package com.netflix.msl.tokens;

import com.netflix.android.org.json.JSONException;
import com.netflix.android.org.json.JSONObject;
import com.netflix.android.org.json.JSONString;
import com.netflix.msl.MslConstants;
import com.netflix.msl.MslCryptoException;
import com.netflix.msl.MslEncodingException;
import com.netflix.msl.MslError;
import com.netflix.msl.MslException;
import com.netflix.msl.MslInternalException;
import com.netflix.msl.crypto.ICryptoContext;
import com.netflix.msl.crypto.JcaAlgorithm;
import com.netflix.msl.util.Base64;
import com.netflix.msl.util.MslContext;
import java.util.Date;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class MasterToken implements JSONString {
    private static final String KEY_ENCRYPTION_ALGORITHM = "encryptionalgorithm";
    private static final String KEY_ENCRYPTION_KEY = "encryptionkey";
    private static final String KEY_EXPIRATION = "expiration";
    private static final String KEY_HMAC_KEY = "hmackey";
    private static final String KEY_IDENTITY = "identity";
    private static final String KEY_ISSUER_DATA = "issuerdata";
    private static final String KEY_RENEWAL_WINDOW = "renewalwindow";
    private static final String KEY_SEQUENCE_NUMBER = "sequencenumber";
    private static final String KEY_SERIAL_NUMBER = "serialnumber";
    private static final String KEY_SESSIONDATA = "sessiondata";
    private static final String KEY_SIGNATURE = "signature";
    private static final String KEY_SIGNATURE_ALGORITHM = "signaturealgorithm";
    private static final String KEY_SIGNATURE_KEY = "signaturekey";
    private static final String KEY_TOKENDATA = "tokendata";
    private static final long MILLISECONDS_PER_SECOND = 1000;
    private final MslContext ctx;
    private final SecretKey encryptionKey;
    private final long expiration;
    private final String identity;
    private final JSONObject issuerData;
    private final long renewalWindow;
    private final long sequenceNumber;
    private final long serialNumber;
    private final byte[] sessiondata;
    private final byte[] signature;
    private final SecretKey signatureKey;
    private final byte[] tokendata;
    private final boolean verified;

