package com.github.dbadia.sqrl.server.backchannel;

import com.github.dbadia.sqrl.server.SqrlConfigOperations;
import com.github.dbadia.sqrl.server.SqrlPersistence;
import com.github.dbadia.sqrl.server.exception.SqrlInvalidRequestException;
import com.github.dbadia.sqrl.server.util.SqrlConstants;
import com.github.dbadia.sqrl.server.util.SqrlException;
import com.github.dbadia.sqrl.server.util.SqrlIllegalDataException;
import com.github.dbadia.sqrl.server.util.SqrlSanitize;
import com.github.dbadia.sqrl.server.util.SqrlUtil;
import java.io.BufferedReader;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/dbadia/sqrl/server/backchannel/SqrlClientRequest.class */
public class SqrlClientRequest {
    private static final Logger logger = LoggerFactory.getLogger(SqrlClientRequest.class);
    private static final String NUT_EQUALS = "nut=";
    private final String sqrlProtocolVersion;
    private final SqrlNutToken nut;
    private final String clientCommand;
    private final Map<String, byte[]> clientKeys = new ConcurrentHashMap();
    private final Map<String, String> clientKeysBsse64 = new ConcurrentHashMap();
    private final List<SqrlClientOpt> optList = new ArrayList();
    private final HttpServletRequest servletRequest;
    private final String clientParam;
    private final String serverParam;
    private final String correlator;

    public SqrlClientRequest(HttpServletRequest httpServletRequest, SqrlPersistence sqrlPersistence, SqrlConfigOperations sqrlConfigOperations) throws SqrlException {
        this.servletRequest = httpServletRequest;
        this.clientParam = getRequiredParameter(httpServletRequest, "client");
        this.serverParam = getRequiredParameter(httpServletRequest, "server");
        this.nut = new SqrlNutToken(sqrlConfigOperations, extractFromSqrlCsvString(this.serverParam, NUT_EQUALS));
        String base64UrlDecodeToString = SqrlUtil.base64UrlDecodeToString(this.clientParam);
        this.correlator = extractFromSqrlCsvString(this.serverParam, SqrlConstants.CLIENT_PARAM_CORRELATOR);
        Map<String, String> parseLinesToNameValueMap = parseLinesToNameValueMap(base64UrlDecodeToString);
        this.sqrlProtocolVersion = parseLinesToNameValueMap.get(SqrlConstants.CLIENT_PARAM_VER);
        if (!"1".equals(this.sqrlProtocolVersion)) {
            throw new SqrlInvalidRequestException("Unsupported SQRL Client version " + this.sqrlProtocolVersion, null);
        }
        String str = parseLinesToNameValueMap.get(SqrlConstants.CLIENT_PARAM_OPT);
        if (SqrlUtil.isNotBlank(str)) {
            for (String str2 : str.split("~")) {
                try {
                    this.optList.add(SqrlClientOpt.valueOf(str2));
                } catch (IllegalArgumentException e) {
                    throw new SqrlException("Unknown SQRL client option '" + str2 + "'", e);
                }
            }
        }
        for (Map.Entry<String, String> entry : parseLinesToNameValueMap(base64UrlDecodeToString).entrySet()) {
            if (SqrlConstants.getAllKeyTypes().contains(entry.getKey())) {
                this.clientKeys.put(entry.getKey(), SqrlUtil.base64UrlDecode(entry.getValue()));
                this.clientKeysBsse64.put(entry.getKey(), entry.getValue());
            }
        }
        String fetchTransientAuthData = sqrlPersistence.fetchTransientAuthData(this.correlator, SqrlConstants.TRANSIENT_NAME_SERVER_PARROT);
        if (SqrlUtil.isBlank(fetchTransientAuthData)) {
            throw new SqrlException("Server parrot was not found in persistence");
        }
        if (!fetchTransientAuthData.equals(this.serverParam)) {
            if (logger.isDebugEnabled()) {
                logger.debug("Server parrot mismatch, possible tampering.  Nut compare: Expected={}, Received={}", new SqrlNutToken(sqrlConfigOperations, extractFromSqrlCsvString(fetchTransientAuthData, NUT_EQUALS)), new SqrlNutToken(sqrlConfigOperations, extractFromSqrlCsvString(this.serverParam, NUT_EQUALS)));
            }
            if (logger.isInfoEnabled()) {
                logger.info("Server parrot mismatch, possible tampering.  Expected={}, Received={}", fetchTransientAuthData, this.serverParam);
            }
            throw new SqrlException("Server parrot mismatch, possible tampering");
        }
        boolean z = false;
        for (String str3 : SqrlConstants.getAllSignatureTypes()) {
            String parameter = httpServletRequest.getParameter(str3);
            if (SqrlUtil.isNotBlank(parameter)) {
                validateSignature(SqrlConstants.getSignatureToKeyParamTable().get(str3), parameter);
                if (str3.equals(SqrlConstants.SIGNATURE_TYPE_IDS)) {
                    z = true;
                }
            }
        }
        if (!z) {
            throw new SqrlInvalidRequestException("ids was missing in SQRL client request: " + parseLinesToNameValueMap);
        }
        this.clientCommand = parseLinesToNameValueMap.get(SqrlConstants.CLIENT_PARAM_CMD);
    }

