package io.getlime.security.powerauth.crypto.lib.encryptor;

import io.getlime.security.powerauth.crypto.lib.config.PowerAuthConfiguration;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.NonPersonalizedEncryptedMessage;
import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator;
import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException;
import io.getlime.security.powerauth.crypto.lib.util.AESEncryptionUtils;
import io.getlime.security.powerauth.crypto.lib.util.HMACHashUtilities;
import io.getlime.security.powerauth.provider.CryptoProviderUtil;
import io.getlime.security.powerauth.provider.exception.CryptoProviderException;
import java.security.InvalidKeyException;
import java.util.Arrays;
import javax.crypto.SecretKey;

/* loaded from: input_file:io/getlime/security/powerauth/crypto/lib/encryptor/NonPersonalizedEncryptor.class */
public class NonPersonalizedEncryptor {
    private static final int MAX_ATTEMPT_COUNT = 1000;
    private byte[] applicationKey;
    private byte[] sessionIndex;
    private byte[] sessionRelatedSecretKey;
    private byte[] ephemeralPublicKey;
    private final AESEncryptionUtils aes = new AESEncryptionUtils();
    private final KeyGenerator generator = new KeyGenerator();
    private final HMACHashUtilities hmac = new HMACHashUtilities();
    private final CryptoProviderUtil keyConversion = PowerAuthConfiguration.INSTANCE.getKeyConvertor();

    public NonPersonalizedEncryptor(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        this.applicationKey = bArr;
        this.sessionIndex = bArr3;
        this.sessionRelatedSecretKey = bArr2;
        this.ephemeralPublicKey = bArr4;
    }

    public NonPersonalizedEncryptedMessage encrypt(byte[] bArr) throws InvalidKeyException, GenericCryptoException, CryptoProviderException {
        byte[] generateRandomBytes = this.generator.generateRandomBytes(16);
        byte[] generateRandomBytes2 = this.generator.generateRandomBytes(16);
        int i = 0;
        while (Arrays.equals(generateRandomBytes, generateRandomBytes2)) {
            generateRandomBytes2 = this.generator.generateRandomBytes(16);
            if (i >= MAX_ATTEMPT_COUNT) {
                throw new GenericCryptoException("Random byte array generation failed");
            }
            i++;
        }
        byte[] generateRandomBytes3 = this.generator.generateRandomBytes(16);
        SecretKey convertBytesToSharedSecretKey = this.keyConversion.convertBytesToSharedSecretKey(this.sessionRelatedSecretKey);
        SecretKey deriveSecretKeyHmacLegacy = this.generator.deriveSecretKeyHmacLegacy(convertBytesToSharedSecretKey, generateRandomBytes);
        SecretKey deriveSecretKeyHmacLegacy2 = this.generator.deriveSecretKeyHmacLegacy(convertBytesToSharedSecretKey, generateRandomBytes2);
        byte[] encrypt = this.aes.encrypt(bArr, generateRandomBytes3, deriveSecretKeyHmacLegacy);
        byte[] hash = this.hmac.hash(deriveSecretKeyHmacLegacy2, encrypt);
        NonPersonalizedEncryptedMessage nonPersonalizedEncryptedMessage = new NonPersonalizedEncryptedMessage();
        nonPersonalizedEncryptedMessage.setApplicationKey(this.applicationKey);
        nonPersonalizedEncryptedMessage.setEphemeralPublicKey(this.ephemeralPublicKey);
        nonPersonalizedEncryptedMessage.setSessionIndex(this.sessionIndex);
        nonPersonalizedEncryptedMessage.setAdHocIndex(generateRandomBytes);
        nonPersonalizedEncryptedMessage.setMacIndex(generateRandomBytes2);
        nonPersonalizedEncryptedMessage.setNonce(generateRandomBytes3);
        nonPersonalizedEncryptedMessage.setEncryptedData(encrypt);
        nonPersonalizedEncryptedMessage.setMac(hash);
        return nonPersonalizedEncryptedMessage;
    }

    public byte[] decrypt(NonPersonalizedEncryptedMessage nonPersonalizedEncryptedMessage) throws InvalidKeyException, GenericCryptoException, CryptoProviderException {
        byte[] adHocIndex = nonPersonalizedEncryptedMessage.getAdHocIndex();
        byte[] macIndex = nonPersonalizedEncryptedMessage.getMacIndex();
        byte[] nonce = nonPersonalizedEncryptedMessage.getNonce();
        if (adHocIndex == null || macIndex == null || nonce == null) {
            throw new GenericCryptoException("Invalid message");
        }
        if (adHocIndex.length != 16 || macIndex.length != 16) {
            throw new GenericCryptoException("Invalid index");
        }
        if (nonce.length != 16) {
            throw new GenericCryptoException("Invalid nonce");
        }
        if (Arrays.equals(adHocIndex, macIndex)) {
            throw new GenericCryptoException("Invalid index");
        }
        SecretKey convertBytesToSharedSecretKey = this.keyConversion.convertBytesToSharedSecretKey(this.sessionRelatedSecretKey);
        SecretKey deriveSecretKeyHmacLegacy = this.generator.deriveSecretKeyHmacLegacy(convertBytesToSharedSecretKey, adHocIndex);
        SecretKey deriveSecretKeyHmacLegacy2 = this.generator.deriveSecretKeyHmacLegacy(convertBytesToSharedSecretKey, macIndex);
        byte[] encryptedData = nonPersonalizedEncryptedMessage.getEncryptedData();
        if (Arrays.equals(nonPersonalizedEncryptedMessage.getMac(), this.hmac.hash(deriveSecretKeyHmacLegacy2, encryptedData))) {
            return this.aes.decrypt(encryptedData, nonce, deriveSecretKeyHmacLegacy);
        }
        throw new GenericCryptoException("Invalid mac");
    }

    public byte[] getApplicationKey() {
        return this.applicationKey;
    }

    public void setApplicationKey(byte[] bArr) {
        this.applicationKey = bArr;
    }

    public byte[] getSessionIndex() {
        return this.sessionIndex;
    }

    public void setSessionIndex(byte[] bArr) {
        this.sessionIndex = bArr;
    }

    public byte[] getEphemeralPublicKey() {
        return this.ephemeralPublicKey;
    }

    public void setEphemeralPublicKey(byte[] bArr) {
        this.ephemeralPublicKey = bArr;
    }

    public byte[] getSessionRelatedSecretKey() {
        return this.sessionRelatedSecretKey;
    }

    public void setSessionRelatedSecretKey(byte[] bArr) {
        this.sessionRelatedSecretKey = bArr;
    }
}
