package com.box.sdk;

import com.box.sdk.internal.pool.MacPool;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.jose4j.mac.MacUtil;

/* loaded from: input_file:WEB-INF/lib/box-java-sdk-2.28.1.jar:com/box/sdk/BoxWebHookSignatureVerifier.class */
public class BoxWebHookSignatureVerifier {
    private static final Charset UTF_8 = Charset.forName("UTF-8");
    private static final Set<String> SUPPORTED_VERSIONS = Collections.singleton("1");
    private static final Set<BoxSignatureAlgorithm> SUPPORTED_ALGORITHMS = Collections.unmodifiableSet(EnumSet.of(BoxSignatureAlgorithm.HMAC_SHA256));
    private static final MacPool MAC_POOL = new MacPool();
    private final String primarySignatureKey;
    private final String secondarySignatureKey;

    /* loaded from: input_file:WEB-INF/lib/box-java-sdk-2.28.1.jar:com/box/sdk/BoxWebHookSignatureVerifier$BoxSignatureAlgorithm.class */
    public enum BoxSignatureAlgorithm {
        HMAC_SHA256(MacUtil.HMAC_SHA256, MacUtil.HMAC_SHA256);

        private static final Map<String, BoxSignatureAlgorithm> ALGORITHM_BY_NAME;
        private final String name;
        private final String javaProviderName;

        BoxSignatureAlgorithm(String str, String str2) {
            this.name = str2;
            this.javaProviderName = str2;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static BoxSignatureAlgorithm byName(String str) {
            return ALGORITHM_BY_NAME.get(str);
        }

        static {
            ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
            for (BoxSignatureAlgorithm boxSignatureAlgorithm : values()) {
                concurrentHashMap.put(boxSignatureAlgorithm.name, boxSignatureAlgorithm);
            }
            ALGORITHM_BY_NAME = Collections.unmodifiableMap(concurrentHashMap);
        }
    }

    public BoxWebHookSignatureVerifier(String str, String str2) {
        if (str == null && str2 == null) {
            throw new IllegalArgumentException("At least primary or secondary signature key must be provided!");
        }
        this.primarySignatureKey = str;
        this.secondarySignatureKey = str2;
    }

    public boolean verify(String str, String str2, String str3, String str4, String str5, String str6) {
        if (!SUPPORTED_VERSIONS.contains(str)) {
            return false;
        }
        BoxSignatureAlgorithm byName = BoxSignatureAlgorithm.byName(str2);
        if (!SUPPORTED_ALGORITHMS.contains(byName)) {
            return false;
        }
        if (this.primarySignatureKey == null || !verify(this.primarySignatureKey, byName, str3, str5, str6)) {
            return this.secondarySignatureKey != null && verify(this.secondarySignatureKey, byName, str4, str5, str6);
        }
        return true;
    }

    private boolean verify(String str, BoxSignatureAlgorithm boxSignatureAlgorithm, String str2, String str3, String str4) {
        if (str2 == null) {
            return false;
        }
        return Arrays.equals(signRaw(boxSignatureAlgorithm, str, str3, str4), Base64.decode(str2));
    }

    public String sign(BoxSignatureAlgorithm boxSignatureAlgorithm, String str, String str2, String str3) {
        return Base64.encode(signRaw(boxSignatureAlgorithm, str, str2, str3));
    }

    private byte[] signRaw(BoxSignatureAlgorithm boxSignatureAlgorithm, String str, String str2, String str3) {
        Mac acquire = MAC_POOL.acquire(boxSignatureAlgorithm.javaProviderName);
        try {
            try {
                acquire.init(new SecretKeySpec(str.getBytes(UTF_8), boxSignatureAlgorithm.javaProviderName));
                acquire.update(UTF_8.encode(str2));
                acquire.update(UTF_8.encode(str3));
                byte[] doFinal = acquire.doFinal();
                MAC_POOL.release(acquire);
                return doFinal;
            } catch (InvalidKeyException e) {
                throw new IllegalArgumentException("Invalid key: ", e);
            }
        } catch (Throwable th) {
            MAC_POOL.release(acquire);
            throw th;
        }
    }
}
