package io.getlime.security.powerauth.crypto.lib.generator;

import com.google.common.io.BaseEncoding;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.kdf.KdfX9_63;
import io.getlime.security.powerauth.crypto.lib.model.RecoveryInfo;
import io.getlime.security.powerauth.crypto.lib.model.RecoverySeed;
import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException;
import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException;
import io.getlime.security.powerauth.crypto.lib.util.CRC16;
import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.UUID;
import javax.crypto.SecretKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/getlime/security/powerauth/crypto/lib/generator/IdentifierGenerator.class */
public class IdentifierGenerator {
    private static final Logger logger = LoggerFactory.getLogger(IdentifierGenerator.class);
    private static final int BASE32_KEY_LENGTH = 5;
    private static final int ACTIVATION_CODE_BYTES_LENGTH = 12;
    private static final int ACTIVATION_CODE_RANDOM_BYTES_LENGTH = 10;
    private static final int PUK_DERIVATION_MAX_ATTEMPTS = 20;
    private final KeyGenerator keyGenerator = new KeyGenerator();
    private final KeyConvertor keyConvertor = new KeyConvertor();

    public String generateActivationId() {
        return UUID.randomUUID().toString();
    }

    private String generateBase32Token() {
        return BaseEncoding.base32().omitPadding().encode(this.keyGenerator.generateRandomBytes(BASE32_KEY_LENGTH)).substring(0, BASE32_KEY_LENGTH);
    }

    public String generateActivationCode() {
        try {
            return generateActivationCode(this.keyGenerator.generateRandomBytes(ACTIVATION_CODE_RANDOM_BYTES_LENGTH));
        } catch (GenericCryptoException e) {
            logger.warn(e.getMessage(), e);
            return null;
        }
    }

    public String generateActivationCode(byte[] bArr) throws GenericCryptoException {
        if (bArr == null || bArr.length != ACTIVATION_CODE_RANDOM_BYTES_LENGTH) {
            throw new GenericCryptoException("Invalid request in generateActivationCode");
        }
        ByteBuffer allocate = ByteBuffer.allocate(ACTIVATION_CODE_BYTES_LENGTH);
        allocate.put(bArr);
        new CRC16().update(bArr, 0, ACTIVATION_CODE_RANDOM_BYTES_LENGTH);
        allocate.putShort((short) r0.getValue());
        return encodeActivationCode(allocate.array());
    }

    public boolean validateActivationCode(String str) {
        if (str == null || !str.matches("[A-Z2-7]{5}-[A-Z2-7]{5}-[A-Z2-7]{5}-[A-Z2-7]{5}")) {
            return false;
        }
        byte[] decode = BaseEncoding.base32().decode(str.replace("-", ""));
        if (decode.length != ACTIVATION_CODE_BYTES_LENGTH) {
            return false;
        }
        CRC16 crc16 = new CRC16();
        crc16.update(decode, 0, ACTIVATION_CODE_RANDOM_BYTES_LENGTH);
        return (((((long) decode[ACTIVATION_CODE_RANDOM_BYTES_LENGTH]) & 255) << 8) | (((long) decode[11]) & 255)) == crc16.getValue();
    }

    public RecoveryInfo generateRecoveryCode() throws GenericCryptoException, CryptoProviderException, InvalidKeyException {
        return generateRecoveryCode(this.keyGenerator.generateRandomSecretKey(), 1, false);
    }

