package com.facebook.nifty.ssl;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.io.Files;
import java.io.File;
import java.io.IOException;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.tomcat.jni.SessionTicketKey;

/* loaded from: input_file:com/facebook/nifty/ssl/TicketSeedFileParser.class */
public class TicketSeedFileParser {
    private static final byte[] NAME_BYTES = {110, 97, 109, 101};
    private static final byte[] AES_BYTES = {97, 101, 115};
    private static final byte[] HMAC_BYTES = {104, 109, 97, 99};
    private static final List<String> EMPTY_STRING_LIST = ImmutableList.of();
    private static final byte[] DEFAULT_TICKET_SALT = CryptoUtil.decodeHex("b78973d13c2d0eb24cf94cd692239867");
    private final byte[] salt;
    private final ObjectMapper objectMapper;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/facebook/nifty/ssl/TicketSeedFileParser$TicketSeeds.class */
    public static class TicketSeeds {
        final List<String> currentSeeds;
        final List<String> newSeeds;
        final List<String> oldSeeds;

        TicketSeeds(List<String> list, List<String> list2, List<String> list3) {
            Preconditions.checkArgument(list != null && list.size() > 0, "current seeds must not be empty");
            this.currentSeeds = ImmutableList.copyOf((Collection) list);
            this.newSeeds = ImmutableList.copyOf((Collection) list2);
            this.oldSeeds = ImmutableList.copyOf((Collection) list3);
        }

        List<String> getAllSeeds() {
            return new ImmutableList.Builder().addAll((Iterable) this.currentSeeds).addAll((Iterable) this.newSeeds).addAll((Iterable) this.oldSeeds).build();
        }

        static TicketSeeds parseFromJSONBytes(byte[] bArr, ObjectMapper objectMapper) throws IOException {
            Map map = (Map) objectMapper.readValue(bArr, new TypeReference<Map<String, List<String>>>() { // from class: com.facebook.nifty.ssl.TicketSeedFileParser.TicketSeeds.1
            });
            return new TicketSeeds((List) map.getOrDefault("current", TicketSeedFileParser.EMPTY_STRING_LIST), (List) map.getOrDefault("new", TicketSeedFileParser.EMPTY_STRING_LIST), (List) map.getOrDefault("old", TicketSeedFileParser.EMPTY_STRING_LIST));
        }
    }

    public TicketSeedFileParser() {
        this(DEFAULT_TICKET_SALT);
    }

    public TicketSeedFileParser(String str) {
        this(CryptoUtil.decodeHex(str));
    }

    public TicketSeedFileParser(byte[] bArr) {
        bArr = bArr == null ? DEFAULT_TICKET_SALT : bArr;
        this.salt = new byte[bArr.length];
        System.arraycopy(bArr, 0, this.salt, 0, bArr.length);
        this.objectMapper = new ObjectMapper();
    }

    public List<SessionTicketKey> parse(File file) throws IOException {
        return parseBytes(Files.toByteArray(file));
    }

    public List<SessionTicketKey> parseBytes(byte[] bArr) throws IOException {
        return (List) TicketSeeds.parseFromJSONBytes(bArr, this.objectMapper).getAllSeeds().stream().map(this::deriveKeyFromSeed).collect(Collectors.toList());
    }

    private SessionTicketKey deriveKeyFromSeed(String str) {
        byte[] decodeHex = CryptoUtil.decodeHex(str);
        return new SessionTicketKey(CryptoUtil.hkdf(decodeHex, this.salt, NAME_BYTES, 16), CryptoUtil.hkdf(decodeHex, this.salt, HMAC_BYTES, 16), CryptoUtil.hkdf(decodeHex, this.salt, AES_BYTES, 16));
    }
}
