package com.vexsoftware.votifier.net.protocol;

import com.vexsoftware.votifier.VotifierPlugin;
import com.vexsoftware.votifier.model.Vote;
import com.vexsoftware.votifier.net.VotifierSession;
import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.CorruptedFrameException;
import io.netty.handler.codec.MessageToMessageDecoder;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.List;
import java.util.UUID;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import org.json.JSONObject;

/* loaded from: input_file:com/vexsoftware/votifier/net/protocol/VotifierProtocol2Decoder.class */
public class VotifierProtocol2Decoder extends MessageToMessageDecoder<String> {
    private static final SecureRandom RANDOM = new SecureRandom();

    protected void decode(ChannelHandlerContext channelHandlerContext, String str, List<Object> list) throws Exception {
        JSONObject jSONObject = new JSONObject(str);
        VotifierSession votifierSession = (VotifierSession) channelHandlerContext.channel().attr(VotifierSession.KEY).get();
        JSONObject jSONObject2 = new JSONObject(jSONObject.getString("payload"));
        if (!jSONObject2.getString("challenge").equals(votifierSession.getChallenge())) {
            throw new CorruptedFrameException("Challenge is not valid");
        }
        VotifierPlugin votifierPlugin = (VotifierPlugin) channelHandlerContext.channel().attr(VotifierPlugin.KEY).get();
        Key key = votifierPlugin.getTokens().get(jSONObject2.getString("serviceName"));
        if (key == null) {
            key = votifierPlugin.getTokens().get("default");
            if (key == null) {
                throw new RuntimeException("Unknown service '" + jSONObject2.getString("serviceName") + "'");
            }
        }
        if (!hmacEqual(DatatypeConverter.parseBase64Binary(jSONObject.getString("signature")), jSONObject.getString("payload").getBytes(StandardCharsets.UTF_8), key)) {
            throw new CorruptedFrameException("Signature is not valid (invalid token?)");
        }
        if (jSONObject2.has("uuid")) {
            UUID.fromString(jSONObject2.getString("uuid"));
        }
        if (jSONObject2.getString("username").length() > 16) {
            throw new CorruptedFrameException("Username too long");
        }
        list.add(new Vote(jSONObject2));
        channelHandlerContext.pipeline().remove(this);
    }

    private boolean hmacEqual(byte[] bArr, byte[] bArr2, Key key) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(key);
        byte[] doFinal = mac.doFinal(bArr2);
        byte[] bArr3 = new byte[32];
        RANDOM.nextBytes(bArr3);
        Mac mac2 = Mac.getInstance("HmacSHA256");
        mac2.init(new SecretKeySpec(bArr3, "HmacSHA256"));
        byte[] doFinal2 = mac2.doFinal(bArr);
        mac2.reset();
        return MessageDigest.isEqual(doFinal2, mac2.doFinal(doFinal));
    }

    protected /* bridge */ /* synthetic */ void decode(ChannelHandlerContext channelHandlerContext, Object obj, List list) throws Exception {
        decode(channelHandlerContext, (String) obj, (List<Object>) list);
    }
}
