package nl.martijndwars.webpush;

import com.google.common.io.BaseEncoding;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import nl.martijndwars.webpush.Encrypted;
import org.apache.http.client.fluent.Async;
import org.apache.http.client.fluent.Content;
import org.apache.http.client.fluent.Request;
import org.apache.http.entity.ContentType;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
import org.bouncycastle.crypto.params.HKDFParameters;
import org.bouncycastle.jce.ECNamedCurveTable;

/* loaded from: input_file:nl/martijndwars/webpush/PushService.class */
public class PushService {
    private ExecutorService threadpool = Executors.newFixedThreadPool(1);
    private String gcmApiKey;

    public PushService() {
    }

    public PushService(String str) {
        this.gcmApiKey = str;
    }

    public static Encrypted encrypt(PublicKey publicKey, byte[] bArr) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, NoSuchPaddingException, BadPaddingException, IllegalBlockSizeException, InvalidKeySpecException {
        AlgorithmParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("secp256r1");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDH", "BC");
        keyPairGenerator.initialize(parameterSpec);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PublicKey publicKey2 = generateKeyPair.getPublic();
        SecretKey computeSecret = computeSecret(generateKeyPair.getPrivate(), publicKey);
        byte[] seed = SecureRandom.getSeed(16);
        return new Encrypted.Builder().withPublicKey(publicKey2).withSalt(seed).withCiphertext(encrypt(computeSecret, seed, bArr)).build();
    }

    public static SecretKey computeSecret(PrivateKey privateKey, PublicKey publicKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException {
        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", "BC");
        keyAgreement.init(privateKey);
        keyAgreement.doPhase(publicKey, true);
        return keyAgreement.generateSecret("AES");
    }

    public static byte[] encrypt(SecretKey secretKey, byte[] bArr, byte[] bArr2) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, BadPaddingException, IllegalBlockSizeException {
        byte[] hkdfExpand = hkdfExpand(secretKey.getEncoded(), bArr, info("aesgcm128"), 16);
        byte[] hkdfExpand2 = hkdfExpand(secretKey.getEncoded(), bArr, info("nonce"), 12);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, new SecretKeySpec(hkdfExpand, "AES"), new GCMParameterSpec(128, hkdfExpand2));
        cipher.update(new byte[1]);
        cipher.update(bArr2);
        return cipher.doFinal();
    }

    protected static byte[] info(String str) {
        return ("Content-Encoding: " + str).getBytes();
    }

    protected static byte[] hkdfExpand(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        HKDFBytesGenerator hKDFBytesGenerator = new HKDFBytesGenerator(new SHA256Digest());
        hKDFBytesGenerator.init(new HKDFParameters(bArr, bArr2, bArr3));
        byte[] bArr4 = new byte[i];
        hKDFBytesGenerator.generateBytes(bArr4, 0, i);
        return bArr4;
    }

    public Future<Content> send(Notification notification) throws NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, NoSuchProviderException, InvalidAlgorithmParameterException, IOException, InvalidKeySpecException {
        Request addHeader = Request.Post(notification.getEndpoint()).addHeader("TTL", String.valueOf(notification.getTTL()));
        if (!(notification instanceof GcmNotification)) {
            Encrypted encrypt = encrypt(notification.getUserPublicKey(), notification.getPayload());
            BaseEncoding base64Url = BaseEncoding.base64Url();
            addHeader.addHeader("Content-Type", "application/octet-stream").addHeader("Content-Encoding", "aesgcm128").addHeader("Encryption-Key", "keyid=p256dh;dh=" + base64Url.encode(encrypt.getPublicKey().getQ().getEncoded(false))).addHeader("Encryption", "keyid=p256dh;salt=" + base64Url.encode(encrypt.getSalt())).bodyByteArray(encrypt.getCiphertext());
        } else {
            if (null == this.gcmApiKey) {
                throw new IllegalStateException("GCM API key required for using Google Cloud Messaging");
            }
            addHeader.addHeader("Authorization", "key=" + this.gcmApiKey).addHeader("Accept", "application/json").bodyString(((GcmNotification) notification).getBody(), ContentType.APPLICATION_JSON);
        }
        return Async.newInstance().use(this.threadpool).execute(addHeader);
    }
}
