package com.guardtime.ksi.pdu.v2;

import com.guardtime.ksi.exceptions.KSIException;
import com.guardtime.ksi.hashing.DataHash;
import com.guardtime.ksi.hashing.HashAlgorithm;
import com.guardtime.ksi.pdu.PduMessageHeader;
import com.guardtime.ksi.pdu.exceptions.InvalidMessageAuthenticationCodeException;
import com.guardtime.ksi.service.KSIProtocolException;
import com.guardtime.ksi.service.client.ServiceCredentials;
import com.guardtime.ksi.tlv.TLVElement;
import com.guardtime.ksi.tlv.TLVParserException;
import com.guardtime.ksi.tlv.TLVStructure;
import com.guardtime.ksi.util.Util;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/guardtime/ksi/pdu/v2/PduV2.class */
abstract class PduV2 extends TLVStructure {
    private static final Logger logger = LoggerFactory.getLogger(PduV2.class);
    private static final int[] PUSHABLE_ELEMENT_TYPES = {4};
    protected List<TLVElement> payloads;
    private PduMessageHeader header;
    private MessageMac mac;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/guardtime/ksi/pdu/v2/PduV2$MessageMac.class */
    public class MessageMac extends TLVStructure {
        public static final int ELEMENT_TYPE = 31;
        private DataHash mac;

        public MessageMac(HashAlgorithm hashAlgorithm) throws KSIException {
            this.rootElement = TLVElement.create(getElementType(), new DataHash(hashAlgorithm, new byte[hashAlgorithm.getLength()]));
        }

        public MessageMac(TLVElement tLVElement) throws KSIException {
            super(tLVElement);
            this.mac = tLVElement.getDecodedDataHash();
        }

        public DataHash getMac() {
            return this.mac;
        }

        public void setMac(DataHash dataHash) throws TLVParserException {
            this.rootElement.setDataHashContent(dataHash);
            this.mac = dataHash;
        }

        public int getElementType() {
            return 31;
        }
    }

    public PduV2(PduMessageHeader pduMessageHeader, List<TLVElement> list, HashAlgorithm hashAlgorithm, byte[] bArr) throws KSIException {
        this.payloads = new LinkedList();
        this.rootElement = new TLVElement(false, false, getElementType());
        this.rootElement.addChildElement(pduMessageHeader.getRootElement());
        for (TLVElement tLVElement : list) {
            if (!isSupportedPayloadElement(tLVElement)) {
                throw new IllegalArgumentException("TLV type 0x" + Integer.toHexString(tLVElement.getType()) + " isn't supported");
            }
            this.rootElement.addChildElement(tLVElement);
            this.payloads.add(tLVElement);
        }
        hashAlgorithm.checkExpiration();
        this.mac = new MessageMac(hashAlgorithm);
        this.rootElement.addChildElement(this.mac.getRootElement());
        this.mac.setMac(calculateMac(hashAlgorithm, bArr));
        this.header = pduMessageHeader;
    }

    public PduV2(TLVElement tLVElement, ServiceCredentials serviceCredentials) throws KSIException {
        super(tLVElement);
        this.payloads = new LinkedList();
        readMac(tLVElement, serviceCredentials);
        readHeader(tLVElement);
        readPayloads(tLVElement);
        if (this.payloads.isEmpty()) {
            throw new KSIProtocolException("Invalid response message. Response message must contain at least one payload element");
        }
        checkErrorPayload();
    }

    public PduMessageHeader getHeader() {
        return this.header;
    }

    public abstract int[] getSupportedPayloadTypes();

    public int getErrorPayloadType() {
        return 3;
    }

    public List<TLVElement> getPayloads(int i) throws TLVParserException {
        ArrayList arrayList = new ArrayList();
        for (TLVElement tLVElement : this.payloads) {
            if (tLVElement.getType() == i) {
                arrayList.add(tLVElement);
            } else if (!isPushableElementType(i) && !isPushableElementType(tLVElement.getType())) {
                logger.warn("Non-pushable payload with type=0x{} encountered", Integer.toHexString(tLVElement.getType()));
            }
        }
        return arrayList;
    }

    private void checkErrorPayload() throws KSIException {
        for (TLVElement tLVElement : this.payloads) {
            if (tLVElement.getType() == getErrorPayloadType()) {
                throw new KSIProtocolException("Error was returned by server. Error status is 0x" + getStatusCodeInHexString(tLVElement) + ". Error message from server: '" + getErrorMessage(tLVElement) + "'");
            }
        }
    }

