package com.netflix.msl.tokens;

import com.netflix.msl.MslConstants;
import com.netflix.msl.MslCryptoException;
import com.netflix.msl.MslEncodingException;
import com.netflix.msl.MslError;
import com.netflix.msl.MslException;
import com.netflix.msl.MslInternalException;
import com.netflix.msl.crypto.ICryptoContext;
import com.netflix.msl.crypto.JcaAlgorithm;
import com.netflix.msl.io.MslEncodable;
import com.netflix.msl.io.MslEncoderException;
import com.netflix.msl.io.MslEncoderFactory;
import com.netflix.msl.io.MslEncoderFormat;
import com.netflix.msl.io.MslObject;
import com.netflix.msl.util.Base64;
import com.netflix.msl.util.MslContext;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:WEB-INF/lib/msl-core-1.1221.0.jar:com/netflix/msl/tokens/MasterToken.class */
public class MasterToken implements MslEncodable {
    private static final long MILLISECONDS_PER_SECOND = 1000;
    private static final String KEY_TOKENDATA = "tokendata";
    private static final String KEY_SIGNATURE = "signature";
    private static final String KEY_RENEWAL_WINDOW = "renewalwindow";
    private static final String KEY_EXPIRATION = "expiration";
    private static final String KEY_SEQUENCE_NUMBER = "sequencenumber";
    private static final String KEY_SERIAL_NUMBER = "serialnumber";
    private static final String KEY_SESSIONDATA = "sessiondata";
    private static final String KEY_ISSUER_DATA = "issuerdata";
    private static final String KEY_IDENTITY = "identity";
    private static final String KEY_ENCRYPTION_KEY = "encryptionkey";
    private static final String KEY_ENCRYPTION_ALGORITHM = "encryptionalgorithm";
    private static final String KEY_HMAC_KEY = "hmackey";
    private static final String KEY_SIGNATURE_KEY = "signaturekey";
    private static final String KEY_SIGNATURE_ALGORITHM = "signaturealgorithm";
    private final MslContext ctx;
    private final long renewalWindow;
    private final long expiration;
    private final long sequenceNumber;
    private final long serialNumber;
    private final MslObject sessiondata;
    private final MslObject issuerdata;
    private final String identity;
    private final SecretKey encryptionKey;
    private final SecretKey signatureKey;
    private final byte[] tokendataBytes;
    private final byte[] signatureBytes;
    private final boolean verified;
    private final Map<MslEncoderFormat, byte[]> encodings = new HashMap();

    public MasterToken(MslContext mslContext, Date date, Date date2, long j, long j2, MslObject mslObject, String str, SecretKey secretKey, SecretKey secretKey2) throws MslEncodingException, MslCryptoException {
        if (date2.before(date)) {
            throw new MslInternalException("Cannot construct a master token that expires before its renewal window opens.");
        }
        if (j < 0 || j > MslConstants.MAX_LONG_VALUE) {
            throw new MslInternalException("Sequence number " + j + " is outside the valid range.");
        }
        if (j2 < 0 || j2 > MslConstants.MAX_LONG_VALUE) {
            throw new MslInternalException("Serial number " + j2 + " is outside the valid range.");
        }
        this.ctx = mslContext;
        this.renewalWindow = date.getTime() / 1000;
        this.expiration = date2.getTime() / 1000;
        this.sequenceNumber = j;
        this.serialNumber = j2;
        this.issuerdata = mslObject;
        this.identity = str;
        this.encryptionKey = secretKey;
        this.signatureKey = secretKey2;
        byte[] encoded = this.encryptionKey.getEncoded();
        byte[] encoded2 = this.signatureKey.getEncoded();
        try {
            MslConstants.EncryptionAlgo fromString = MslConstants.EncryptionAlgo.fromString(this.encryptionKey.getAlgorithm());
            MslConstants.SignatureAlgo fromString2 = MslConstants.SignatureAlgo.fromString(this.signatureKey.getAlgorithm());
            this.sessiondata = mslContext.getMslEncoderFactory().createObject();
            if (this.issuerdata != null) {
                this.sessiondata.put(KEY_ISSUER_DATA, this.issuerdata);
            }
            this.sessiondata.put(KEY_IDENTITY, this.identity);
            this.sessiondata.put(KEY_ENCRYPTION_KEY, encoded);
            this.sessiondata.put(KEY_ENCRYPTION_ALGORITHM, fromString);
            this.sessiondata.put(KEY_HMAC_KEY, encoded2);
            this.sessiondata.put(KEY_SIGNATURE_KEY, encoded2);
            this.sessiondata.put(KEY_SIGNATURE_ALGORITHM, fromString2);
            this.tokendataBytes = null;
            this.signatureBytes = null;
            this.verified = true;
        } catch (IllegalArgumentException e) {
            throw new MslCryptoException(MslError.UNIDENTIFIED_ALGORITHM, "encryption algorithm: " + this.encryptionKey.getAlgorithm() + "; signature algorithm: " + this.signatureKey.getAlgorithm(), e);
        }
    }

