package org.interledger.connector.links;

import com.google.common.base.CharMatcher;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.Maps;
import java.util.HashMap;
import java.util.Optional;
import java.util.function.Supplier;
import org.interledger.connector.crypto.ConnectorEncryptionService;
import org.interledger.connector.settings.ConnectorSettings;
import org.interledger.crypto.EncryptedSecret;
import org.interledger.link.LinkSettings;
import org.interledger.link.http.IlpOverHttpLinkSettings;
import org.interledger.link.http.IncomingLinkSettings;
import org.interledger.link.http.JwtAuthSettings;
import org.interledger.link.http.OutgoingLinkSettings;
import org.interledger.link.http.SimpleAuthSettings;

/* loaded from: input_file:org/interledger/connector/links/DefaultLinkSettingsValidator.class */
public class DefaultLinkSettingsValidator implements LinkSettingsValidator {
    private final ConnectorEncryptionService encryptionService;
    private final Supplier<ConnectorSettings> connectorSettingsSupplier;

    public DefaultLinkSettingsValidator(ConnectorEncryptionService connectorEncryptionService, Supplier<ConnectorSettings> supplier) {
        this.encryptionService = connectorEncryptionService;
        this.connectorSettingsSupplier = supplier;
    }

    public <T extends LinkSettings> T validateSettings(T t) {
        return t instanceof IlpOverHttpLinkSettings ? validateIlpLinkSettings((IlpOverHttpLinkSettings) t) : t;
    }

    private IlpOverHttpLinkSettings validateIlpLinkSettings(IlpOverHttpLinkSettings ilpOverHttpLinkSettings) {
        Optional map = ilpOverHttpLinkSettings.incomingLinkSettings().map(incomingLinkSettings -> {
            return IncomingLinkSettings.builder().from(incomingLinkSettings).simpleAuthSettings(validateSimpleAuthSettings(incomingLinkSettings.simpleAuthSettings())).jwtAuthSettings(validateJwtAuthSettings(incomingLinkSettings.jwtAuthSettings())).build();
        });
        Optional map2 = ilpOverHttpLinkSettings.outgoingLinkSettings().map(outgoingLinkSettings -> {
            return OutgoingLinkSettings.builder().from(outgoingLinkSettings).simpleAuthSettings(validateSimpleAuthSettings(outgoingLinkSettings.simpleAuthSettings())).jwtAuthSettings(validateJwtAuthSettings(outgoingLinkSettings.jwtAuthSettings())).build();
        });
        HashMap newHashMap = Maps.newHashMap(ilpOverHttpLinkSettings.getCustomSettings());
        map.ifPresent(incomingLinkSettings2 -> {
            newHashMap.putAll(incomingLinkSettings2.toCustomSettingsMap());
        });
        map2.ifPresent(outgoingLinkSettings2 -> {
            newHashMap.putAll(outgoingLinkSettings2.toCustomSettingsMap());
        });
        return IlpOverHttpLinkSettings.builder().from(ilpOverHttpLinkSettings).incomingLinkSettings(map).outgoingLinkSettings(map2).customSettings(newHashMap).build();
    }

    private Optional<SimpleAuthSettings> validateSimpleAuthSettings(Optional<SimpleAuthSettings> optional) {
        return optional.map(simpleAuthSettings -> {
            return SimpleAuthSettings.forAuthToken(validate(getOrCreateEncryptedSecret(simpleAuthSettings.authToken())).encodedValue());
        });
    }

    private Optional<JwtAuthSettings> validateJwtAuthSettings(Optional<JwtAuthSettings> optional) {
        return optional.map(jwtAuthSettings -> {
            return JwtAuthSettings.builder().from(jwtAuthSettings).encryptedTokenSharedSecret(jwtAuthSettings.encryptedTokenSharedSecret().map(str -> {
                return validate(getOrCreateEncryptedSecret(str)).encodedValue();
            })).build();
        });
    }

    private EncryptedSecret getOrCreateEncryptedSecret(String str) {
        if (Strings.isNullOrEmpty(str)) {
            throw new IllegalArgumentException("sharedSecret cannot be empty");
        }
        validateSharedSecretIsAscii(str);
        return str.startsWith("enc:") ? EncryptedSecret.fromEncodedValue(str) : this.encryptionService.encryptWithAccountSettingsKey(str.getBytes());
    }

    private EncryptedSecret validate(EncryptedSecret encryptedSecret) {
        return (EncryptedSecret) this.encryptionService.getDecryptor().withDecrypted(encryptedSecret, bArr -> {
            if (this.connectorSettingsSupplier.get().enabledFeatures().isRequire32ByteSharedSecrets() && bArr.length < 32) {
                throw new IllegalArgumentException("shared secret must be 32 bytes");
            }
            EncryptedSecret encryptWithAccountSettingsKey = this.encryptionService.encryptWithAccountSettingsKey(bArr);
            return encryptWithAccountSettingsKey.keyMetadata().equals(encryptedSecret.keyMetadata()) ? encryptedSecret : encryptWithAccountSettingsKey;
        });
    }

    private void validateSharedSecretIsAscii(String str) {
        Preconditions.checkArgument(CharMatcher.ascii().matchesAllOf(str), "Shared secret must be ascii");
    }
}
