package com.netflix.msl.tokens;

import com.netflix.msl.MslConstants;
import com.netflix.msl.MslCryptoException;
import com.netflix.msl.MslEncodingException;
import com.netflix.msl.MslError;
import com.netflix.msl.MslException;
import com.netflix.msl.MslInternalException;
import com.netflix.msl.crypto.ICryptoContext;
import com.netflix.msl.io.MslEncodable;
import com.netflix.msl.io.MslEncoderException;
import com.netflix.msl.io.MslEncoderFactory;
import com.netflix.msl.io.MslEncoderFormat;
import com.netflix.msl.io.MslObject;
import com.netflix.msl.util.Base64;
import com.netflix.msl.util.MslContext;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:WEB-INF/lib/msl-core-1.1223.0.jar:com/netflix/msl/tokens/UserIdToken.class */
public class UserIdToken implements MslEncodable {
    private static final long MILLISECONDS_PER_SECOND = 1000;
    private static final String KEY_TOKENDATA = "tokendata";
    private static final String KEY_SIGNATURE = "signature";
    private static final String KEY_RENEWAL_WINDOW = "renewalwindow";
    private static final String KEY_EXPIRATION = "expiration";
    private static final String KEY_MASTER_TOKEN_SERIAL_NUMBER = "mtserialnumber";
    private static final String KEY_SERIAL_NUMBER = "serialnumber";
    private static final String KEY_USERDATA = "userdata";
    private static final String KEY_ISSUER_DATA = "issuerdata";
    private static final String KEY_IDENTITY = "identity";
    private final MslContext ctx;
    private final long renewalWindow;
    private final long expiration;
    private final long mtSerialNumber;
    private final long serialNumber;
    private final MslObject userdata;
    private final MslObject issuerdata;
    private final MslUser user;
    private final byte[] tokendataBytes;
    private final byte[] signatureBytes;
    private final boolean verified;
    private final Map<MslEncoderFormat, byte[]> encodings = new HashMap();

    public UserIdToken(MslContext mslContext, Date date, Date date2, MasterToken masterToken, long j, MslObject mslObject, MslUser mslUser) throws MslEncodingException, MslCryptoException {
        if (date2.before(date)) {
            throw new MslInternalException("Cannot construct a user ID token that expires before its renewal window opens.");
        }
        if (masterToken == null) {
            throw new MslInternalException("Cannot construct a user ID token without a master token.");
        }
        if (j < 0 || j > MslConstants.MAX_LONG_VALUE) {
            throw new MslInternalException("Serial number " + j + " is outside the valid range.");
        }
        this.ctx = mslContext;
        this.renewalWindow = date.getTime() / 1000;
        this.expiration = date2.getTime() / 1000;
        this.mtSerialNumber = masterToken.getSerialNumber();
        this.serialNumber = j;
        this.issuerdata = mslObject;
        this.user = mslUser;
        this.userdata = this.ctx.getMslEncoderFactory().createObject();
        if (this.issuerdata != null) {
            this.userdata.put(KEY_ISSUER_DATA, this.issuerdata);
        }
        this.userdata.put(KEY_IDENTITY, mslUser.getEncoded());
        this.tokendataBytes = null;
        this.signatureBytes = null;
        this.verified = true;
    }

