package com.uid2.shared.secure;

import com.uid2.shared.secure.nitro.AttestationDocument;
import com.uid2.shared.secure.nitro.AttestationRequest;
import com.uid2.shared.util.UrlEquivalenceValidator;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/uid2/shared/secure/NitroCoreAttestationService.class */
public class NitroCoreAttestationService implements ICoreAttestationService {
    private final String attestationUrl;
    private final Set<NitroEnclaveIdentifier> allowedEnclaveIds = new HashSet();
    private final ICertificateProvider certificateProvider;
    private static final Logger LOGGER = LoggerFactory.getLogger(NitroCoreAttestationService.class);

    public NitroCoreAttestationService(ICertificateProvider iCertificateProvider, String str) {
        this.attestationUrl = str;
        this.certificateProvider = iCertificateProvider;
    }

    @Override // com.uid2.shared.secure.ICoreAttestationService
    public void attest(byte[] bArr, byte[] bArr2, Handler<AsyncResult<AttestationResult>> handler) {
        try {
            AttestationRequest createFrom = AttestationRequest.createFrom(bArr);
            handler.handle(Future.succeededFuture(attestInternal(bArr2, createFrom, createFrom.getAttestationDocument())));
        } catch (AttestationClientException e) {
            handler.handle(Future.succeededFuture(new AttestationResult(e)));
        } catch (Exception e2) {
            handler.handle(Future.failedFuture(new AttestationException(e2)));
        }
    }

    private AttestationResult attestInternal(byte[] bArr, AttestationRequest attestationRequest, AttestationDocument attestationDocument) throws Exception {
        if (!attestationRequest.verifyData()) {
            return new AttestationResult(AttestationFailure.BAD_PAYLOAD);
        }
        if (bArr != null && bArr.length > 0 && !Arrays.equals(bArr, attestationDocument.getPublicKey())) {
            return new AttestationResult(AttestationFailure.BAD_PAYLOAD);
        }
        if (!attestationRequest.verifyCertChain(this.certificateProvider.getRootCertificate())) {
            return new AttestationResult(AttestationFailure.BAD_CERTIFICATE);
        }
        String userDataString = attestationDocument.getUserDataString();
        if (userDataString != null && !userDataString.isEmpty() && !UrlEquivalenceValidator.areUrlsEquivalent(this.attestationUrl, userDataString).booleanValue()) {
            return new AttestationResult(AttestationFailure.UNKNOWN_ATTESTATION_URL);
        }
        NitroEnclaveIdentifier fromRaw = NitroEnclaveIdentifier.fromRaw(attestationDocument.getPcr(0));
        if (!this.allowedEnclaveIds.contains(fromRaw)) {
            return new AttestationResult(AttestationFailure.FORBIDDEN_ENCLAVE);
        }
        LOGGER.info("Successfully attested aws-nitro against registered enclaves, enclave id: " + fromRaw.toString());
        return new AttestationResult(attestationDocument.getPublicKey(), fromRaw.toString());
    }

    @Override // com.uid2.shared.secure.ICoreAttestationService
    public void registerEnclave(String str) throws AttestationException {
        try {
            Base64.getDecoder().decode(str);
            addIdentifier(NitroEnclaveIdentifier.fromBase64(str));
        } catch (Exception e) {
            throw new AttestationException(e);
        }
    }

    @Override // com.uid2.shared.secure.ICoreAttestationService
    public void unregisterEnclave(String str) throws AttestationException {
        try {
            Base64.getDecoder().decode(str);
            removeIdentifier(NitroEnclaveIdentifier.fromBase64(str));
        } catch (Exception e) {
            throw new AttestationException(e);
        }
    }

    @Override // com.uid2.shared.secure.ICoreAttestationService
    public Collection<String> getEnclaveAllowlist() {
        return (Collection) this.allowedEnclaveIds.stream().map(nitroEnclaveIdentifier -> {
            return nitroEnclaveIdentifier.toString();
        }).collect(Collectors.toList());
    }

    public void addIdentifier(NitroEnclaveIdentifier nitroEnclaveIdentifier) {
        this.allowedEnclaveIds.add(nitroEnclaveIdentifier);
    }

    public void removeIdentifier(NitroEnclaveIdentifier nitroEnclaveIdentifier) {
        this.allowedEnclaveIds.remove(nitroEnclaveIdentifier);
    }
}
