package com.cybersource.flex.sdk.impl;

import com.cybersource.flex.sdk.FlexService;
import com.cybersource.flex.sdk.FlexServiceFactory;
import com.cybersource.flex.sdk.authentication.BaseCGKCredentials;
import com.cybersource.flex.sdk.authentication.FlexCredentials;
import com.cybersource.flex.sdk.authentication.VisaDeveloperCenterCredentials;
import com.cybersource.flex.sdk.exception.FlexApiClientException;
import com.cybersource.flex.sdk.exception.FlexApiServerException;
import com.cybersource.flex.sdk.exception.FlexEncodingException;
import com.cybersource.flex.sdk.exception.FlexException;
import com.cybersource.flex.sdk.exception.FlexSDKInternalException;
import com.cybersource.flex.sdk.internal.HttpResponse;
import com.cybersource.flex.sdk.model.EncryptionType;
import com.cybersource.flex.sdk.model.FlexErrorResponse;
import com.cybersource.flex.sdk.model.FlexPublicKey;
import com.cybersource.flex.sdk.model.FlexToken;
import com.cybersource.flex.sdk.model.KeysRequestParameters;
import com.cybersource.flex.sdk.repackaged.Base64;
import java.beans.IntrospectionException;
import java.beans.PropertyDescriptor;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.DestroyFailedException;

/* loaded from: input_file:com/cybersource/flex/sdk/impl/FlexKeyServiceImpl.class */
public class FlexKeyServiceImpl implements FlexService {
    private final FlexServiceFactory.FlexServiceConfiguration flexServiceConfiguration;
    private final Logger logger = Logger.getLogger(FlexKeyServiceImpl.class.getName());
    private static final String V_C_CORRELATION_ID = "v-c-correlation-id";
    private final FlexHttpClient httpClient;

    public FlexKeyServiceImpl(FlexCredentials flexCredentials, FlexServiceFactory.FlexServiceConfiguration flexServiceConfiguration) {
        this.flexServiceConfiguration = flexServiceConfiguration;
        if (flexServiceConfiguration.isLoggingEnabled()) {
            this.logger.log(Level.INFO, "Initialization of Flex Service with following configuration {0}.", this.flexServiceConfiguration);
        }
        if (flexCredentials instanceof BaseCGKCredentials) {
            this.httpClient = new CGKHttpClient((BaseCGKCredentials) flexCredentials, this.flexServiceConfiguration);
        } else {
            if (!(flexCredentials instanceof VisaDeveloperCenterCredentials)) {
                throw new IllegalArgumentException("Suspicious authentication");
            }
            this.httpClient = new VDPHttpClient((VisaDeveloperCenterCredentials) flexCredentials, this.flexServiceConfiguration);
        }
    }

    @Override // com.cybersource.flex.sdk.FlexService
    public FlexPublicKey createKey() throws FlexException {
        return createKey(new KeysRequestParameters());
    }

    @Override // com.cybersource.flex.sdk.FlexService
    public FlexPublicKey createKey(KeysRequestParameters keysRequestParameters) throws FlexException {
        HttpResponse postForKey = this.httpClient.postForKey(JsonHelper.toJson(keysRequestParameters).toString());
        if (this.flexServiceConfiguration.isLoggingEnabled()) {
            this.logger.log(Level.INFO, "Response received from Flex: {0}.", postForKey);
        }
        String body = postForKey.getBody();
        if (postForKey.isErrorResponse()) {
            handleErrorResponse(postForKey, body);
        }
        return JsonHelper.parseFlexPublicKey(body);
    }

    @Override // com.cybersource.flex.sdk.FlexService
    public FlexPublicKey createKey(EncryptionType encryptionType) throws FlexException {
        return createKey(new KeysRequestParameters(encryptionType));
    }

    @Override // com.cybersource.flex.sdk.FlexService
    public FlexPublicKey createKey(EncryptionType encryptionType, String str) throws FlexException {
        return createKey(new KeysRequestParameters(encryptionType, str));
    }