    public MasterToken(MslContext mslContext, JSONObject jSONObject) {
        this.ctx = mslContext;
        ICryptoContext mslCryptoContext = mslContext.getMslCryptoContext();
        try {
            try {
                this.tokendata = Base64.decode(jSONObject.getString(KEY_TOKENDATA));
                if (this.tokendata == null || this.tokendata.length == 0) {
                    throw new MslEncodingException(MslError.MASTERTOKEN_TOKENDATA_MISSING, "mastertoken " + jSONObject.toString());
                }
                try {
                    this.signature = Base64.decode(jSONObject.getString("signature"));
                    this.verified = mslCryptoContext.verify(this.tokendata, this.signature);
                    String str = new String(this.tokendata, MslConstants.DEFAULT_CHARSET);
                    try {
                        JSONObject jSONObject2 = new JSONObject(str);
                        this.renewalWindow = jSONObject2.getLong(KEY_RENEWAL_WINDOW);
                        this.expiration = jSONObject2.getLong("expiration");
                        if (this.expiration < this.renewalWindow) {
                            throw new MslException(MslError.MASTERTOKEN_EXPIRES_BEFORE_RENEWAL, "mastertokendata " + str);
                        }
                        this.sequenceNumber = jSONObject2.getLong(KEY_SEQUENCE_NUMBER);
                        if (this.sequenceNumber < 0 || this.sequenceNumber > MslConstants.MAX_LONG_VALUE) {
                            throw new MslException(MslError.MASTERTOKEN_SEQUENCE_NUMBER_OUT_OF_RANGE, "mastertokendata " + str);
                        }
                        this.serialNumber = jSONObject2.getLong(KEY_SERIAL_NUMBER);
                        if (this.serialNumber < 0 || this.serialNumber > MslConstants.MAX_LONG_VALUE) {
                            throw new MslException(MslError.MASTERTOKEN_SERIAL_NUMBER_OUT_OF_RANGE, "mastertokendata " + str);
                        }
                        try {
                            byte[] decode = Base64.decode(jSONObject2.getString(KEY_SESSIONDATA));
                            if (decode == null || decode.length == 0) {
                                throw new MslEncodingException(MslError.MASTERTOKEN_SESSIONDATA_MISSING, jSONObject2.getString(KEY_SESSIONDATA));
                            }
                            this.sessiondata = this.verified ? mslCryptoContext.decrypt(decode) : null;
                            if (this.sessiondata == null) {
                                this.issuerData = null;
                                this.identity = null;
                                this.encryptionKey = null;
                                this.signatureKey = null;
                                return;
                            }
                            String str2 = new String(this.sessiondata, MslConstants.DEFAULT_CHARSET);
                            try {
                                JSONObject jSONObject3 = new JSONObject(str2);
                                this.issuerData = jSONObject3.has(KEY_ISSUER_DATA) ? jSONObject3.getJSONObject(KEY_ISSUER_DATA) : null;
                                this.identity = jSONObject3.getString("identity");
                                String string = jSONObject3.getString(KEY_ENCRYPTION_KEY);
                                String optString = jSONObject3.optString(KEY_ENCRYPTION_ALGORITHM, "AES");
                                String string2 = jSONObject3.has(KEY_SIGNATURE_KEY) ? jSONObject3.getString(KEY_SIGNATURE_KEY) : jSONObject3.getString(KEY_HMAC_KEY);
                                String optString2 = jSONObject3.optString(KEY_SIGNATURE_ALGORITHM, JcaAlgorithm.HMAC_SHA256);
                                try {
                                    String encryptionAlgo = MslConstants.EncryptionAlgo.fromString(optString).toString();
                                    String signatureAlgo = MslConstants.SignatureAlgo.fromString(optString2).toString();
                                    try {
                                        this.encryptionKey = new SecretKeySpec(Base64.decode(string), encryptionAlgo);
                                        this.signatureKey = new SecretKeySpec(Base64.decode(string2), signatureAlgo);
                                    } catch (IllegalArgumentException e) {
                                        throw new MslCryptoException(MslError.MASTERTOKEN_KEY_CREATION_ERROR, e);
                                    }
                                } catch (IllegalArgumentException e2) {
                                    throw new MslCryptoException(MslError.UNIDENTIFIED_ALGORITHM, "encryption algorithm: " + optString + "; signature algorithm" + optString2, e2);
                                }
                            } catch (JSONException e3) {
                                throw new MslEncodingException(MslError.MASTERTOKEN_SESSIONDATA_PARSE_ERROR, "sessiondata " + str2, e3);
                            }
                        } catch (IllegalArgumentException e4) {
                            throw new MslEncodingException(MslError.MASTERTOKEN_SESSIONDATA_INVALID, jSONObject2.getString(KEY_SESSIONDATA));
                        }
                    } catch (JSONException e5) {
                        throw new MslEncodingException(MslError.MASTERTOKEN_TOKENDATA_PARSE_ERROR, "mastertokendata " + str, e5);
                    }
                } catch (IllegalArgumentException e6) {
                    throw new MslEncodingException(MslError.MASTERTOKEN_SIGNATURE_INVALID, "mastertoken " + jSONObject.toString(), e6);
                }
            } catch (IllegalArgumentException e7) {
                throw new MslEncodingException(MslError.MASTERTOKEN_TOKENDATA_INVALID, "mastertoken " + jSONObject.toString(), e7);
            }
        } catch (JSONException e8) {
            throw new MslEncodingException(MslError.JSON_PARSE_ERROR, "mastertoken " + jSONObject.toString(), e8);
        }
    }

    public MasterToken(MslContext mslContext, Date date, Date date2, long j, long j2, JSONObject jSONObject, String str, SecretKey secretKey, SecretKey secretKey2) {
        if (date2.before(date)) {
            throw new MslInternalException("Cannot construct a master token that expires before its renewal window opens.");
        }
        if (j < 0 || j > MslConstants.MAX_LONG_VALUE) {
            throw new MslInternalException("Sequence number " + j + " is outside the valid range.");
        }
        if (j2 < 0 || j2 > MslConstants.MAX_LONG_VALUE) {
            throw new MslInternalException("Serial number " + j2 + " is outside the valid range.");
        }
        this.ctx = mslContext;
        this.renewalWindow = date.getTime() / 1000;
        this.expiration = date2.getTime() / 1000;
        this.sequenceNumber = j;
        this.serialNumber = j2;
        this.issuerData = jSONObject;
        this.identity = str;
        this.encryptionKey = secretKey;
        this.signatureKey = secretKey2;
        JSONObject jSONObject2 = new JSONObject();
        try {
            String encode = Base64.encode(this.encryptionKey.getEncoded());
            MslConstants.EncryptionAlgo fromString = MslConstants.EncryptionAlgo.fromString(this.encryptionKey.getAlgorithm());
            String encode2 = Base64.encode(this.signatureKey.getEncoded());
            MslConstants.SignatureAlgo fromString2 = MslConstants.SignatureAlgo.fromString(this.signatureKey.getAlgorithm());
            if (this.issuerData != null) {
                jSONObject2.put(KEY_ISSUER_DATA, this.issuerData);
            }
            jSONObject2.put("identity", this.identity);
            jSONObject2.put(KEY_ENCRYPTION_KEY, encode);
            jSONObject2.put(KEY_ENCRYPTION_ALGORITHM, fromString);
            jSONObject2.put(KEY_HMAC_KEY, encode2);
            jSONObject2.put(KEY_SIGNATURE_KEY, encode2);
            jSONObject2.put(KEY_SIGNATURE_ALGORITHM, fromString2);
            this.sessiondata = jSONObject2.toString().getBytes(MslConstants.DEFAULT_CHARSET);
            ICryptoContext mslCryptoContext = mslContext.getMslCryptoContext();
            byte[] encrypt = mslCryptoContext.encrypt(this.sessiondata);
            try {
                JSONObject jSONObject3 = new JSONObject();
                jSONObject3.put(KEY_RENEWAL_WINDOW, this.renewalWindow);
                jSONObject3.put("expiration", this.expiration);
                jSONObject3.put(KEY_SEQUENCE_NUMBER, this.sequenceNumber);
                jSONObject3.put(KEY_SERIAL_NUMBER, this.serialNumber);
                jSONObject3.put(KEY_SESSIONDATA, Base64.encode(encrypt));
                this.tokendata = jSONObject3.toString().getBytes(MslConstants.DEFAULT_CHARSET);
                this.signature = mslCryptoContext.sign(this.tokendata);
                this.verified = true;
            } catch (JSONException e) {
                throw new MslEncodingException(MslError.JSON_ENCODE_ERROR, "mastertokendata", e);
            }
        } catch (JSONException e2) {
            throw new MslEncodingException(MslError.JSON_ENCODE_ERROR, KEY_SESSIONDATA, e2);
        } catch (IllegalArgumentException e3) {
            throw new MslCryptoException(MslError.UNIDENTIFIED_ALGORITHM, "encryption algorithm: " + this.encryptionKey.getAlgorithm() + "; signature algorithm: " + this.signatureKey.getAlgorithm(), e3);
        }
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof MasterToken)) {
            return false;
        }
        MasterToken masterToken = (MasterToken) obj;
        return this.serialNumber == masterToken.serialNumber && this.sequenceNumber == masterToken.sequenceNumber && this.expiration == masterToken.expiration;
    }

