package io.getlime.security.powerauth.crypto.lib.encryptor.ecies;

import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.exception.EciesException;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesCryptogram;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesParameters;
import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesPayload;
import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException;
import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException;
import io.getlime.security.powerauth.crypto.lib.util.AESEncryptionUtils;
import io.getlime.security.powerauth.crypto.lib.util.EciesUtils;
import io.getlime.security.powerauth.crypto.lib.util.HMACHashUtilities;
import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor;
import io.getlime.security.powerauth.crypto.lib.util.SideChannelUtils;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.interfaces.ECPrivateKey;
import javax.crypto.SecretKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/getlime/security/powerauth/crypto/lib/encryptor/ecies/EciesDecryptor.class */
public class EciesDecryptor {
    private static final Logger logger = LoggerFactory.getLogger(EciesDecryptor.class);
    private final AESEncryptionUtils aes;
    private final HMACHashUtilities hmac;
    private final KeyConvertor keyConvertor;
    private final PrivateKey privateKey;
    private final byte[] sharedInfo1;
    private final byte[] sharedInfo2;
    private EciesEnvelopeKey envelopeKey;
    private boolean canDecryptData;

    public EciesDecryptor(ECPrivateKey eCPrivateKey) {
        this(eCPrivateKey, null, null);
    }

    public EciesDecryptor(ECPrivateKey eCPrivateKey, byte[] bArr, byte[] bArr2) {
        this.aes = new AESEncryptionUtils();
        this.hmac = new HMACHashUtilities();
        this.keyConvertor = new KeyConvertor();
        this.privateKey = eCPrivateKey;
        this.sharedInfo1 = bArr;
        this.sharedInfo2 = bArr2;
        this.canDecryptData = true;
    }

    public EciesDecryptor(EciesEnvelopeKey eciesEnvelopeKey, byte[] bArr) {
        this.aes = new AESEncryptionUtils();
        this.hmac = new HMACHashUtilities();
        this.keyConvertor = new KeyConvertor();
        this.privateKey = null;
        this.envelopeKey = eciesEnvelopeKey;
        this.sharedInfo1 = null;
        this.sharedInfo2 = bArr;
        this.canDecryptData = true;
    }

    public void initEnvelopeKey(byte[] bArr) throws EciesException {
        this.envelopeKey = EciesEnvelopeKey.fromPrivateKey(this.privateKey, bArr, this.sharedInfo1);
        this.canDecryptData = false;
    }

    public byte[] decrypt(EciesPayload eciesPayload) throws EciesException {
        EciesCryptogram cryptogram = eciesPayload.getCryptogram();
        boolean z = eciesPayload.getParameters().getNonce() != null;
        if (cryptogram == null || cryptogram.getEncryptedData() == null || cryptogram.getMac() == null || (this.envelopeKey == null && cryptogram.getEphemeralPublicKey() == null)) {
            throw new EciesException("Parameter cryptogram for decryption is invalid");
        }
        if (!canDecrypt()) {
            throw new EciesException("Decryption is not allowed");
        }
        if (this.envelopeKey == null) {
            this.envelopeKey = EciesEnvelopeKey.fromPrivateKey(this.privateKey, cryptogram.getEphemeralPublicKey(), this.sharedInfo1);
        }
        return decryptInternal(eciesPayload, z);
    }

    public byte[] getSharedInfo2() {
        return this.sharedInfo2;
    }

    public EciesEnvelopeKey getEnvelopeKey() {
        return this.envelopeKey;
    }

    private boolean canDecrypt() {
        return this.canDecryptData && (this.privateKey != null || (this.envelopeKey != null && this.envelopeKey.isValid()));
    }

    private byte[] decryptInternal(EciesPayload eciesPayload, boolean z) throws EciesException {
        try {
            EciesCryptogram cryptogram = eciesPayload.getCryptogram();
            EciesParameters parameters = eciesPayload.getParameters();
            if (!SideChannelUtils.constantTimeAreEqual(this.hmac.hash(this.envelopeKey.getMacKey(), EciesUtils.generateMacData(this.sharedInfo2, cryptogram.getEncryptedData())), cryptogram.getMac())) {
                throw new EciesException("Invalid MAC");
            }
            SecretKey convertBytesToSharedSecretKey = this.keyConvertor.convertBytesToSharedSecretKey(this.envelopeKey.getEncKey());
            byte[] deriveIvForNonce = z ? this.envelopeKey.deriveIvForNonce(parameters.getNonce()) : new byte[16];
            this.canDecryptData = false;
            return this.aes.decrypt(cryptogram.getEncryptedData(), deriveIvForNonce, convertBytesToSharedSecretKey);
        } catch (CryptoProviderException | GenericCryptoException | InvalidKeyException e) {
            logger.warn(e.getMessage(), e);
            throw new EciesException("Decryption failed", e);
        }
    }
}
