package com.ibm.ispim.appid.client.serviceProxies;

import com.ibm.ispim.appid.client.clt.ConsoleIO;
import com.ibm.ispim.appid.client.exceptions.EncryptionException;
import com.ibm.ispim.appid.client.exceptions.ExecutionException;
import com.ibm.ispim.appid.client.exceptions.JsonDataConversionException;
import com.ibm.ispim.appid.client.exceptions.ServerException;
import com.ibm.ispim.appid.client.exceptions.WorkflowFailureException;
import com.ibm.ispim.appid.client.model.ErrorInfo;
import com.ibm.ispim.appid.client.utils.HttpService;
import com.ibm.ispim.appid.client.utils.JacksonObjectFactory;
import java.io.IOException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.codehaus.jackson.JsonGenerationException;
import org.codehaus.jackson.JsonProcessingException;
import org.codehaus.jackson.map.JsonMappingException;

/* loaded from: input_file:com/ibm/ispim/appid/client/serviceProxies/FingerprintServiceProxy.class */
public class FingerprintServiceProxy extends ServiceProxy {
    static final String FINGERPRINT_URL = "/rest/fingerprints";
    static final String KEYED_HASH_ALGORITHM = "HmacSHA256";
    static final String ENCRYPTION_ALGORITHM = "AES";
    static final Logger logger = Logger.getLogger(FingerprintServiceProxy.class.getName());
    static final byte[] STATIC_KEY = {-75, -68, -32, -104, 66, -101, 67, -15, -50, 120, 117, -123, 72, 30, 70, 18};

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/ispim/appid/client/serviceProxies/FingerprintServiceProxy$FingerprintVerificationRequest.class */
    public static class FingerprintVerificationRequest {
        String appInstanceName;
        String osid;
        String fingerprint;
        String hash;

        public FingerprintVerificationRequest(String str, String str2, String str3, String str4) {
            this.appInstanceName = str;
            this.osid = str2;
            this.fingerprint = str3;
            this.hash = str4;
        }

        public String toString() {
            try {
                return JacksonObjectFactory.writer(FingerprintVerificationRequest.class).writeValueAsString(this);
            } catch (JsonGenerationException e) {
                FingerprintServiceProxy.logger.log(Level.SEVERE, e.getMessage(), (Throwable) e);
                return "";
            } catch (JsonMappingException e2) {
                FingerprintServiceProxy.logger.log(Level.SEVERE, e2.getMessage(), (Throwable) e2);
                return "";
            } catch (IOException e3) {
                FingerprintServiceProxy.logger.log(Level.SEVERE, e3.getMessage(), (Throwable) e3);
                return "";
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/ispim/appid/client/serviceProxies/FingerprintServiceProxy$ServerChallenge.class */
    public static class ServerChallenge {
        String osid;
        String challenge;

        ServerChallenge() {
        }

        public String getOsid() {
            return this.osid;
        }

        public String getChallenge() {
            return this.challenge;
        }

        public static ServerChallenge create(String str) throws JsonDataConversionException {
            try {
                return (ServerChallenge) JacksonObjectFactory.reader(ServerChallenge.class).readValue(str);
            } catch (JsonProcessingException e) {
                throw new JsonDataConversionException(e);
            } catch (IOException e2) {
                throw new JsonDataConversionException(e2);
            }
        }
    }

    FingerprintServiceProxy(URL url, HttpService httpService) {
        super(url, httpService);
    }

    public String verify(String str, String str2) throws ServerException, ExecutionException {
        HttpService.Response response = this.httpClient.get(getServiceURL(), null, true);
        if (response.getCode() != 401) {
            throw new ServerException(ErrorInfo.fromJson(response.getBody()), response.getCode());
        }
        FingerprintVerificationRequest constructVerificationRequest = constructVerificationRequest(ServerChallenge.create(response.getBody()), str2, str);
        HttpService.Response post = this.httpClient.post(getServiceURL(), constructVerificationRequest.toString(), true);
        if (post.getCode() != 200) {
            throw new ServerException(ErrorInfo.fromJson(post.getBody()), post.getCode());
        }
        ConsoleIO.verbose("Fingerprint verification succeeded.");
        return constructVerificationRequest.osid;
    }

    private FingerprintVerificationRequest constructVerificationRequest(ServerChallenge serverChallenge, String str, String str2) throws WorkflowFailureException {
        try {
            return new FingerprintVerificationRequest(str2, serverChallenge.getOsid(), str, keyedHash(decrypt(STATIC_KEY, serverChallenge.getChallenge()), str));
        } catch (InvalidKeyException e) {
            throw new EncryptionException(e);
        }
    }

    static String keyedHash(byte[] bArr, String str) throws InvalidKeyException {
        try {
            Mac mac = Mac.getInstance(KEYED_HASH_ALGORITHM);
            mac.init(new SecretKeySpec(bArr, KEYED_HASH_ALGORITHM));
            return new String(Base64.encodeBase64(mac.doFinal(str.getBytes())));
        } catch (NoSuchAlgorithmException e) {
            logger.log(Level.SEVERE, e.getMessage(), (Throwable) e);
            return null;
        }
    }

    static byte[] decrypt(byte[] bArr, String str) throws EncryptionException {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, ENCRYPTION_ALGORITHM);
            Cipher cipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
            cipher.init(2, secretKeySpec);
            return cipher.doFinal(Base64.decodeBase64(str));
        } catch (InvalidKeyException e) {
            throw new EncryptionException(e);
        } catch (NoSuchAlgorithmException e2) {
            logger.log(Level.SEVERE, e2.getMessage(), (Throwable) e2);
            return null;
        } catch (BadPaddingException e3) {
            throw new EncryptionException(e3);
        } catch (IllegalBlockSizeException e4) {
            throw new EncryptionException(e4);
        } catch (NoSuchPaddingException e5) {
            logger.log(Level.SEVERE, e5.getMessage(), (Throwable) e5);
            return null;
        }
    }

    @Override // com.ibm.ispim.appid.client.serviceProxies.ServiceProxy
    protected String getServiceBase() {
        return FINGERPRINT_URL;
    }
}
