package com.onlinepayments.webhooks;

import com.onlinepayments.Marshaller;
import com.onlinepayments.RequestHeader;
import com.onlinepayments.domain.WebhooksEvent;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/onlinepayments/webhooks/WebhooksHelper.class */
public class WebhooksHelper {
    private static final Charset CHARSET = Charset.forName("UTF-8");
    private final Marshaller marshaller;
    private final SecretKeyStore secretKeyStore;

    public WebhooksHelper(Marshaller marshaller, SecretKeyStore secretKeyStore) {
        if (marshaller == null) {
            throw new IllegalArgumentException("marshaller is required");
        }
        if (secretKeyStore == null) {
            throw new IllegalArgumentException("secretKeyStore is required");
        }
        this.marshaller = marshaller;
        this.secretKeyStore = secretKeyStore;
    }

    public WebhooksEvent unmarshal(InputStream inputStream, List<RequestHeader> list) throws IOException {
        return unmarshal(getContent(inputStream), list);
    }

    private byte[] getContent(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(4096);
        byte[] bArr = new byte[4096];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    public WebhooksEvent unmarshal(byte[] bArr, List<RequestHeader> list) {
        validate(bArr, list);
        WebhooksEvent webhooksEvent = (WebhooksEvent) this.marshaller.unmarshal(new String(bArr, CHARSET), WebhooksEvent.class);
        validateApiVersion(webhooksEvent);
        return webhooksEvent;
    }

    protected void validate(byte[] bArr, List<RequestHeader> list) {
        try {
            validateBody(bArr, list);
        } catch (GeneralSecurityException e) {
            throw new SignatureValidationException(e);
        }
    }

    public WebhooksEvent unmarshal(String str, List<RequestHeader> list) {
        validate(str, list);
        WebhooksEvent webhooksEvent = (WebhooksEvent) this.marshaller.unmarshal(str, WebhooksEvent.class);
        validateApiVersion(webhooksEvent);
        return webhooksEvent;
    }

    protected void validate(String str, List<RequestHeader> list) {
        validate(str.getBytes(CHARSET), list);
    }

    private void validateBody(byte[] bArr, List<RequestHeader> list) throws GeneralSecurityException {
        String headerValue = getHeaderValue(list, "X-GCS-Signature");
        String secretKey = this.secretKeyStore.getSecretKey(getHeaderValue(list, "X-GCS-KeyId"));
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(secretKey.getBytes(CHARSET), "HmacSHA256"));
        if (!areEqualSignatures(headerValue, Base64.encodeBase64String(mac.doFinal(bArr)))) {
            throw new SignatureValidationException("failed to validate signature '" + headerValue + "'");
        }
    }

    static boolean areEqualSignatures(String str, String str2) {
        boolean z;
        boolean z2;
        int length = str.length();
        int length2 = str2.length();
        int max = Math.max(Math.max(length, length2), 256);
        boolean z3 = true;
        int i = 0;
        while (i < max) {
            if (i >= length || i >= length2) {
                z = z3;
                z2 = i >= length && i >= length2;
            } else {
                z = z3;
                z2 = str.charAt(i) == str2.charAt(i);
            }
            z3 = z & z2;
            i++;
        }
        return z3;
    }

    private void validateApiVersion(WebhooksEvent webhooksEvent) {
        if (!"v1".equals(webhooksEvent.getApiVersion())) {
            throw new ApiVersionMismatchException(webhooksEvent.getApiVersion(), "v1");
        }
    }

    private String getHeaderValue(List<RequestHeader> list, String str) {
        String str2 = null;
        for (RequestHeader requestHeader : list) {
            if (str.equalsIgnoreCase(requestHeader.getName())) {
                if (str2 != null) {
                    throw new SignatureValidationException("encountered multiple occurrences of header '" + str + "'");
                }
                str2 = requestHeader.getValue();
            }
        }
        if (str2 == null) {
            throw new SignatureValidationException("could not find header '" + str + "'");
        }
        return str2;
    }
}
