package net.optionfactory.jma;

import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import java.util.function.Supplier;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:net/optionfactory/jma/MessageAuthenticationOps.class */
public class MessageAuthenticationOps {
    private final SecretKeySpec aesKey;
    private final SecretKeySpec hmacKey;
    private final SecureRandom random;
    private final Supplier<Long> clock;
    private final Base64.Encoder b64enc = Base64.getUrlEncoder().withoutPadding();
    private final Base64.Decoder b64dec = Base64.getUrlDecoder();
    private final int ivLength = 16;
    private final int saltLength = 12;

    public MessageAuthenticationOps(SecretKeySpec secretKeySpec, SecretKeySpec secretKeySpec2, SecureRandom secureRandom, Supplier<Long> supplier) {
        this.aesKey = secretKeySpec;
        this.hmacKey = secretKeySpec2;
        this.random = secureRandom;
        this.clock = supplier;
    }

    private byte[] randomBytes(int i) {
        byte[] bArr = new byte[i];
        this.random.nextBytes(bArr);
        return bArr;
    }

    private Mac initHmacSha256() {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(this.hmacKey);
            return mac;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new MessageAuthenticationError(e.getMessage());
        }
    }

    private Cipher initAesCbcPkcs7(byte[] bArr, int i) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(i, this.aesKey, new IvParameterSpec(bArr));
            return cipher;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new MessageAuthenticationError(e.getMessage());
        }
    }

    public String encryptThenAuthenticate(byte[] bArr) {
        byte[] randomBytes = randomBytes(16);
        Long l = this.clock.get();
        try {
            byte[] doFinal = initAesCbcPkcs7(randomBytes, 1).doFinal(bArr);
            Mac initHmacSha256 = initHmacSha256();
            initHmacSha256.update(ByteBuffer.allocate(8).putLong(l.longValue()).array());
            initHmacSha256.update(randomBytes);
            return String.format("%s.%s.%s.%s", this.b64enc.encodeToString(randomBytes), l, this.b64enc.encodeToString(doFinal), this.b64enc.encodeToString(initHmacSha256.doFinal(doFinal)));
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new MessageAuthenticationError(e.getMessage());
        }
    }

    public byte[] authenticateThenDecrypt(String str, long j) {
        String[] split = str.split("\\.");
        MessageAuthenticationError.enforce(split.length == 4, "invalid parts");
        byte[] decode = this.b64dec.decode(split[0]);
        long parseLong = Long.parseLong(split[1]);
        byte[] decode2 = this.b64dec.decode(split[2]);
        byte[] decode3 = this.b64dec.decode(split[3]);
        Long l = this.clock.get();
        MessageAuthenticationError.enforce(decode.length == 16, "invalid iv");
        MessageAuthenticationError.enforce(j == 0 || parseLong + j > l.longValue(), "expired");
        Mac initHmacSha256 = initHmacSha256();
        initHmacSha256.update(ByteBuffer.allocate(8).putLong(parseLong).array());
        initHmacSha256.update(decode);
        MessageAuthenticationError.enforce(Arrays.equals(initHmacSha256.doFinal(decode2), decode3), "tampering");
        try {
            return initAesCbcPkcs7(decode, 2).doFinal(decode2);
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new MessageAuthenticationError(e.getMessage());
        }
    }

    public String authenticate(byte[] bArr) {
        Long l = this.clock.get();
        byte[] randomBytes = randomBytes(12);
        Mac initHmacSha256 = initHmacSha256();
        initHmacSha256.update(ByteBuffer.allocate(8).putLong(l.longValue()).array());
        initHmacSha256.update(randomBytes);
        return String.format("%s.%s.%s.%s", this.b64enc.encodeToString(randomBytes), l, this.b64enc.encodeToString(initHmacSha256.doFinal(bArr)), this.b64enc.encodeToString(bArr));
    }

    public byte[] verifyAndDecode(String str, long j) {
        String[] split = str.split("\\.");
        MessageAuthenticationError.enforce(split.length == 4, "invalid parts");
        byte[] decode = this.b64dec.decode(split[0]);
        long parseLong = Long.parseLong(split[1]);
        byte[] decode2 = this.b64dec.decode(split[2]);
        byte[] decode3 = this.b64dec.decode(split[3]);
        Long l = this.clock.get();
        MessageAuthenticationError.enforce(decode.length == 12, "invalid salt");
        MessageAuthenticationError.enforce(j == 0 || parseLong + j > l.longValue(), "expired");
        Mac initHmacSha256 = initHmacSha256();
        initHmacSha256.update(ByteBuffer.allocate(8).putLong(parseLong).array());
        initHmacSha256.update(decode);
        MessageAuthenticationError.enforce(Arrays.equals(initHmacSha256.doFinal(decode3), decode2), "tampering");
        return decode3;
    }
}
