package com.eatthepath.pushy.apns.server;

import com.eatthepath.pushy.apns.auth.ApnsVerificationKey;
import com.eatthepath.pushy.apns.auth.AuthenticationToken;
import io.netty.handler.codec.http2.Http2Headers;
import io.netty.util.AsciiString;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/eatthepath/pushy/apns/server/TokenAuthenticationValidatingPushNotificationHandler.class */
class TokenAuthenticationValidatingPushNotificationHandler extends ValidatingPushNotificationHandler {
    private final Map<String, ApnsVerificationKey> verificationKeysByKeyId;
    private final Map<ApnsVerificationKey, Set<String>> topicsByVerificationKey;
    private String expectedTeamId;
    private static final AsciiString APNS_TOPIC_HEADER = new AsciiString("apns-topic");
    private static final AsciiString APNS_AUTHORIZATION_HEADER = new AsciiString("authorization");
    private static final Duration AUTHENTICATION_TOKEN_EXPIRATION_DURATION = Duration.ofHours(1);

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenAuthenticationValidatingPushNotificationHandler(Map<String, Set<String>> map, Map<String, Instant> map2, Map<String, ApnsVerificationKey> map3, Map<ApnsVerificationKey, Set<String>> map4) {
        super(map, map2);
        this.verificationKeysByKeyId = map3;
        this.topicsByVerificationKey = map4;
    }

    @Override // com.eatthepath.pushy.apns.server.ValidatingPushNotificationHandler
    protected void verifyAuthentication(Http2Headers http2Headers) throws RejectedNotificationException {
        CharSequence charSequence = (CharSequence) http2Headers.get(APNS_AUTHORIZATION_HEADER);
        if (charSequence == null) {
            throw new RejectedNotificationException(RejectionReason.MISSING_PROVIDER_TOKEN);
        }
        String charSequence2 = charSequence.toString();
        if (!charSequence2.startsWith("bearer")) {
            throw new RejectedNotificationException(RejectionReason.MISSING_PROVIDER_TOKEN);
        }
        String trim = charSequence2.substring("bearer".length()).trim();
        if (trim.trim().length() == 0) {
            throw new RejectedNotificationException(RejectionReason.MISSING_PROVIDER_TOKEN);
        }
        try {
            AuthenticationToken authenticationToken = new AuthenticationToken(trim);
            ApnsVerificationKey apnsVerificationKey = this.verificationKeysByKeyId.get(authenticationToken.getKeyId());
            if (apnsVerificationKey == null) {
                throw new RejectedNotificationException(RejectionReason.INVALID_PROVIDER_TOKEN);
            }
            if (!authenticationToken.verifySignature(apnsVerificationKey)) {
                throw new RejectedNotificationException(RejectionReason.INVALID_PROVIDER_TOKEN);
            }
            if (this.expectedTeamId == null) {
                this.expectedTeamId = authenticationToken.getTeamId();
            }
            if (!this.expectedTeamId.equals(authenticationToken.getTeamId())) {
                throw new RejectedNotificationException(RejectionReason.INVALID_PROVIDER_TOKEN);
            }
            if (Instant.now().isAfter(authenticationToken.getIssuedAt().plus((TemporalAmount) AUTHENTICATION_TOKEN_EXPIRATION_DURATION))) {
                throw new RejectedNotificationException(RejectionReason.EXPIRED_PROVIDER_TOKEN);
            }
            CharSequence charSequence3 = (CharSequence) http2Headers.get(APNS_TOPIC_HEADER);
            if (charSequence3 == null) {
                throw new RejectedNotificationException(RejectionReason.MISSING_TOPIC);
            }
            String charSequence4 = charSequence3.toString();
            Set<String> set = this.topicsByVerificationKey.get(apnsVerificationKey);
            if (set == null || !set.contains(charSequence4)) {
                throw new RejectedNotificationException(RejectionReason.INVALID_PROVIDER_TOKEN);
            }
        } catch (IllegalArgumentException e) {
            throw new RejectedNotificationException(RejectionReason.INVALID_PROVIDER_TOKEN);
        }
    }
}