    public MasterToken(MslContext mslContext, MslObject mslObject) throws MslEncodingException, MslCryptoException, MslException {
        this.ctx = mslContext;
        ICryptoContext mslCryptoContext = mslContext.getMslCryptoContext();
        MslEncoderFactory mslEncoderFactory = mslContext.getMslEncoderFactory();
        try {
            this.tokendataBytes = mslObject.getBytes(KEY_TOKENDATA);
            if (this.tokendataBytes.length == 0) {
                throw new MslEncodingException(MslError.MASTERTOKEN_TOKENDATA_MISSING, "mastertoken " + mslObject);
            }
            this.signatureBytes = mslObject.getBytes("signature");
            this.verified = mslCryptoContext.verify(this.tokendataBytes, this.signatureBytes, mslEncoderFactory);
            try {
                MslObject parseObject = mslEncoderFactory.parseObject(this.tokendataBytes);
                this.renewalWindow = parseObject.getLong(KEY_RENEWAL_WINDOW);
                this.expiration = parseObject.getLong(KEY_EXPIRATION);
                if (this.expiration < this.renewalWindow) {
                    throw new MslException(MslError.MASTERTOKEN_EXPIRES_BEFORE_RENEWAL, "mastertokendata " + parseObject);
                }
                this.sequenceNumber = parseObject.getLong(KEY_SEQUENCE_NUMBER);
                if (this.sequenceNumber < 0 || this.sequenceNumber > MslConstants.MAX_LONG_VALUE) {
                    throw new MslException(MslError.MASTERTOKEN_SEQUENCE_NUMBER_OUT_OF_RANGE, "mastertokendata " + parseObject);
                }
                this.serialNumber = parseObject.getLong(KEY_SERIAL_NUMBER);
                if (this.serialNumber < 0 || this.serialNumber > MslConstants.MAX_LONG_VALUE) {
                    throw new MslException(MslError.MASTERTOKEN_SERIAL_NUMBER_OUT_OF_RANGE, "mastertokendata " + parseObject);
                }
                byte[] bytes = parseObject.getBytes(KEY_SESSIONDATA);
                if (bytes.length == 0) {
                    throw new MslEncodingException(MslError.MASTERTOKEN_SESSIONDATA_MISSING, "mastertokendata " + parseObject);
                }
                byte[] decrypt = this.verified ? mslCryptoContext.decrypt(bytes, mslEncoderFactory) : null;
                if (decrypt == null) {
                    this.sessiondata = null;
                    this.issuerdata = null;
                    this.identity = null;
                    this.encryptionKey = null;
                    this.signatureKey = null;
                    return;
                }
                try {
                    this.sessiondata = mslEncoderFactory.parseObject(decrypt);
                    this.issuerdata = this.sessiondata.has(KEY_ISSUER_DATA) ? this.sessiondata.getMslObject(KEY_ISSUER_DATA, mslEncoderFactory) : null;
                    this.identity = this.sessiondata.getString(KEY_IDENTITY);
                    byte[] bytes2 = this.sessiondata.getBytes(KEY_ENCRYPTION_KEY);
                    String optString = this.sessiondata.optString(KEY_ENCRYPTION_ALGORITHM, "AES");
                    byte[] bytes3 = this.sessiondata.has(KEY_SIGNATURE_KEY) ? this.sessiondata.getBytes(KEY_SIGNATURE_KEY) : this.sessiondata.getBytes(KEY_HMAC_KEY);
                    String optString2 = this.sessiondata.optString(KEY_SIGNATURE_ALGORITHM, JcaAlgorithm.HMAC_SHA256);
                    try {
                        String encryptionAlgo = MslConstants.EncryptionAlgo.fromString(optString).toString();
                        String signatureAlgo = MslConstants.SignatureAlgo.fromString(optString2).toString();
                        try {
                            this.encryptionKey = new SecretKeySpec(bytes2, encryptionAlgo);
                            this.signatureKey = new SecretKeySpec(bytes3, signatureAlgo);
                        } catch (IllegalArgumentException e) {
                            throw new MslCryptoException(MslError.MASTERTOKEN_KEY_CREATION_ERROR, e);
                        }
                    } catch (IllegalArgumentException e2) {
                        throw new MslCryptoException(MslError.UNIDENTIFIED_ALGORITHM, "encryption algorithm: " + optString + "; signature algorithm" + optString2, e2);
                    }
                } catch (MslEncoderException e3) {
                    throw new MslEncodingException(MslError.MASTERTOKEN_SESSIONDATA_PARSE_ERROR, "sessiondata " + Base64.encode(decrypt), e3);
                }
            } catch (MslEncoderException e4) {
                throw new MslEncodingException(MslError.MASTERTOKEN_TOKENDATA_PARSE_ERROR, "mastertokendata " + Base64.encode(this.tokendataBytes), e4);
            }
        } catch (MslEncoderException e5) {
            throw new MslEncodingException(MslError.MSL_PARSE_ERROR, "mastertoken " + mslObject, e5);
        }
    }

