package io.getlime.security.powerauth.rest.api.spring.provider;

import com.google.common.io.BaseEncoding;
import com.wultra.security.powerauth.client.PowerAuthClient;
import com.wultra.security.powerauth.client.model.error.PowerAuthClientException;
import com.wultra.security.powerauth.client.v3.SignatureType;
import com.wultra.security.powerauth.client.v3.ValidateTokenRequest;
import com.wultra.security.powerauth.client.v3.ValidateTokenResponse;
import com.wultra.security.powerauth.client.v3.VerifySignatureRequest;
import com.wultra.security.powerauth.client.v3.VerifySignatureResponse;
import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes;
import io.getlime.security.powerauth.http.PowerAuthHttpBody;
import io.getlime.security.powerauth.http.PowerAuthHttpHeader;
import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader;
import io.getlime.security.powerauth.http.PowerAuthTokenHttpHeader;
import io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException;
import io.getlime.security.powerauth.http.validator.PowerAuthSignatureHttpHeaderValidator;
import io.getlime.security.powerauth.http.validator.PowerAuthTokenHttpHeaderValidator;
import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthActivation;
import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication;
import io.getlime.security.powerauth.rest.api.spring.authentication.impl.PowerAuthActivationImpl;
import io.getlime.security.powerauth.rest.api.spring.authentication.impl.PowerAuthApiAuthenticationImpl;
import io.getlime.security.powerauth.rest.api.spring.authentication.impl.PowerAuthSignatureAuthenticationImpl;
import io.getlime.security.powerauth.rest.api.spring.authentication.impl.PowerAuthTokenAuthenticationImpl;
import io.getlime.security.powerauth.rest.api.spring.converter.v3.ActivationStatusConverter;
import io.getlime.security.powerauth.rest.api.spring.converter.v3.SignatureTypeConverter;
import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException;
import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthHeaderMissingException;
import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException;
import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureTypeInvalidException;
import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthTokenInvalidException;
import io.getlime.security.powerauth.rest.api.spring.model.ActivationStatus;
import io.getlime.security.powerauth.rest.api.spring.model.AuthenticationContext;
import io.getlime.security.powerauth.rest.api.spring.service.HttpCustomizationService;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthAuthenticationProvider.class */
public class PowerAuthAuthenticationProvider extends PowerAuthAuthenticationProviderBase {
    private static final Logger logger = LoggerFactory.getLogger(PowerAuthAuthenticationProvider.class);
    private final PowerAuthClient powerAuthClient;
    private final ActivationStatusConverter activationStatusConverter;
    private final HttpCustomizationService httpCustomizationService;

    @Autowired
    public PowerAuthAuthenticationProvider(PowerAuthClient powerAuthClient, ActivationStatusConverter activationStatusConverter, HttpCustomizationService httpCustomizationService) {
        this.powerAuthClient = powerAuthClient;
        this.activationStatusConverter = activationStatusConverter;
        this.httpCustomizationService = httpCustomizationService;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (authentication instanceof PowerAuthSignatureAuthenticationImpl) {
            return validateSignatureAuthentication((PowerAuthSignatureAuthenticationImpl) authentication);
        }
        if (authentication instanceof PowerAuthTokenAuthenticationImpl) {
            return validateTokenAuthentication((PowerAuthTokenAuthenticationImpl) authentication);
        }
        return null;
    }