    public static String parseCorrelatorOnly(HttpServletRequest httpServletRequest) throws SqrlException {
        return extractFromSqrlCsvString(getRequiredParameter(httpServletRequest, "server"), SqrlConstants.CLIENT_PARAM_CORRELATOR);
    }

    private static String getRequiredParameter(HttpServletRequest httpServletRequest, String str) throws SqrlInvalidRequestException, SqrlIllegalDataException {
        String parameter = httpServletRequest.getParameter(str);
        if (parameter == null || parameter.trim().length() == 0) {
            throw new SqrlInvalidRequestException("Missing required parameter " + str + ".  Request contained: " + SqrlUtil.buildRequestParamList(httpServletRequest));
        }
        SqrlSanitize.inspectIncomingSqrlData(parameter);
        return parameter;
    }

    static String extractFromSqrlCsvString(String str, String str2) throws SqrlException {
        String base64UrlDecodeToString = SqrlUtil.base64UrlDecodeToString(str);
        String str3 = str2;
        if (!str2.endsWith("=")) {
            str3 = str3 + "=";
        }
        int indexOf = base64UrlDecodeToString.indexOf(str3);
        if (indexOf == -1) {
            throw new SqrlException("Could not find " + str3 + " in server parrot: " + base64UrlDecodeToString);
        }
        String substring = base64UrlDecodeToString.substring(indexOf + str3.length());
        int indexOf2 = substring.indexOf(SqrlClientReply.SEPARATOR);
        if (indexOf2 > -1) {
            substring = substring.substring(0, indexOf2);
        }
        int indexOf3 = substring.indexOf(38);
        if (indexOf3 > -1) {
            substring = substring.substring(0, indexOf3);
        }
        SqrlSanitize.inspectIncomingSqrlData(substring);
        return substring;
    }

    private void validateSignature(String str, String str2) throws SqrlException {
        byte[] base64UrlDecode = SqrlUtil.base64UrlDecode(str2);
        try {
            byte[] bArr = this.clientKeys.get(str);
            if (bArr == null) {
                throw new SqrlInvalidRequestException(SqrlLoggingUtil.getLogHeader() + str + " not found in client param: " + this.clientParam);
            }
            if (!SqrlUtil.verifyED25519(base64UrlDecode, (this.clientParam + this.serverParam).getBytes(), bArr)) {
                throw new SqrlInvalidRequestException(SqrlLoggingUtil.getLogHeader() + "Signature for " + str + " was invalid");
            }
        } catch (SqrlException e) {
            throw e;
        } catch (Exception e2) {
            throw new SqrlException(SqrlLoggingUtil.getLogHeader() + "Error computing signature for " + str, e2);
        }
    }

    private Map<String, String> parseLinesToNameValueMap(String str) throws SqrlException {
        TreeMap treeMap = new TreeMap();
        BufferedReader bufferedReader = new BufferedReader(new StringReader(str));
        try {
            for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                String[] split = readLine.split("=");
                if (split.length != 2) {
                    logger.info("Received empty param " + readLine);
                } else {
                    treeMap.put(split[0], split[1]);
                }
            }
            return treeMap;
        } catch (Exception e) {
            throw new SqrlException("Exception parsing decoded <" + str + ">", e);
        }
    }

    public String getClientCommand() {
        return this.clientCommand;
    }

    public SqrlNutToken getNut() {
        return this.nut;
    }

    public Map<String, String> getKeysToBeStored() {
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap(this.clientKeysBsse64);
        concurrentHashMap.remove(SqrlConstants.SQRL_KEY_TYPE_IDENTITY);
        concurrentHashMap.remove(SqrlConstants.KEY_TYPE_PREVIOUS_IDENTITY);
        return concurrentHashMap;
    }

    public String getIdk() {
        return this.clientKeysBsse64.get(SqrlConstants.SQRL_KEY_TYPE_IDENTITY);
    }

    public boolean hasPidk() {
        return this.clientKeysBsse64.containsKey(SqrlConstants.KEY_TYPE_PREVIOUS_IDENTITY);
    }

    public String getPidk() {
        return this.clientKeysBsse64.get(SqrlConstants.KEY_TYPE_PREVIOUS_IDENTITY);
    }

    public List<SqrlClientOpt> getOptList() {
        return this.optList;
    }

    String getSqrlProtocolVersion() {
        return this.sqrlProtocolVersion;
    }

    public String getCorrelator() {
        return this.correlator;
    }

    public boolean containsUrs() {
        return SqrlUtil.isNotBlank(this.servletRequest.getParameter("urs"));
    }
}
