package com.turo.pushy.apns.auth;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.annotations.SerializedName;
import com.turo.pushy.apns.util.DateAsTimeSinceEpochTypeAdapter;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.handler.codec.base64.Base64;
import io.netty.handler.codec.base64.Base64Dialect;
import io.netty.util.AsciiString;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Date;
import java.util.Objects;
import java.util.concurrent.TimeUnit;

/* loaded from: input_file:com/turo/pushy/apns/auth/AuthenticationToken.class */
public class AuthenticationToken {
    private static final Gson GSON = new GsonBuilder().disableHtmlEscaping().registerTypeAdapter(Date.class, new DateAsTimeSinceEpochTypeAdapter(TimeUnit.SECONDS)).create();
    private final AuthenticationTokenHeader header;
    private final AuthenticationTokenClaims claims;
    private final byte[] signatureBytes;
    private final transient String base64EncodedToken;
    private final transient AsciiString authorizationHeader;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/turo/pushy/apns/auth/AuthenticationToken$AuthenticationTokenClaims.class */
    public static class AuthenticationTokenClaims {

        @SerializedName("iss")
        private final String issuer;

        @SerializedName("iat")
        private final Date issuedAt;

        AuthenticationTokenClaims(String str, Date date) {
            this.issuer = str;
            this.issuedAt = date;
        }

        String getIssuer() {
            return this.issuer;
        }

        Date getIssuedAt() {
            return this.issuedAt;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/turo/pushy/apns/auth/AuthenticationToken$AuthenticationTokenHeader.class */
    public static class AuthenticationTokenHeader {

        @SerializedName("alg")
        private final String algorithm = "ES256";

        @SerializedName("typ")
        private final String tokenType = "JWT";

        @SerializedName("kid")
        private final String keyId;

        AuthenticationTokenHeader(String str) {
            this.keyId = str;
        }

        String getKeyId() {
            return this.keyId;
        }
    }

    public AuthenticationToken(ApnsSigningKey apnsSigningKey, Date date) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        this.header = new AuthenticationTokenHeader(apnsSigningKey.getKeyId());
        this.claims = new AuthenticationTokenClaims(apnsSigningKey.getTeamId(), date);
        String json = GSON.toJson(this.header);
        String json2 = GSON.toJson(this.claims);
        StringBuilder sb = new StringBuilder();
        sb.append(encodeUnpaddedBase64UrlString(json.getBytes(StandardCharsets.US_ASCII)));
        sb.append('.');
        sb.append(encodeUnpaddedBase64UrlString(json2.getBytes(StandardCharsets.US_ASCII)));
        Signature signature = Signature.getInstance(ApnsKey.APNS_SIGNATURE_ALGORITHM);
        signature.initSign(apnsSigningKey);
        signature.update(sb.toString().getBytes(StandardCharsets.US_ASCII));
        this.signatureBytes = signature.sign();
        sb.append('.');
        sb.append(encodeUnpaddedBase64UrlString(this.signatureBytes));
        this.base64EncodedToken = sb.toString();
        this.authorizationHeader = new AsciiString("bearer " + sb.toString());
    }

    public AuthenticationToken(String str) {
        Objects.requireNonNull(str, "Encoded token must not be null.");
        this.base64EncodedToken = str;
        this.authorizationHeader = new AsciiString("bearer " + str);
        String[] split = str.split("\\.");
        if (split.length != 3) {
            throw new IllegalArgumentException();
        }
        this.header = (AuthenticationTokenHeader) GSON.fromJson(new String(decodeBase64UrlEncodedString(split[0]), StandardCharsets.US_ASCII), AuthenticationTokenHeader.class);
        this.claims = (AuthenticationTokenClaims) GSON.fromJson(new String(decodeBase64UrlEncodedString(split[1]), StandardCharsets.US_ASCII), AuthenticationTokenClaims.class);
        this.signatureBytes = decodeBase64UrlEncodedString(split[2]);
    }

    public Date getIssuedAt() {
        return this.claims.getIssuedAt();
    }

    public String getKeyId() {
        return this.header.getKeyId();
    }

    public String getTeamId() {
        return this.claims.getIssuer();
    }

    public boolean verifySignature(ApnsVerificationKey apnsVerificationKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        if (!this.header.getKeyId().equals(apnsVerificationKey.getKeyId()) || !this.claims.getIssuer().equals(apnsVerificationKey.getTeamId())) {
            return false;
        }
        byte[] bytes = (encodeUnpaddedBase64UrlString(GSON.toJson(this.header).getBytes(StandardCharsets.US_ASCII)) + '.' + encodeUnpaddedBase64UrlString(GSON.toJson(this.claims).getBytes(StandardCharsets.US_ASCII))).getBytes(StandardCharsets.US_ASCII);
        Signature signature = Signature.getInstance(ApnsKey.APNS_SIGNATURE_ALGORITHM);
        signature.initVerify(apnsVerificationKey);
        signature.update(bytes);
        return signature.verify(this.signatureBytes);
    }

    public AsciiString getAuthorizationHeader() {
        return this.authorizationHeader;
    }

    public String toString() {
        return this.base64EncodedToken;
    }

    public int hashCode() {
        return this.base64EncodedToken.hashCode();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || !(obj instanceof AuthenticationToken)) {
            return false;
        }
        AuthenticationToken authenticationToken = (AuthenticationToken) obj;
        return this.base64EncodedToken == null ? authenticationToken.base64EncodedToken == null : this.base64EncodedToken.equals(authenticationToken.base64EncodedToken);
    }

    static String encodeUnpaddedBase64UrlString(byte[] bArr) {
        ByteBuf wrappedBuffer = Unpooled.wrappedBuffer(bArr);
        ByteBuf encode = Base64.encode(wrappedBuffer, Base64Dialect.URL_SAFE);
        String replace = encode.toString(StandardCharsets.US_ASCII).replace("=", "");
        wrappedBuffer.release();
        encode.release();
        return replace;
    }

    static byte[] decodeBase64UrlEncodedString(String str) {
        String str2;
        switch (str.length() % 4) {
            case 2:
                str2 = str + "==";
                break;
            case 3:
                str2 = str + "=";
                break;
            default:
                str2 = str;
                break;
        }
        ByteBuf wrappedBuffer = Unpooled.wrappedBuffer(str2.getBytes(StandardCharsets.US_ASCII));
        ByteBuf decode = Base64.decode(wrappedBuffer, Base64Dialect.URL_SAFE);
        byte[] bArr = new byte[decode.readableBytes()];
        decode.readBytes(bArr);
        wrappedBuffer.release();
        decode.release();
        return bArr;
    }
}