    private PowerAuthApiAuthenticationImpl validateSignatureAuthentication(PowerAuthSignatureAuthenticationImpl powerAuthSignatureAuthenticationImpl) {
        SignatureType convertFrom;
        if (powerAuthSignatureAuthenticationImpl.getSignatureType() == null || (convertFrom = new SignatureTypeConverter().convertFrom(powerAuthSignatureAuthenticationImpl.getSignatureType())) == null) {
            return null;
        }
        VerifySignatureRequest verifySignatureRequest = new VerifySignatureRequest();
        verifySignatureRequest.setActivationId(powerAuthSignatureAuthenticationImpl.getActivationId());
        verifySignatureRequest.setApplicationKey(powerAuthSignatureAuthenticationImpl.getApplicationKey());
        verifySignatureRequest.setSignature(powerAuthSignatureAuthenticationImpl.getSignature());
        verifySignatureRequest.setSignatureType(convertFrom);
        verifySignatureRequest.setSignatureVersion(powerAuthSignatureAuthenticationImpl.getVersion());
        verifySignatureRequest.setData(PowerAuthHttpBody.getSignatureBaseString(powerAuthSignatureAuthenticationImpl.getHttpMethod(), powerAuthSignatureAuthenticationImpl.getRequestUri(), powerAuthSignatureAuthenticationImpl.getNonce(), powerAuthSignatureAuthenticationImpl.getData()));
        if (powerAuthSignatureAuthenticationImpl.getForcedSignatureVersion() != null) {
            verifySignatureRequest.setForcedSignatureVersion(Long.valueOf(powerAuthSignatureAuthenticationImpl.getForcedSignatureVersion().longValue()));
        }
        try {
            VerifySignatureResponse verifySignature = this.powerAuthClient.verifySignature(verifySignatureRequest, this.httpCustomizationService.getQueryParams(), this.httpCustomizationService.getHttpHeaders());
            ActivationStatus convertFrom2 = this.activationStatusConverter.convertFrom(verifySignature.getActivationStatus());
            AuthenticationContext authenticationContext = new AuthenticationContext();
            authenticationContext.setValid(verifySignature.isSignatureValid());
            authenticationContext.setRemainingAttempts(verifySignature.getRemainingAttempts() != null ? Integer.valueOf(verifySignature.getRemainingAttempts().intValue()) : null);
            authenticationContext.setSignatureType(verifySignature.getSignatureType() != null ? PowerAuthSignatureTypes.getEnumFromString(verifySignature.getSignatureType().value()) : null);
            return copyAuthenticationAttributes(verifySignature.getActivationId(), verifySignature.getUserId(), verifySignature.getApplicationId(), verifySignature.getApplicationRoles(), verifySignature.getActivationFlags(), authenticationContext, powerAuthSignatureAuthenticationImpl.getVersion(), powerAuthSignatureAuthenticationImpl.getHttpHeader(), copyActivationAttributes(verifySignature.getActivationId(), verifySignature.getUserId(), convertFrom2, verifySignature.getBlockedReason(), verifySignature.getActivationFlags(), authenticationContext, powerAuthSignatureAuthenticationImpl.getVersion()));
        } catch (PowerAuthClientException e) {
            logger.warn("Signature validation failed, error: {}", e.getMessage());
            logger.debug("Error details", e);
            return null;
        }
    }

    private PowerAuthApiAuthenticationImpl validateTokenAuthentication(PowerAuthTokenAuthenticationImpl powerAuthTokenAuthenticationImpl) {
        try {
            ValidateTokenRequest validateTokenRequest = new ValidateTokenRequest();
            validateTokenRequest.setTokenId(powerAuthTokenAuthenticationImpl.getTokenId());
            validateTokenRequest.setTokenDigest(powerAuthTokenAuthenticationImpl.getTokenDigest());
            validateTokenRequest.setNonce(powerAuthTokenAuthenticationImpl.getNonce());
            validateTokenRequest.setTimestamp(Long.parseLong(powerAuthTokenAuthenticationImpl.getTimestamp()));
            ValidateTokenResponse validateToken = this.powerAuthClient.validateToken(validateTokenRequest, this.httpCustomizationService.getQueryParams(), this.httpCustomizationService.getHttpHeaders());
            ActivationStatus convertFrom = this.activationStatusConverter.convertFrom(validateToken.getActivationStatus());
            AuthenticationContext authenticationContext = new AuthenticationContext();
            authenticationContext.setValid(validateToken.isTokenValid());
            authenticationContext.setRemainingAttempts(null);
            authenticationContext.setSignatureType(validateToken.getSignatureType() != null ? PowerAuthSignatureTypes.getEnumFromString(validateToken.getSignatureType().value()) : null);
            return copyAuthenticationAttributes(validateToken.getActivationId(), validateToken.getUserId(), validateToken.getApplicationId(), validateToken.getApplicationRoles(), validateToken.getActivationFlags(), authenticationContext, powerAuthTokenAuthenticationImpl.getVersion(), powerAuthTokenAuthenticationImpl.getHttpHeader(), copyActivationAttributes(validateToken.getActivationId(), validateToken.getUserId(), convertFrom, validateToken.getBlockedReason(), validateToken.getActivationFlags(), authenticationContext, powerAuthTokenAuthenticationImpl.getVersion()));
        } catch (NumberFormatException e) {
            logger.warn("Invalid timestamp format, error: {}", e.getMessage());
            logger.debug("Error details", e);
            return null;
        } catch (Exception e2) {
            logger.warn("Token validation failed, error: {}", e2.getMessage());
            logger.debug("Error details", e2);
            return null;
        }
    }

