package com.uid2.shared.attest;

import com.uid2.shared.optout.OptOutConst;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.time.Instant;
import java.util.Base64;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/uid2/shared/attest/AttestationToken.class */
public class AttestationToken {
    private static final Logger LOGGER = LoggerFactory.getLogger(AttestationToken.class);
    private final String userToken;
    private final long expiresAt;
    private final long nonce;
    private final boolean isValid;
    private static final int GCM_AUTHTAG_LENGTH_BYTE = 16;
    private static final int GCM_IV_LENGTH = 12;

    public AttestationToken(String str, Instant instant) {
        this(str, instant.getEpochSecond(), generateNonce(), true);
    }

    private AttestationToken(String str, long j, long j2, boolean z) {
        this.userToken = str;
        this.expiresAt = j;
        this.nonce = j2;
        this.isValid = z;
    }

    public static AttestationToken fromPlaintext(String str) {
        try {
            String[] split = str.split(",");
            return new AttestationToken(split[0], Long.parseLong(split[1]), Long.parseLong(split[2]), true);
        } catch (Exception e) {
            LOGGER.info("failed to decode attestation token: {}", e.getMessage());
            return Failed();
        }
    }

    public static AttestationToken fromEncrypted(String str, String str2, String str3) {
        try {
            String[] split = str.split("-");
            if (split.length != 3) {
                throw new Exception("invalid attestation token format");
            }
            if (split[2].equals("g")) {
                return fromPlaintext(decrypt(Base64.getDecoder().decode(split[0]), Base64.getDecoder().decode(split[1]), str2, str3));
            }
            throw new Exception("invalid attestation token: invalid encryption algorithm");
        } catch (Exception e) {
            LOGGER.debug("failed to decrypt attestation token: {}", e.getMessage());
            return Failed();
        }
    }

    private static String decrypt(byte[] bArr, byte[] bArr2, String str, String str2) throws Exception {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, getKeyFromPassword(str, str2), new GCMParameterSpec(128, bArr2));
        return new String(cipher.doFinal(bArr));
    }

    public String encode(String str, String str2) {
        try {
            GCMParameterSpec generateGcmParam = generateGcmParam();
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, getKeyFromPassword(str, str2), generateGcmParam);
            return String.format("%s-%s-g", Base64.getEncoder().encodeToString(cipher.doFinal(getPlaintext().getBytes())), Base64.getEncoder().encodeToString(generateGcmParam.getIV()));
        } catch (Exception e) {
            LOGGER.warn("error while encrypting with AES algorithm: " + e.getMessage());
            return null;
        }
    }

    public boolean validate(String str) {
        return this.isValid && this.userToken.equals(str) && this.expiresAt > Instant.now().getEpochSecond();
    }

    public Instant getExpiresAt() {
        return Instant.ofEpochSecond(this.expiresAt);
    }

    private static SecretKey getKeyFromPassword(String str, String str2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(new PBEKeySpec(str.toCharArray(), str2.getBytes(), 65536, OptOutConst.Sha256Bits)).getEncoded(), "AES");
    }

    private static long generateNonce() {
        return new Random().nextLong();
    }

    private static IvParameterSpec generateIv() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return new IvParameterSpec(bArr);
    }

    private static GCMParameterSpec generateGcmParam() {
        byte[] bArr = new byte[12];
        new SecureRandom().nextBytes(bArr);
        return new GCMParameterSpec(128, bArr);
    }

    private String getPlaintext() {
        return String.format("%s,%d,%d", this.userToken, Long.valueOf(this.expiresAt), Long.valueOf(this.nonce));
    }

    private static AttestationToken Failed() {
        return new AttestationToken("invalid", 0L, 0L, false);
    }

    public String toString() {
        String str = this.userToken;
        long j = this.expiresAt;
        long j2 = this.nonce;
        return "AttestationToken{userToken=" + str + ", expiresAt=" + j + ", nonce=" + str + "}";
    }
}
