package com.uid2.shared.attest;

import com.uid2.enclave.IAttestationProvider;
import com.uid2.shared.ApplicationVersion;
import com.uid2.shared.Const;
import com.uid2.shared.IClock;
import com.uid2.shared.InstantClock;
import com.uid2.shared.util.URLConnectionHttpClient;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.json.Json;
import io.vertx.core.json.JsonObject;
import java.io.IOException;
import java.net.Proxy;
import java.net.http.HttpResponse;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.time.Instant;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.utils.Pair;

/* loaded from: input_file:com/uid2/shared/attest/AttestationResponseHandler.class */
public class AttestationResponseHandler {
    private static final Logger LOGGER = LoggerFactory.getLogger(AttestationResponseHandler.class);
    private final IAttestationProvider attestationProvider;
    private final String clientApiToken;
    private final String operatorType;
    private final ApplicationVersion appVersion;
    private final AtomicReference<String> attestationToken;
    private final AtomicReference<String> optOutJwt;
    private final AtomicReference<String> coreJwt;
    private final Handler<Pair<AttestationResponseCode, String>> responseWatcher;
    private final String attestationEndpoint;
    private final byte[] encodedAttestationEndpoint;
    private final IClock clock;
    private final Vertx vertx;
    private final URLConnectionHttpClient httpClient;
    private boolean isExpiryCheckScheduled;
    private AtomicBoolean isAttesting;
    private Instant attestationTokenExpiresAt;
    private final Lock lock;
    private final AttestationTokenDecryptor attestationTokenDecryptor;
    private final String appVersionHeader;
    private final int attestCheckMilliseconds;
    private final AtomicReference<String> optOutUrl;

    public AttestationResponseHandler(Vertx vertx, String str, String str2, String str3, ApplicationVersion applicationVersion, IAttestationProvider iAttestationProvider, Handler<Pair<AttestationResponseCode, String>> handler, Proxy proxy) {
        this(vertx, str, str2, str3, applicationVersion, iAttestationProvider, handler, proxy, new InstantClock(), null, null, 60000);
    }

    public AttestationResponseHandler(Vertx vertx, String str, String str2, String str3, ApplicationVersion applicationVersion, IAttestationProvider iAttestationProvider, Handler<Pair<AttestationResponseCode, String>> handler, Proxy proxy, IClock iClock, URLConnectionHttpClient uRLConnectionHttpClient, AttestationTokenDecryptor attestationTokenDecryptor, int i) {
        this.attestationTokenExpiresAt = Instant.MAX;
        this.vertx = vertx;
        this.attestationEndpoint = str;
        this.encodedAttestationEndpoint = encodeStringUnicodeAttestationEndpoint(str);
        this.clientApiToken = str2;
        this.operatorType = str3;
        this.appVersion = applicationVersion;
        this.attestationProvider = iAttestationProvider;
        this.attestationToken = new AtomicReference<>(null);
        this.optOutJwt = new AtomicReference<>(null);
        this.coreJwt = new AtomicReference<>(null);
        this.optOutUrl = new AtomicReference<>(null);
        this.responseWatcher = handler;
        this.clock = iClock;
        this.lock = new ReentrantLock();
        this.isAttesting = new AtomicBoolean(false);
        this.attestCheckMilliseconds = i;
        if (uRLConnectionHttpClient == null) {
            this.httpClient = new URLConnectionHttpClient(proxy);
        } else {
            this.httpClient = uRLConnectionHttpClient;
        }
        this.attestationTokenDecryptor = (AttestationTokenDecryptor) Objects.requireNonNullElseGet(attestationTokenDecryptor, AttestationTokenDecryptor::new);
        StringBuilder sb = new StringBuilder();
        sb.append(applicationVersion.getAppName()).append("=").append(applicationVersion.getAppVersion());
        for (Map.Entry<String, String> entry : applicationVersion.getComponentVersions().entrySet()) {
            sb.append(";").append(entry.getKey()).append("=").append(entry.getValue());
        }
        this.appVersionHeader = sb.toString();
    }

