package com.netflix.msl.tokens;

import com.netflix.android.org.json.JSONException;
import com.netflix.android.org.json.JSONObject;
import com.netflix.android.org.json.JSONString;
import com.netflix.msl.MslConstants;
import com.netflix.msl.MslCryptoException;
import com.netflix.msl.MslEncodingException;
import com.netflix.msl.MslError;
import com.netflix.msl.MslException;
import com.netflix.msl.MslInternalException;
import com.netflix.msl.crypto.ICryptoContext;
import com.netflix.msl.util.Base64;
import com.netflix.msl.util.MslContext;
import java.util.Date;

/* loaded from: classes.dex */
public class UserIdToken implements JSONString {
    private static final String KEY_EXPIRATION = "expiration";
    private static final String KEY_IDENTITY = "identity";
    private static final String KEY_ISSUER_DATA = "issuerdata";
    private static final String KEY_MASTER_TOKEN_SERIAL_NUMBER = "mtserialnumber";
    private static final String KEY_RENEWAL_WINDOW = "renewalwindow";
    private static final String KEY_SERIAL_NUMBER = "serialnumber";
    private static final String KEY_SIGNATURE = "signature";
    private static final String KEY_TOKENDATA = "tokendata";
    private static final String KEY_USERDATA = "userdata";
    private static final long MILLISECONDS_PER_SECOND = 1000;
    private final MslContext ctx;
    private final long expiration;
    private final JSONObject issuerData;
    private final long mtSerialNumber;
    private final long renewalWindow;
    private final long serialNumber;
    private final byte[] signature;
    private final byte[] tokendata;
    private final MslUser user;
    private final byte[] userdata;
    private final boolean verified;

