package com.schibsted.security.strongbox.sdk.internal.encryption;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.Module;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.datatype.jdk8.Jdk8Module;
import com.google.common.base.MoreObjects;
import com.google.common.base.Objects;
import com.schibsted.security.strongbox.sdk.exceptions.ParseException;
import com.schibsted.security.strongbox.sdk.exceptions.SerializationException;
import com.schibsted.security.strongbox.sdk.internal.InputValidation;
import com.schibsted.security.strongbox.sdk.internal.converter.Encoder;
import com.schibsted.security.strongbox.sdk.internal.converter.FormattedTimestamp;
import com.schibsted.security.strongbox.sdk.internal.json.StrongboxModule;
import com.schibsted.security.strongbox.sdk.types.Comment;
import com.schibsted.security.strongbox.sdk.types.Encoding;
import com.schibsted.security.strongbox.sdk.types.SecretType;
import com.schibsted.security.strongbox.sdk.types.SecretValue;
import com.schibsted.security.strongbox.sdk.types.State;
import com.schibsted.security.strongbox.sdk.types.UserAlias;
import com.schibsted.security.strongbox.sdk.types.UserData;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.time.ZonedDateTime;
import java.util.Arrays;
import java.util.Optional;

/* loaded from: input_file:com/schibsted/security/strongbox/sdk/internal/encryption/EncryptionPayload.class */
public class EncryptionPayload implements BestEffortShred {
    public final SecretValue value;
    public final Optional<UserData> userData;
    public final ZonedDateTime created;
    public final ZonedDateTime modified;
    public final Optional<UserAlias> createdBy;
    public final Optional<UserAlias> modifiedBy;
    public final Optional<Comment> comment;
    private static ObjectMapper objectMapper = new ObjectMapper().registerModules(new Module[]{new Jdk8Module(), new StrongboxModule()});
    private final SecureRandom random;

    @JsonCreator
    public EncryptionPayload(@JsonProperty("value") SecretValue secretValue, @JsonProperty("userdata") Optional<UserData> optional, @JsonProperty("created") ZonedDateTime zonedDateTime, Optional<UserAlias> optional2, @JsonProperty("modified") ZonedDateTime zonedDateTime2, Optional<UserAlias> optional3, @JsonProperty("comment") Optional<Comment> optional4) {
        this.value = secretValue;
        this.userData = optional;
        this.created = zonedDateTime;
        this.modified = zonedDateTime2;
        this.createdBy = optional2;
        this.modifiedBy = optional3;
        this.comment = optional4;
        try {
            this.random = SecureRandom.getInstanceStrong();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Failed to instantiate random number generator", e);
        }
    }

    public static byte[] computeSHA(State state, Optional<ZonedDateTime> optional, Optional<ZonedDateTime> optional2) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(state.asByte());
            messageDigest.update(toByteArray(optional));
            messageDigest.update(toByteArray(optional2));
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new SerializationException("Failed to get SHA for encryption payload", e);
        }
    }

    private static byte[] toByteArray(Optional<ZonedDateTime> optional) {
        ByteBuffer allocate = ByteBuffer.allocate(9);
        if (optional.isPresent()) {
            allocate.put((byte) 1);
            allocate.putLong(FormattedTimestamp.epoch(optional.get()).longValue());
        } else {
            allocate.put((byte) 0);
            allocate.putLong(0L);
        }
        return allocate.array();
    }

    public static boolean verifyDataIntegrity(State state, Optional<ZonedDateTime> optional, Optional<ZonedDateTime> optional2, byte[] bArr) {
        return Arrays.equals(computeSHA(state, optional, optional2), bArr);
    }

    public byte[] toByteArray() {
        byte[] extractByteArray = extractByteArray(this.userData.map((v0) -> {
            return v0.asByteArray();
        }));
        byte[] extractByteArray2 = extractByteArray(this.comment.map((v0) -> {
            return v0.asByteArray();
        }));
        byte[] extract = extract(this.createdBy.map(userAlias -> {
            return userAlias.alias;
        }));
        byte[] extract2 = extract(this.modifiedBy.map(userAlias2 -> {
            return userAlias2.alias;
        }));
        int computePadding = computePadding(extractByteArray, extractByteArray2, extract, extract2);
        ByteBuffer allocate = ByteBuffer.allocate(computeLength(computePadding, extractByteArray, extractByteArray2, extract, extract2));
        allocate.put((byte) 1);
        allocate.putLong(FormattedTimestamp.epoch(this.created).longValue());
        allocate.putLong(FormattedTimestamp.epoch(this.modified).longValue());
        putArray(allocate, extract);
        putArray(allocate, extract2);
        allocate.put(this.value.encoding.asByte());
        allocate.put(this.value.type.asByte());
        putArray(allocate, this.value.asByteArray());
        putArray(allocate, extractByteArray);
        putArray(allocate, extractByteArray2);
        putArray(allocate, new byte[computePadding]);
        return allocate.array();
    }

