourcePath(), mAuthRequest.getQueryParameters()), publicKey);
            if (z) {
                logger.warn("Completed successful authentication attempt after fallback to V1");
            }
        }
        return z;
    }

    private void logAuthenticationRequest(MAuthRequest mAuthRequest) {
        logger.info(String.format("Mauth-client attempting to authenticate request from app with mauth app uuid %s using version %s.", mAuthRequest.getAppUUID(), mAuthRequest.getMauthVersion().getValue()));
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
