package com.uid2.shared.secure;

import com.uid2.shared.secure.gcpoidc.IPolicyValidator;
import com.uid2.shared.secure.gcpoidc.ITokenSignatureValidator;
import com.uid2.shared.secure.gcpoidc.PolicyValidator;
import com.uid2.shared.secure.gcpoidc.TokenPayload;
import com.uid2.shared.secure.gcpoidc.TokenSignatureValidator;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/uid2/shared/secure/GcpOidcCoreAttestationService.class */
public class GcpOidcCoreAttestationService implements ICoreAttestationService {
    private static final Logger LOGGER = LoggerFactory.getLogger(GcpOidcCoreAttestationService.class);
    private final ITokenSignatureValidator tokenSignatureValidator;
    private final List<IPolicyValidator> supportedPolicyValidators;
    private final Set<String> allowedEnclaveIds;

    public GcpOidcCoreAttestationService(String str) {
        this(new TokenSignatureValidator(), Arrays.asList(new PolicyValidator(str)));
    }

    protected GcpOidcCoreAttestationService(ITokenSignatureValidator iTokenSignatureValidator, List<IPolicyValidator> list) {
        this.allowedEnclaveIds = new HashSet();
        this.tokenSignatureValidator = iTokenSignatureValidator;
        this.supportedPolicyValidators = list;
    }

    @Override // com.uid2.shared.secure.ICoreAttestationService
    public void attest(byte[] bArr, byte[] bArr2, Handler<AsyncResult<AttestationResult>> handler) {
        try {
            String str = new String(bArr, StandardCharsets.US_ASCII);
            LOGGER.debug("Validating signature...");
            String validate = validate(this.tokenSignatureValidator.validate(str));
            if (validate != null) {
                LOGGER.info("Successfully attested gcp-oidc against registered enclaves, enclave id: " + validate);
                handler.handle(Future.succeededFuture(new AttestationResult(bArr2, validate)));
            } else {
                LOGGER.warn("Can not find registered gcp-oidc enclave id.");
                handler.handle(Future.succeededFuture(new AttestationResult(AttestationFailure.FORBIDDEN_ENCLAVE)));
            }
        } catch (AttestationClientException e) {
            handler.handle(Future.succeededFuture(new AttestationResult(e)));
        } catch (AttestationException e2) {
            handler.handle(Future.failedFuture(e2));
        } catch (Exception e3) {
            handler.handle(Future.failedFuture(new AttestationException(e3)));
        }
    }

    @Override // com.uid2.shared.secure.ICoreAttestationService
    public void registerEnclave(String str) throws AttestationException {
        try {
            this.allowedEnclaveIds.add(str);
        } catch (Exception e) {
            throw new AttestationException(e);
        }
    }

    @Override // com.uid2.shared.secure.ICoreAttestationService
    public void unregisterEnclave(String str) throws AttestationException {
        try {
            this.allowedEnclaveIds.remove(str);
        } catch (Exception e) {
            throw new AttestationException(e);
        }
    }

    @Override // com.uid2.shared.secure.ICoreAttestationService
    public Collection<String> getEnclaveAllowlist() {
        return this.allowedEnclaveIds;
    }

    private String validate(TokenPayload tokenPayload) throws Exception {
        String validate;
        Exception exc = null;
        for (IPolicyValidator iPolicyValidator : this.supportedPolicyValidators) {
            LOGGER.info("Validating policy... Validator version: " + iPolicyValidator.getVersion());
            try {
                validate = iPolicyValidator.validate(tokenPayload);
                LOGGER.info("Validator version: " + iPolicyValidator.getVersion() + ", result: " + validate);
            } catch (Exception e) {
                exc = e;
                LOGGER.warn("Fail to validator version: " + iPolicyValidator.getVersion() + ", error :" + e.getMessage());
            }
            if (this.allowedEnclaveIds.contains(validate)) {
                LOGGER.info("Successfully attested gcp-oidc against registered enclaves");
                return validate;
            }
            LOGGER.warn("Got unsupported gcp-oidc enclave id: " + validate);
        }
        if (exc != null) {
            throw exc;
        }
        return null;
    }
}