    public boolean isDecrypted() {
        return this.sessiondata != null;
    }

    public boolean isVerified() {
        return this.verified;
    }

    public Date getRenewalWindow() {
        return new Date(this.renewalWindow * 1000);
    }

    public boolean isRenewable(Date date) {
        return date != null ? this.renewalWindow * 1000 <= date.getTime() : !isVerified() || this.renewalWindow * 1000 <= this.ctx.getTime();
    }

    public Date getExpiration() {
        return new Date(this.expiration * 1000);
    }

    public boolean isExpired(Date date) {
        return date != null ? this.expiration * 1000 <= date.getTime() : isVerified() && this.expiration * 1000 <= this.ctx.getTime();
    }

    public long getSequenceNumber() {
        return this.sequenceNumber;
    }

    public long getSerialNumber() {
        return this.serialNumber;
    }

    public boolean isNewerThan(MasterToken masterToken) {
        if (this.sequenceNumber == masterToken.sequenceNumber) {
            return this.expiration > masterToken.expiration;
        }
        if (this.sequenceNumber > masterToken.sequenceNumber) {
            return masterToken.sequenceNumber >= (this.sequenceNumber - MslConstants.MAX_LONG_VALUE) + 127;
        }
        return this.sequenceNumber < (masterToken.sequenceNumber - MslConstants.MAX_LONG_VALUE) + 127;
    }