    private void attestationExpirationCheck(long j) {
        try {
            if (!this.isAttesting.compareAndSet(false, true)) {
                LOGGER.warn("In the process of attesting. Skip re-attest.");
                return;
            }
            try {
                if (!this.clock.now().isAfter(this.attestationTokenExpiresAt.minusSeconds(600L))) {
                    this.isAttesting.set(false);
                    return;
                }
                LOGGER.info("Attestation token is 10 mins from the expiry timestamp {}. Re-attest...", this.attestationTokenExpiresAt);
                if (this.attestationProvider.isReady()) {
                    attest();
                    this.isAttesting.set(false);
                } else {
                    LOGGER.warn("Attestation provider is not ready. Skip re-attest.");
                    this.isAttesting.set(false);
                }
            } catch (AttestationResponseHandlerException | IOException e) {
                LOGGER.info("Re-attest failed: ", e);
                this.isAttesting.set(false);
            }
        } catch (Throwable th) {
            this.isAttesting.set(false);
            throw th;
        }
    }

    private void scheduleAttestationExpirationCheck() {
        if (this.isExpiryCheckScheduled) {
            return;
        }
        this.vertx.setPeriodic(0L, this.attestCheckMilliseconds, (v1) -> {
            attestationExpirationCheck(v1);
        });
        this.isExpiryCheckScheduled = true;
    }

    public void attest() throws IOException, AttestationResponseHandlerException {
        if (!this.attestationProvider.isReady()) {
            throw new AttestationResponseHandlerException("attestation provider is not ready");
        }
        try {
            KeyPair generateKeyPair = generateKeyPair();
            byte[] encoded = generateKeyPair.getPublic().getEncoded();
            JsonObject of = JsonObject.of("attestation_request", Base64.getEncoder().encodeToString(this.attestationProvider.getAttestationRequest(encoded, this.encodedAttestationEndpoint)), "public_key", Base64.getEncoder().encodeToString(encoded), "application_name", this.appVersion.getAppName(), "application_version", this.appVersion.getAppVersion(), "operator_type", this.operatorType);
            JsonObject jsonObject = new JsonObject();
            for (Map.Entry<String, String> entry : this.appVersion.getComponentVersions().entrySet()) {
                jsonObject.put(entry.getKey(), entry.getValue());
            }
            of.put("components", jsonObject);
            HashMap hashMap = new HashMap();
            hashMap.put("Content-Type", "application/json");
            hashMap.put("Authorization", "Bearer " + this.clientApiToken);
            hashMap.put(Const.Http.AppVersionHeader, this.appVersionHeader);
            HttpResponse<String> post = this.httpClient.post(this.attestationEndpoint, of.toString(), hashMap);
            int statusCode = post.statusCode();
            String str = (String) post.body();
            AttestationResponseCode attestationResponseCodeFromHttpStatus = getAttestationResponseCodeFromHttpStatus(statusCode);
            notifyResponseWatcher(attestationResponseCodeFromHttpStatus, str);
            if (attestationResponseCodeFromHttpStatus != AttestationResponseCode.Success) {
                throw new AttestationResponseHandlerException(attestationResponseCodeFromHttpStatus, "Non-success response from Core on attest");
            }
            JsonObject jsonObject2 = (JsonObject) Json.decodeValue(str);
            if (isFailed(jsonObject2)) {
                throw new AttestationResponseHandlerException(AttestationResponseCode.RetryableFailure, "response did not return a successful status");
            }
            JsonObject jsonObject3 = jsonObject2.getJsonObject("body");
            if (jsonObject3 == null) {
                throw new AttestationResponseHandlerException(AttestationResponseCode.RetryableFailure, "response did not contain a body object");
            }
            String attestationToken = getAttestationToken(jsonObject3);
            if (attestationToken == null) {
                throw new AttestationResponseHandlerException(AttestationResponseCode.RetryableFailure, "response json does not contain body.attestation_token");
            }
            String attestationTokenExpiresAt = getAttestationTokenExpiresAt(jsonObject3);
            if (attestationTokenExpiresAt == null) {
                throw new AttestationResponseHandlerException(AttestationResponseCode.RetryableFailure, "response json does not contain body.expiresAt");
            }
            String str2 = new String(this.attestationTokenDecryptor.decrypt(Base64.getDecoder().decode(attestationToken), generateKeyPair.getPrivate()), StandardCharsets.UTF_8);
            LOGGER.info("Attestation successful. Attestation token received.");
            setAttestationToken(str2);
            setAttestationTokenExpiresAt(attestationTokenExpiresAt);
            setOptoutJWTFromResponse(jsonObject3);
            setCoreJWTFromResponse(jsonObject3);
            setOptoutURLFromResponse(jsonObject3);
            scheduleAttestationExpirationCheck();
        } catch (AttestationResponseHandlerException | IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new AttestationResponseHandlerException(e2);
        }
    }

