package org.tokenscript.auth;

import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.time.Clock;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;
import org.tokenscript.attestation.core.ExceptionUtil;
import org.tokenscript.attestation.core.URLUtility;
import org.tokenscript.eip712.Eip712Common;

/* loaded from: input_file:org/tokenscript/auth/UnpredictableNumberTool.class */
public class UnpredictableNumberTool {
    public static final int BYTES_IN_SEED = 32;
    public static final long DEFAULT_VALIDITY_IN_MS = 3600000;
    public static final int BYTES_IN_UN = 8;
    private final SecureRandom random;
    private final String domain;
    private final long validityInMs;
    private final HMac hmac;
    private static final Logger logger = LogManager.getLogger((Class<?>) UnpredictableNumberTool.class);
    private static final ByteBuffer longBuffer = ByteBuffer.allocate(8);

    public UnpredictableNumberTool(byte[] bArr, String str) {
        this(new SecureRandom(), bArr, str);
    }

    public UnpredictableNumberTool(SecureRandom secureRandom, byte[] bArr, String str) {
        this(secureRandom, bArr, str, DEFAULT_VALIDITY_IN_MS);
    }

    public UnpredictableNumberTool(SecureRandom secureRandom, byte[] bArr, String str, long j) {
        this.hmac = new HMac(new SHA3Digest(256));
        this.random = secureRandom;
        this.domain = str.toLowerCase();
        this.validityInMs = j;
        this.hmac.init(new KeyParameter(bArr));
        if (!Eip712Common.isDomainValid(str)) {
            throw ((IllegalArgumentException) ExceptionUtil.throwException(logger, new IllegalArgumentException("Domain is not a valid domain")));
        }
    }

    public String getDomain() {
        return this.domain;
    }

    public UnpredictableNumberBundle getUnpredictableNumberBundle() {
        long millis = Clock.systemUTC().millis() + this.validityInMs;
        byte[] generateSeed = this.random.generateSeed(32);
        return new UnpredictableNumberBundle(getUnpredictableNumber(generateSeed, millis), generateSeed, this.domain, millis);
    }

    private String getUnpredictableNumber(byte[] bArr, long j) {
        this.hmac.reset();
        this.hmac.update(longToBytes(j), 0, 8);
        this.hmac.update(bArr, 0, 32);
        this.hmac.update(this.domain.getBytes(StandardCharsets.UTF_8), 0, this.domain.getBytes(StandardCharsets.UTF_8).length);
        byte[] bArr2 = new byte[32];
        this.hmac.doFinal(bArr2, 0);
        byte[] bArr3 = new byte[8];
        System.arraycopy(bArr2, 0, bArr3, 0, 8);
        return URLUtility.encodeData(bArr3);
    }

    public boolean validateUnpredictableNumber(String str, byte[] bArr, long j) {
        if (Clock.systemUTC().millis() > j) {
            logger.error("Unpredictable number has expired");
            return false;
        }
        if (getUnpredictableNumber(bArr, j).equals(str)) {
            return true;
        }
        logger.error("The unpredictable number is computed incorrectly. Either wrong key or wrong domain");
        return false;
    }

    private static byte[] longToBytes(long j) {
        longBuffer.putLong(0, j);
        return longBuffer.array();
    }
}
