package com.yubico.client.v2.impl;

import com.yubico.client.v2.Signature;
import com.yubico.client.v2.YubicoClient;
import com.yubico.client.v2.YubicoResponse;
import com.yubico.client.v2.YubicoResponseStatus;
import com.yubico.client.v2.YubicoValidationService;
import com.yubico.client.v2.exceptions.YubicoSignatureException;
import com.yubico.client.v2.exceptions.YubicoValidationException;
import com.yubico.client.v2.exceptions.YubicoValidationFailure;
import java.util.ArrayList;
import java.util.Map;
import java.util.UUID;

/* loaded from: input_file:com/yubico/client/v2/impl/YubicoClientImpl.class */
public class YubicoClientImpl extends YubicoClient {
    public YubicoClientImpl(Integer num) {
        this.clientId = num;
    }

    public YubicoClientImpl(Integer num, String str) {
        this.clientId = num;
        setKey(str);
    }

    public YubicoClientImpl(Integer num, String str, String str2) {
        this.clientId = num;
        setKey(str);
        setSync(str2);
    }

    @Override // com.yubico.client.v2.YubicoClient
    public YubicoResponse verify(String str) throws YubicoValidationException, YubicoValidationFailure {
        if (!isValidOTPFormat(str)) {
            throw new IllegalArgumentException("The OTP is not a valid format");
        }
        String replaceAll = UUID.randomUUID().toString().replaceAll("-", "");
        String format = String.format("id=%d&nonce=%s&otp=%s%s&timestamp=%s", this.clientId, replaceAll, str, this.sync != null ? String.format("&sl=%s", this.sync) : "", "1");
        if (this.key != null) {
            try {
                format = (format + "&h=") + Signature.calculate(format.toString(), this.key).replaceAll("\\+", "%2B");
            } catch (YubicoSignatureException e) {
                throw new YubicoValidationException("Failed signing of request", e);
            }
        }
        String[] wsapiUrls = getWsapiUrls();
        ArrayList arrayList = new ArrayList();
        for (String str2 : wsapiUrls) {
            arrayList.add(str2 + "?" + format);
        }
        YubicoResponse fetch = new YubicoValidationService().fetch(arrayList);
        if (this.key != null) {
            StringBuffer stringBuffer = new StringBuffer();
            for (Map.Entry<String, String> entry : fetch.getKeyValueMap().entrySet()) {
                if (!"h".equals(entry.getKey())) {
                    if (stringBuffer.length() > 0) {
                        stringBuffer.append("&");
                    }
                    stringBuffer.append(entry.getKey()).append("=").append(entry.getValue());
                }
            }
            try {
                if (!fetch.getH().equals(Signature.calculate(stringBuffer.toString(), this.key).trim())) {
                    throw new YubicoValidationFailure("Signatures do not match");
                }
            } catch (YubicoSignatureException e2) {
                throw new YubicoValidationException("Failed to calculate the response signature.", e2);
            }
        }
        if (!isError(fetch.getStatus())) {
            if (fetch.getOtp() == null || !str.equals(fetch.getOtp())) {
                throw new YubicoValidationFailure("OTP mismatch in response, is there a man-in-the-middle?");
            }
            if (fetch.getNonce() == null || !replaceAll.equals(fetch.getNonce())) {
                throw new YubicoValidationFailure("Nonce mismatch in response, is there a man-in-the-middle?");
            }
        }
        return fetch;
    }

    private boolean isError(YubicoResponseStatus yubicoResponseStatus) {
        return YubicoResponseStatus.BACKEND_ERROR.equals(yubicoResponseStatus) || YubicoResponseStatus.BAD_OTP.equals(yubicoResponseStatus) || YubicoResponseStatus.BAD_SIGNATURE.equals(yubicoResponseStatus) || YubicoResponseStatus.NO_SUCH_CLIENT.equals(yubicoResponseStatus) || YubicoResponseStatus.MISSING_PARAMETER.equals(yubicoResponseStatus);
    }
}
