package org.gluu.oxauth.service.fido.u2f;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang.ArrayUtils;
import org.gluu.oxauth.model.fido.u2f.exception.BadInputException;
import org.gluu.oxauth.model.fido.u2f.protocol.ClientData;
import org.slf4j.Logger;

@Stateless
@Named
/* loaded from: input_file:org/gluu/oxauth/service/fido/u2f/ClientDataValidationService.class */
public class ClientDataValidationService {

    @Inject
    private Logger log;

    public void checkContent(ClientData clientData, String[] strArr, String str, Set<String> set) throws BadInputException {
        if (!ArrayUtils.contains(strArr, clientData.getTyp())) {
            throw new BadInputException("Bad clientData: wrong typ " + clientData.getTyp());
        }
        if (!str.equals(clientData.getChallenge())) {
            throw new BadInputException("Bad clientData: wrong challenge");
        }
        if (set == null || set.isEmpty()) {
            return;
        }
        try {
            verifyOrigin(canonicalizeOrigin(clientData.getOrigin()), canonicalizeOrigins(set));
        } catch (RuntimeException e) {
            throw new BadInputException("Bad clientData: Malformed origin", e);
        }
    }

    private static void verifyOrigin(String str, Set<String> set) throws BadInputException {
        if (!set.contains(str)) {
            throw new BadInputException(str + " is not a recognized facet for this application");
        }
    }

    public static Set<String> canonicalizeOrigins(Set<String> set) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(canonicalizeOrigin(it.next()));
        }
        return hashSet;
    }

    public static String canonicalizeOrigin(String str) {
        try {
            URI uri = new URI(str);
            return uri.getAuthority() == null ? str : uri.getScheme() + "://" + uri.getAuthority();
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException("Specified bad origin", e);
        }
    }
}
