package io.dialob.security.spring.apikey;

import io.dialob.security.key.ApiKey;
import java.time.LocalDateTime;
import java.util.Base64;
import java.util.Objects;
import java.util.Optional;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.springframework.security.authentication.BadCredentialsException;

/* loaded from: input_file:BOOT-INF/lib/dialob-security-spring-2.1.21.jar:io/dialob/security/spring/apikey/HmacSHA256ApiKeyValidator.class */
public class HmacSHA256ApiKeyValidator implements ApiKeyValidator {
    private final SecretKeySpec secretKey;

    public HmacSHA256ApiKeyValidator(byte[] bArr) {
        this.secretKey = new SecretKeySpec(bArr, "HmacSHA256");
    }

    @Override // io.dialob.security.spring.apikey.ApiKeyValidator
    public void validateApiKey(ApiKey apiKey, ApiKey apiKey2) {
        if (apiKey == null || !apiKey.isValid()) {
            throw new BadCredentialsException("Invalid API key");
        }
        LocalDateTime now = LocalDateTime.now();
        Optional<LocalDateTime> startDateTime = apiKey.getStartDateTime();
        Objects.requireNonNull(now);
        if (!((Boolean) startDateTime.map((v1) -> {
            return r1.isBefore(v1);
        }).orElse(false)).booleanValue()) {
            Optional<LocalDateTime> endDateTime = apiKey.getEndDateTime();
            Objects.requireNonNull(now);
            if (!((Boolean) endDateTime.map((v1) -> {
                return r1.isAfter(v1);
            }).orElse(false)).booleanValue()) {
                if (!apiKey2.getToken().isPresent() || !apiKey.getHash().isPresent()) {
                    throw new BadCredentialsException("Could not validate API key");
                }
                try {
                    if (verifyToken(Base64.getDecoder().decode(apiKey2.getToken().get()), apiKey.getHash().get())) {
                        return;
                    } else {
                        throw new BadCredentialsException("Could not validate API key");
                    }
                } catch (IllegalArgumentException | IllegalStateException e) {
                    throw new BadCredentialsException("Could not decode API key");
                }
            }
        }
        throw new BadCredentialsException("API key expired");
    }

    protected boolean verifyToken(byte[] bArr, String str) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(this.secretKey);
            return Objects.equals(Base64.getEncoder().encodeToString(mac.doFinal(bArr)), str);
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }
}