    private String getStatusCodeInHexString(TLVElement tLVElement) throws TLVParserException {
        TLVElement firstChildElement = tLVElement.getFirstChildElement(4);
        return firstChildElement != null ? Long.toHexString(firstChildElement.getDecodedLong().longValue()) : "";
    }

    private String getErrorMessage(TLVElement tLVElement) throws TLVParserException {
        TLVElement firstChildElement = tLVElement.getFirstChildElement(5);
        return firstChildElement != null ? firstChildElement.getDecodedString() : "";
    }

    private void readHeader(TLVElement tLVElement) throws KSIException {
        TLVElement firstChildElement = tLVElement.getFirstChildElement();
        if (!isHeader(firstChildElement)) {
            throw new TLVParserException("Invalid PDU header element. Expected element 0x01, got 0x" + Long.toHexString(firstChildElement.getType()));
        }
        this.header = new PduMessageHeader(firstChildElement);
    }

    private boolean isHeader(TLVElement tLVElement) {
        return tLVElement.getType() == 1;
    }

    private void readPayloads(TLVElement tLVElement) throws TLVParserException {
        List childElements = tLVElement.getChildElements();
        for (int i = this.header != null ? 1 : 0; i < childElements.size() - 1; i++) {
            TLVElement tLVElement2 = (TLVElement) childElements.get(i);
            if (isSupportedPayloadElement(tLVElement2)) {
                this.payloads.add(tLVElement2);
            } else {
                verifyCriticalFlag(tLVElement2);
                logger.info("Unknown non-critical TLV element with tag=0x{} encountered", Integer.toHexString(tLVElement2.getType()));
            }
        }
    }

    private boolean isSupportedPayloadElement(TLVElement tLVElement) {
        return Util.containsInt(getSupportedPayloadTypes(), tLVElement.getType());
    }

    private boolean isPushableElementType(int i) {
        return Util.containsInt(PUSHABLE_ELEMENT_TYPES, i);
    }

    private void readMac(TLVElement tLVElement, ServiceCredentials serviceCredentials) throws KSIException {
        TLVElement lastChildElement = tLVElement.getLastChildElement();
        if (lastChildElement != null && lastChildElement.getType() == 31) {
            this.mac = new MessageMac(lastChildElement);
            verifyMac(serviceCredentials);
        } else {
            TLVElement firstChildElement = tLVElement.getFirstChildElement(getErrorPayloadType());
            if (firstChildElement != null) {
                throw new KSIProtocolException("Error was returned by server. Error status is 0x" + Long.toHexString(firstChildElement.getFirstChildElement(4).getDecodedLong().longValue()) + ". Error message from server: '" + firstChildElement.getFirstChildElement(5).getDecodedString() + "'");
            }
            logger.warn("Gateway sent a KSI response without MAC");
            throw new KSIProtocolException("Invalid KSI response. Missing MAC.");
        }
    }

    private void verifyMac(ServiceCredentials serviceCredentials) throws KSIException {
        DataHash mac = this.mac.getMac();
        if (mac.getAlgorithm() != serviceCredentials.getHmacAlgorithm()) {
            throw new KSIException("HMAC algorithm mismatch. Expected " + serviceCredentials.getHmacAlgorithm().getName() + ", received " + mac.getAlgorithm().getName());
        }
        DataHash calculateMac = calculateMac(mac.getAlgorithm(), serviceCredentials.getLoginKey());
        if (!mac.equals(calculateMac)) {
            throw new InvalidMessageAuthenticationCodeException("Invalid MAC code. Expected " + mac + ", calculated " + calculateMac);
        }
    }

    private DataHash calculateMac(HashAlgorithm hashAlgorithm, byte[] bArr) throws KSIException {
        try {
            byte[] encoded = this.rootElement.getEncoded();
            return new DataHash(hashAlgorithm, Util.calculateHMAC(Util.copyOf(encoded, 0, encoded.length - hashAlgorithm.getLength()), bArr, hashAlgorithm.getName()));
        } catch (InvalidKeyException e) {
            throw new KSIException("MAC calculation failed. Invalid key.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KSIException("MAC calculation failed. Invalid algorithm.", e2);
        }
    }
}