    public UserIdToken(MslContext mslContext, MslObject mslObject, MasterToken masterToken) throws MslEncodingException, MslCryptoException, MslException {
        this.ctx = mslContext;
        ICryptoContext mslCryptoContext = mslContext.getMslCryptoContext();
        MslEncoderFactory mslEncoderFactory = mslContext.getMslEncoderFactory();
        try {
            this.tokendataBytes = mslObject.getBytes(KEY_TOKENDATA);
            if (this.tokendataBytes.length == 0) {
                throw new MslEncodingException(MslError.USERIDTOKEN_TOKENDATA_MISSING, "useridtoken " + mslObject).setMasterToken(masterToken);
            }
            this.signatureBytes = mslObject.getBytes("signature");
            this.verified = mslCryptoContext.verify(this.tokendataBytes, this.signatureBytes, mslEncoderFactory);
            try {
                MslObject parseObject = mslEncoderFactory.parseObject(this.tokendataBytes);
                this.renewalWindow = parseObject.getLong(KEY_RENEWAL_WINDOW);
                this.expiration = parseObject.getLong(KEY_EXPIRATION);
                if (this.expiration < this.renewalWindow) {
                    throw new MslException(MslError.USERIDTOKEN_EXPIRES_BEFORE_RENEWAL, "usertokendata " + parseObject).setMasterToken(masterToken);
                }
                this.mtSerialNumber = parseObject.getLong(KEY_MASTER_TOKEN_SERIAL_NUMBER);
                if (this.mtSerialNumber < 0 || this.mtSerialNumber > MslConstants.MAX_LONG_VALUE) {
                    throw new MslException(MslError.USERIDTOKEN_MASTERTOKEN_SERIAL_NUMBER_OUT_OF_RANGE, "usertokendata " + parseObject).setMasterToken(masterToken);
                }
                this.serialNumber = parseObject.getLong(KEY_SERIAL_NUMBER);
                if (this.serialNumber < 0 || this.serialNumber > MslConstants.MAX_LONG_VALUE) {
                    throw new MslException(MslError.USERIDTOKEN_SERIAL_NUMBER_OUT_OF_RANGE, "usertokendata " + parseObject).setMasterToken(masterToken);
                }
                byte[] bytes = parseObject.getBytes(KEY_USERDATA);
                if (bytes.length == 0) {
                    throw new MslException(MslError.USERIDTOKEN_USERDATA_MISSING).setMasterToken(masterToken);
                }
                byte[] decrypt = this.verified ? mslCryptoContext.decrypt(bytes, mslEncoderFactory) : null;
                if (decrypt != null) {
                    try {
                        this.userdata = mslEncoderFactory.parseObject(decrypt);
                        this.issuerdata = this.userdata.has(KEY_ISSUER_DATA) ? this.userdata.getMslObject(KEY_ISSUER_DATA, mslEncoderFactory) : null;
                        String string = this.userdata.getString(KEY_IDENTITY);
                        if (string == null || string.length() == 0) {
                            throw new MslException(MslError.USERIDTOKEN_IDENTITY_INVALID, "userdata " + this.userdata).setMasterToken(masterToken);
                        }
                        this.user = mslContext.getTokenFactory().createUser(mslContext, string);
                        if (this.user == null) {
                            throw new MslInternalException("TokenFactory.createUser() returned null in violation of the interface contract.");
                        }
                    } catch (MslEncoderException e) {
                        throw new MslEncodingException(MslError.USERIDTOKEN_USERDATA_PARSE_ERROR, "userdata " + Base64.encode(decrypt), e).setMasterToken(masterToken);
                    }
                } else {
                    this.userdata = null;
                    this.issuerdata = null;
                    this.user = null;
                }
                if (masterToken == null || this.mtSerialNumber != masterToken.getSerialNumber()) {
                    throw new MslException(MslError.USERIDTOKEN_MASTERTOKEN_MISMATCH, "uit mtserialnumber " + this.mtSerialNumber + "; mt " + masterToken).setMasterToken(masterToken);
                }
            } catch (MslCryptoException e2) {
                e2.setMasterToken(masterToken);
                throw e2;
            } catch (MslEncoderException e3) {
                throw new MslEncodingException(MslError.USERIDTOKEN_TOKENDATA_PARSE_ERROR, "usertokendata " + Base64.encode(this.tokendataBytes), e3).setMasterToken(masterToken);
            }
        } catch (MslEncoderException e4) {
            throw new MslEncodingException(MslError.MSL_PARSE_ERROR, "useridtoken " + mslObject, e4).setMasterToken(masterToken);
        }
    }

    public boolean isDecrypted() {
        return this.user != null;
    }

    public boolean isVerified() {
        return this.verified;
    }

    public Date getRenewalWindow() {
        return new Date(this.renewalWindow * 1000);
    }

    public boolean isRenewable(Date date) {
        return date != null ? this.renewalWindow * 1000 <= date.getTime() : !isVerified() || this.renewalWindow * 1000 <= this.ctx.getTime();
    }

    public Date getExpiration() {
        return new Date(this.expiration * 1000);
    }

    public boolean isExpired(Date date) {
        return date != null ? this.expiration * 1000 <= date.getTime() : isVerified() && this.expiration * 1000 <= this.ctx.getTime();
    }

    public MslObject getIssuerData() {
        return this.issuerdata;
    }

    public MslUser getUser() {
        return this.user;
    }

    public long getSerialNumber() {
        return this.serialNumber;
    }

    public long getMasterTokenSerialNumber() {
        return this.mtSerialNumber;
    }

    public boolean isBoundTo(MasterToken masterToken) {
        return masterToken != null && masterToken.getSerialNumber() == this.mtSerialNumber;
    }

