package com.github.dbadia.sqrl.server.backchannel;

import com.github.dbadia.sqrl.server.SqrlConfig;
import com.github.dbadia.sqrl.server.SqrlPersistence;
import com.github.dbadia.sqrl.server.backchannel.SqrlTif;
import com.github.dbadia.sqrl.server.exception.SqrlInvalidRequestException;
import com.github.dbadia.sqrl.server.exception.SqrlNutTokenReplayedException;
import com.github.dbadia.sqrl.server.util.SqrlConstants;
import com.github.dbadia.sqrl.server.util.SqrlException;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.URI;
import java.net.UnknownHostException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/dbadia/sqrl/server/backchannel/SqrlNutTokenUtil.class */
public class SqrlNutTokenUtil {
    private static final Logger logger = LoggerFactory.getLogger(SqrlNutTokenUtil.class);
    private static final int IPV6_TO_PACK_BYTES = 4;

    private SqrlNutTokenUtil() {
    }

    public static int inetAddressToInt(URI uri, InetAddress inetAddress, SqrlConfig sqrlConfig) throws SqrlException {
        String scheme = uri.getScheme();
        if (!scheme.equals(SqrlConstants.SCHEME_HTTPS) && !scheme.equals(SqrlConstants.SCHEME_SQRL)) {
            if (scheme.equals(SqrlConstants.SCHEME_HTTP) || scheme.equals(SqrlConstants.SCHEME_QRL)) {
                return 0;
            }
            throw new SqrlException("Unsupported scheme " + scheme);
        }
        if (inetAddress instanceof Inet4Address) {
            return pack(inetAddress.getAddress());
        }
        if (inetAddress instanceof Inet6Address) {
            return packInet6Address((Inet6Address) inetAddress, sqrlConfig);
        }
        throw new SqrlException("Unknown InetAddress type of " + inetAddress.getClass());
    }

    public static boolean validateInetAddress(InetAddress inetAddress, int i, SqrlConfig sqrlConfig) throws SqrlException {
        if (i == 0) {
            return false;
        }
        if (inetAddress instanceof Inet4Address) {
            try {
                return inetAddress.equals(InetAddress.getByAddress(unpack(i)));
            } catch (UnknownHostException e) {
                throw new SqrlException("Got UnknownHostException for inet " + i, e);
            }
        }
        if (inetAddress instanceof Inet6Address) {
            return packInet6Address((Inet6Address) inetAddress, sqrlConfig) == i;
        }
        throw new SqrlException("Unknown InetAddress type of " + inetAddress.getClass());
    }

    static int pack(byte[] bArr) {
        int i = 0;
        for (byte b : bArr) {
            i = (i << 8) | (b & 255);
        }
        return i;
    }

    static byte[] unpack(int i) {
        return new byte[]{(byte) ((i >>> 24) & 255), (byte) ((i >>> 16) & 255), (byte) ((i >>> 8) & 255), (byte) (i & 255)};
    }

    public static void validateNut(String str, SqrlNutToken sqrlNutToken, SqrlConfig sqrlConfig, SqrlPersistence sqrlPersistence, SqrlTif.TifBuilder tifBuilder) throws SqrlException {
        long computeNutExpiresAt = computeNutExpiresAt(sqrlNutToken, sqrlConfig);
        long currentTimeMillis = System.currentTimeMillis();
        if (logger.isDebugEnabled()) {
            logger.debug("{} Now={}, nutExpiry={}", new Object[]{SqrlLoggingUtil.getLogHeader(), new Date(currentTimeMillis), new Date(computeNutExpiresAt)});
        }
        if (currentTimeMillis > computeNutExpiresAt) {
            tifBuilder.addFlag(32);
            throw new SqrlInvalidRequestException(SqrlLoggingUtil.getLogHeader() + "Nut expired by " + (computeNutExpiresAt - currentTimeMillis) + "ms, nut timetamp ms=" + sqrlNutToken.getIssuedTimestampMillis() + ", expiry is set to " + sqrlConfig.getNutValidityInSeconds() + " seconds");
        }
        String asSqrlBase64EncryptedNut = sqrlNutToken.asSqrlBase64EncryptedNut();
        if (sqrlPersistence.hasTokenBeenUsed(asSqrlBase64EncryptedNut)) {
            throw new SqrlNutTokenReplayedException(SqrlLoggingUtil.getLogHeader() + "Nut token was replayed " + sqrlNutToken);
        }
        sqrlPersistence.markTokenAsUsed(asSqrlBase64EncryptedNut, new Date(computeNutExpiresAt));
    }

    public static long computeNutExpiresAt(SqrlNutToken sqrlNutToken, SqrlConfig sqrlConfig) {
        return sqrlNutToken.getIssuedTimestampMillis() + (sqrlConfig.getNutValidityInSeconds() * 1000);
    }

    private static int packInet6Address(Inet6Address inet6Address, SqrlConfig sqrlConfig) throws SqrlException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(sqrlConfig.getAESKeyBytes());
            byte[] digest = messageDigest.digest(inet6Address.getAddress());
            byte[] bArr = new byte[4];
            System.arraycopy(digest, digest.length - 4, bArr, 0, 4);
            int pack = pack(bArr);
            logger.debug("IPV6 {} compressed and packed to {}", inet6Address, Integer.valueOf(pack));
            return pack;
        } catch (NoSuchAlgorithmException e) {
            throw new SqrlException("Error occured while hashing IPV6 address", e);
        }
    }
}