    @Override // com.cybersource.flex.sdk.FlexService
    public FlexPublicKey retrieveKey(String str) throws FlexException {
        HttpResponse forKey = this.httpClient.getForKey(str);
        if (this.flexServiceConfiguration.isLoggingEnabled()) {
            this.logger.log(Level.INFO, "Response received from Flex: {0}.", forKey);
        }
        String body = forKey.getBody();
        if (forKey.isErrorResponse()) {
            handleErrorResponse(forKey, body);
        }
        return JsonHelper.parseFlexPublicKey(body);
    }

    @Override // com.cybersource.flex.sdk.FlexService
    public PublicKey decodePublicKey(FlexPublicKey flexPublicKey) throws FlexException {
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(flexPublicKey.getDer().getPublicKey())));
        } catch (IOException e) {
            throw new FlexEncodingException("Unable to decode public key value");
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
            throw new FlexSDKInternalException(e2);
        }
    }

    @Override // com.cybersource.flex.sdk.FlexService
    public boolean verify(String str, String str2) throws FlexException {
        return verify(JsonHelper.parseFlexPublicKey(str), JsonHelper.parseFlexTokenResponse(str2));
    }

    @Override // com.cybersource.flex.sdk.FlexService
    public boolean verify(FlexPublicKey flexPublicKey, String str) throws FlexException {
        return verify(flexPublicKey, JsonHelper.parseFlexTokenResponse(str));
    }

    @Override // com.cybersource.flex.sdk.FlexService
    public boolean verify(FlexPublicKey flexPublicKey, FlexToken flexToken) throws FlexException {
        return validateTokenSignature(decodePublicKey(flexPublicKey), getSignedFieldsValues(flexToken), flexToken.getSignature());
    }

    @Override // com.cybersource.flex.sdk.FlexService
    public boolean verify(FlexPublicKey flexPublicKey, Map map) throws FlexException {
        PublicKey decodePublicKey = decodePublicKey(flexPublicKey);
        String str = (String) map.get("signedFields");
        StringBuilder sb = new StringBuilder();
        for (String str2 : str.split(",")) {
            sb.append(',');
            sb.append(map.get("" + str2));
        }
        return validateTokenSignature(decodePublicKey, sb.substring(1), (String) map.get("signature"));
    }

    private String getSignedFieldsValues(FlexToken flexToken) throws FlexSDKInternalException {
        String[] split = flexToken.getSignedFields().split(",");
        StringBuilder sb = new StringBuilder();
        for (String str : split) {
            try {
                sb.append(",").append(new PropertyDescriptor(str, FlexToken.class).getReadMethod().invoke(flexToken, new Object[0]));
            } catch (IntrospectionException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
                throw new FlexSDKInternalException(e.getMessage());
            }
        }
        sb.deleteCharAt(0);
        return sb.toString();
    }

    private boolean validateTokenSignature(PublicKey publicKey, String str, String str2) throws FlexSDKInternalException, FlexEncodingException {
        try {
            Signature signature = Signature.getInstance("SHA512withRSA");
            signature.initVerify(publicKey);
            signature.update(str.getBytes());
            return signature.verify(Base64.decode(str2));
        } catch (IOException e) {
            throw new FlexEncodingException("Unable to decode signature");
        } catch (GeneralSecurityException e2) {
            throw new FlexSDKInternalException(e2.getMessage());
        }
    }

    private void handleErrorResponse(HttpResponse httpResponse, String str) throws FlexException {
        FlexErrorResponse flexErrorResponse = null;
        if (str != null && str.trim().length() > 0) {
            flexErrorResponse = JsonHelper.parseFlexErrorResponse(str);
        }
        String headerFirstValue = httpResponse.getHeaderFirstValue(V_C_CORRELATION_ID);
        int status = httpResponse.getStatus();
        if (status / 100 != 5) {
            throw new FlexApiClientException(status, flexErrorResponse, headerFirstValue);
        }
        throw new FlexApiServerException(status, flexErrorResponse, headerFirstValue);
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.httpClient.isDestroyed();
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        this.httpClient.destroy();
    }

    protected void finalize() throws Throwable {
        try {
            destroy();
        } finally {
            super.finalize();
        }
    }
}
