package tice.crypto;

import com.goterl.lazysodium.LazySodiumAndroid;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.PrematureJwtException;
import java.util.Calendar;
import java.util.Date;
import java.util.UUID;
import javax.inject.Inject;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import tice.crypto.JWTIssuer;
import tice.dagger.provides.ConfigModule;
import tice.utility.UUIDExtensionKt;

/* compiled from: AuthManager.kt */
@Metadata(d1 = {"\u0000j\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\u0018\u00002\u00020\u0001B\u0017\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006JD\u0010\n\u001a\u00060\u000bj\u0002`\f2\n\u0010\r\u001a\u00060\u000ej\u0002`\u000f2\n\u0010\u0010\u001a\u00060\u000ej\u0002`\u00112\u0006\u0010\u0012\u001a\u00020\u00132\n\u0010\u0014\u001a\u00060\u000ej\u0002`\u000f2\n\u0010\u0015\u001a\u00060\u0016j\u0002`\u0017H\u0016J$\u0010\u0018\u001a\u00060\u000bj\u0002`\f2\n\u0010\u0015\u001a\u00060\u0016j\u0002`\u00172\n\u0010\r\u001a\u00060\u000ej\u0002`\u000fH\u0016J \u0010\u0019\u001a\u00020\u001a2\n\u0010\u001b\u001a\u00060\u000bj\u0002`\f2\n\u0010\u001c\u001a\u00060\u0016j\u0002`\u001dH\u0016JH\u0010\u001e\u001a\u00020\u001f2\n\u0010\u001b\u001a\u00060\u000bj\u0002`\f2\n\u0010\r\u001a\u00060\u000ej\u0002`\u000f2\n\u0010\u0010\u001a\u00060\u000ej\u0002`\u00112\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010 \u001a\u00020!2\n\u0010\u001c\u001a\u00060\u0016j\u0002`\u001dH\u0002J@\u0010\"\u001a\u00020\u001f2\n\u0010\u001b\u001a\u00060\u000bj\u0002`\f2\n\u0010\r\u001a\u00060\u000ej\u0002`\u000f2\n\u0010\u0010\u001a\u00060\u000ej\u0002`\u00112\u0006\u0010\u0012\u001a\u00020\u00132\n\u0010\u001c\u001a\u00060\u0016j\u0002`\u001dH\u0016JL\u0010#\u001a\u00020\u001f2\n\u0010\u001b\u001a\u00060\u000bj\u0002`\f2\n\u0010\r\u001a\u00060\u000ej\u0002`\u000f2\n\u0010\u0010\u001a\u00060\u000ej\u0002`\u00112\u0006\u0010\u0012\u001a\u00020\u00132\n\u0010\u0014\u001a\u00060\u000ej\u0002`\u000f2\n\u0010\u001c\u001a\u00060\u0016j\u0002`\u001dH\u0016R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006$"}, d2 = {"Ltice/crypto/AuthManager;", "Ltice/crypto/AuthManagerType;", "sodium", "Lcom/goterl/lazysodium/LazySodiumAndroid;", "cryptoParams", "Ltice/dagger/provides/ConfigModule$CryptoParams;", "(Lcom/goterl/lazysodium/LazySodiumAndroid;Ltice/dagger/provides/ConfigModule$CryptoParams;)V", "CERTIFICATE_VALIDATION_LEEWAY", "", "CERTIFICATE_VALIDITY_PERIOD", "createUserSignedMembershipCertificate", "", "Ltice/models/Certificate;", "userId", "Ljava/util/UUID;", "Ltice/models/UserId;", "groupId", "Ltice/models/GroupId;", "admin", "", "issuerUserId", "signingKey", "", "Ltice/models/PrivateKey;", "generateAuthHeader", "membershipCertificateExpirationDate", "Ljava/util/Date;", "certificate", "publicKey", "Ltice/models/PublicKey;", "validate", "", "issuer", "Ltice/crypto/JWTIssuer;", "validateServerSignedMembershipCertificate", "validateUserSignedMembershipCertificate", "app_productionFdroidRelease"}, k = 1, mv = {1, 5, 1}, xi = 48)
/* loaded from: classes2.dex */
public final class AuthManager implements AuthManagerType {
    private final int CERTIFICATE_VALIDATION_LEEWAY;
    private final int CERTIFICATE_VALIDITY_PERIOD;
    private final LazySodiumAndroid sodium;

