package io.getlime.security.powerauth.crypto.lib.encryptor.ecies;

import io.getlime.security.powerauth.crypto.lib.encryptor.ClientEncryptor;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.exception.EciesException;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesCryptogram;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesParameters;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesPayload;
import io.getlime.security.powerauth.crypto.lib.encryptor.exception.EncryptorException;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptedRequest;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptedResponse;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptorId;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptorParameters;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptorSecrets;
import io.getlime.security.powerauth.crypto.lib.encryptor.model.v3.ClientEncryptorSecrets;
import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator;
import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException;
import io.getlime.security.powerauth.crypto.lib.util.EciesUtils;
import java.util.Base64;

/* loaded from: input_file:io/getlime/security/powerauth/crypto/lib/encryptor/ecies/ClientEciesEncryptor.class */
public class ClientEciesEncryptor implements ClientEncryptor {
    private static final KeyGenerator keyGenerator = new KeyGenerator();
    private final EncryptorId encryptorId;
    private final EncryptorParameters encryptorParameters;
    private final EciesRequestResponseValidator validator;
    private final byte[] associatedData;
    private ClientEncryptorSecrets encryptorSecrets;
    private byte[] sharedInfo2Base;
    private EciesEnvelopeKey envelopeKey;
    private byte[] requestNonce;

    public ClientEciesEncryptor(EncryptorId encryptorId, EncryptorParameters encryptorParameters) throws EncryptorException {
        this.encryptorId = encryptorId;
        this.encryptorParameters = encryptorParameters;
        this.validator = new EciesRequestResponseValidator(encryptorParameters.getProtocolVersion());
        this.associatedData = EciesUtils.deriveAssociatedData(encryptorId.scope(), encryptorParameters.getProtocolVersion(), encryptorParameters.getApplicationKey(), encryptorParameters.getActivationIdentifier());
    }

    @Override // io.getlime.security.powerauth.crypto.lib.encryptor.ClientEncryptor
    public EncryptorParameters getEncryptorParameters() {
        return this.encryptorParameters;
    }

    @Override // io.getlime.security.powerauth.crypto.lib.encryptor.ClientEncryptor
    public EncryptorId getEncryptorId() {
        return this.encryptorId;
    }

    @Override // io.getlime.security.powerauth.crypto.lib.encryptor.ClientEncryptor
    public void configureSecrets(EncryptorSecrets encryptorSecrets) throws EncryptorException {
        if (!(encryptorSecrets instanceof ClientEncryptorSecrets)) {
            throw new EncryptorException("Unsupported EncryptorSecrets object");
        }
        ClientEncryptorSecrets clientEncryptorSecrets = (ClientEncryptorSecrets) encryptorSecrets;
        byte[] sharedInfo2Base = clientEncryptorSecrets.getSharedInfo2Base() != null ? clientEncryptorSecrets.getSharedInfo2Base() : EciesUtils.deriveSharedInfo2Base(this.encryptorId.scope(), clientEncryptorSecrets.getApplicationSecret(), clientEncryptorSecrets.getTransportKey());
        this.encryptorSecrets = clientEncryptorSecrets;
        this.sharedInfo2Base = sharedInfo2Base;
    }

    @Override // io.getlime.security.powerauth.crypto.lib.encryptor.ClientEncryptor
    public boolean canEncryptRequest() {
        return (this.encryptorSecrets == null || this.sharedInfo2Base == null) ? false : true;
    }

    @Override // io.getlime.security.powerauth.crypto.lib.encryptor.ClientEncryptor
    public EncryptedRequest encryptRequest(byte[] bArr) throws EncryptorException {
        if (!canEncryptRequest()) {
            throw new EncryptorException("Encryptor is not ready for request encryption.");
        }
        EciesEnvelopeKey fromPublicKey = EciesEnvelopeKey.fromPublicKey(this.encryptorSecrets.getServerPublicKey(), this.encryptorId.getEciesSharedInfo1(this.encryptorParameters.getProtocolVersion()));
        byte[] generateRequestNonce = generateRequestNonce();
        Long valueOf = this.validator.isUseTimestamp() ? Long.valueOf(EciesUtils.generateTimestamp()) : null;
        EciesPayload encrypt = new EciesEncryptor(fromPublicKey, EciesUtils.deriveSharedInfo2(this.encryptorParameters.getProtocolVersion(), this.sharedInfo2Base, fromPublicKey.getEphemeralKeyPublic(), generateRequestNonce, valueOf, this.associatedData)).encrypt(bArr, new EciesParameters(generateRequestNonce, this.associatedData, valueOf));
        this.envelopeKey = fromPublicKey;
        this.requestNonce = this.validator.isUseTimestamp() ? null : generateRequestNonce;
        Base64.Encoder encoder = Base64.getEncoder();
        EciesCryptogram cryptogram = encrypt.getCryptogram();
        if (cryptogram == null) {
            throw new EncryptorException("The cryptogram value is null.");
        }
        return new EncryptedRequest(encoder.encodeToString(cryptogram.getEphemeralPublicKey()), encoder.encodeToString(cryptogram.getEncryptedData()), encoder.encodeToString(cryptogram.getMac()), this.validator.isUseNonceForRequest() ? encoder.encodeToString(generateRequestNonce) : null, valueOf);
    }

    @Override // io.getlime.security.powerauth.crypto.lib.encryptor.ClientEncryptor
    public boolean canDecryptResponse() {
        return this.envelopeKey != null;
    }

    @Override // io.getlime.security.powerauth.crypto.lib.encryptor.ClientEncryptor
    public byte[] decryptResponse(EncryptedResponse encryptedResponse) throws EncryptorException {
        if (!canDecryptResponse()) {
            throw new EncryptorException("Encryptor is not ready for response decryption.");
        }
        if (!this.validator.validateEncryptedResponse(encryptedResponse)) {
            throw new EncryptorException("Invalid encrypted response object");
        }
        Base64.Decoder decoder = Base64.getDecoder();
        byte[] decode = decoder.decode(encryptedResponse.getMac());
        byte[] decode2 = decoder.decode(encryptedResponse.getEncryptedData());
        byte[] decode3 = this.validator.isUseTimestamp() ? decoder.decode(encryptedResponse.getNonce()) : this.requestNonce;
        Long timestamp = this.validator.isUseTimestamp() ? encryptedResponse.getTimestamp() : null;
        byte[] decrypt = new EciesDecryptor(this.envelopeKey, EciesUtils.deriveSharedInfo2(this.encryptorParameters.getProtocolVersion(), this.sharedInfo2Base, null, decode3, timestamp, this.associatedData)).decrypt(new EciesPayload(new EciesCryptogram(this.envelopeKey.getEphemeralKeyPublic(), decode, decode2), new EciesParameters(decode3, this.associatedData, timestamp)));
        this.envelopeKey = null;
        this.requestNonce = null;
        return decrypt;
    }

    private byte[] generateRequestNonce() throws EciesException {
        try {
            if (this.validator.isUseNonceForRequest()) {
                return keyGenerator.generateRandomBytes(16);
            }
            return null;
        } catch (CryptoProviderException e) {
            throw new EciesException("Failed to generate request nonce", e);
        }
    }
}
