package com.turo.pushy.apns;

import com.turo.pushy.apns.AbstractMockApnsServerHandler;
import com.turo.pushy.apns.auth.ApnsVerificationKey;
import io.netty.handler.codec.http2.Http2ConnectionDecoder;
import io.netty.handler.codec.http2.Http2ConnectionEncoder;
import io.netty.handler.codec.http2.Http2Headers;
import io.netty.handler.codec.http2.Http2Settings;
import io.netty.util.AsciiString;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.util.Date;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/turo/pushy/apns/TokenAuthenticationMockApnsServerHandler.class */
public class TokenAuthenticationMockApnsServerHandler extends AbstractMockApnsServerHandler {
    private final boolean emulateExpiredFirstToken;
    private boolean rejectedFirstExpiredToken;
    private final Map<String, ApnsVerificationKey> verificationKeysByKeyId;
    private final Map<ApnsVerificationKey, Set<String>> topicsByVerificationKey;
    private String expectedTeamId;
    private static final AsciiString APNS_TOPIC_HEADER = new AsciiString("apns-topic");
    private static final AsciiString APNS_AUTHORIZATION_HEADER = new AsciiString("authorization");
    private static final Logger log = LoggerFactory.getLogger(TokenAuthenticationApnsClientHandler.class);

    /* loaded from: input_file:com/turo/pushy/apns/TokenAuthenticationMockApnsServerHandler$TokenAuthenticationMockApnsServerHandlerBuilder.class */
    public static final class TokenAuthenticationMockApnsServerHandlerBuilder extends AbstractMockApnsServerHandler.AbstractMockApnsServerHandlerBuilder {
        private boolean emulateExpiredFirstToken;
        private Map<String, ApnsVerificationKey> verificationKeysByKeyId;
        private Map<ApnsVerificationKey, Set<String>> topicsByVerificationKey;

        public AbstractMockApnsServerHandler.AbstractMockApnsServerHandlerBuilder emulateExpiredFirstToken(boolean z) {
            this.emulateExpiredFirstToken = z;
            return this;
        }

        public AbstractMockApnsServerHandler.AbstractMockApnsServerHandlerBuilder verificationKeysByKeyId(Map<String, ApnsVerificationKey> map) {
            this.verificationKeysByKeyId = map;
            return this;
        }

        public AbstractMockApnsServerHandler.AbstractMockApnsServerHandlerBuilder topicsByVerificationKey(Map<ApnsVerificationKey, Set<String>> map) {
            this.topicsByVerificationKey = map;
            return this;
        }

        /* renamed from: build, reason: merged with bridge method [inline-methods] */
        public TokenAuthenticationMockApnsServerHandler m21build(Http2ConnectionDecoder http2ConnectionDecoder, Http2ConnectionEncoder http2ConnectionEncoder, Http2Settings http2Settings) {
            TokenAuthenticationMockApnsServerHandler tokenAuthenticationMockApnsServerHandler = new TokenAuthenticationMockApnsServerHandler(http2ConnectionDecoder, http2ConnectionEncoder, http2Settings, super.emulateInternalErrors(), super.deviceTokenExpirationsByTopic(), this.emulateExpiredFirstToken, this.verificationKeysByKeyId, this.topicsByVerificationKey);
            frameListener(tokenAuthenticationMockApnsServerHandler);
            return tokenAuthenticationMockApnsServerHandler;
        }

        @Override // com.turo.pushy.apns.AbstractMockApnsServerHandler.AbstractMockApnsServerHandlerBuilder
        /* renamed from: build */
        public AbstractMockApnsServerHandler mo1build() {
            return super.mo1build();
        }
    }

    protected TokenAuthenticationMockApnsServerHandler(Http2ConnectionDecoder http2ConnectionDecoder, Http2ConnectionEncoder http2ConnectionEncoder, Http2Settings http2Settings, boolean z, Map<String, Map<String, Date>> map, boolean z2, Map<String, ApnsVerificationKey> map2, Map<ApnsVerificationKey, Set<String>> map3) {
        super(http2ConnectionDecoder, http2ConnectionEncoder, http2Settings, z, map);
        this.rejectedFirstExpiredToken = false;
        this.emulateExpiredFirstToken = z2;
        this.verificationKeysByKeyId = map2;
        this.topicsByVerificationKey = map3;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.turo.pushy.apns.AbstractMockApnsServerHandler
    public void verifyHeaders(Http2Headers http2Headers) throws AbstractMockApnsServerHandler.RejectedNotificationException {
        String str;
        super.verifyHeaders(http2Headers);
        CharSequence charSequence = (CharSequence) http2Headers.get(APNS_AUTHORIZATION_HEADER);
        if (charSequence != null) {
            String charSequence2 = charSequence.toString();
            str = charSequence2.startsWith("bearer") ? charSequence2.substring("bearer".length()).trim() : null;
        } else {
            str = null;
        }
        AuthenticationToken authenticationToken = new AuthenticationToken(str);
        ApnsVerificationKey apnsVerificationKey = this.verificationKeysByKeyId.get(authenticationToken.getKeyId());
        if (apnsVerificationKey == null) {
            throw new AbstractMockApnsServerHandler.RejectedNotificationException(AbstractMockApnsServerHandler.ErrorReason.INVALID_PROVIDER_TOKEN);
        }
        try {
            if (!authenticationToken.verifySignature(apnsVerificationKey)) {
                throw new AbstractMockApnsServerHandler.RejectedNotificationException(AbstractMockApnsServerHandler.ErrorReason.INVALID_PROVIDER_TOKEN);
            }
            if (this.expectedTeamId == null) {
                this.expectedTeamId = authenticationToken.getTeamId();
            }
            if (!this.expectedTeamId.equals(authenticationToken.getTeamId())) {
                throw new AbstractMockApnsServerHandler.RejectedNotificationException(AbstractMockApnsServerHandler.ErrorReason.INVALID_PROVIDER_TOKEN);
            }
            if (authenticationToken.getIssuedAt().getTime() + MockApnsServer.AUTHENTICATION_TOKEN_EXPIRATION_MILLIS < System.currentTimeMillis()) {
                throw new AbstractMockApnsServerHandler.RejectedNotificationException(AbstractMockApnsServerHandler.ErrorReason.EXPIRED_PROVIDER_TOKEN);
            }
            if (this.emulateExpiredFirstToken && !this.rejectedFirstExpiredToken) {
                this.rejectedFirstExpiredToken = true;
                throw new AbstractMockApnsServerHandler.RejectedNotificationException(AbstractMockApnsServerHandler.ErrorReason.EXPIRED_PROVIDER_TOKEN);
            }
            CharSequence charSequence3 = (CharSequence) http2Headers.get(APNS_TOPIC_HEADER);
            String charSequence4 = charSequence3 != null ? charSequence3.toString() : null;
            Set<String> set = this.topicsByVerificationKey.get(apnsVerificationKey);
            if (set == null || !set.contains(charSequence4)) {
                throw new AbstractMockApnsServerHandler.RejectedNotificationException(AbstractMockApnsServerHandler.ErrorReason.INVALID_PROVIDER_TOKEN);
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            log.error("Failed to verify authentication token signature.", e);
            throw new RuntimeException(e);
        }
    }
}