    public MslObject getIssuerData() {
        return this.issuerdata;
    }

    public String getIdentity() {
        return this.identity;
    }

    public SecretKey getEncryptionKey() {
        return this.encryptionKey;
    }

    public SecretKey getSignatureKey() {
        return this.signatureKey;
    }

    @Override // com.netflix.msl.io.MslEncodable
    public byte[] toMslEncoding(MslEncoderFactory mslEncoderFactory, MslEncoderFormat mslEncoderFormat) throws MslEncoderException {
        byte[] bArr;
        byte[] bArr2;
        if (this.encodings.containsKey(mslEncoderFormat)) {
            return this.encodings.get(mslEncoderFormat);
        }
        if (this.tokendataBytes == null && this.signatureBytes == null) {
            try {
                ICryptoContext mslCryptoContext = this.ctx.getMslCryptoContext();
                try {
                    byte[] encrypt = mslCryptoContext.encrypt(mslEncoderFactory.encodeObject(this.sessiondata, mslEncoderFormat), mslEncoderFactory, mslEncoderFormat);
                    MslObject createObject = mslEncoderFactory.createObject();
                    createObject.put(KEY_RENEWAL_WINDOW, Long.valueOf(this.renewalWindow));
                    createObject.put(KEY_EXPIRATION, Long.valueOf(this.expiration));
                    createObject.put(KEY_SEQUENCE_NUMBER, Long.valueOf(this.sequenceNumber));
                    createObject.put(KEY_SERIAL_NUMBER, Long.valueOf(this.serialNumber));
                    createObject.put(KEY_SESSIONDATA, encrypt);
                    bArr = mslEncoderFactory.encodeObject(createObject, mslEncoderFormat);
                    try {
                        bArr2 = mslCryptoContext.sign(bArr, mslEncoderFactory, mslEncoderFormat);
                    } catch (MslCryptoException e) {
                        throw new MslEncoderException("Error signing the token data.", e);
                    }
                } catch (MslCryptoException e2) {
                    throw new MslEncoderException("Error encrypting the session data.", e2);
                }
            } catch (MslCryptoException e3) {
                throw new MslEncoderException("Error creating the MSL crypto context.", e3);
            }
        } else {
            bArr = this.tokendataBytes;
            bArr2 = this.signatureBytes;
        }
        MslObject createObject2 = mslEncoderFactory.createObject();
        createObject2.put(KEY_TOKENDATA, bArr);
        createObject2.put("signature", bArr2);
        byte[] encodeObject = mslEncoderFactory.encodeObject(createObject2, mslEncoderFormat);
        this.encodings.put(mslEncoderFormat, encodeObject);
        return encodeObject;
    }

    public String toString() {
        MslEncoderFactory mslEncoderFactory = this.ctx.getMslEncoderFactory();
        MslObject createObject = mslEncoderFactory.createObject();
        createObject.put(KEY_RENEWAL_WINDOW, Long.valueOf(this.renewalWindow));
        createObject.put(KEY_EXPIRATION, Long.valueOf(this.expiration));
        createObject.put(KEY_SEQUENCE_NUMBER, Long.valueOf(this.sequenceNumber));
        createObject.put(KEY_SERIAL_NUMBER, Long.valueOf(this.serialNumber));
        createObject.put(KEY_SESSIONDATA, "(redacted)");
        MslObject createObject2 = mslEncoderFactory.createObject();
        createObject2.put(KEY_TOKENDATA, createObject);
        createObject2.put("signature", this.signatureBytes != null ? this.signatureBytes : "(null)");
        return createObject2.toString();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof MasterToken)) {
            return false;
        }
        MasterToken masterToken = (MasterToken) obj;
        return this.serialNumber == masterToken.serialNumber && this.sequenceNumber == masterToken.sequenceNumber && this.expiration == masterToken.expiration;
    }

    public int hashCode() {
        return (String.valueOf(this.serialNumber) + ":" + String.valueOf(this.sequenceNumber) + ":" + String.valueOf(this.expiration)).hashCode();
    }
}
