package io.getlime.security.powerauth.crypto.lib.encryptor.ecies;

import com.google.common.primitives.Bytes;
import io.getlime.security.powerauth.crypto.lib.config.PowerAuthConfiguration;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.exception.EciesException;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.kdf.KdfX9_63;
import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator;
import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException;
import io.getlime.security.powerauth.crypto.lib.util.HMACHashUtilities;
import io.getlime.security.powerauth.provider.CryptoProviderUtil;
import io.getlime.security.powerauth.provider.exception.CryptoProviderException;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/getlime/security/powerauth/crypto/lib/encryptor/ecies/EciesEnvelopeKey.class */
public class EciesEnvelopeKey {
    private static final int ENC_KEY_OFFSET = 0;
    private static final int ENC_KEY_SIZE = 16;
    private static final int MAC_KEY_OFFSET = 16;
    private static final int MAC_KEY_SIZE = 16;
    private static final int IV_KEY_OFFSET = 32;
    private static final int IV_KEY_SIZE = 16;
    private static final int NONCE_SIZE = 16;
    private static final int ENVELOPE_KEY_SIZE = 48;
    private final byte[] secretKey;
    private final byte[] ephemeralKeyPublic;
    private static final Logger logger = LoggerFactory.getLogger(EciesEnvelopeKey.class);
    private static final CryptoProviderUtil keyConverter = PowerAuthConfiguration.INSTANCE.getKeyConvertor();
    private static final KeyGenerator keyGenerator = new KeyGenerator();
    private static final HMACHashUtilities hmac = new HMACHashUtilities();

    public EciesEnvelopeKey(byte[] bArr, byte[] bArr2) {
        this.secretKey = bArr;
        this.ephemeralKeyPublic = bArr2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Type inference failed for: r0v14, types: [byte[], byte[][]] */
    public static EciesEnvelopeKey fromPublicKey(PublicKey publicKey, byte[] bArr) throws EciesException {
        try {
            KeyPair generateKeyPair = keyGenerator.generateKeyPair();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            byte[] convertPublicKeyToBytes = keyConverter.convertPublicKeyToBytes(generateKeyPair.getPublic());
            return new EciesEnvelopeKey(KdfX9_63.derive(keyConverter.convertSharedSecretKeyToBytes(keyGenerator.computeSharedKey(privateKey, publicKey, true)), bArr == null ? convertPublicKeyToBytes : Bytes.concat((byte[][]) new byte[]{bArr, convertPublicKeyToBytes}), ENVELOPE_KEY_SIZE), convertPublicKeyToBytes);
        } catch (GenericCryptoException | InvalidKeyException | CryptoProviderException e) {
            logger.warn(e.getMessage(), e);
            throw new EciesException("Key derivation failed", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Type inference failed for: r0v8, types: [byte[], byte[][]] */
    public static EciesEnvelopeKey fromPrivateKey(PrivateKey privateKey, byte[] bArr, byte[] bArr2) throws EciesException {
        try {
            return new EciesEnvelopeKey(KdfX9_63.derive(keyConverter.convertSharedSecretKeyToBytes(keyGenerator.computeSharedKey(privateKey, keyConverter.convertBytesToPublicKey(bArr), true)), bArr2 == null ? bArr : Bytes.concat((byte[][]) new byte[]{bArr2, bArr}), ENVELOPE_KEY_SIZE), bArr);
        } catch (GenericCryptoException | InvalidKeyException | InvalidKeySpecException | CryptoProviderException e) {
            logger.warn(e.getMessage(), e);
            throw new EciesException("Key derivation failed", e);
        }
    }

    public byte[] getEncKey() throws EciesException {
        if (!isValid()) {
            throw new EciesException("Encryption key is not valid");
        }
        ByteBuffer allocate = ByteBuffer.allocate(16);
        allocate.put(this.secretKey, ENC_KEY_OFFSET, 16);
        return allocate.array();
    }

    public byte[] getMacKey() throws EciesException {
        if (!isValid()) {
            throw new EciesException("MAC key is not valid");
        }
        ByteBuffer allocate = ByteBuffer.allocate(16);
        allocate.put(this.secretKey, 16, 16);
        return allocate.array();
    }

    public byte[] getIvKey() throws EciesException {
        if (!isValid()) {
            throw new EciesException("IV key is not valid");
        }
        ByteBuffer allocate = ByteBuffer.allocate(16);
        allocate.put(this.secretKey, IV_KEY_OFFSET, 16);
        return allocate.array();
    }

    public byte[] deriveIvForNonce(byte[] bArr) throws EciesException {
        if (bArr == null) {
            throw new EciesException("Nonce for IV derivation is missing");
        }
        if (bArr.length != 16) {
            throw new EciesException("Nonce for IV derivation is not valid");
        }
        try {
            return keyGenerator.convert32Bto16B(hmac.hash(getIvKey(), bArr));
        } catch (GenericCryptoException | CryptoProviderException e) {
            logger.warn(e.getMessage(), e);
            throw new EciesException("IV derivation failed", e);
        }
    }

    public byte[] getSecretKey() throws EciesException {
        if (isValid()) {
            return this.secretKey;
        }
        throw new EciesException("Secret key is not valid");
    }

    public byte[] getEphemeralKeyPublic() {
        return this.ephemeralKeyPublic;
    }

    public boolean isValid() {
        return this.secretKey.length == ENVELOPE_KEY_SIZE;
    }
}
