package nl.martijndwars.webpush;

import io.jsonwebtoken.Header;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.HashMap;
import nl.martijndwars.webpush.AbstractPushService;
import nl.martijndwars.webpush.Encrypted;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:lib/web-push-5.1.1.jar:nl/martijndwars/webpush/AbstractPushService.class */
public abstract class AbstractPushService<T extends AbstractPushService<T>> {
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
    public static final String SERVER_KEY_ID = "server-key-id";
    public static final String SERVER_KEY_CURVE = "P-256";
    private String gcmApiKey;
    private String subject;
    private PublicKey publicKey;
    private PrivateKey privateKey;

    public AbstractPushService() {
    }

    public AbstractPushService(String str) {
        this.gcmApiKey = str;
    }

    public AbstractPushService(KeyPair keyPair) {
        this.publicKey = keyPair.getPublic();
        this.privateKey = keyPair.getPrivate();
    }

    public AbstractPushService(KeyPair keyPair, String str) {
        this(keyPair);
        this.subject = str;
    }

    public AbstractPushService(String str, String str2) throws GeneralSecurityException {
        this.publicKey = Utils.loadPublicKey(str);
        this.privateKey = Utils.loadPrivateKey(str2);
    }

    public AbstractPushService(String str, String str2, String str3) throws GeneralSecurityException {
        this(str, str2);
        this.subject = str3;
    }

    public static Encrypted encrypt(byte[] bArr, ECPublicKey eCPublicKey, byte[] bArr2, Encoding encoding) throws GeneralSecurityException {
        KeyPair generateLocalKeyPair = generateLocalKeyPair();
        HashMap hashMap = new HashMap();
        hashMap.put(SERVER_KEY_ID, generateLocalKeyPair);
        HashMap hashMap2 = new HashMap();
        hashMap2.put(SERVER_KEY_ID, "P-256");
        byte[] bArr3 = new byte[16];
        SECURE_RANDOM.nextBytes(bArr3);
        return new Encrypted.Builder().withSalt(bArr3).withPublicKey(generateLocalKeyPair.getPublic()).withCiphertext(new HttpEce(hashMap, hashMap2).encrypt(bArr, bArr3, null, SERVER_KEY_ID, eCPublicKey, bArr2, encoding)).build();
    }

    private static KeyPair generateLocalKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(Utils.CURVE);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(Utils.ALGORITHM, BouncyCastleProvider.PROVIDER_NAME);
        keyPairGenerator.initialize(parameterSpec);
        return keyPairGenerator.generateKeyPair();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final HttpRequest prepareRequest(Notification notification, Encoding encoding) throws GeneralSecurityException, IOException, JoseException {
        if (getPrivateKey() != null && getPublicKey() != null && !Utils.verifyKeyPair(getPrivateKey(), getPublicKey())) {
            throw new IllegalStateException("Public key and private key do not match.");
        }
        Encrypted encrypt = encrypt(notification.getPayload(), notification.getUserPublicKey(), notification.getUserAuth(), encoding);
        byte[] encode = Utils.encode((ECPublicKey) encrypt.getPublicKey());
        byte[] salt = encrypt.getSalt();
        String endpoint = notification.getEndpoint();
        HashMap hashMap = new HashMap();
        byte[] bArr = null;
        hashMap.put("TTL", String.valueOf(notification.getTTL()));
        if (notification.hasUrgency()) {
            hashMap.put("Urgency", notification.getUrgency().getHeaderValue());
        }
        if (notification.hasTopic()) {
            hashMap.put("Topic", notification.getTopic());
        }
        if (notification.hasPayload()) {
            hashMap.put("Content-Type", "application/octet-stream");
            if (encoding == Encoding.AES128GCM) {
                hashMap.put("Content-Encoding", "aes128gcm");
            } else if (encoding == Encoding.AESGCM) {
                hashMap.put("Content-Encoding", "aesgcm");
                hashMap.put("Encryption", "salt=" + Base64Encoder.encodeUrlWithoutPadding(salt));
                hashMap.put("Crypto-Key", "dh=" + Base64Encoder.encodeUrl(encode));
            }
            bArr = encrypt.getCiphertext();
        }
        if (notification.isGcm()) {
            if (getGcmApiKey() == null) {
                throw new IllegalStateException("An GCM API key is needed to send a push notification to a GCM endpoint.");
            }
            hashMap.put("Authorization", "key=" + getGcmApiKey());
        } else if (vapidEnabled()) {
            if (encoding == Encoding.AES128GCM && notification.getEndpoint().startsWith("https://fcm.googleapis.com")) {
                endpoint = notification.getEndpoint().replace("fcm/send", "wp");
            }
            JwtClaims jwtClaims = new JwtClaims();
            jwtClaims.setAudience(notification.getOrigin());
            jwtClaims.setExpirationTimeMinutesInTheFuture(720.0f);
            if (getSubject() != null) {
                jwtClaims.setSubject(getSubject());
            }
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setHeader("typ", Header.JWT_TYPE);
            jsonWebSignature.setHeader("alg", AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256);
            jsonWebSignature.setPayload(jwtClaims.toJson());
            jsonWebSignature.setKey(getPrivateKey());
            jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256);
            byte[] encode2 = Utils.encode((ECPublicKey) getPublicKey());
            if (encoding == Encoding.AES128GCM) {
                hashMap.put("Authorization", "vapid t=" + jsonWebSignature.getCompactSerialization() + ", k=" + Base64Encoder.encodeUrlWithoutPadding(encode2));
            } else if (encoding == Encoding.AESGCM) {
                hashMap.put("Authorization", "WebPush " + jsonWebSignature.getCompactSerialization());
            }
            if (hashMap.containsKey("Crypto-Key")) {
                hashMap.put("Crypto-Key", ((String) hashMap.get("Crypto-Key")) + ";p256ecdsa=" + Base64Encoder.encodeUrlWithoutPadding(encode2));
            } else {
                hashMap.put("Crypto-Key", "p256ecdsa=" + Base64Encoder.encodeUrl(encode2));
            }
        } else if (notification.isFcm() && getGcmApiKey() != null) {
            hashMap.put("Authorization", "key=" + getGcmApiKey());
        }
        return new HttpRequest(endpoint, hashMap, bArr);
    }

    public T setGcmApiKey(String str) {
        this.gcmApiKey = str;
        return this;
    }

    public String getGcmApiKey() {
        return this.gcmApiKey;
    }

    public String getSubject() {
        return this.subject;
    }

    public T setSubject(String str) {
        this.subject = str;
        return this;
    }

    public T setKeyPair(KeyPair keyPair) {
        setPublicKey(keyPair.getPublic());
        setPrivateKey(keyPair.getPrivate());
        return this;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public T setPublicKey(String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException {
        setPublicKey(Utils.loadPublicKey(str));
        return this;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public KeyPair getKeyPair() {
        return new KeyPair(this.publicKey, this.privateKey);
    }

    public T setPublicKey(PublicKey publicKey) {
        this.publicKey = publicKey;
        return this;
    }

    public T setPrivateKey(String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException {
        setPrivateKey(Utils.loadPrivateKey(str));
        return this;
    }

    public T setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
        return this;
    }

    protected boolean vapidEnabled() {
        return (this.publicKey == null || this.privateKey == null) ? false : true;
    }
}
