package org.apache.tuweni.scuttlebutt.handshake;

import kotlin.Metadata;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.apache.tuweni.bytes.Bytes;
import org.apache.tuweni.bytes.Bytes32;
import org.apache.tuweni.crypto.sodium.Allocated;
import org.apache.tuweni.crypto.sodium.Box;
import org.apache.tuweni.crypto.sodium.Concatenate;
import org.apache.tuweni.crypto.sodium.DiffieHelman;
import org.apache.tuweni.crypto.sodium.HMACSHA512256;
import org.apache.tuweni.crypto.sodium.SHA256Hash;
import org.apache.tuweni.crypto.sodium.SecretBox;
import org.apache.tuweni.crypto.sodium.Signature;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: SecureScuttlebuttHandshakeServer.kt */
@Metadata(mv = {1, 8, 0}, k = 1, xi = 48, d1 = {"��X\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0007\u0018�� #2\u00020\u0001:\u0001#B\u0017\b\u0002\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\b\u0010\t\u001a\u0004\u0018\u00010\nJ\u0006\u0010\u0014\u001a\u00020\u0015J\u0006\u0010\u0016\u001a\u00020\u0017J\u0006\u0010\u0018\u001a\u00020\u0019J\u0006\u0010\u001a\u001a\u00020\u0015J\u0006\u0010\u001b\u001a\u00020\u0015J\u0006\u0010\u001c\u001a\u00020\u001dJ\u000e\u0010\u001e\u001a\u00020\u00192\u0006\u0010\u001f\u001a\u00020\u0015J\u0010\u0010 \u001a\u00020\u00192\b\u0010\u001f\u001a\u0004\u0018\u00010\u0015J\u0006\u0010!\u001a\u00020\u0015J\u0006\u0010\"\u001a\u00020\u0017J\b\u0010\u0010\u001a\u0004\u0018\u00010\u0011J\b\u0010\u0012\u001a\u0004\u0018\u00010\u0011J\b\u0010\u0013\u001a\u0004\u0018\u00010\u0011R\u0010\u0010\u0007\u001a\u0004\u0018\u00010\bX\u0082\u000e¢\u0006\u0002\n��R\u0010\u0010\t\u001a\u0004\u0018\u00010\nX\u0082\u000e¢\u0006\u0002\n��R\u0010\u0010\u000b\u001a\u0004\u0018\u00010\fX\u0082\u000e¢\u0006\u0002\n��R\u000e\u0010\r\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u000fX\u0082\u0004¢\u0006\u0002\n��R\u0010\u0010\u0010\u001a\u0004\u0018\u00010\u0011X\u0082\u000e¢\u0006\u0002\n��R\u0010\u0010\u0012\u001a\u0004\u0018\u00010\u0011X\u0082\u000e¢\u0006\u0002\n��R\u0010\u0010\u0013\u001a\u0004\u0018\u00010\u0011X\u0082\u000e¢\u0006\u0002\n��¨\u0006$"}, d2 = {"Lorg/apache/tuweni/scuttlebutt/handshake/SecureScuttlebuttHandshakeServer;", "", "longTermKeyPair", "Lorg/apache/tuweni/crypto/sodium/Signature$KeyPair;", "networkIdentifier", "Lorg/apache/tuweni/bytes/Bytes32;", "(Lorg/apache/tuweni/crypto/sodium/Signature$KeyPair;Lorg/apache/tuweni/bytes/Bytes32;)V", "clientEphemeralPublicKey", "Lorg/apache/tuweni/crypto/sodium/Box$PublicKey;", "clientLongTermPublicKey", "Lorg/apache/tuweni/crypto/sodium/Signature$PublicKey;", "detachedSignature", "Lorg/apache/tuweni/crypto/sodium/Allocated;", "ephemeralKeyPair", "Lorg/apache/tuweni/crypto/sodium/Box$KeyPair;", "Lorg/apache/tuweni/crypto/sodium/HMACSHA512256$Key;", "sharedSecret", "Lorg/apache/tuweni/crypto/sodium/DiffieHelman$Secret;", "sharedSecret2", "sharedSecret3", "clientToServerNonce", "Lorg/apache/tuweni/bytes/Bytes;", "clientToServerSecretBoxKey", "Lorg/apache/tuweni/crypto/sodium/SHA256Hash$Hash;", "computeSharedSecrets", "", "createAcceptMessage", "createHello", "createStream", "Lorg/apache/tuweni/scuttlebutt/handshake/SecureScuttlebuttStreamServer;", "readHello", "message", "readIdentityMessage", "serverToClientNonce", "serverToClientSecretBoxKey", "Companion", "scuttlebutt-handshake"})
/* loaded from: input_file:org/apache/tuweni/scuttlebutt/handshake/SecureScuttlebuttHandshakeServer.class */
public final class SecureScuttlebuttHandshakeServer {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private final Signature.KeyPair longTermKeyPair;

