package com.cloudera.keytrustee.impl;

import com.cloudera.keytrustee.ClientInfo;
import com.cloudera.keytrustee.Connector;
import com.cloudera.keytrustee.KeyTrusteeConstants;
import com.cloudera.keytrustee.KeyTrusteeException;
import com.cloudera.keytrustee.ServerInfo;
import com.cloudera.keytrustee.TokenStore;
import com.cloudera.keytrustee.crypto.Crypto;
import com.cloudera.keytrustee.impl.PayloadConnection;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/keytrustee/impl/SignedPayloadConnection.class */
public class SignedPayloadConnection extends PayloadConnection {
    private Logger log;

    public SignedPayloadConnection(ClientInfo clientInfo, ServerInfo serverInfo, TokenStore tokenStore) throws KeyTrusteeException {
        super(clientInfo, serverInfo, tokenStore);
        this.log = LoggerFactory.getLogger(SignedPayloadConnection.class);
    }

    protected Map<String, ?> signRequest(Map<String, Object> map) throws Exception {
        HashMap hashMap = new HashMap();
        map.put("version", KeyTrusteeConstants.getVersionedName());
        map.put("sig_fingerprint", this.client.getFingerprint());
        if (this.server.isTokenSync() && this.tokenStore != null) {
            map.put("auth_token", this.tokenStore.getLastToken());
        }
        String jSONObject = new JSONObject(map).toString();
        hashMap.put("payload", jSONObject);
        hashMap.put("payload_sig", Crypto.getInstance().detachSign(jSONObject, this.client.getKeyRings().getSecretKeyRing(), null));
        hashMap.put("client_fingerprint", this.client.getFingerprint().toString());
        return hashMap;
    }

    private boolean verifyRequest(String str, String str2, PGPPublicKeyRing pGPPublicKeyRing) throws Exception {
        return Crypto.getInstance().verifySignature(IOUtils.toInputStream(str, KeyTrusteeConstants.ENCODING), IOUtils.toInputStream(str2, KeyTrusteeConstants.ENCODING), pGPPublicKeyRing);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.cloudera.keytrustee.impl.PayloadConnection
    public PayloadConnection.PayloadResponse fetchData(String str, Map<String, ?> map) throws Exception {
        Connector.Response response = null;
        String str2 = "a=" + str;
        try {
            PGPPublicKeyRing recvPublicKey = recvPublicKey(this.server.getFingerprint());
            recvPublicKey(this.client.getFingerprint());
            Connector.Response execQuery = this.urlConn.execQuery(str2, str.equals("verify") ? encryptRequest(map) : signRequest(map));
            JSONObject decodeContents = decodeContents(execQuery.getContent());
            new PayloadConnection.PayloadResponse(execQuery, decodeContents);
            if (!verifyRequest(decodeContents.getString("payload"), decodeContents.getString("payload_sig"), recvPublicKey)) {
                throw new KeyTrusteeException("Bad payload signature from server");
            }
            PayloadConnection.PayloadResponse payloadResponse = new PayloadConnection.PayloadResponse(execQuery, decodeContents);
            if (payloadResponse != null && payloadResponse.getData() != null && payloadResponse.getData().has("reason")) {
                this.log.info(payloadResponse.getData().getString("reason"));
            }
            if (this.server.isTokenSync() && this.tokenStore != null && payloadResponse.getData().has("next_token")) {
                this.tokenStore.setNextToken(payloadResponse.getData().getString("next_token"));
            }
            return payloadResponse;
        } catch (Exception e) {
            JSONObject jSONObject = new JSONObject();
            if (0 == 0) {
                throw e;
            }
            jSONObject.put("reason", response.getStatusText() + ": " + ((String) null));
            return new PayloadConnection.PayloadResponse(null, jSONObject);
        }
    }
}
