package io.getlime.security.powerauth.crypto.lib.encryptor.ecies;

import com.google.common.primitives.Bytes;
import io.getlime.security.powerauth.crypto.lib.config.PowerAuthConfiguration;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.exception.EciesException;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesCryptogram;
import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator;
import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException;
import io.getlime.security.powerauth.crypto.lib.util.AESEncryptionUtils;
import io.getlime.security.powerauth.crypto.lib.util.HMACHashUtilities;
import io.getlime.security.powerauth.provider.CryptoProviderUtil;
import io.getlime.security.powerauth.provider.exception.CryptoProviderException;
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.util.Arrays;
import javax.crypto.SecretKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/getlime/security/powerauth/crypto/lib/encryptor/ecies/EciesEncryptor.class */
public class EciesEncryptor {
    private static final Logger logger = LoggerFactory.getLogger(EciesEncryptor.class);
    private final AESEncryptionUtils aes;
    private final HMACHashUtilities hmac;
    private final CryptoProviderUtil keyConverter;
    private final KeyGenerator keyGenerator;
    private final PublicKey publicKey;
    private final byte[] sharedInfo1;
    private final byte[] sharedInfo2;
    private EciesEnvelopeKey envelopeKey;
    private boolean canEncryptData;
    private boolean canDecryptData;
    private byte[] ivForDecryption;

    public EciesEncryptor(ECPublicKey eCPublicKey) {
        this(eCPublicKey, null, null);
    }

    public EciesEncryptor(ECPublicKey eCPublicKey, byte[] bArr, byte[] bArr2) {
        this.aes = new AESEncryptionUtils();
        this.hmac = new HMACHashUtilities();
        this.keyConverter = PowerAuthConfiguration.INSTANCE.getKeyConvertor();
        this.keyGenerator = new KeyGenerator();
        this.publicKey = eCPublicKey;
        this.sharedInfo1 = bArr;
        this.sharedInfo2 = bArr2;
        this.canEncryptData = true;
        this.canDecryptData = false;
    }

    public EciesEncryptor(EciesEnvelopeKey eciesEnvelopeKey, byte[] bArr) {
        this.aes = new AESEncryptionUtils();
        this.hmac = new HMACHashUtilities();
        this.keyConverter = PowerAuthConfiguration.INSTANCE.getKeyConvertor();
        this.keyGenerator = new KeyGenerator();
        this.publicKey = null;
        this.envelopeKey = eciesEnvelopeKey;
        this.sharedInfo1 = null;
        this.sharedInfo2 = bArr;
        this.canEncryptData = false;
        this.canDecryptData = true;
    }

    public EciesCryptogram encryptRequest(byte[] bArr, boolean z) throws EciesException {
        if (bArr == null) {
            throw new EciesException("Parameter data for request encryption is null");
        }
        if (!canEncryptRequest()) {
            throw new EciesException("Request encryption is not allowed");
        }
        this.envelopeKey = EciesEnvelopeKey.fromPublicKey(this.publicKey, this.sharedInfo1);
        return encrypt(bArr, z);
    }

    public byte[] decryptResponse(EciesCryptogram eciesCryptogram) throws EciesException {
        if (eciesCryptogram == null || eciesCryptogram.getEncryptedData() == null || eciesCryptogram.getMac() == null) {
            throw new EciesException("Parameter cryptogram for response decryption is invalid");
        }
        if (canDecryptResponse()) {
            return decrypt(eciesCryptogram);
        }
        throw new EciesException("Response decryption is not allowed");
    }

    public byte[] getSharedInfo2() {
        return this.sharedInfo2;
    }

    public EciesEnvelopeKey getEnvelopeKey() {
        return this.envelopeKey;
    }

    private boolean canEncryptRequest() {
        return this.canEncryptData && this.publicKey != null;
    }

    private boolean canDecryptResponse() {
        return this.canDecryptData && this.envelopeKey.isValid() && this.ivForDecryption != null;
    }

    /* JADX WARN: Type inference failed for: r0v18, types: [byte[], byte[][]] */
    private EciesCryptogram encrypt(byte[] bArr, boolean z) throws EciesException {
        byte[] bArr2;
        byte[] bArr3;
        try {
            if (z) {
                bArr2 = this.keyGenerator.generateRandomBytes(16);
                bArr3 = this.envelopeKey.deriveIvForNonce(bArr2);
            } else {
                bArr2 = null;
                bArr3 = new byte[16];
            }
            byte[] encrypt = this.aes.encrypt(bArr, bArr3, this.keyConverter.convertBytesToSharedSecretKey(this.envelopeKey.getEncKey()));
            byte[] hash = this.hmac.hash(this.envelopeKey.getMacKey(), this.sharedInfo2 == null ? encrypt : Bytes.concat((byte[][]) new byte[]{encrypt, this.sharedInfo2}));
            this.canEncryptData = false;
            this.canDecryptData = true;
            this.ivForDecryption = bArr3;
            return new EciesCryptogram(this.envelopeKey.getEphemeralKeyPublic(), hash, encrypt, bArr2);
        } catch (GenericCryptoException | InvalidKeyException | CryptoProviderException e) {
            logger.warn(e.getMessage(), e);
            throw new EciesException("Request encryption failed", e);
        }
    }

    /* JADX WARN: Type inference failed for: r0v5, types: [byte[], byte[][]] */
    private byte[] decrypt(EciesCryptogram eciesCryptogram) throws EciesException {
        try {
            if (!Arrays.equals(this.hmac.hash(this.envelopeKey.getMacKey(), this.sharedInfo2 == null ? eciesCryptogram.getEncryptedData() : Bytes.concat((byte[][]) new byte[]{eciesCryptogram.getEncryptedData(), this.sharedInfo2})), eciesCryptogram.getMac())) {
                throw new EciesException("Invalid MAC");
            }
            SecretKey convertBytesToSharedSecretKey = this.keyConverter.convertBytesToSharedSecretKey(this.envelopeKey.getEncKey());
            byte[] bArr = this.ivForDecryption;
            this.canDecryptData = false;
            this.ivForDecryption = null;
            return this.aes.decrypt(eciesCryptogram.getEncryptedData(), bArr, convertBytesToSharedSecretKey);
        } catch (GenericCryptoException | InvalidKeyException | CryptoProviderException e) {
            logger.warn(e.getMessage(), e);
            throw new EciesException("Response decryption failed", e);
        }
    }
}