    public RecoveryInfo generateRecoveryCode(SecretKey secretKey, int i, boolean z) throws GenericCryptoException, CryptoProviderException, InvalidKeyException {
        Long valueOf;
        String generatePuk;
        if (secretKey == null) {
            throw new GenericCryptoException("Invalid key");
        }
        byte[] convertSharedSecretKeyToBytes = this.keyConvertor.convertSharedSecretKeyToBytes(secretKey);
        byte[] generateRandomBytes = this.keyGenerator.generateRandomBytes(32);
        byte[] derive = KdfX9_63.derive(convertSharedSecretKeyToBytes, generateRandomBytes, 26);
        String generateRecoveryCode = generateRecoveryCode(derive);
        SecretKey generatePukBaseKey = generatePukBaseKey(derive);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        for (int i2 = 1; i2 <= i; i2++) {
            int i3 = 0;
            do {
                byte[] generateRandomBytes2 = this.keyGenerator.generateRandomBytes(8);
                valueOf = Long.valueOf(ByteBuffer.wrap(generateRandomBytes2).getLong());
                generatePuk = generatePuk(generatePukBaseKey, generateRandomBytes2);
                i3++;
                if (i3 == PUK_DERIVATION_MAX_ATTEMPTS) {
                    throw new GenericCryptoException("PUK derivation failed due to exceeding maximum number of attempts for generating unique PUK");
                }
            } while (linkedHashMap2.containsValue(generatePuk));
            linkedHashMap2.put(Integer.valueOf(i2), generatePuk);
            linkedHashMap.put(Integer.valueOf(i2), valueOf);
        }
        return z ? new RecoveryInfo(generateRecoveryCode, linkedHashMap2, new RecoverySeed(generateRandomBytes, linkedHashMap)) : new RecoveryInfo(generateRecoveryCode, linkedHashMap2);
    }

    public RecoveryInfo deriveRecoveryCode(SecretKey secretKey, RecoverySeed recoverySeed) throws GenericCryptoException, CryptoProviderException, InvalidKeyException {
        if (secretKey == null || recoverySeed == null) {
            throw new GenericCryptoException("Invalid input data");
        }
        byte[] convertSharedSecretKeyToBytes = this.keyConvertor.convertSharedSecretKeyToBytes(secretKey);
        byte[] nonce = recoverySeed.getNonce();
        Map<Integer, Long> pukDerivationIndexes = recoverySeed.getPukDerivationIndexes();
        if (nonce == null || pukDerivationIndexes == null || pukDerivationIndexes.isEmpty()) {
            throw new GenericCryptoException("Invalid input data");
        }
        byte[] derive = KdfX9_63.derive(convertSharedSecretKeyToBytes, nonce, 26);
        String generateRecoveryCode = generateRecoveryCode(derive);
        SecretKey generatePukBaseKey = generatePukBaseKey(derive);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (int i = 1; i <= pukDerivationIndexes.size(); i++) {
            linkedHashMap.put(Integer.valueOf(i), generatePuk(generatePukBaseKey, ByteBuffer.allocate(8).putLong(pukDerivationIndexes.get(Integer.valueOf(i)).longValue()).array()));
        }
        RecoveryInfo recoveryInfo = new RecoveryInfo();
        recoveryInfo.setRecoveryCode(generateRecoveryCode);
        recoveryInfo.setPuks(linkedHashMap);
        return recoveryInfo;
    }

    private String generateRecoveryCode(byte[] bArr) throws GenericCryptoException {
        byte[] bArr2 = new byte[ACTIVATION_CODE_RANDOM_BYTES_LENGTH];
        System.arraycopy(bArr, 0, bArr2, 0, ACTIVATION_CODE_RANDOM_BYTES_LENGTH);
        return generateActivationCode(bArr2);
    }

    private SecretKey generatePukBaseKey(byte[] bArr) {
        byte[] bArr2 = new byte[16];
        System.arraycopy(bArr, ACTIVATION_CODE_RANDOM_BYTES_LENGTH, bArr2, 0, 16);
        return this.keyConvertor.convertBytesToSharedSecretKey(bArr2);
    }

    private String generatePuk(SecretKey secretKey, byte[] bArr) throws CryptoProviderException, InvalidKeyException, GenericCryptoException {
        byte[] bArr2 = new byte[8];
        System.arraycopy(this.keyConvertor.convertSharedSecretKeyToBytes(this.keyGenerator.deriveSecretKey(secretKey, bArr)), 8, bArr2, 0, 8);
        return String.format("%010d", Long.valueOf((ByteBuffer.wrap(bArr2).getLong() & 1099511627775L) % ((long) Math.pow(10.0d, 10.0d))));
    }

    private String encodeActivationCode(byte[] bArr) {
        String encode = BaseEncoding.base32().omitPadding().encode(bArr);
        return encode.substring(0, BASE32_KEY_LENGTH) + "-" + encode.substring(BASE32_KEY_LENGTH, ACTIVATION_CODE_RANDOM_BYTES_LENGTH) + "-" + encode.substring(ACTIVATION_CODE_RANDOM_BYTES_LENGTH, 15) + "-" + encode.substring(15, PUK_DERIVATION_MAX_ATTEMPTS);
    }
}
