package com.nimbusds.common.id;

import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.ArrayUtils;

/* loaded from: input_file:com/nimbusds/common/id/IdentifierWithHMAC.class */
public class IdentifierWithHMAC extends BaseIdentifier {
    public static final int DEFAULT_BYTE_LENGTH = 16;

    private static byte[] computeHMAC(byte[] bArr, SecretKey secretKey) {
        if (secretKey.getEncoded().length < 32) {
            throw new IllegalArgumentException("The HMAC key must be at least 256 bits long");
        }
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            try {
                mac.init(new SecretKeySpec(secretKey.getEncoded(), "HmacSHA256"));
                return ArrayUtils.subarray(mac.doFinal(bArr), 0, 16);
            } catch (InvalidKeyException e) {
                throw new RuntimeException(e.getMessage(), e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2.getMessage(), e2);
        }
    }

    private static String generate(SecretKey secretKey) {
        byte[] bArr = new byte[16];
        SECURE_RANDOM.nextBytes(bArr);
        return Base64.encodeBase64URLSafeString(bArr) + "." + Base64.encodeBase64URLSafeString(computeHMAC(bArr, secretKey));
    }

    public IdentifierWithHMAC(byte[] bArr, SecretKey secretKey) {
        super(Base64.encodeBase64URLSafeString(bArr) + "." + Base64.encodeBase64URLSafeString(computeHMAC(bArr, secretKey)));
    }

    public IdentifierWithHMAC(SecretKey secretKey) {
        super(generate(secretKey));
    }

    private IdentifierWithHMAC(String str) {
        super(str);
    }

    @Override // com.nimbusds.common.id.BaseIdentifier
    public boolean equals(Object obj) {
        return (obj instanceof IdentifierWithHMAC) && toString().equals(obj.toString());
    }

    public static IdentifierWithHMAC parseAndValidate(String str, SecretKey secretKey) throws InvalidIdentifierException {
        String[] split = str.split("\\.");
        if (split.length != 2) {
            throw new InvalidIdentifierException("Illegal identifier with HMAC format");
        }
        if (split[0].trim().isEmpty()) {
            throw new InvalidIdentifierException("Missing identifier value");
        }
        if (split[1].trim().isEmpty()) {
            throw new InvalidIdentifierException("Missing HMAC for the identifier value");
        }
        byte[] decodeBase64 = Base64.decodeBase64(split[0]);
        if (MessageDigest.isEqual(computeHMAC(decodeBase64, secretKey), Base64.decodeBase64(split[1]))) {
            return new IdentifierWithHMAC(str);
        }
        throw new InvalidIdentifierException("Invalid HMAC");
    }
}