    public static EncryptionPayload fromByteArray(byte[] bArr) {
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        byte b = wrap.get();
        if (b != 1) {
            throw new IllegalStateException(String.format("Expected version 1, got %d", Byte.valueOf(b)));
        }
        return new EncryptionPayload(new SecretValue(readArray(wrap), Encoding.fromByte(wrap.get()), SecretType.fromByte(wrap.get())), readUserData(wrap), FormattedTimestamp.fromEpoch(wrap.getLong()), readOptionalString(wrap).map(UserAlias::new), FormattedTimestamp.fromEpoch(wrap.getLong()), readOptionalString(wrap).map(UserAlias::new), readComment(wrap));
    }

    private static byte[] readArray(ByteBuffer byteBuffer) {
        int i = byteBuffer.getInt();
        byte[] bArr = new byte[i];
        byteBuffer.get(bArr, 0, i);
        return bArr;
    }

    private void putArray(ByteBuffer byteBuffer, byte[] bArr) {
        byteBuffer.putInt(bArr.length);
        byteBuffer.put(bArr);
    }

    private static Optional<UserData> readUserData(ByteBuffer byteBuffer) {
        byte[] readArray = readArray(byteBuffer);
        return readArray.length == 0 ? Optional.empty() : Optional.of(new UserData(readArray));
    }

    private static Optional<Comment> readComment(ByteBuffer byteBuffer) {
        byte[] readArray = readArray(byteBuffer);
        return readArray.length == 0 ? Optional.empty() : Optional.of(new Comment(readArray));
    }

    private static Optional<String> readOptionalString(ByteBuffer byteBuffer) {
        return extractOptionalString(readArray(byteBuffer));
    }

    private byte[] extract(Optional<String> optional) {
        return optional.isPresent() ? Encoder.asUTF8(optional.get()) : new byte[0];
    }

    private byte[] extractByteArray(Optional<byte[]> optional) {
        return optional.isPresent() ? optional.get() : new byte[0];
    }

    private static Optional<String> extractOptionalString(byte[] bArr) {
        return bArr.length == 0 ? Optional.empty() : Optional.of(Encoder.fromUTF8(bArr));
    }

    private int computePadding(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        return 0 + moduloPadding(this.value.asByteArray().length, 1000, 50000) + randomPadding(bArr.length, 50000, 1000) + absolutePadding(bArr2.length, 1000) + absolutePadding(bArr3.length, 32) + absolutePadding(bArr4.length, 32);
    }

    int randomPadding(int i, int i2, int i3) {
        throwIfAboveMax(i, i2);
        return this.random.nextInt(i3);
    }

    int moduloPadding(int i, int i2, int i3) {
        throwIfAboveMax(i, i3);
        return i2 - (i % i2);
    }

    int absolutePadding(int i, int i2) {
        throwIfAboveMax(i, i2);
        return i2 - i;
    }

    void throwIfAboveMax(int i, int i2) {
        if (i > i2) {
            throw new IllegalStateException("Field is larger than expected");
        }
    }

    private int computeLength(int i, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        return 21 + bArr3.length + 4 + bArr4.length + 1 + 1 + 4 + this.value.asByteArray().length + 4 + bArr.length + 4 + bArr2.length + 4 + i;
    }

    public String toJsonBlob() {
        try {
            return objectMapper.writeValueAsString(this);
        } catch (JsonProcessingException e) {
            throw new SerializationException("Failed to serialize to JSON blob", e);
        }
    }

    public static EncryptionPayload fromJsonBlob(String str) {
        try {
            return (EncryptionPayload) objectMapper.readValue(str, EncryptionPayload.class);
        } catch (IOException e) {
            throw new ParseException("Failed to deserialize JSON blob", e);
        }
    }

    public String toString() {
        return MoreObjects.toStringHelper(this).add("value", this.value).add("userdata", this.userData).add("created", this.created).add("modified", this.modified).add(InputValidation.COMMENT_FIELD_NAME, this.comment).toString();
    }

    public int hashCode() {
        return Objects.hashCode(new Object[]{this.value, this.created, this.comment});
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof EncryptionPayload)) {
            return false;
        }
        EncryptionPayload encryptionPayload = (EncryptionPayload) obj;
        return Objects.equal(this.value, encryptionPayload.value) && Objects.equal(this.userData, encryptionPayload.userData) && Objects.equal(this.created, encryptionPayload.created) && Objects.equal(this.modified, encryptionPayload.modified) && Objects.equal(this.comment, encryptionPayload.comment);
    }

    @Override // com.schibsted.security.strongbox.sdk.internal.encryption.BestEffortShred
    public void bestEffortShred() {
        this.value.bestEffortShred();
        this.userData.ifPresent((v0) -> {
            v0.bestEffortShred();
        });
        this.comment.ifPresent((v0) -> {
            v0.bestEffortShred();
        });
    }
}
