package org.tokenscript.auth;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.tokenscript.attestation.AttestableObjectDecoder;
import org.tokenscript.attestation.AttestedObject;
import org.tokenscript.attestation.Timestamp;
import org.tokenscript.attestation.core.Attestable;
import org.tokenscript.attestation.core.SignatureUtility;
import org.tokenscript.attestation.core.URLUtility;
import org.tokenscript.eip712.Eip712Validator;
import org.tokenscript.eip712.FullEip712InternalData;

/* loaded from: input_file:org/tokenscript/auth/Eip712AuthValidator.class */
public class Eip712AuthValidator<T extends Attestable> extends Eip712Validator {
    private static final Logger logger = LogManager.getLogger((Class<?>) Eip712AuthValidator.class);
    private final AsymmetricKeyParameter attestorPublicKey;
    private final AttestableObjectDecoder<T> decoder;
    private final long acceptableTimeLimit;

    public Eip712AuthValidator(AttestableObjectDecoder<T> attestableObjectDecoder, AuthenticatorEncoder authenticatorEncoder, AsymmetricKeyParameter asymmetricKeyParameter, String str) {
        this(attestableObjectDecoder, authenticatorEncoder, asymmetricKeyParameter, str, 1200000L);
    }

    public Eip712AuthValidator(AttestableObjectDecoder<T> attestableObjectDecoder, AuthenticatorEncoder authenticatorEncoder, AsymmetricKeyParameter asymmetricKeyParameter, String str, long j) {
        super(str, authenticatorEncoder);
        this.acceptableTimeLimit = j;
        this.attestorPublicKey = asymmetricKeyParameter;
        this.decoder = attestableObjectDecoder;
    }

    public boolean validateRequest(String str) {
        try {
            FullEip712InternalData fullEip712InternalData = (FullEip712InternalData) retrieveUnderlyingObject(str, FullEip712InternalData.class);
            AttestedObject<T> retrieveAttestedObject = retrieveAttestedObject(fullEip712InternalData);
            if (!verifySignature(str, SignatureUtility.addressFromKey(retrieveAttestedObject.getUserPublicKey()), FullEip712InternalData.class)) {
                logger.error("Could not verify signature");
                return false;
            }
            if (!validateAuthentication(fullEip712InternalData)) {
                logger.error("Could not validate authentication request data");
                return false;
            }
            if (validateAttestedObject(retrieveAttestedObject)) {
                return true;
            }
            logger.error("Could not validate attested object");
            return false;
        } catch (Exception e) {
            logger.error("Could not decode json request");
            return false;
        }
    }

    private AttestedObject retrieveAttestedObject(FullEip712InternalData fullEip712InternalData) {
        return new AttestedObject(URLUtility.decodeData(fullEip712InternalData.getPayload()), this.decoder, this.attestorPublicKey);
    }

    private boolean validateAuthentication(FullEip712InternalData fullEip712InternalData) {
        if (!fullEip712InternalData.getDescription().equals(this.encoder.getUsageValue())) {
            logger.error("Description is incorrect");
            return false;
        }
        Timestamp timestamp = new Timestamp(fullEip712InternalData.getTimestamp());
        timestamp.setValidity(this.acceptableTimeLimit);
        if (timestamp.validateTimestamp()) {
            return true;
        }
        logger.error("Invalid timestamp");
        return false;
    }

    private boolean validateAttestedObject(AttestedObject<T> attestedObject) {
        if (!attestedObject.verify()) {
            logger.error("Could not verify the attested object");
            return false;
        }
        if (attestedObject.checkValidity()) {
            return true;
        }
        logger.error("Attested object is not valid");
        return false;
    }
}
