package nl.martijndwars.webpush;

import com.google.common.io.BaseEncoding;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.ECPrivateKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
import nl.martijndwars.webpush.Encrypted;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.impl.nio.client.CloseableHttpAsyncClient;
import org.apache.http.impl.nio.client.HttpAsyncClients;
import org.apache.http.message.BasicHeader;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:nl/martijndwars/webpush/PushService.class */
public class PushService {
    private static final SecureRandom SECURE_RANDOM;
    private String gcmApiKey;
    private String subject;
    private PublicKey publicKey;
    private PrivateKey privateKey;
    static final /* synthetic */ boolean $assertionsDisabled;

    public PushService() {
    }

    public PushService(String str) {
        this.gcmApiKey = str;
    }

    public PushService(KeyPair keyPair, String str) {
        this.publicKey = keyPair.getPublic();
        this.privateKey = keyPair.getPrivate();
        this.subject = str;
    }

    public PushService(String str, String str2, String str3) throws GeneralSecurityException {
        this.publicKey = Utils.loadPublicKey(str);
        this.privateKey = Utils.loadPrivateKey(str2);
        this.subject = str3;
    }

    public static Encrypted encrypt(byte[] bArr, PublicKey publicKey, byte[] bArr2, int i) throws GeneralSecurityException, IOException {
        AlgorithmParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(Utils.CURVE);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(Utils.ALGORITHM, "BC");
        keyPairGenerator.initialize(parameterSpec);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        HashMap hashMap = new HashMap();
        hashMap.put("server-key-id", generateKeyPair);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("server-key-id", "P-256");
        byte[] bArr3 = new byte[16];
        SECURE_RANDOM.nextBytes(bArr3);
        return new Encrypted.Builder().withSalt(bArr3).withPublicKey(generateKeyPair.getPublic()).withCiphertext(new HttpEce(hashMap, hashMap2).encrypt(bArr, bArr3, null, "server-key-id", publicKey, bArr2, i)).build();
    }

    public HttpResponse send(Notification notification) throws GeneralSecurityException, IOException, JoseException, ExecutionException, InterruptedException {
        return sendAsync(notification).get();
    }

    public Future<HttpResponse> sendAsync(Notification notification) throws GeneralSecurityException, IOException, JoseException {
        HttpPost preparePost = preparePost(notification);
        CloseableHttpAsyncClient createSystem = HttpAsyncClients.createSystem();
        createSystem.start();
        return createSystem.execute(preparePost, new ClosableCallback(createSystem));
    }

    public HttpPost preparePost(Notification notification) throws GeneralSecurityException, IOException, JoseException {
        if (!$assertionsDisabled && !verifyKeyPair()) {
            throw new AssertionError();
        }
        BaseEncoding base64Url = BaseEncoding.base64Url();
        Encrypted encrypt = encrypt(notification.getPayload(), notification.getUserPublicKey(), notification.getUserAuth(), notification.getPadSize());
        byte[] savePublicKey = Utils.savePublicKey(encrypt.getPublicKey());
        byte[] salt = encrypt.getSalt();
        HttpPost httpPost = new HttpPost(notification.getEndpoint());
        httpPost.addHeader("TTL", String.valueOf(notification.getTTL()));
        HashMap hashMap = new HashMap();
        if (notification.hasPayload()) {
            hashMap.put("Content-Type", "application/octet-stream");
            hashMap.put("Content-Encoding", "aesgcm");
            hashMap.put("Encryption", "salt=" + base64Url.omitPadding().encode(salt));
            hashMap.put("Crypto-Key", "dh=" + base64Url.encode(savePublicKey));
            httpPost.setEntity(new ByteArrayEntity(encrypt.getCiphertext()));
        }
        if (notification.isGcm()) {
            if (this.gcmApiKey == null) {
                throw new IllegalStateException("An GCM API key is needed to send a push notification to a GCM endpoint.");
            }
            hashMap.put("Authorization", "key=" + this.gcmApiKey);
        }
        if (vapidEnabled() && !notification.isGcm()) {
            JwtClaims jwtClaims = new JwtClaims();
            jwtClaims.setAudience(notification.getOrigin());
            jwtClaims.setExpirationTimeMinutesInTheFuture(720.0f);
            jwtClaims.setSubject(this.subject);
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setHeader("typ", "JWT");
            jsonWebSignature.setHeader("alg", "ES256");
            jsonWebSignature.setPayload(jwtClaims.toJson());
            jsonWebSignature.setKey(this.privateKey);
            jsonWebSignature.setAlgorithmHeaderValue("ES256");
            hashMap.put("Authorization", "WebPush " + jsonWebSignature.getCompactSerialization());
            byte[] savePublicKey2 = Utils.savePublicKey(this.publicKey);
            if (hashMap.containsKey("Crypto-Key")) {
                hashMap.put("Crypto-Key", ((String) hashMap.get("Crypto-Key")) + ";p256ecdsa=" + base64Url.omitPadding().encode(savePublicKey2));
            } else {
                hashMap.put("Crypto-Key", "p256ecdsa=" + base64Url.encode(savePublicKey2));
            }
        }
        for (Map.Entry entry : hashMap.entrySet()) {
            httpPost.addHeader(new BasicHeader((String) entry.getKey(), (String) entry.getValue()));
        }
        return httpPost;
    }

    private boolean verifyKeyPair() {
        return ECNamedCurveTable.getParameterSpec(Utils.CURVE).getG().multiply(((ECPrivateKey) this.privateKey).getS()).equals(this.publicKey.getQ());
    }

    public PushService setGcmApiKey(String str) {
        this.gcmApiKey = str;
        return this;
    }

    public PushService setSubject(String str) {
        this.subject = str;
        return this;
    }

    public PushService setKeyPair(KeyPair keyPair) {
        setPublicKey(keyPair.getPublic());
        setPrivateKey(keyPair.getPrivate());
        return this;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public PushService setPublicKey(String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException {
        setPublicKey(Utils.loadPublicKey(str));
        return this;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public KeyPair getKeyPair() {
        return new KeyPair(this.publicKey, this.privateKey);
    }

    public PushService setPublicKey(PublicKey publicKey) {
        this.publicKey = publicKey;
        return this;
    }

    public PushService setPrivateKey(String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException {
        setPrivateKey(Utils.loadPrivateKey(str));
        return this;
    }

    public PushService setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
        return this;
    }

    protected boolean vapidEnabled() {
        return (this.publicKey == null || this.privateKey == null) ? false : true;
    }

    static {
        $assertionsDisabled = !PushService.class.desiredAssertionStatus();
        SECURE_RANDOM = new SecureRandom();
    }
}