    @Inject
    public AuthManager(LazySodiumAndroid sodium, ConfigModule.CryptoParams cryptoParams) {
        Intrinsics.checkNotNullParameter(sodium, "sodium");
        Intrinsics.checkNotNullParameter(cryptoParams, "cryptoParams");
        this.sodium = sodium;
        this.CERTIFICATE_VALIDITY_PERIOD = cryptoParams.getCertificateValidityPeriod();
        this.CERTIFICATE_VALIDATION_LEEWAY = cryptoParams.getCertificationValidationLeeway();
    }

    private final void validate(String certificate, UUID userId, UUID groupId, boolean admin, JWTIssuer issuer, byte[] publicKey) {
        Jws<Claims> parseClaimsJws = Jwts.parserBuilder().requireSubject(UUIDExtensionKt.uuidString(userId)).requireIssuer(issuer.claimString()).require("groupId", UUIDExtensionKt.uuidString(groupId)).require("admin", Boolean.valueOf(admin)).setAllowedClockSkewSeconds(this.CERTIFICATE_VALIDATION_LEEWAY).setSigningKey(BridgingExtensionsKt.verificationKey(publicKey)).build().parseClaimsJws(certificate);
        if (parseClaimsJws.getBody().getIssuedAt().after(new Date(new Date().getTime() + (this.CERTIFICATE_VALIDATION_LEEWAY * 1000)))) {
            throw new PrematureJwtException(parseClaimsJws.getHeader(), parseClaimsJws.getBody(), "JWT seems to be issued in the future.");
        }
    }

    @Override // tice.crypto.AuthManagerType
    public String createUserSignedMembershipCertificate(UUID userId, UUID groupId, boolean admin, UUID issuerUserId, byte[] signingKey) {
        Intrinsics.checkNotNullParameter(userId, "userId");
        Intrinsics.checkNotNullParameter(groupId, "groupId");
        Intrinsics.checkNotNullParameter(issuerUserId, "issuerUserId");
        Intrinsics.checkNotNullParameter(signingKey, "signingKey");
        JWTIssuer.User user = new JWTIssuer.User(issuerUserId);
        Date date = new Date();
        UUID jwtId = UUID.randomUUID();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(13, this.CERTIFICATE_VALIDITY_PERIOD);
        Date time = calendar.getTime();
        JwtBuilder builder = Jwts.builder();
        Intrinsics.checkNotNullExpressionValue(jwtId, "jwtId");
        String compact = builder.setId(UUIDExtensionKt.uuidString(jwtId)).setIssuer(user.claimString()).setSubject(UUIDExtensionKt.uuidString(userId)).setIssuedAt(date).setExpiration(time).claim("groupId", UUIDExtensionKt.uuidString(groupId)).claim("admin", Boolean.valueOf(admin)).signWith(BridgingExtensionsKt.signingKey(signingKey)).compact();
        Intrinsics.checkNotNullExpressionValue(compact, "builder()\n            .s…))\n            .compact()");
        return compact;
    }

    @Override // tice.crypto.AuthManagerType
    public String generateAuthHeader(byte[] signingKey, UUID userId) {
        Intrinsics.checkNotNullParameter(signingKey, "signingKey");
        Intrinsics.checkNotNullParameter(userId, "userId");
        Date date = new Date();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(13, 120);
        Date time = calendar.getTime();
        String compact = Jwts.builder().setIssuer(UUIDExtensionKt.uuidString(userId)).setIssuedAt(date).setExpiration(time).claim("nonce", this.sodium.nonce(16)).signWith(BridgingExtensionsKt.signingKey(signingKey)).compact();
        Intrinsics.checkNotNullExpressionValue(compact, "builder()\n            .s…))\n            .compact()");
        return compact;
    }

    @Override // tice.crypto.AuthManagerType
    public Date membershipCertificateExpirationDate(String certificate, byte[] publicKey) {
        Intrinsics.checkNotNullParameter(certificate, "certificate");
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        Date expiration = Jwts.parserBuilder().setSigningKey(BridgingExtensionsKt.verificationKey(publicKey)).build().parseClaimsJws(certificate).getBody().getExpiration();
        Intrinsics.checkNotNullExpressionValue(expiration, "jwts.body.expiration");
        return expiration;
    }

    @Override // tice.crypto.AuthManagerType
    public void validateServerSignedMembershipCertificate(String certificate, UUID userId, UUID groupId, boolean admin, byte[] publicKey) {
        Intrinsics.checkNotNullParameter(certificate, "certificate");
        Intrinsics.checkNotNullParameter(userId, "userId");
        Intrinsics.checkNotNullParameter(groupId, "groupId");
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        validate(certificate, userId, groupId, admin, JWTIssuer.Server.INSTANCE, publicKey);
    }

    @Override // tice.crypto.AuthManagerType
    public void validateUserSignedMembershipCertificate(String certificate, UUID userId, UUID groupId, boolean admin, UUID issuerUserId, byte[] publicKey) {
        Intrinsics.checkNotNullParameter(certificate, "certificate");
        Intrinsics.checkNotNullParameter(userId, "userId");
        Intrinsics.checkNotNullParameter(groupId, "groupId");
        Intrinsics.checkNotNullParameter(issuerUserId, "issuerUserId");
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        validate(certificate, userId, groupId, admin, new JWTIssuer.User(issuerUserId), publicKey);
    }
}
