package org.openecard.control.module.tctoken;

import generated.TCTokenType;
import java.net.URL;
import org.openecard.common.ECardConstants;
import org.openecard.common.util.ByteUtils;
import org.openecard.common.util.ValueValidator;

/* loaded from: input_file:org/openecard/control/module/tctoken/TCTokenVerifier.class */
public class TCTokenVerifier {
    private TCTokenType token;

    public TCTokenVerifier(TCTokenType tCTokenType) {
        this.token = tCTokenType;
    }

    public void verify() throws TCTokenException {
        if (this.token == null) {
            throw new IllegalStateException();
        }
        try {
            verifyServerAddress();
            verifySessionIdentifier();
            verifyRefreshAddress();
            verifyBinding();
            verifyPathSecurityParameters();
            verifyPathSecurityProtocol();
        } catch (TCTokenException e) {
            throw new TCTokenException("TCToken is malformed", e);
        }
    }

    public void verifyServerAddress() throws TCTokenException {
        try {
            String serverAddress = this.token.getServerAddress();
            assertURL(serverAddress);
            assertRequired(serverAddress);
        } catch (TCTokenException e) {
            throw new TCTokenException("Malformed ServerAddress");
        }
    }

    public void verifySessionIdentifier() throws TCTokenException {
        try {
            String sessionIdentifier = this.token.getSessionIdentifier();
            assertRequired(sessionIdentifier);
            checkSessionLength(sessionIdentifier);
        } catch (TCTokenException e) {
            throw new TCTokenException("Malformed SessionIdentifier");
        }
    }

    public void verifyRefreshAddress() throws TCTokenException {
        try {
            String refreshAddress = this.token.getRefreshAddress();
            assertURL(refreshAddress);
            assertRequired(refreshAddress);
        } catch (TCTokenException e) {
            throw new TCTokenException("Malformed RefreshAddress");
        }
    }

    public void verifyBinding() throws TCTokenException {
        try {
            String binding = this.token.getBinding();
            assertRequired(binding);
            checkEqual(binding, ECardConstants.PAOS_VERSION_20);
        } catch (TCTokenException e) {
            throw new TCTokenException("Malformed Binding");
        }
    }

    public void verifyPathSecurityProtocol() throws TCTokenException {
        try {
            String pathSecurityProtocol = this.token.getPathSecurityProtocol();
            if (!checkEmpty(pathSecurityProtocol)) {
                checkEqualOR(pathSecurityProtocol, "urn:ietf:rfc:4346", "urn:ietf:rfc:4279", "urn:ietf:rfc:5487");
            }
        } catch (TCTokenException e) {
            throw new TCTokenException("Malformed PathSecurityProtocol");
        }
    }

    public void verifyPathSecurityParameters() throws TCTokenException {
        try {
            if (this.token.getPathSecurityProtocol().equals("urn:ietf:rfc:4279") || this.token.getPathSecurityProtocol().equals("urn:ietf:rfc:5487")) {
                TCTokenType.PathSecurityParameters pathSecurityParameters = this.token.getPathSecurityParameters();
                if (!checkEmpty(pathSecurityParameters)) {
                    assertRequired(pathSecurityParameters.getPSK());
                    checkPSKLength(ByteUtils.toHexString(pathSecurityParameters.getPSK()));
                }
            }
        } catch (TCTokenException e) {
            throw new TCTokenException("Malformed PathSecurityParameters");
        }
    }

    private boolean checkEmpty(Object obj) {
        if (obj != null) {
            return obj instanceof String ? ((String) obj).isEmpty() : obj instanceof URL ? ((URL) obj).toString().isEmpty() : (obj instanceof byte[]) && ((byte[]) obj).length == 0;
        }
        return true;
    }

    private void checkEqual(String str, String str2) throws TCTokenException {
        if (!str.equals(str2)) {
            throw new TCTokenException("Element is not equal to " + str2);
        }
    }

    private void checkEqualOR(String str, String... strArr) throws TCTokenException {
        for (String str2 : strArr) {
            if (str.equals(str2)) {
                return;
            }
        }
        throw new TCTokenException();
    }

    private void assertRequired(Object obj) throws TCTokenException {
        if (checkEmpty(obj)) {
            throw new TCTokenException("Element is required.");
        }
    }

    private void assertURL(Object obj) throws TCTokenException {
        try {
            new URL(obj.toString());
        } catch (Exception e) {
            throw new TCTokenException("Malformed URL");
        }
    }

    private void checkSessionLength(String str) throws TCTokenException {
        if (!ValueValidator.checkSessionStrength(str)) {
            throw new TCTokenException("The number of bytes in the session is too small.");
        }
    }

    private void checkPSKLength(String str) throws TCTokenException {
        if (!ValueValidator.checkPSKStrength(str)) {
            throw new TCTokenException("The number of bytes in the PSK is too small.");
        }
    }
}