    private PowerAuthApiAuthenticationImpl copyAuthenticationAttributes(String str, String str2, String str3, List<String> list, List<String> list2, AuthenticationContext authenticationContext, String str4, PowerAuthHttpHeader powerAuthHttpHeader, PowerAuthActivation powerAuthActivation) {
        PowerAuthApiAuthenticationImpl powerAuthApiAuthenticationImpl = new PowerAuthApiAuthenticationImpl();
        powerAuthApiAuthenticationImpl.setActivationId(str);
        powerAuthApiAuthenticationImpl.setUserId(str2);
        powerAuthApiAuthenticationImpl.setApplicationId(str3);
        powerAuthApiAuthenticationImpl.setApplicationRoles(list);
        powerAuthApiAuthenticationImpl.setActivationFlags(list2);
        powerAuthApiAuthenticationImpl.setAuthenticationContext(authenticationContext);
        powerAuthApiAuthenticationImpl.setAuthenticated(true);
        powerAuthApiAuthenticationImpl.setVersion(str4);
        powerAuthApiAuthenticationImpl.setHttpHeader(powerAuthHttpHeader);
        powerAuthApiAuthenticationImpl.setActivationContext(powerAuthActivation);
        return powerAuthApiAuthenticationImpl;
    }

    private PowerAuthActivationImpl copyActivationAttributes(String str, String str2, ActivationStatus activationStatus, String str3, List<String> list, AuthenticationContext authenticationContext, String str4) {
        PowerAuthActivationImpl powerAuthActivationImpl = new PowerAuthActivationImpl();
        powerAuthActivationImpl.setActivationId(str);
        powerAuthActivationImpl.setUserId(str2);
        powerAuthActivationImpl.setActivationStatus(activationStatus);
        powerAuthActivationImpl.setBlockedReason(str3);
        powerAuthActivationImpl.setActivationFlags(list);
        powerAuthActivationImpl.setAuthenticationContext(authenticationContext);
        powerAuthActivationImpl.setVersion(str4);
        return powerAuthActivationImpl;
    }

    @Override // io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthAuthenticationProviderBase
    public PowerAuthApiAuthentication validateRequestSignature(@Nonnull String str, @Nullable byte[] bArr, @Nonnull String str2, @Nonnull String str3, @Nonnull List<PowerAuthSignatureTypes> list, @Nullable Integer num) throws PowerAuthAuthenticationException {
        PowerAuthApiAuthentication validateRequestSignatureWithActivationDetails = validateRequestSignatureWithActivationDetails(str, bArr, str2, str3, list, num);
        if (validateRequestSignatureWithActivationDetails.getAuthenticationContext().isValid()) {
            return validateRequestSignatureWithActivationDetails;
        }
        return null;
    }

