package com.macasaet.fernet;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.time.Instant;
import java.util.Base64;
import java.util.Collection;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes3.dex */
public class Token {
    private final byte[] cipherText;
    private final byte[] hmac;
    private final IvParameterSpec initializationVector;
    private final Instant timestamp;
    private final byte version;

    protected Token(byte b, Instant instant, IvParameterSpec ivParameterSpec, byte[] bArr, byte[] bArr2) {
        if (b != Byte.MIN_VALUE) {
            throw new IllegalTokenException("Unsupported version: " + ((int) b));
        }
        if (instant == null) {
            throw new IllegalTokenException("timestamp cannot be null");
        }
        if (ivParameterSpec == null || ivParameterSpec.getIV().length != 16) {
            throw new IllegalTokenException("Initialization Vector must be 128 bits");
        }
        if (bArr == null || bArr.length % 16 != 0) {
            throw new IllegalTokenException("Ciphertext must be a multiple of 128 bits");
        }
        if (bArr2 == null || bArr2.length != 32) {
            throw new IllegalTokenException("hmac must be 256 bits");
        }
        this.version = b;
        this.timestamp = instant;
        this.initializationVector = ivParameterSpec;
        this.cipherText = bArr;
        this.hmac = bArr2;
    }

    public static Token fromBytes(byte[] bArr) {
        if (bArr.length < 73) {
            throw new IllegalTokenException("Not enough bits to generate a Token");
        }
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                DataInputStream dataInputStream = new DataInputStream(byteArrayInputStream);
                try {
                    byte readByte = dataInputStream.readByte();
                    long readLong = dataInputStream.readLong();
                    byte[] read = read(dataInputStream, 16);
                    byte[] read2 = read(dataInputStream, bArr.length - 57);
                    byte[] read3 = read(dataInputStream, 32);
                    if (dataInputStream.read() != -1) {
                        throw new IllegalTokenException("more bits found");
                    }
                    Token token = new Token(readByte, Instant.ofEpochSecond(readLong), new IvParameterSpec(read), read2, read3);
                    dataInputStream.close();
                    byteArrayInputStream.close();
                    return token;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalStateException(e.getMessage(), e);
        }
    }

    public static Token fromString(String str) {
        return fromBytes(Constants.decoder.decode(str));
    }

    public static Token generate(Key key, String str) {
        return generate(new SecureRandom(), key, str);
    }

    public static Token generate(Key key, byte[] bArr) {
        return generate(new SecureRandom(), key, bArr);
    }

    public static Token generate(SecureRandom secureRandom, Key key, String str) {
        return generate(secureRandom, key, str.getBytes(Constants.charset));
    }

    public static Token generate(SecureRandom secureRandom, Key key, byte[] bArr) {
        IvParameterSpec generateInitializationVector = generateInitializationVector(secureRandom);
        byte[] encrypt = key.encrypt(bArr, generateInitializationVector);
        Instant now = Instant.now();
        return new Token(Byte.MIN_VALUE, now, generateInitializationVector, encrypt, key.sign(Byte.MIN_VALUE, now, generateInitializationVector, encrypt));
    }

    protected static IvParameterSpec generateInitializationVector(SecureRandom secureRandom) {
        return new IvParameterSpec(generateInitializationVectorBytes(secureRandom));
    }

    protected static byte[] generateInitializationVectorBytes(SecureRandom secureRandom) {
        byte[] bArr = new byte[16];
        secureRandom.nextBytes(bArr);
        return bArr;
    }

    protected static byte[] read(DataInputStream dataInputStream, int i) throws IOException {
        byte[] bArr = new byte[i];
        if (dataInputStream.read(bArr) >= i) {
            return bArr;
        }
        throw new IllegalTokenException("Not enough bits to generate a Token");
    }

    protected byte[] getCipherText() {
        return this.cipherText;
    }

    protected Base64.Encoder getEncoder() {
        return Constants.encoder;
    }

    protected byte[] getHmac() {
        return this.hmac;
    }

    public IvParameterSpec getInitializationVector() {
        return this.initializationVector;
    }

    public Instant getTimestamp() {
        return this.timestamp;
    }

    public byte getVersion() {
        return this.version;
    }

    public boolean isValidSignature(Key key) {
        return MessageDigest.isEqual(getHmac(), key.sign(getVersion(), getTimestamp(), getInitializationVector(), getCipherText()));
    }

    public String serialise() {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(getCipherText().length + 57);
            try {
                writeTo(byteArrayOutputStream);
                String encodeToString = getEncoder().encodeToString(byteArrayOutputStream.toByteArray());
                byteArrayOutputStream.close();
                return encodeToString;
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalStateException(e.getMessage(), e);
        }
    }

    public String toString() {
        StringBuilder sb = new StringBuilder(107);
        sb.append("Token [version=");
        sb.append(String.format("0x%x", new BigInteger(1, new byte[]{getVersion()})));
        sb.append(", timestamp=");
        sb.append(getTimestamp());
        sb.append(", hmac=");
        sb.append(Constants.encoder.encodeToString(getHmac()));
        sb.append(']');
        return sb.toString();
    }

    public <T> T validateAndDecrypt(Key key, Validator<T> validator) {
        return validator.validateAndDecrypt(key, this);
    }

    public <T> T validateAndDecrypt(Collection<? extends Key> collection, Validator<T> validator) {
        return validator.validateAndDecrypt(collection, this);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] validateAndDecrypt(Key key, Instant instant, Instant instant2) {
        if (getVersion() != Byte.MIN_VALUE) {
            throw new TokenValidationException("Invalid version");
        }
        if (!getTimestamp().isAfter(instant)) {
            throw new TokenExpiredException("Token is expired");
        }
        if (!getTimestamp().isBefore(instant2)) {
            throw new TokenValidationException("Token timestamp is in the future (clock skew).");
        }
        if (isValidSignature(key)) {
            return key.decrypt(getCipherText(), getInitializationVector());
        }
        throw new TokenValidationException("Signature does not match.");
    }

    public void writeTo(OutputStream outputStream) throws IOException {
        DataOutputStream dataOutputStream = new DataOutputStream(outputStream);
        try {
            dataOutputStream.writeByte(getVersion());
            dataOutputStream.writeLong(getTimestamp().getEpochSecond());
            dataOutputStream.write(getInitializationVector().getIV());
            dataOutputStream.write(getCipherText());
            dataOutputStream.write(getHmac());
            dataOutputStream.close();
        } catch (Throwable th) {
            try {
                dataOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