    public String getAttestationToken() {
        return this.attestationToken.get();
    }

    private void setAttestationToken(String str) {
        this.attestationToken.set(str);
    }

    public String getOptOutJWT() {
        return this.optOutJwt.get();
    }

    public String getCoreJWT() {
        return this.coreJwt.get();
    }

    public String getOptOutUrl() {
        return this.optOutUrl.get();
    }

    private void setAttestationTokenExpiresAt(String str) {
        this.attestationTokenExpiresAt = Instant.parse(str);
    }

    private static String getAttestationToken(JsonObject jsonObject) {
        return jsonObject.getString("attestation_token");
    }

    private static String getAttestationTokenExpiresAt(JsonObject jsonObject) {
        return jsonObject.getString("expiresAt");
    }

    private void setOptoutJWTFromResponse(JsonObject jsonObject) {
        String string = jsonObject.getString("attestation_jwt_optout");
        if (string == null) {
            LOGGER.info("Optout JWT not received");
        } else {
            LOGGER.info("Optout JWT received");
            this.optOutJwt.set(string);
        }
    }

    private void setCoreJWTFromResponse(JsonObject jsonObject) {
        String string = jsonObject.getString("attestation_jwt_core");
        if (string == null) {
            LOGGER.info("Core JWT not received");
        } else {
            LOGGER.info("Core JWT received");
            this.coreJwt.set(string);
        }
    }

    private void setOptoutURLFromResponse(JsonObject jsonObject) {
        String string = jsonObject.getString(Const.Config.OptOutUrlProp);
        if (string == null) {
            LOGGER.info("OptOut URL not received");
            return;
        }
        LOGGER.info("OptOut URL received");
        LOGGER.debug("OptOut URL to use: {}", string);
        this.optOutUrl.set(string);
    }

    private static boolean isFailed(JsonObject jsonObject) {
        return jsonObject.getString("status") == null || !jsonObject.getString("status").equals("success");
    }

    private static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(Const.Name.AsymetricEncryptionKeyClass);
        keyPairGenerator.initialize(2048, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    private void notifyResponseWatcher(AttestationResponseCode attestationResponseCode, String str) {
        if (attestationResponseCode != AttestationResponseCode.Success) {
            LOGGER.warn("Received a non-success response code on Attestation: ResponseCode: {}, Message: {}", attestationResponseCode, str);
        }
        this.lock.lock();
        try {
            if (this.responseWatcher != null) {
                this.responseWatcher.handle(Pair.of(attestationResponseCode, str));
            }
        } finally {
            this.lock.unlock();
        }
    }

    public boolean attested() {
        return this.attestationToken.get() != null && this.clock.now().isBefore(this.attestationTokenExpiresAt);
    }

    private byte[] encodeStringUnicodeAttestationEndpoint(String str) {
        ByteBuffer encode = StandardCharsets.UTF_8.encode(str);
        return Arrays.copyOf(encode.array(), encode.limit());
    }

    private AttestationResponseCode getAttestationResponseCodeFromHttpStatus(int i) {
        return (i == 401 || i == 403) ? AttestationResponseCode.AttestationFailure : i == 200 ? AttestationResponseCode.Success : AttestationResponseCode.RetryableFailure;
    }

    @Generated
    public String getAppVersionHeader() {
        return this.appVersionHeader;
    }
}
