package io.openweb3.pay;

import io.openweb3.pay.exceptions.SigningException;
import io.openweb3.pay.exceptions.VerificationException;
import java.net.http.HttpHeaders;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Optional;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:io/openweb3/pay/Webhook.class */
public final class Webhook {
    static final String SECRET_PREFIX = "whsec_";
    static final String X_MSG_ID_KEY = "x-id";
    static final String X_MSG_SIGNATURE_KEY = "x-signature";
    static final String X_MSG_TIMESTAMP_KEY = "x-timestamp";
    static final String UNBRANDED_MSG_ID_KEY = "webhook-id";
    static final String UNBRANDED_MSG_SIGNATURE_KEY = "webhook-signature";
    static final String UNBRANDED_MSG_TIMESTAMP_KEY = "webhook-timestamp";
    private static final String HMAC_SHA256 = "HmacSHA256";
    private static final int TOLERANCE_IN_SECONDS = 300;
    private static final long SECOND_IN_MS = 1000;
    private final byte[] key;

    public Webhook(String str) {
        this.key = str.getBytes();
    }

    public Webhook(byte[] bArr) {
        this.key = bArr;
    }

    public boolean verify(String str, HttpHeaders httpHeaders) throws VerificationException {
        Optional firstValue = httpHeaders.firstValue(X_MSG_ID_KEY);
        Optional firstValue2 = httpHeaders.firstValue(X_MSG_SIGNATURE_KEY);
        Optional firstValue3 = httpHeaders.firstValue(X_MSG_TIMESTAMP_KEY);
        if (firstValue.isEmpty() || firstValue2.isEmpty() || firstValue3.isEmpty()) {
            firstValue = httpHeaders.firstValue(UNBRANDED_MSG_ID_KEY);
            firstValue2 = httpHeaders.firstValue(UNBRANDED_MSG_SIGNATURE_KEY);
            firstValue3 = httpHeaders.firstValue(UNBRANDED_MSG_TIMESTAMP_KEY);
            if (firstValue.isEmpty() || firstValue2.isEmpty() || firstValue3.isEmpty()) {
                throw new VerificationException("Missing required headers");
            }
        }
        try {
            String str2 = sign((String) firstValue.get(), verifyTimestamp((String) firstValue3.get()), str).split(",")[1];
            for (String str3 : ((String) firstValue2.get()).split(" ")) {
                String[] split = str3.split(",");
                if (split.length >= 2 && split[0].equals("v1")) {
                    return MessageDigest.isEqual(split[1].getBytes(), str2.getBytes());
                }
            }
            throw new VerificationException("No matching signature found");
        } catch (SigningException e) {
            throw new VerificationException("Failed to generate expected signature");
        }
    }

    public String sign(String str, long j, String str2) throws SigningException {
        try {
            String format = String.format("%s.%s.%s", str, Long.valueOf(j), str2);
            Mac mac = Mac.getInstance(HMAC_SHA256);
            mac.init(new SecretKeySpec(this.key, HMAC_SHA256));
            return String.format("v1,%s", Base64.getEncoder().encodeToString(mac.doFinal(format.getBytes(StandardCharsets.UTF_8))));
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new SigningException(e.getMessage());
        }
    }

    private static long verifyTimestamp(String str) throws VerificationException {
        long currentTimeMillis = System.currentTimeMillis() / SECOND_IN_MS;
        try {
            long parseLong = Long.parseLong(str);
            if (parseLong < currentTimeMillis - 300) {
                throw new VerificationException("Message timestamp too old");
            }
            if (parseLong > currentTimeMillis + 300) {
                throw new VerificationException("Message timestamp too new");
            }
            return parseLong;
        } catch (NumberFormatException e) {
            throw new VerificationException("Invalid Signature Headers");
        }
    }
}