    public UserIdToken(MslContext mslContext, JSONObject jSONObject, MasterToken masterToken) {
        this.ctx = mslContext;
        ICryptoContext mslCryptoContext = mslContext.getMslCryptoContext();
        try {
            try {
                this.tokendata = Base64.decode(jSONObject.getString(KEY_TOKENDATA));
                if (this.tokendata == null || this.tokendata.length == 0) {
                    throw new MslEncodingException(MslError.USERIDTOKEN_TOKENDATA_MISSING, "useridtoken " + jSONObject.toString()).setMasterToken(masterToken);
                }
                try {
                    this.signature = Base64.decode(jSONObject.getString("signature"));
                    this.verified = mslCryptoContext.verify(this.tokendata, this.signature);
                    String str = new String(this.tokendata, MslConstants.DEFAULT_CHARSET);
                    try {
                        JSONObject jSONObject2 = new JSONObject(str);
                        this.renewalWindow = jSONObject2.getLong(KEY_RENEWAL_WINDOW);
                        this.expiration = jSONObject2.getLong("expiration");
                        if (this.expiration < this.renewalWindow) {
                            throw new MslException(MslError.USERIDTOKEN_EXPIRES_BEFORE_RENEWAL, "usertokendata " + str).setMasterToken(masterToken);
                        }
                        this.mtSerialNumber = jSONObject2.getLong(KEY_MASTER_TOKEN_SERIAL_NUMBER);
                        if (this.mtSerialNumber < 0 || this.mtSerialNumber > MslConstants.MAX_LONG_VALUE) {
                            throw new MslException(MslError.USERIDTOKEN_MASTERTOKEN_SERIAL_NUMBER_OUT_OF_RANGE, "usertokendata " + str).setMasterToken(masterToken);
                        }
                        this.serialNumber = jSONObject2.getLong(KEY_SERIAL_NUMBER);
                        if (this.serialNumber < 0 || this.serialNumber > MslConstants.MAX_LONG_VALUE) {
                            throw new MslException(MslError.USERIDTOKEN_SERIAL_NUMBER_OUT_OF_RANGE, "usertokendata " + str).setMasterToken(masterToken);
                        }
                        try {
                            byte[] decode = Base64.decode(jSONObject2.getString(KEY_USERDATA));
                            if (decode == null || decode.length == 0) {
                                throw new MslException(MslError.USERIDTOKEN_USERDATA_MISSING, jSONObject2.getString(KEY_USERDATA)).setMasterToken(masterToken);
                            }
                            this.userdata = this.verified ? mslCryptoContext.decrypt(decode) : null;
                            if (this.userdata != null) {
                                String str2 = new String(this.userdata, MslConstants.DEFAULT_CHARSET);
                                try {
                                    JSONObject jSONObject3 = new JSONObject(str2);
                                    this.issuerData = jSONObject3.has(KEY_ISSUER_DATA) ? jSONObject3.getJSONObject(KEY_ISSUER_DATA) : null;
                                    String string = jSONObject3.getString("identity");
                                    if (string == null || string.length() == 0) {
                                        throw new MslException(MslError.USERIDTOKEN_IDENTITY_INVALID, "userdata " + str2).setMasterToken(masterToken);
                                    }
                                    this.user = mslContext.getTokenFactory().createUser(mslContext, string);
                                    if (this.user == null) {
                                        throw new MslInternalException("TokenFactory.createUser() returned null in violation of the interface contract.");
                                    }
                                } catch (JSONException e) {
                                    throw new MslEncodingException(MslError.USERIDTOKEN_USERDATA_PARSE_ERROR, "userdata " + str2, e).setMasterToken(masterToken);
                                }
                            } else {
                                this.issuerData = null;
                                this.user = null;
                            }
                            if (masterToken == null || this.mtSerialNumber != masterToken.getSerialNumber()) {
                                throw new MslException(MslError.USERIDTOKEN_MASTERTOKEN_MISMATCH, "uit mtserialnumber " + this.mtSerialNumber + "; mt " + masterToken).setMasterToken(masterToken);
                            }
                        } catch (IllegalArgumentException e2) {
                            throw new MslException(MslError.USERIDTOKEN_USERDATA_INVALID, jSONObject2.getString(KEY_USERDATA)).setMasterToken(masterToken);
                        }
                    } catch (JSONException e3) {
                        throw new MslEncodingException(MslError.USERIDTOKEN_TOKENDATA_PARSE_ERROR, "usertokendata " + str, e3).setMasterToken(masterToken);
                    } catch (MslCryptoException e4) {
                        e4.setMasterToken(masterToken);
                        throw e4;
                    }
                } catch (IllegalArgumentException e5) {
                    throw new MslEncodingException(MslError.USERIDTOKEN_SIGNATURE_INVALID, "useridtoken " + jSONObject.toString(), e5).setMasterToken(masterToken);
                }
            } catch (IllegalArgumentException e6) {
                throw new MslEncodingException(MslError.USERIDTOKEN_TOKENDATA_INVALID, "useridtoken " + jSONObject.toString(), e6).setMasterToken(masterToken);
            }
        } catch (JSONException e7) {
            throw new MslEncodingException(MslError.JSON_PARSE_ERROR, "useridtoken " + jSONObject.toString(), e7).setMasterToken(masterToken);
        }
    }

