package org.stellar.anchor.sep10;

import com.moandjiezana.toml.Toml;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.stellar.anchor.config.AppConfig;
import org.stellar.anchor.config.Sep10Config;
import org.stellar.anchor.dto.sep10.ChallengeRequest;
import org.stellar.anchor.dto.sep10.ChallengeResponse;
import org.stellar.anchor.dto.sep10.ValidationRequest;
import org.stellar.anchor.dto.sep10.ValidationResponse;
import org.stellar.anchor.exception.SepException;
import org.stellar.anchor.exception.SepValidationException;
import org.stellar.anchor.horizon.Horizon;
import org.stellar.anchor.util.Log;
import org.stellar.anchor.util.NetUtil;
import org.stellar.sdk.FormatException;
import org.stellar.sdk.InvalidSep10ChallengeException;
import org.stellar.sdk.KeyPair;
import org.stellar.sdk.ManageDataOperation;
import org.stellar.sdk.Network;
import org.stellar.sdk.Operation;
import org.stellar.sdk.Sep10Challenge;
import org.stellar.sdk.TimeBounds;
import org.stellar.sdk.requests.ErrorResponse;
import org.stellar.sdk.responses.AccountResponse;

/* loaded from: input_file:org/stellar/anchor/sep10/Sep10Service.class */
public class Sep10Service {
    final AppConfig appConfig;
    final Sep10Config sep10Config;
    final Horizon horizon;
    final JwtService jwtService;
    final String serverAccountId;

    public Sep10Service(AppConfig appConfig, Sep10Config sep10Config, Horizon horizon, JwtService jwtService) {
        this.appConfig = appConfig;
        this.sep10Config = sep10Config;
        this.horizon = horizon;
        this.jwtService = jwtService;
        this.serverAccountId = KeyPair.fromSecretSeed(sep10Config.getSigningSeed()).getAccountId();
    }

    public ChallengeResponse createChallenge(ChallengeRequest challengeRequest) throws SepException {
        if (challengeRequest.getHomeDomain() == null) {
            challengeRequest.setHomeDomain(this.sep10Config.getHomeDomain());
        } else if (!this.sep10Config.getHomeDomain().equalsIgnoreCase(challengeRequest.getHomeDomain())) {
            throw new SepValidationException(String.format("home_domain [%s] is not supported.", challengeRequest.getHomeDomain()));
        }
        if (this.sep10Config.isClientAttributionRequired()) {
            if (challengeRequest.getClientDomain() == null) {
                Log.infoF("ALERT: client domain required and not provided", new Object[0]);
                throw new SepValidationException("client_domain is required");
            }
            List<String> clientAttributionDenyList = this.sep10Config.getClientAttributionDenyList();
            if (clientAttributionDenyList != null && clientAttributionDenyList.size() > 0 && clientAttributionDenyList.contains(challengeRequest.getClientDomain())) {
                Log.infoF("ALERT: client domain provided is in configured deny list - {} ", challengeRequest.getClientDomain());
                throw new SepValidationException("unable to process.");
            }
            List<String> clientAttributionAllowList = this.sep10Config.getClientAttributionAllowList();
            if (clientAttributionAllowList != null && clientAttributionAllowList.size() > 0 && !clientAttributionAllowList.contains(challengeRequest.getClientDomain())) {
                Log.infoF("ALERT: client domain provided is not in configured allow list - {} ", challengeRequest.getClientDomain());
                throw new SepValidationException("unable to process");
            }
        }
        try {
            KeyPair.fromAccountId(challengeRequest.getAccount());
            try {
                if (challengeRequest.getMemo() != null && Integer.parseInt(challengeRequest.getMemo()) <= 0) {
                    throw new SepValidationException(String.format("Invalid memo value: %s", challengeRequest.getMemo()));
                }
                try {
                    String str = null;
                    if (challengeRequest.getClientDomain() != null) {
                        str = getClientAccountId(challengeRequest.getClientDomain());
                    }
                    KeyPair fromSecretSeed = KeyPair.fromSecretSeed(this.sep10Config.getSigningSeed());
                    long currentTimeMillis = System.currentTimeMillis() / 1000;
                    return ChallengeResponse.of(Sep10Challenge.newChallenge(fromSecretSeed, new Network(this.appConfig.getStellarNetworkPassPhrase()), challengeRequest.getAccount(), challengeRequest.getHomeDomain(), getDomainFromURI(this.appConfig.getHostUrl()), new TimeBounds(currentTimeMillis, currentTimeMillis + this.sep10Config.getAuthTimeout().intValue()), challengeRequest.getClientDomain() == null ? "" : challengeRequest.getClientDomain(), str == null ? "" : str).toEnvelopeXdrBase64(), this.appConfig.getStellarNetworkPassPhrase());
                } catch (URISyntaxException e) {
                    throw new SepException(String.format("Invalid HOST_URL [%s} is used.", this.appConfig.getHostUrl()));
                } catch (InvalidSep10ChallengeException e2) {
                    throw new SepException("Failed to create the sep-10 challenge.", e2);
                }
            } catch (NumberFormatException e3) {
                throw new SepValidationException(String.format("Invalid memo format: %s", challengeRequest.getMemo()));
            }
        } catch (Exception e4) {
            Log.infoF("ALERT: client wallet account is invalid - {}", challengeRequest.getAccount());
            throw new SepValidationException("Invalid account.");
        }
    }

