package org.whispersystems.signalservice.internal.crypto;

import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.whispersystems.libsignal.IdentityKeyPair;
import org.whispersystems.libsignal.InvalidKeyException;
import org.whispersystems.libsignal.ecc.Curve;
import org.whispersystems.libsignal.ecc.ECKeyPair;
import org.whispersystems.libsignal.ecc.ECPublicKey;
import org.whispersystems.libsignal.kdf.HKDFv3;
import org.whispersystems.signalservice.internal.push.ProvisioningProtos;
import org.whispersystems.signalservice.internal.util.Util;

/* loaded from: input_file:org/whispersystems/signalservice/internal/crypto/ProvisioningCipher.class */
public class ProvisioningCipher {
    private static final String TAG = ProvisioningCipher.class.getSimpleName();
    private final ECPublicKey theirPublicKey;

    public ProvisioningCipher(ECPublicKey eCPublicKey) {
        this.theirPublicKey = eCPublicKey;
    }

    /* JADX WARN: Type inference failed for: r0v15, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r2v9, types: [byte[], byte[][]] */
    public byte[] encrypt(ProvisioningProtos.ProvisionMessage provisionMessage) throws InvalidKeyException {
        ECKeyPair generateKeyPair = Curve.generateKeyPair();
        byte[][] split = Util.split(new HKDFv3().deriveSecrets(Curve.calculateAgreement(this.theirPublicKey, generateKeyPair.getPrivateKey()), "TextSecure Provisioning Message".getBytes(), 64), 32, 32);
        byte[] bArr = {1};
        byte[] ciphertext = getCiphertext(split[0], provisionMessage.toByteArray());
        return ProvisioningProtos.ProvisionEnvelope.newBuilder().setPublicKey(ByteString.copyFrom(generateKeyPair.getPublicKey().serialize())).setBody(ByteString.copyFrom(Util.join(new byte[]{bArr, ciphertext, getMac(split[1], Util.join(new byte[]{bArr, ciphertext}))}))).m42build().toByteArray();
    }

    /* JADX WARN: Type inference failed for: r0v5, types: [byte[], byte[][]] */
    private byte[] getCiphertext(byte[] bArr, byte[] bArr2) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, new SecretKeySpec(bArr, "AES"));
            return Util.join(new byte[]{cipher.getIV(), cipher.doFinal(bArr2)});
        } catch (java.security.InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new AssertionError(e);
        }
    }

    private byte[] getMac(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
            return mac.doFinal(bArr2);
        } catch (java.security.InvalidKeyException | NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    public ProvisioningProtos.ProvisionMessage decrypt(IdentityKeyPair identityKeyPair, byte[] bArr) throws InvalidKeyException, InvalidProtocolBufferException {
        ProvisioningProtos.ProvisionEnvelope parseFrom = ProvisioningProtos.ProvisionEnvelope.parseFrom(bArr);
        byte[][] split = Util.split(new HKDFv3().deriveSecrets(Curve.calculateAgreement(Curve.decodePoint(parseFrom.getPublicKey().toByteArray(), 0), identityKeyPair.getPrivateKey()), "TextSecure Provisioning Message".getBytes(), 64), 32, 32);
        ByteString body = parseFrom.getBody();
        if (body.byteAt(0) != 1) {
            throw new RuntimeException("Bad version number on provision message!");
        }
        byte[] byteArray = body.substring(1, 17).toByteArray();
        byte[] byteArray2 = body.substring(17, body.size() - 32).toByteArray();
        verifyMac(split[1], body.substring(0, body.size() - 32).toByteArray(), body.substring(body.size() - 32).toByteArray());
        return ProvisioningProtos.ProvisionMessage.parseFrom(decrypt(split[0], byteArray, byteArray2));
    }

    private void verifyMac(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        if (!Arrays.equals(getMac(bArr, bArr2), bArr3)) {
            throw new RuntimeException("Invalid MAC on provision message!");
        }
    }

    private byte[] decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(bArr2));
            return cipher.doFinal(bArr3);
        } catch (InvalidAlgorithmParameterException | java.security.InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new AssertionError(e);
        }
    }
}