    public UserIdToken(MslContext mslContext, Date date, Date date2, MasterToken masterToken, long j, JSONObject jSONObject, MslUser mslUser) {
        if (date2.before(date)) {
            throw new MslInternalException("Cannot construct a user ID token that expires before its renewal window opens.");
        }
        if (masterToken == null) {
            throw new MslInternalException("Cannot construct a user ID token without a master token.");
        }
        if (j < 0 || j > MslConstants.MAX_LONG_VALUE) {
            throw new MslInternalException("Serial number " + j + " is outside the valid range.");
        }
        this.ctx = mslContext;
        this.renewalWindow = date.getTime() / 1000;
        this.expiration = date2.getTime() / 1000;
        this.mtSerialNumber = masterToken.getSerialNumber();
        this.serialNumber = j;
        this.issuerData = jSONObject;
        this.user = mslUser;
        JSONObject jSONObject2 = new JSONObject();
        try {
            if (this.issuerData != null) {
                jSONObject2.put(KEY_ISSUER_DATA, this.issuerData);
            }
            jSONObject2.put("identity", mslUser.getEncoded());
            this.userdata = jSONObject2.toString().getBytes(MslConstants.DEFAULT_CHARSET);
            try {
                ICryptoContext mslCryptoContext = mslContext.getMslCryptoContext();
                byte[] encrypt = mslCryptoContext.encrypt(this.userdata);
                try {
                    JSONObject jSONObject3 = new JSONObject();
                    jSONObject3.put(KEY_RENEWAL_WINDOW, this.renewalWindow);
                    jSONObject3.put("expiration", this.expiration);
                    jSONObject3.put(KEY_MASTER_TOKEN_SERIAL_NUMBER, this.mtSerialNumber);
                    jSONObject3.put(KEY_SERIAL_NUMBER, this.serialNumber);
                    jSONObject3.put(KEY_USERDATA, Base64.encode(encrypt));
                    this.tokendata = jSONObject3.toString().getBytes(MslConstants.DEFAULT_CHARSET);
                    this.signature = mslCryptoContext.sign(this.tokendata);
                    this.verified = true;
                } catch (JSONException e) {
                    throw new MslEncodingException(MslError.JSON_ENCODE_ERROR, "usertokendata", e).setMasterToken(masterToken);
                }
            } catch (MslCryptoException e2) {
                e2.setMasterToken(masterToken);
                throw e2;
            }
        } catch (JSONException e3) {
            throw new MslEncodingException(MslError.JSON_ENCODE_ERROR, KEY_USERDATA, e3);
        }
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof UserIdToken)) {
            return false;
        }
        UserIdToken userIdToken = (UserIdToken) obj;
        return this.serialNumber == userIdToken.serialNumber && this.mtSerialNumber == userIdToken.mtSerialNumber;
    }

    public Date getExpiration() {
        return new Date(this.expiration * 1000);
    }

    public JSONObject getIssuerData() {
        return this.issuerData;
    }

    public long getMasterTokenSerialNumber() {
        return this.mtSerialNumber;
    }

    public Date getRenewalWindow() {
        return new Date(this.renewalWindow * 1000);
    }

    public long getSerialNumber() {
        return this.serialNumber;
    }

    public MslUser getUser() {
        return this.user;
    }

    public int hashCode() {
        return (String.valueOf(this.serialNumber) + ":" + String.valueOf(this.mtSerialNumber)).hashCode();
    }

    public boolean isBoundTo(MasterToken masterToken) {
        return masterToken != null && masterToken.getSerialNumber() == this.mtSerialNumber;
    }

    public boolean isDecrypted() {
        return this.user != null;
    }

    public boolean isExpired(Date date) {
        return date != null ? this.expiration * 1000 <= date.getTime() : isVerified() && this.expiration * 1000 <= this.ctx.getTime();
    }

    public boolean isRenewable(Date date) {
        return date != null ? this.renewalWindow * 1000 <= date.getTime() : !isVerified() || this.renewalWindow * 1000 <= this.ctx.getTime();
    }

    public boolean isVerified() {
        return this.verified;
    }

    @Override // com.netflix.android.org.json.JSONString
    public final String toJSONString() {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(KEY_TOKENDATA, Base64.encode(this.tokendata));
            jSONObject.put("signature", Base64.encode(this.signature));
            return jSONObject.toString();
        } catch (JSONException e) {
            throw new MslInternalException("Error encoding " + getClass().getName() + " JSON.", e);
        }
    }

    public String toString() {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(KEY_RENEWAL_WINDOW, this.renewalWindow);
            jSONObject.put("expiration", this.expiration);
            jSONObject.put(KEY_MASTER_TOKEN_SERIAL_NUMBER, this.mtSerialNumber);
            jSONObject.put(KEY_SERIAL_NUMBER, this.serialNumber);
            jSONObject.put(KEY_USERDATA, "(redacted)");
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put(KEY_TOKENDATA, jSONObject);
            jSONObject2.put("signature", Base64.encode(this.signature));
            return jSONObject2.toString();
        } catch (JSONException e) {
            throw new MslInternalException("Error encoding " + getClass().getName() + " JSON.", e);
        }
    }
}
