package no.spid.api.security;

import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import no.spid.api.client.SpidApiResponse;
import no.spid.api.exceptions.SpidApiException;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:no/spid/api/security/SpidSecurityHelper.class */
public class SpidSecurityHelper {
    private String signatureSecret;

    public SpidSecurityHelper(String str) {
        this.signatureSecret = str;
    }

    public String decryptAndValidateSignedRequest(String str) throws SpidApiException {
        if (str == null || !str.contains(".")) {
            throw new SpidApiException("Invalid request.");
        }
        String str2 = str.split("\\.")[0];
        String str3 = str.split("\\.")[1];
        byte[] base64UrlDecode = base64UrlDecode(str2);
        byte[] bArr = null;
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.signatureSecret.getBytes("UTF-8"), "HmacSHA256");
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            bArr = mac.doFinal(str3.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        } catch (InvalidKeyException e2) {
            throw new SpidApiException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new SpidApiException(e3);
        }
        if (Arrays.equals(bArr, base64UrlDecode)) {
            return new String(base64UrlDecode(str3));
        }
        throw new SpidApiException("Signature is not valid!");
    }

    public SpidApiResponse decryptAndValidateSignedResponse(SpidApiResponse spidApiResponse) throws SpidApiException {
        String responseSignature = spidApiResponse.getResponseSignature();
        String responseAlgorithm = spidApiResponse.getResponseAlgorithm();
        String rawData = spidApiResponse.getRawData();
        if (responseAlgorithm != null && !responseAlgorithm.equals("HMAC-SHA256")) {
            throw new SpidApiException("Hash algorithm not supported. Expected HMAC-SHA256");
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.signatureSecret.getBytes("UTF-8"), "HmacSHA256");
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            if (!Arrays.equals(mac.doFinal(rawData.getBytes("UTF-8")), base64UrlDecode(responseSignature))) {
                throw new SpidApiException("Could not verify signature");
            }
            spidApiResponse.setDecryptedData(new String(base64UrlDecode(rawData)));
            return spidApiResponse;
        } catch (InvalidKeyException e) {
            throw new SpidApiException(e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            throw new SpidApiException(e2.getMessage());
        } catch (Exception e3) {
            throw new SpidApiException(e3.getMessage());
        }
    }

    public Map<String, String> addHash(Map<String, String> map) throws SpidApiException {
        String str = "";
        String[] strArr = (String[]) map.keySet().toArray(new String[map.keySet().size()]);
        Arrays.sort(strArr);
        for (String str2 : strArr) {
            str = str + map.get(str2);
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.signatureSecret.getBytes("UTF-8"), "HmacSHA256");
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            map.put("hash", base64UrlEncode(mac.doFinal(str.getBytes("UTF-8"))));
            return map;
        } catch (InvalidKeyException e) {
            throw new SpidApiException(e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            throw new SpidApiException(e2.getMessage());
        } catch (Exception e3) {
            throw new SpidApiException(e3.getMessage());
        }
    }

    private byte[] base64UrlDecode(String str) {
        return Base64.decodeBase64(str.replace("-", "+").replace("_", "/").trim());
    }

    private String base64UrlEncode(byte[] bArr) {
        return Base64.encodeBase64URLSafeString(bArr).replace("+", "-").replace("/", "_");
    }
}