    public ValidationResponse validateChallenge(ValidationRequest validationRequest) throws IOException, InvalidSep10ChallengeException, URISyntaxException, SepValidationException {
        if (validationRequest == null || validationRequest.getTransaction() == null) {
            throw new SepValidationException("{transaction} is required.");
        }
        return ValidationResponse.of(generateSep10Jwt(validationRequest.getTransaction(), validateChallenge(validationRequest.getTransaction())));
    }

    public String validateChallenge(String str) throws IOException, InvalidSep10ChallengeException, URISyntaxException {
        Log.info("Parse challenge string.");
        Sep10Challenge.ChallengeTransaction readChallengeTransaction = Sep10Challenge.readChallengeTransaction(str, this.serverAccountId, new Network(this.appConfig.getStellarNetworkPassPhrase()), this.sep10Config.getHomeDomain(), getDomainFromURI(this.appConfig.getHostUrl()));
        Log.infoF("Challenge parsed. account={}, home_domain={}", Log.shorter(readChallengeTransaction.getClientAccountId()), readChallengeTransaction.getMatchedHomeDomain());
        String str2 = null;
        ManageDataOperation manageDataOperation = (Operation) Arrays.stream(readChallengeTransaction.getTransaction().getOperations()).filter(operation -> {
            return (operation instanceof ManageDataOperation) && ((ManageDataOperation) operation).getName().equals("client_domain");
        }).findFirst().orElse(null);
        if (manageDataOperation != null) {
            str2 = new String(manageDataOperation.getValue());
        }
        try {
            AccountResponse account = this.horizon.getServer().accounts().account(readChallengeTransaction.getClientAccountId());
            Set set = (Set) Arrays.stream(account.getSigners()).filter(signer -> {
                return signer.getType().equals("ed25519_public_key");
            }).map(signer2 -> {
                return new Sep10Challenge.Signer(signer2.getKey(), signer2.getWeight());
            }).collect(Collectors.toSet());
            int medThreshold = account.getThresholds().getMedThreshold();
            Log.infoF("Verifying challenge threshold. server_account={}, threshold={}, signers={}", Log.shorter(this.serverAccountId), Integer.valueOf(medThreshold), Integer.valueOf(set.size()));
            Sep10Challenge.verifyChallengeTransactionThreshold(str, this.serverAccountId, new Network(this.appConfig.getStellarNetworkPassPhrase()), this.sep10Config.getHomeDomain(), getDomainFromURI(this.appConfig.getHostUrl()), medThreshold, set);
            return str2;
        } catch (ErrorResponse e) {
            HashSet hashSet = new HashSet();
            hashSet.add(readChallengeTransaction.getClientAccountId());
            Log.infoF("Verifying challenge threshold. server_account={}, signers={}", Log.shorter(this.serverAccountId), Integer.valueOf(hashSet.size()));
            if ((str2 == null || readChallengeTransaction.getTransaction().getSignatures().size() == 3) && (str2 != null || readChallengeTransaction.getTransaction().getSignatures().size() == 2)) {
                Sep10Challenge.verifyChallengeTransactionSigners(str, this.serverAccountId, new Network(this.appConfig.getStellarNetworkPassPhrase()), this.sep10Config.getHomeDomain(), getDomainFromURI(this.appConfig.getHostUrl()), hashSet);
                return str2;
            }
            Log.infoF("ALERT: Invalid SEP 10 challenge exception, there is more than one client signer on challenge transaction for an account that doesn't exist", new Object[0]);
            throw new InvalidSep10ChallengeException("There is more than one client signer on challenge transaction for an account that doesn't exist");
        }
    }

    String getClientAccountId(String str) throws SepException {
        String str2 = "https://" + str + "/.well-known/stellar.toml";
        try {
            String fetch = NetUtil.fetch(str2);
            Log.debug("Fetched client_domain's stellar.toml.", fetch);
            String string = new Toml().read(fetch).getString("SIGNING_KEY");
            if (string == null) {
                throw new SepException("SIGNING_KEY not present in 'client_domain' TOML");
            }
            KeyPair.fromAccountId(string);
            return string;
        } catch (IOException e) {
            throw new SepException(String.format("Unable to read from %s", str2), e);
        } catch (IllegalArgumentException | FormatException e2) {
            throw new SepException(String.format("SIGNING_KEY %s is not a valid Stellar account Id.", ""));
        }
    }

    String generateSep10Jwt(String str, String str2) throws InvalidSep10ChallengeException, IOException, URISyntaxException {
        Sep10Challenge.ChallengeTransaction readChallengeTransaction = Sep10Challenge.readChallengeTransaction(str, this.serverAccountId, new Network(this.appConfig.getStellarNetworkPassPhrase()), this.sep10Config.getHomeDomain(), getDomainFromURI(this.appConfig.getHostUrl()));
        long minTime = readChallengeTransaction.getTransaction().getTimeBounds().getMinTime();
        return this.jwtService.encode(JwtToken.of(this.appConfig.getHostUrl() + "/auth", readChallengeTransaction.getClientAccountId(), minTime, minTime + this.sep10Config.getJwtTimeout().intValue(), readChallengeTransaction.getTransaction().hashHex(), str2));
    }

    String getDomainFromURI(String str) throws URISyntaxException {
        URI uri = new URI(str);
        return uri.getPort() < 0 ? uri.getHost() : uri.getHost() + ":" + uri.getPort();
    }
}
