package com.unbound.quorum.encryption.ub;

import com.dyadicsec.provider.DYCryptoProvider;
import com.dyadicsec.provider.KeyGenSpec;
import com.dyadicsec.provider.KeyParameters;
import com.quorum.tessera.encryption.Encryptor;
import com.quorum.tessera.encryption.EncryptorException;
import com.quorum.tessera.encryption.KeyPair;
import com.quorum.tessera.encryption.Nonce;
import com.quorum.tessera.encryption.PrivateKey;
import com.quorum.tessera.encryption.PublicKey;
import com.quorum.tessera.encryption.SharedKey;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.Security;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/unbound/quorum/encryption/ub/UnboundEncryptor.class */
public class UnboundEncryptor implements Encryptor {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) UnboundEncryptor.class);
    static final int AES_GCM_IV_LEN = 16;
    static final int AES_GCM_TAG_LEN = 16;
    static final int AES_KEY_LEN = 16;
    private final SecureRandom secureRandom = new SecureRandom();

    public UnboundEncryptor() throws EncryptorException {
        if (Security.getProvider(DYCryptoProvider.NAME) == null) {
            Security.addProvider(new DYCryptoProvider());
        }
    }

    private static byte[] longToBytes(long j) {
        ByteBuffer allocate = ByteBuffer.allocate(8);
        allocate.putLong(0, j);
        return allocate.array();
    }

    private static long bytesToLong(byte[] bArr) {
        ByteBuffer allocate = ByteBuffer.allocate(8);
        allocate.put(bArr, 0, bArr.length);
        allocate.flip();
        return allocate.getLong();
    }

    static byte[] ecPointToDer(ECPoint eCPoint) {
        byte[] bArr = new byte[67];
        bArr[0] = 4;
        bArr[1] = 65;
        bArr[2] = 4;
        byte[] byteArray = eCPoint.getAffineX().toByteArray();
        int i = 0;
        if (byteArray[0] == 0) {
            i = 1;
        }
        System.arraycopy(byteArray, i, bArr, (35 - byteArray.length) + i, byteArray.length - i);
        byte[] byteArray2 = eCPoint.getAffineY().toByteArray();
        int i2 = 0;
        if (byteArray2[0] == 0) {
            i2 = 1;
        }
        System.arraycopy(byteArray2, i2, bArr, (bArr.length - byteArray2.length) + i2, byteArray2.length - i2);
        return bArr;
    }

    @Override // com.quorum.tessera.encryption.Encryptor
    public KeyPair generateNewKeys() {
        try {
            KeyParameters keyParameters = new KeyParameters();
            keyParameters.setAllowDerive(true);
            keyParameters.setAllowSign(false);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", DYCryptoProvider.NAME);
            keyPairGenerator.initialize(new KeyGenSpec(new ECGenParameterSpec("secp256r1"), keyParameters));
            ECPublicKey eCPublicKey = (ECPublicKey) keyPairGenerator.generateKeyPair().getPublic();
            if (eCPublicKey == null) {
                LOGGER.error("unable to retrieve a public key");
                throw new EncryptorException("unable to retrieve a public key");
            }
            return new KeyPair(PublicKey.from(eCPublicKey.getEncoded()), PrivateKey.from(Arrays.copyOf(MessageDigest.getInstance("SHA-256").digest(ecPointToDer(eCPublicKey.getW())), 8)));
        } catch (Exception e) {
            LOGGER.error("Unable to generate key pair");
            throw new EncryptorException("Unable to generate key pair: " + e.getMessage());
        }
    }

    static char hexChar(int i) {
        int i2 = i & 15;
        return i2 < 10 ? (char) (i2 + 48) : (char) ((i2 - 10) + 97);
    }

    @Override // com.quorum.tessera.encryption.Encryptor
    public SharedKey computeSharedKey(PublicKey publicKey, PrivateKey privateKey) {
        try {
            char[] cArr = new char[20];
            cArr[0] = '0';
            cArr[1] = 'x';
            cArr[2] = '0';
            cArr[3] = '0';
            byte[] keyBytes = privateKey.getKeyBytes();
            for (int i = 0; i < 8; i++) {
                cArr[4 + (i * 2)] = hexChar(keyBytes[i] >> 4);
                cArr[4 + (i * 2) + 1] = hexChar(keyBytes[i]);
            }
            KeyStore keyStore = KeyStore.getInstance("PKCS11", DYCryptoProvider.NAME);
            keyStore.load(null);
            java.security.PrivateKey privateKey2 = (java.security.PrivateKey) keyStore.getKey(new String(cArr), null);
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", DYCryptoProvider.NAME);
            keyAgreement.init(privateKey2);
            KeyFactory keyFactory = KeyFactory.getInstance("EC");
            LOGGER.info("Encode public key {}", publicKey.encodeToBase64());
            keyAgreement.doPhase(keyFactory.generatePublic(new X509EncodedKeySpec(publicKey.getKeyBytes())), true);
            return SharedKey.from(MessageDigest.getInstance("SHA-256").digest(keyAgreement.generateSecret()));
        } catch (Exception e) {
            LOGGER.error("unable to generate shared secret", (Throwable) e);
            throw new EncryptorException("unable to generate shared secret: " + e.getMessage());
        }
    }

    @Override // com.quorum.tessera.encryption.Encryptor
    public byte[] sealAfterPrecomputation(byte[] bArr, Nonce nonce, SharedKey sharedKey) {
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "SunJCE");
            cipher.init(1, new SecretKeySpec(sharedKey.getKeyBytes(), "AES"), new GCMParameterSpec(128, nonce.getNonceBytes()));
            return cipher.doFinal(bArr);
        } catch (GeneralSecurityException e) {
            LOGGER.error("unable to perform symmetric encryption", (Throwable) e);
            throw new EncryptorException("unable to perform symmetric encryption: " + e.getMessage());
        }
    }

    @Override // com.quorum.tessera.encryption.Encryptor
    public byte[] openAfterPrecomputation(byte[] bArr, Nonce nonce, SharedKey sharedKey) {
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "SunJCE");
            cipher.init(2, new SecretKeySpec(sharedKey.getKeyBytes(), "AES"), new GCMParameterSpec(128, nonce.getNonceBytes()));
            return cipher.doFinal(bArr);
        } catch (GeneralSecurityException e) {
            LOGGER.error("unable to perform symmetric decryption", (Throwable) e);
            throw new EncryptorException("unable to perform symmetric decryption: " + e.getMessage());
        }
    }

    @Override // com.quorum.tessera.encryption.Encryptor
    public byte[] seal(byte[] bArr, Nonce nonce, PublicKey publicKey, PrivateKey privateKey) {
        throw new UnsupportedOperationException();
    }

    @Override // com.quorum.tessera.encryption.Encryptor
    public byte[] open(byte[] bArr, Nonce nonce, PublicKey publicKey, PrivateKey privateKey) {
        throw new UnsupportedOperationException();
    }

    @Override // com.quorum.tessera.encryption.Encryptor
    public Nonce randomNonce() {
        byte[] bArr = new byte[16];
        this.secureRandom.nextBytes(bArr);
        return new Nonce(bArr);
    }

    @Override // com.quorum.tessera.encryption.Encryptor
    public SharedKey createSingleKey() {
        byte[] bArr = new byte[16];
        this.secureRandom.nextBytes(bArr);
        return SharedKey.from(bArr);
    }
}