    @Override // com.netflix.msl.io.MslEncodable
    public byte[] toMslEncoding(MslEncoderFactory mslEncoderFactory, MslEncoderFormat mslEncoderFormat) throws MslEncoderException {
        byte[] bArr;
        byte[] bArr2;
        if (this.encodings.containsKey(mslEncoderFormat)) {
            return this.encodings.get(mslEncoderFormat);
        }
        if (this.tokendataBytes == null && this.signatureBytes == null) {
            try {
                ICryptoContext mslCryptoContext = this.ctx.getMslCryptoContext();
                try {
                    byte[] encrypt = mslCryptoContext.encrypt(mslEncoderFactory.encodeObject(this.userdata, mslEncoderFormat), mslEncoderFactory, mslEncoderFormat);
                    MslObject createObject = mslEncoderFactory.createObject();
                    createObject.put(KEY_RENEWAL_WINDOW, Long.valueOf(this.renewalWindow));
                    createObject.put(KEY_EXPIRATION, Long.valueOf(this.expiration));
                    createObject.put(KEY_MASTER_TOKEN_SERIAL_NUMBER, Long.valueOf(this.mtSerialNumber));
                    createObject.put(KEY_SERIAL_NUMBER, Long.valueOf(this.serialNumber));
                    createObject.put(KEY_USERDATA, encrypt);
                    bArr = mslEncoderFactory.encodeObject(createObject, mslEncoderFormat);
                    try {
                        bArr2 = mslCryptoContext.sign(bArr, mslEncoderFactory, mslEncoderFormat);
                    } catch (MslCryptoException e) {
                        throw new MslEncoderException("Error signing the token data.", e);
                    }
                } catch (MslCryptoException e2) {
                    throw new MslEncoderException("Error encrypting the user data.", e2);
                }
            } catch (MslCryptoException e3) {
                throw new MslEncoderException("Error creating the MSL crypto context.", e3);
            }
        } else {
            bArr = this.tokendataBytes;
            bArr2 = this.signatureBytes;
        }
        MslObject createObject2 = mslEncoderFactory.createObject();
        createObject2.put(KEY_TOKENDATA, bArr);
        createObject2.put("signature", bArr2);
        byte[] encodeObject = mslEncoderFactory.encodeObject(createObject2, mslEncoderFormat);
        this.encodings.put(mslEncoderFormat, encodeObject);
        return encodeObject;
    }

    public String toString() {
        MslEncoderFactory mslEncoderFactory = this.ctx.getMslEncoderFactory();
        MslObject createObject = mslEncoderFactory.createObject();
        createObject.put(KEY_RENEWAL_WINDOW, Long.valueOf(this.renewalWindow));
        createObject.put(KEY_EXPIRATION, Long.valueOf(this.expiration));
        createObject.put(KEY_MASTER_TOKEN_SERIAL_NUMBER, Long.valueOf(this.mtSerialNumber));
        createObject.put(KEY_SERIAL_NUMBER, Long.valueOf(this.serialNumber));
        createObject.put(KEY_USERDATA, "(redacted)");
        MslObject createObject2 = mslEncoderFactory.createObject();
        createObject2.put(KEY_TOKENDATA, createObject);
        createObject2.put("signature", this.signatureBytes != null ? this.signatureBytes : "(null)");
        return createObject2.toString();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof UserIdToken)) {
            return false;
        }
        UserIdToken userIdToken = (UserIdToken) obj;
        return this.serialNumber == userIdToken.serialNumber && this.mtSerialNumber == userIdToken.mtSerialNumber;
    }

    public int hashCode() {
        return (String.valueOf(this.serialNumber) + ":" + String.valueOf(this.mtSerialNumber)).hashCode();
    }
}
