package com.yubico.client.v2.impl;

import com.sun.enterprise.security.auth.digest.api.Constants;
import com.sun.enterprise.server.logging.parser.ParsedLogRecord;
import com.sun.faces.context.UrlBuilder;
import com.yubico.client.v2.HttpUtils;
import com.yubico.client.v2.ResponseStatus;
import com.yubico.client.v2.Signature;
import com.yubico.client.v2.VerificationRequester;
import com.yubico.client.v2.VerificationResponse;
import com.yubico.client.v2.YubicoClient;
import com.yubico.client.v2.exceptions.YubicoSignatureException;
import com.yubico.client.v2.exceptions.YubicoValidationFailure;
import com.yubico.client.v2.exceptions.YubicoVerificationException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Map;
import java.util.TreeMap;
import java.util.UUID;

/* loaded from: input_file:MICRO-INF/runtime/yubico-validation-client2.jar:com/yubico/client/v2/impl/YubicoClientImpl.class */
public class YubicoClientImpl extends YubicoClient {
    private final VerificationRequester validationService;

    YubicoClientImpl(VerificationRequester verificationRequester) {
        this.validationService = verificationRequester;
    }

    public YubicoClientImpl(Integer num) {
        this(new VerificationRequester());
        this.clientId = num;
    }

    public YubicoClientImpl(Integer num, String str) {
        this(num);
        setKey(str);
    }

    public YubicoClientImpl(Integer num, String str, Integer num2) {
        this(num, str);
        setSync(num2);
    }

    @Override // com.yubico.client.v2.YubicoClient
    public VerificationResponse verify(String str) throws YubicoVerificationException, YubicoValidationFailure {
        if (!isValidOTPFormat(str)) {
            throw new IllegalArgumentException("The OTP is not a valid format");
        }
        TreeMap treeMap = new TreeMap();
        String replaceAll = UUID.randomUUID().toString().replaceAll("-", "");
        treeMap.put(Constants.NONCE, replaceAll);
        treeMap.put("id", this.clientId.toString());
        treeMap.put("otp", str);
        treeMap.put(ParsedLogRecord.DATE_TIME, "1");
        if (this.sync != null) {
            treeMap.put("sl", this.sync.toString());
        }
        try {
            String queryString = HttpUtils.toQueryString(treeMap);
            if (this.key != null) {
                queryString = sign(queryString);
            }
            String[] wsapiUrls = getWsapiUrls();
            ArrayList arrayList = new ArrayList();
            for (String str2 : wsapiUrls) {
                arrayList.add(str2 + "?" + queryString);
            }
            VerificationResponse fetch = this.validationService.fetch(arrayList, this.userAgent);
            if (this.key != null) {
                verifySignature(fetch);
            }
            if (!fetch.getStatus().isError()) {
                if (fetch.getOtp() == null || !str.equals(fetch.getOtp())) {
                    throw new YubicoValidationFailure("OTP mismatch in response, is there a man-in-the-middle?");
                }
                if (fetch.getNonce() == null || !replaceAll.equals(fetch.getNonce())) {
                    throw new YubicoValidationFailure("Nonce mismatch in response, is there a man-in-the-middle?");
                }
            }
            return fetch;
        } catch (UnsupportedEncodingException e) {
            throw new YubicoVerificationException("Failed to encode parameter.", e);
        }
    }

    private void verifySignature(VerificationResponse verificationResponse) throws YubicoValidationFailure, YubicoVerificationException {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> entry : verificationResponse.getKeyValueMap().entrySet()) {
            if (!"h".equals(entry.getKey())) {
                if (sb.length() > 0) {
                    sb.append(UrlBuilder.PARAMETER_PAIR_SEPARATOR);
                }
                sb.append(entry.getKey()).append("=").append(entry.getValue());
            }
        }
        try {
            if (!verificationResponse.getH().equals(Signature.calculate(sb.toString(), this.key).trim()) && !verificationResponse.getStatus().equals(ResponseStatus.BAD_SIGNATURE)) {
                throw new YubicoValidationFailure("Signatures do not match");
            }
        } catch (YubicoSignatureException e) {
            throw new YubicoVerificationException("Failed to calculate the response signature.", e);
        }
    }

    private String sign(String str) throws YubicoVerificationException {
        try {
            return str + "&h=" + URLEncoder.encode(Signature.calculate(str, this.key), "UTF-8");
        } catch (YubicoSignatureException e) {
            throw new YubicoVerificationException("Failed signing of request", e);
        } catch (UnsupportedEncodingException e2) {
            throw new YubicoVerificationException("Failed to encode signature", e2);
        }
    }
}