    public SecretKey getEncryptionKey() {
        return this.encryptionKey;
    }

    public Date getExpiration() {
        return new Date(this.expiration * 1000);
    }

    public String getIdentity() {
        return this.identity;
    }

    public JSONObject getIssuerData() {
        return this.issuerData;
    }

    public Date getRenewalWindow() {
        return new Date(this.renewalWindow * 1000);
    }

    public long getSequenceNumber() {
        return this.sequenceNumber;
    }

    public long getSerialNumber() {
        return this.serialNumber;
    }

    public SecretKey getSignatureKey() {
        return this.signatureKey;
    }

    public int hashCode() {
        return (String.valueOf(this.serialNumber) + ":" + String.valueOf(this.sequenceNumber) + ":" + String.valueOf(this.expiration)).hashCode();
    }

    public boolean isDecrypted() {
        return this.sessiondata != null;
    }

    public boolean isExpired(Date date) {
        return date != null ? this.expiration * 1000 <= date.getTime() : isVerified() && this.expiration * 1000 <= this.ctx.getTime();
    }

    public boolean isNewerThan(MasterToken masterToken) {
        if (this.sequenceNumber == masterToken.sequenceNumber) {
            return this.expiration > masterToken.expiration;
        }
        if (this.sequenceNumber > masterToken.sequenceNumber) {
            return masterToken.sequenceNumber >= (this.sequenceNumber - MslConstants.MAX_LONG_VALUE) + 127;
        }
        return this.sequenceNumber < (masterToken.sequenceNumber - MslConstants.MAX_LONG_VALUE) + 127;
    }

    public boolean isRenewable(Date date) {
        return date != null ? this.renewalWindow * 1000 <= date.getTime() : !isVerified() || this.renewalWindow * 1000 <= this.ctx.getTime();
    }

    public boolean isVerified() {
        return this.verified;
    }

    @Override // com.netflix.android.org.json.JSONString
    public String toJSONString() {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(KEY_TOKENDATA, Base64.encode(this.tokendata));
            jSONObject.put("signature", Base64.encode(this.signature));
            return jSONObject.toString();
        } catch (JSONException e) {
            throw new MslInternalException("Error encoding " + getClass().getName() + " JSON.", e);
        }
    }

    public String toString() {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(KEY_RENEWAL_WINDOW, this.renewalWindow);
            jSONObject.put("expiration", this.expiration);
            jSONObject.put(KEY_SEQUENCE_NUMBER, this.sequenceNumber);
            jSONObject.put(KEY_SERIAL_NUMBER, this.serialNumber);
            jSONObject.put(KEY_SESSIONDATA, "(redacted)");
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put(KEY_TOKENDATA, jSONObject);
            jSONObject2.put("signature", Base64.encode(this.signature));
            return jSONObject2.toString();
        } catch (JSONException e) {
            throw new MslInternalException("Error encoding " + getClass().getName() + " JSON.", e);
        }
    }
}
