package org.tbk.spring.lnurl.security.wallet;

import fr.acinq.bitcoin.Crypto;
import lombok.NonNull;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.util.Assert;
import org.tbk.lnurl.auth.K1;
import org.tbk.lnurl.auth.K1Manager;
import org.tbk.lnurl.auth.LinkingKey;
import org.tbk.lnurl.auth.LnurlAuthPairingService;
import org.tbk.lnurl.auth.Signature;
import org.tbk.spring.lnurl.security.LnurlAuthenticationException;
import scodec.bits.ByteVector;

/* loaded from: input_file:org/tbk/spring/lnurl/security/wallet/LnurlAuthWalletAuthenticationProvider.class */
public class LnurlAuthWalletAuthenticationProvider implements AuthenticationProvider {

    @NonNull
    private final K1Manager k1Manager;

    @NonNull
    private final LnurlAuthPairingService lnurlAuthPairingService;

    @NonNull
    private final UserDetailsService userDetailsService;

    public boolean supports(Class<?> cls) {
        return LnurlAuthWalletToken.class.isAssignableFrom(cls);
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Assert.isTrue(supports(authentication.getClass()), "Unsupported authentication class");
        return authenticateInternal((LnurlAuthWalletToken) authentication);
    }

    private Authentication authenticateInternal(LnurlAuthWalletToken lnurlAuthWalletToken) {
        if (lnurlAuthWalletToken.isAuthenticated()) {
            throw new LnurlAuthenticationException("Already authenticated.");
        }
        K1 k1 = lnurlAuthWalletToken.getK1();
        if (!this.k1Manager.isValid(k1)) {
            throw new BadCredentialsException("k1 value has either expired or was not generated by this service.");
        }
        if (!verifyLogin(k1, lnurlAuthWalletToken.getSignature(), lnurlAuthWalletToken.getLinkingKey())) {
            throw new BadCredentialsException("k1 and signature could not be verified.");
        }
        try {
            this.lnurlAuthPairingService.pairK1WithLinkingKey(lnurlAuthWalletToken.getK1(), lnurlAuthWalletToken.getLinkingKey());
            this.k1Manager.invalidate(k1);
            UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername(lnurlAuthWalletToken.getLinkingKey().toHex());
            LnurlAuthWalletToken lnurlAuthWalletToken2 = new LnurlAuthWalletToken(lnurlAuthWalletToken.getK1(), lnurlAuthWalletToken.getSignature(), lnurlAuthWalletToken.getLinkingKey(), loadUserByUsername.getAuthorities());
            lnurlAuthWalletToken2.setDetails(loadUserByUsername);
            return lnurlAuthWalletToken2;
        } catch (Exception e) {
            throw new LnurlAuthenticationException("Could not pair k1 with linkingKey", e);
        }
    }

    private boolean verifyLogin(K1 k1, Signature signature, LinkingKey linkingKey) {
        return Crypto.verifySignature(ByteVector.view(k1.toArray()), Crypto.der2compact(ByteVector.view(signature.toArray())), new Crypto.PublicKey(ByteVector.view(linkingKey.toArray())));
    }

    public LnurlAuthWalletAuthenticationProvider(@NonNull K1Manager k1Manager, @NonNull LnurlAuthPairingService lnurlAuthPairingService, @NonNull UserDetailsService userDetailsService) {
        if (k1Manager == null) {
            throw new NullPointerException("k1Manager is marked non-null but is null");
        }
        if (lnurlAuthPairingService == null) {
            throw new NullPointerException("lnurlAuthPairingService is marked non-null but is null");
        }
        if (userDetailsService == null) {
            throw new NullPointerException("userDetailsService is marked non-null but is null");
        }
        this.k1Manager = k1Manager;
        this.lnurlAuthPairingService = lnurlAuthPairingService;
        this.userDetailsService = userDetailsService;
    }
}
