package io.micronaut.http.server.netty;

import io.micronaut.core.annotation.Internal;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.incubator.codec.quic.QuicTokenHandler;
import io.netty.util.concurrent.FastThreadLocal;
import java.net.InetSocketAddress;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;

/* JADX INFO: Access modifiers changed from: package-private */
@Internal
/* loaded from: input_file:WEB-INF/lib/micronaut-http-server-netty-4.1.9.jar:io/micronaut/http/server/netty/QuicTokenHandlerImpl.class */
public class QuicTokenHandlerImpl implements QuicTokenHandler {
    private static final int MAC_LENGTH = 32;
    private static final int MAX_CONNECTION_ID_LENGTH = 20;
    private static final long TIMESTAMP_WINDOW_SIZE = 300000;
    private final Key key;
    private final FastThreadLocal<Mac> macCache = new FastThreadLocal<Mac>() { // from class: io.micronaut.http.server.netty.QuicTokenHandlerImpl.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // io.netty.util.concurrent.FastThreadLocal
        public Mac initialValue() throws Exception {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(QuicTokenHandlerImpl.this.key);
            return mac;
        }
    };
    private final ByteBufAllocator alloc;
    static final /* synthetic */ boolean $assertionsDisabled;

    QuicTokenHandlerImpl(ByteBufAllocator byteBufAllocator) {
        this.alloc = byteBufAllocator;
        try {
            this.key = KeyGenerator.getInstance("HmacSHA256").generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static QuicTokenHandler create(ByteBufAllocator byteBufAllocator) {
        return new QuicTokenHandlerImpl(byteBufAllocator);
    }

    public boolean writeToken(ByteBuf byteBuf, ByteBuf byteBuf2, InetSocketAddress inetSocketAddress) {
        byteBuf.writeBytes(hash(inetSocketAddress, byteBuf2, currentWindowId()));
        byteBuf.writeBytes(byteBuf2, byteBuf2.readerIndex(), byteBuf2.readableBytes());
        return true;
    }

    public int validateToken(ByteBuf byteBuf, InetSocketAddress inetSocketAddress) {
        byte[] bArr = new byte[32];
        byteBuf.getBytes(byteBuf.readerIndex(), bArr);
        ByteBuf slice = byteBuf.slice(byteBuf.readerIndex() + 32, byteBuf.readableBytes() - 32);
        long currentWindowId = currentWindowId();
        return MessageDigest.isEqual(hash(inetSocketAddress, slice, currentWindowId), bArr) | MessageDigest.isEqual(hash(inetSocketAddress, slice, currentWindowId - 1), bArr) ? 32 : -1;
    }

    private byte[] hash(InetSocketAddress inetSocketAddress, ByteBuf byteBuf, long j) {
        ByteBuf buildTextToVerify = buildTextToVerify(inetSocketAddress, byteBuf, j);
        try {
            Mac mac = this.macCache.get();
            mac.update(buildTextToVerify.array(), buildTextToVerify.arrayOffset() + buildTextToVerify.readerIndex(), buildTextToVerify.readableBytes());
            byte[] doFinal = mac.doFinal();
            buildTextToVerify.release();
            if ($assertionsDisabled || doFinal.length == 32) {
                return doFinal;
            }
            throw new AssertionError();
        } catch (Throwable th) {
            buildTextToVerify.release();
            throw th;
        }
    }

    private ByteBuf buildTextToVerify(InetSocketAddress inetSocketAddress, ByteBuf byteBuf, long j) {
        if (byteBuf.readableBytes() > 20) {
            throw new IllegalArgumentException("Connection ID may not exceed 20 bytes length");
        }
        ByteBuf heapBuffer = this.alloc.heapBuffer();
        byte[] address = inetSocketAddress.getAddress().getAddress();
        heapBuffer.writeByte(address.length);
        heapBuffer.writeBytes(address);
        heapBuffer.writeShort(inetSocketAddress.getPort());
        heapBuffer.writeByte(byteBuf.readableBytes());
        heapBuffer.writeBytes(byteBuf, byteBuf.readerIndex(), byteBuf.readableBytes());
        heapBuffer.writeLong(j);
        return heapBuffer;
    }

    public int maxTokenLength() {
        return 52;
    }

    long currentWindowId() {
        return System.currentTimeMillis() / 300000;
    }

    static {
        $assertionsDisabled = !QuicTokenHandlerImpl.class.desiredAssertionStatus();
    }
}
