package com.uid2.shared.secure;

import com.google.auth.oauth2.GoogleCredentials;
import com.uid2.shared.Utils;
import com.uid2.shared.secure.gcp.InstanceDocument;
import com.uid2.shared.secure.gcp.InstanceDocumentVerifier;
import com.uid2.shared.secure.gcp.VmConfigId;
import com.uid2.shared.secure.gcp.VmConfigVerifier;
import io.grpc.LoadBalancerRegistry;
import io.grpc.internal.PickFirstLoadBalancerProvider;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/uid2/shared/secure/GcpVmidCoreAttestationService.class */
public class GcpVmidCoreAttestationService implements ICoreAttestationService {
    private static final Logger LOGGER = LoggerFactory.getLogger(GcpVmidCoreAttestationService.class);
    private final VmConfigVerifier vmConfigVerifier;
    private final InstanceDocumentVerifier idVerifier = new InstanceDocumentVerifier();
    private final Set<String> allowedVmConfigIds = new HashSet();

    public GcpVmidCoreAttestationService(GoogleCredentials googleCredentials, Set<String> set) throws Exception {
        LoadBalancerRegistry.getDefaultRegistry().register(new PickFirstLoadBalancerProvider());
        this.vmConfigVerifier = new VmConfigVerifier(googleCredentials, set);
        LOGGER.info("Using Google Service Account: " + googleCredentials.toString());
    }

    @Override // com.uid2.shared.secure.ICoreAttestationService
    public void attest(byte[] bArr, byte[] bArr2, Handler<AsyncResult<AttestationResult>> handler) {
        try {
            InstanceDocument verify = this.idVerifier.verify(new String(bArr, StandardCharsets.US_ASCII));
            LOGGER.debug("Validating Instance Confidentiality...");
            if (!verify.getInstanceConfidentiality()) {
                handler.handle(Future.failedFuture(new AttestationException("not on confidential vm")));
                return;
            }
            LOGGER.debug("Validating client public key...");
            try {
                if (!Arrays.equals(Utils.decodeBase64String(verify.getAudience()), bArr2)) {
                    handler.handle(Future.failedFuture(new AttestationException("Invalid or mismatched client public key")));
                    return;
                }
                LOGGER.debug("Validating VmConfig...");
                try {
                    VmConfigId vmConfigId = this.vmConfigVerifier.getVmConfigId(verify);
                    if (!vmConfigId.isValid()) {
                        handler.handle(Future.failedFuture(new AttestationException(vmConfigId.getProjectId() == null ? vmConfigId.getFailedReason() : vmConfigId.getProjectId() + " @ " + vmConfigId.getFailedReason())));
                        return;
                    }
                    LOGGER.debug("VmConfigId = " + String.valueOf(vmConfigId) + ", validating against " + this.allowedVmConfigIds.size() + " registered enclaves");
                    if (!this.allowedVmConfigIds.contains(vmConfigId.getValue())) {
                        handler.handle(Future.failedFuture(new AttestationException("unauthorized vmConfigId")));
                    } else {
                        LOGGER.debug("Successfully attested VmConfigId against registered enclaves");
                        handler.handle(Future.succeededFuture(new AttestationResult(bArr2, vmConfigId.getValue())));
                    }
                } catch (Exception e) {
                    handler.handle(Future.failedFuture(new AttestationException(e)));
                }
            } catch (Exception e2) {
                handler.handle(Future.failedFuture(new AttestationException(e2)));
            }
        } catch (Exception e3) {
            handler.handle(Future.failedFuture(new AttestationException(e3)));
        }
    }

    @Override // com.uid2.shared.secure.ICoreAttestationService
    public void registerEnclave(String str) throws AttestationException {
        try {
            this.allowedVmConfigIds.add(str);
        } catch (Exception e) {
            LOGGER.error("registerEnclave", e);
            throw new AttestationException(e);
        }
    }

    @Override // com.uid2.shared.secure.ICoreAttestationService
    public void unregisterEnclave(String str) throws AttestationException {
        try {
            this.allowedVmConfigIds.remove(str);
        } catch (Exception e) {
            throw new AttestationException(e);
        }
    }

    @Override // com.uid2.shared.secure.ICoreAttestationService
    public Collection<String> getEnclaveAllowlist() {
        return this.allowedVmConfigIds;
    }
}