    @Override // io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthAuthenticationProviderBase
    @Nonnull
    public PowerAuthApiAuthentication validateRequestSignatureWithActivationDetails(@Nonnull String str, @Nullable byte[] bArr, @Nonnull String str2, @Nonnull String str3, @Nonnull List<PowerAuthSignatureTypes> list, @Nullable Integer num) throws PowerAuthAuthenticationException {
        if (str3.equals("undefined")) {
            logger.warn("Signature HTTP header is missing");
            throw new PowerAuthHeaderMissingException();
        }
        PowerAuthHttpHeader fromValue = new PowerAuthSignatureHttpHeader().fromValue(str3);
        try {
            PowerAuthSignatureHttpHeaderValidator.validate(fromValue);
            PowerAuthSignatureTypes enumFromString = PowerAuthSignatureTypes.getEnumFromString(fromValue.getSignatureType());
            if (enumFromString == null || !list.contains(enumFromString)) {
                logger.warn("Invalid signature type: {}", enumFromString);
                throw new PowerAuthSignatureTypeInvalidException();
            }
            PowerAuthSignatureAuthenticationImpl powerAuthSignatureAuthenticationImpl = new PowerAuthSignatureAuthenticationImpl();
            powerAuthSignatureAuthenticationImpl.setActivationId(fromValue.getActivationId());
            powerAuthSignatureAuthenticationImpl.setApplicationKey(fromValue.getApplicationKey());
            powerAuthSignatureAuthenticationImpl.setNonce(BaseEncoding.base64().decode(fromValue.getNonce()));
            powerAuthSignatureAuthenticationImpl.setSignatureType(fromValue.getSignatureType());
            powerAuthSignatureAuthenticationImpl.setSignature(fromValue.getSignature());
            powerAuthSignatureAuthenticationImpl.setHttpMethod(str);
            powerAuthSignatureAuthenticationImpl.setRequestUri(str2);
            powerAuthSignatureAuthenticationImpl.setData(bArr);
            powerAuthSignatureAuthenticationImpl.setVersion(fromValue.getVersion());
            powerAuthSignatureAuthenticationImpl.setHttpHeader(fromValue);
            powerAuthSignatureAuthenticationImpl.setForcedSignatureVersion(num);
            PowerAuthApiAuthentication authenticate = authenticate(powerAuthSignatureAuthenticationImpl);
            if (authenticate != null) {
                return authenticate;
            }
            logger.debug("Signature validation failed");
            throw new PowerAuthSignatureInvalidException();
        } catch (InvalidPowerAuthHttpHeaderException e) {
            logger.warn("Signature HTTP header validation failed, error: {}", e.getMessage());
            logger.debug(e.getMessage(), e);
            throw new PowerAuthSignatureInvalidException();
        }
    }

    @Override // io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthAuthenticationProviderBase
    @Nullable
    public PowerAuthApiAuthentication validateToken(@Nonnull String str, @Nonnull List<PowerAuthSignatureTypes> list) throws PowerAuthAuthenticationException {
        PowerAuthApiAuthentication validateTokenWithActivationDetails = validateTokenWithActivationDetails(str, list);
        if (validateTokenWithActivationDetails.getAuthenticationContext().isValid()) {
            return validateTokenWithActivationDetails;
        }
        return null;
    }

    @Override // io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthAuthenticationProviderBase
    @Nonnull
    public PowerAuthApiAuthentication validateTokenWithActivationDetails(@Nonnull String str, @Nonnull List<PowerAuthSignatureTypes> list) throws PowerAuthAuthenticationException {
        if (str.equals("undefined")) {
            logger.warn("Token HTTP header is missing");
            throw new PowerAuthHeaderMissingException();
        }
        PowerAuthHttpHeader fromValue = new PowerAuthTokenHttpHeader().fromValue(str);
        try {
            PowerAuthTokenHttpHeaderValidator.validate(fromValue);
            PowerAuthTokenAuthenticationImpl powerAuthTokenAuthenticationImpl = new PowerAuthTokenAuthenticationImpl();
            powerAuthTokenAuthenticationImpl.setTokenId(fromValue.getTokenId());
            powerAuthTokenAuthenticationImpl.setTokenDigest(fromValue.getTokenDigest());
            powerAuthTokenAuthenticationImpl.setNonce(fromValue.getNonce());
            powerAuthTokenAuthenticationImpl.setTimestamp(fromValue.getTimestamp());
            powerAuthTokenAuthenticationImpl.setVersion(fromValue.getVersion());
            powerAuthTokenAuthenticationImpl.setHttpHeader(fromValue);
            PowerAuthApiAuthentication authenticate = authenticate(powerAuthTokenAuthenticationImpl);
            if (authenticate == null) {
                logger.debug("Invalid token value");
                throw new PowerAuthTokenInvalidException();
            }
            PowerAuthSignatureTypes signatureType = authenticate.getAuthenticationContext().getSignatureType();
            if (signatureType != null && list.contains(signatureType)) {
                return authenticate;
            }
            logger.warn("Invalid signature type in token validation: {}", signatureType);
            throw new PowerAuthSignatureTypeInvalidException();
        } catch (InvalidPowerAuthHttpHeaderException e) {
            logger.warn("Token validation failed, error: {}", e.getMessage());
            logger.debug(e.getMessage(), e);
            throw new PowerAuthTokenInvalidException();
        }
    }
}
