package org.interledger.stream.receiver;

import com.google.common.base.Preconditions;
import com.google.common.hash.Hashing;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.Objects;
import org.interledger.core.InterledgerAddress;
import org.interledger.core.SharedSecret;
import org.interledger.spsp.ImmutableStreamConnectionDetails;
import org.interledger.spsp.StreamConnectionDetails;
import org.interledger.stream.StreamException;
import org.interledger.stream.crypto.Random;

/* loaded from: input_file:org/interledger/stream/receiver/SpspStreamConnectionGenerator.class */
public class SpspStreamConnectionGenerator implements StreamConnectionGenerator {
    private static final Charset US_ASCII = StandardCharsets.US_ASCII;
    private static final byte[] STREAM_SERVER_SECRET_GENERATOR = "ilp_stream_secret_generator".getBytes(US_ASCII);

    @Override // org.interledger.stream.receiver.StreamConnectionGenerator
    public StreamConnectionDetails generateConnectionDetails(ServerSecretSupplier serverSecretSupplier, InterledgerAddress interledgerAddress) {
        Objects.requireNonNull(serverSecretSupplier, "serverSecretSupplier must not be null");
        Objects.requireNonNull(interledgerAddress, "receiverAddress must not be null");
        Preconditions.checkArgument(serverSecretSupplier.get().length >= 32, "Server secret must be 32 bytes");
        ImmutableStreamConnectionDetails.Builder builder = StreamConnectionDetails.builder();
        byte[] randBytes = Random.randBytes(18);
        byte[] asBytes = Hashing.hmacSha256(secretGenerator(serverSecretSupplier)).hashBytes(randBytes).asBytes();
        String value = interledgerAddress.with(Base64.getUrlEncoder().withoutPadding().encodeToString(randBytes)).getValue();
        return builder.sharedSecret(SharedSecret.of(asBytes)).destinationAddress(InterledgerAddress.of(value + Base64.getUrlEncoder().withoutPadding().encodeToString(Arrays.copyOf(Hashing.hmacSha256(asBytes).hashBytes(value.getBytes(US_ASCII)).asBytes(), 14)))).build();
    }

    @Override // org.interledger.stream.receiver.StreamConnectionGenerator
    public SharedSecret deriveSecretFromAddress(ServerSecretSupplier serverSecretSupplier, InterledgerAddress interledgerAddress) {
        Objects.requireNonNull(interledgerAddress);
        String value = interledgerAddress.getValue();
        byte[] decode = Base64.getUrlDecoder().decode(value.substring(value.lastIndexOf(".") + 1));
        if (decode.length != 32) {
            throw new StreamException(String.format("Invalid Receiver Address (should have been 32 byte long): %s", interledgerAddress));
        }
        byte[] asBytes = Hashing.hmacSha256(secretGenerator(serverSecretSupplier)).hashBytes(Arrays.copyOf(decode, 18)).asBytes();
        if (Arrays.equals(Arrays.copyOf(Hashing.hmacSha256(asBytes).hashBytes(value.substring(0, value.length() - 19).getBytes(US_ASCII)).asBytes(), 14), Arrays.copyOfRange(decode, 18, decode.length))) {
            return SharedSecret.of(asBytes);
        }
        throw new StreamException("Invalid Receiver Address (derived AuthTag failure)!");
    }

    private byte[] secretGenerator(ServerSecretSupplier serverSecretSupplier) {
        Objects.requireNonNull(serverSecretSupplier);
        return Hashing.hmacSha256(serverSecretSupplier.get()).hashBytes(STREAM_SERVER_SECRET_GENERATOR).asBytes();
    }
}
