package io.getlime.security.powerauth.crypto.lib.encryptor.ecies;

import com.google.common.primitives.Bytes;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.exception.EciesException;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesCryptogram;
import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException;
import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException;
import io.getlime.security.powerauth.crypto.lib.util.AESEncryptionUtils;
import io.getlime.security.powerauth.crypto.lib.util.HMACHashUtilities;
import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.util.Arrays;
import javax.crypto.SecretKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/getlime/security/powerauth/crypto/lib/encryptor/ecies/EciesDecryptor.class */
public class EciesDecryptor {
    private static final Logger logger = LoggerFactory.getLogger(EciesDecryptor.class);
    private final AESEncryptionUtils aes;
    private final HMACHashUtilities hmac;
    private final KeyConvertor keyConvertor;
    private final PrivateKey privateKey;
    private final byte[] sharedInfo1;
    private final byte[] sharedInfo2;
    private EciesEnvelopeKey envelopeKey;
    private boolean canDecryptData;
    private boolean canEncryptData;
    private byte[] ivForEncryption;

    public EciesDecryptor(ECPrivateKey eCPrivateKey) {
        this(eCPrivateKey, null, null);
    }

    public EciesDecryptor(ECPrivateKey eCPrivateKey, byte[] bArr, byte[] bArr2) {
        this.aes = new AESEncryptionUtils();
        this.hmac = new HMACHashUtilities();
        this.keyConvertor = new KeyConvertor();
        this.privateKey = eCPrivateKey;
        this.sharedInfo1 = bArr;
        this.sharedInfo2 = bArr2;
        this.canDecryptData = true;
        this.canEncryptData = false;
    }

    public EciesDecryptor(EciesEnvelopeKey eciesEnvelopeKey, byte[] bArr) {
        this.aes = new AESEncryptionUtils();
        this.hmac = new HMACHashUtilities();
        this.keyConvertor = new KeyConvertor();
        this.privateKey = null;
        this.envelopeKey = eciesEnvelopeKey;
        this.sharedInfo1 = null;
        this.sharedInfo2 = bArr;
        this.canDecryptData = true;
        this.canEncryptData = false;
    }

    public void initEnvelopeKey(byte[] bArr) throws EciesException {
        this.envelopeKey = EciesEnvelopeKey.fromPrivateKey(this.privateKey, bArr, this.sharedInfo1);
        this.canDecryptData = false;
        this.canEncryptData = true;
        this.ivForEncryption = new byte[16];
    }

    public byte[] decryptRequest(EciesCryptogram eciesCryptogram, boolean z) throws EciesException {
        if (eciesCryptogram == null || eciesCryptogram.getEncryptedData() == null || eciesCryptogram.getMac() == null || (this.envelopeKey == null && eciesCryptogram.getEphemeralPublicKey() == null)) {
            throw new EciesException("Parameter cryptogram for request decryption is invalid");
        }
        if (z && eciesCryptogram.getNonce() == null) {
            throw new EciesException("Nonce parameter in cryptogram is invalid.");
        }
        if (!canDecryptRequest()) {
            throw new EciesException("Request decryption is not allowed");
        }
        if (this.envelopeKey == null) {
            this.envelopeKey = EciesEnvelopeKey.fromPrivateKey(this.privateKey, eciesCryptogram.getEphemeralPublicKey(), this.sharedInfo1);
        }
        return decrypt(eciesCryptogram, z);
    }

    public byte[] decryptRequest(EciesCryptogram eciesCryptogram) throws EciesException {
        return decryptRequest(eciesCryptogram, eciesCryptogram.getNonce() != null);
    }

    public EciesCryptogram encryptResponse(byte[] bArr) throws EciesException {
        if (bArr == null) {
            throw new EciesException("Parameter data for response encryption is null");
        }
        if (canEncryptResponse()) {
            return encrypt(bArr);
        }
        throw new EciesException("Response encryption is not allowed");
    }

    public byte[] getSharedInfo2() {
        return this.sharedInfo2;
    }

    public EciesEnvelopeKey getEnvelopeKey() {
        return this.envelopeKey;
    }

    private boolean canDecryptRequest() {
        return this.canDecryptData && (this.privateKey != null || (this.envelopeKey != null && this.envelopeKey.isValid()));
    }

    private boolean canEncryptResponse() {
        return this.canEncryptData && this.envelopeKey.isValid() && this.ivForEncryption != null;
    }

    /* JADX WARN: Type inference failed for: r0v5, types: [byte[], byte[][]] */
    private byte[] decrypt(EciesCryptogram eciesCryptogram, boolean z) throws EciesException {
        try {
            if (!Arrays.equals(this.hmac.hash(this.envelopeKey.getMacKey(), this.sharedInfo2 == null ? eciesCryptogram.getEncryptedData() : Bytes.concat((byte[][]) new byte[]{eciesCryptogram.getEncryptedData(), this.sharedInfo2})), eciesCryptogram.getMac())) {
                throw new EciesException("Invalid MAC");
            }
            SecretKey convertBytesToSharedSecretKey = this.keyConvertor.convertBytesToSharedSecretKey(this.envelopeKey.getEncKey());
            byte[] deriveIvForNonce = z ? this.envelopeKey.deriveIvForNonce(eciesCryptogram.getNonce()) : new byte[16];
            this.canDecryptData = false;
            this.canEncryptData = true;
            this.ivForEncryption = deriveIvForNonce;
            return this.aes.decrypt(eciesCryptogram.getEncryptedData(), deriveIvForNonce, convertBytesToSharedSecretKey);
        } catch (CryptoProviderException | GenericCryptoException | InvalidKeyException e) {
            logger.warn(e.getMessage(), e);
            throw new EciesException("Request decryption failed", e);
        }
    }

    /* JADX WARN: Type inference failed for: r0v16, types: [byte[], byte[][]] */
    private EciesCryptogram encrypt(byte[] bArr) throws EciesException {
        try {
            byte[] encrypt = this.aes.encrypt(bArr, this.ivForEncryption, this.keyConvertor.convertBytesToSharedSecretKey(this.envelopeKey.getEncKey()));
            byte[] hash = this.hmac.hash(this.envelopeKey.getMacKey(), this.sharedInfo2 == null ? encrypt : Bytes.concat((byte[][]) new byte[]{encrypt, this.sharedInfo2}));
            this.canEncryptData = false;
            this.ivForEncryption = null;
            return new EciesCryptogram(hash, encrypt);
        } catch (CryptoProviderException | GenericCryptoException | InvalidKeyException e) {
            logger.warn(e.getMessage(), e);
            throw new EciesException("Response encryption failed", e);
        }
    }
}
