package com.github.invictum.mei.channel;

import java.security.GeneralSecurityException;
import java.util.Base64;
import java.util.logging.Logger;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import spark.Filter;
import spark.Request;
import spark.Response;
import spark.Spark;

/* loaded from: input_file:com/github/invictum/mei/channel/CheckSignFilter.class */
public class CheckSignFilter implements Filter {
    public static final String SIGN_HEADER = "Sign";
    public static final String NONCE_HEADER = "Nonce";
    private Logger logger;
    private Mac hmacSHA256;
    private long lastNonce = 0;

    public CheckSignFilter(String str, Logger logger) {
        this.logger = logger;
        try {
            this.hmacSHA256 = Mac.getInstance("HmacSHA256");
            this.hmacSHA256.init(new SecretKeySpec(str.getBytes(), "HmacSHA256"));
        } catch (GeneralSecurityException e) {
            logger.warning("Unable to init security mechanism");
        }
    }

    @Override // spark.Filter
    public void handle(Request request, Response response) {
        if (request.headers(NONCE_HEADER) == null || Long.valueOf(request.headers(NONCE_HEADER)).longValue() <= this.lastNonce) {
            this.logger.warning("Request with bad Nonce detected");
            throw Spark.halt(403);
        }
        if (request.headers(SIGN_HEADER) == null) {
            this.logger.warning("Request without Sigh header detected");
            throw Spark.halt(403);
        }
        Long valueOf = Long.valueOf(request.headers(NONCE_HEADER));
        if (request.headers(SIGN_HEADER).contentEquals(Base64.getEncoder().encodeToString(this.hmacSHA256.doFinal((request.body() + valueOf).getBytes())))) {
            this.lastNonce = valueOf.longValue();
        } else {
            this.logger.warning("Request Sigh is wrong");
            throw Spark.halt(403);
        }
    }
}