    @NotNull
    private final Box.KeyPair ephemeralKeyPair;

    @NotNull
    private final HMACSHA512256.Key networkIdentifier;

    @Nullable
    private Box.PublicKey clientEphemeralPublicKey;

    @Nullable
    private DiffieHelman.Secret sharedSecret;

    @Nullable
    private DiffieHelman.Secret sharedSecret2;

    @Nullable
    private Signature.PublicKey clientLongTermPublicKey;

    @Nullable
    private DiffieHelman.Secret sharedSecret3;

    @Nullable
    private Allocated detachedSignature;

    /* compiled from: SecureScuttlebuttHandshakeServer.kt */
    @Metadata(mv = {1, 8, 0}, k = 1, xi = 48, d1 = {"��\u001e\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0018\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\bH\u0007¨\u0006\t"}, d2 = {"Lorg/apache/tuweni/scuttlebutt/handshake/SecureScuttlebuttHandshakeServer$Companion;", "", "()V", "create", "Lorg/apache/tuweni/scuttlebutt/handshake/SecureScuttlebuttHandshakeServer;", "ourKeyPair", "Lorg/apache/tuweni/crypto/sodium/Signature$KeyPair;", "networkIdentifier", "Lorg/apache/tuweni/bytes/Bytes32;", "scuttlebutt-handshake"})
    /* loaded from: input_file:org/apache/tuweni/scuttlebutt/handshake/SecureScuttlebuttHandshakeServer$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        @JvmStatic
        @NotNull
        public final SecureScuttlebuttHandshakeServer create(@NotNull Signature.KeyPair keyPair, @NotNull Bytes32 bytes32) {
            Intrinsics.checkNotNullParameter(keyPair, "ourKeyPair");
            Intrinsics.checkNotNullParameter(bytes32, "networkIdentifier");
            return new SecureScuttlebuttHandshakeServer(keyPair, bytes32, null);
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    private SecureScuttlebuttHandshakeServer(Signature.KeyPair keyPair, Bytes32 bytes32) {
        this.longTermKeyPair = keyPair;
        Box.KeyPair random = Box.KeyPair.random();
        Intrinsics.checkNotNullExpressionValue(random, "random()");
        this.ephemeralKeyPair = random;
        HMACSHA512256.Key fromBytes = HMACSHA512256.Key.fromBytes((Bytes) bytes32);
        Intrinsics.checkNotNullExpressionValue(fromBytes, "fromBytes(networkIdentifier)");
        this.networkIdentifier = fromBytes;
    }

    @NotNull
    public final Bytes createHello() {
        Bytes concatenate = Bytes.concatenate(new Bytes[]{HMACSHA512256.authenticate(this.ephemeralKeyPair.publicKey().bytes(), this.networkIdentifier), this.ephemeralKeyPair.publicKey().bytes()});
        Intrinsics.checkNotNullExpressionValue(concatenate, "concatenate(hmac, epheme…Pair.publicKey().bytes())");
        return concatenate;
    }

    public final void readHello(@NotNull Bytes bytes) {
        Intrinsics.checkNotNullParameter(bytes, "message");
        if (bytes.size() != 64) {
            throw new HandshakeException("Invalid handshake message length: " + bytes.size());
        }
        Bytes slice = bytes.slice(0, 32);
        Bytes slice2 = bytes.slice(32, 32);
        if (!HMACSHA512256.verify(slice, slice2, this.networkIdentifier)) {
            throw new HandshakeException("MAC does not match our network identifier");
        }
        this.clientEphemeralPublicKey = Box.PublicKey.fromBytes(slice2);
        computeSharedSecrets();
    }

    public final void computeSharedSecrets() {
        DiffieHelman.SecretKey forBoxSecretKey = DiffieHelman.SecretKey.forBoxSecretKey(this.ephemeralKeyPair.secretKey());
        Box.PublicKey publicKey = this.clientEphemeralPublicKey;
        Intrinsics.checkNotNull(publicKey);
        this.sharedSecret = DiffieHelman.Secret.forKeys(forBoxSecretKey, DiffieHelman.PublicKey.forBoxPublicKey(publicKey));
        DiffieHelman.SecretKey forSignatureSecretKey = DiffieHelman.SecretKey.forSignatureSecretKey(this.longTermKeyPair.secretKey());
        Box.PublicKey publicKey2 = this.clientEphemeralPublicKey;
        Intrinsics.checkNotNull(publicKey2);
        this.sharedSecret2 = DiffieHelman.Secret.forKeys(forSignatureSecretKey, DiffieHelman.PublicKey.forBoxPublicKey(publicKey2));
    }

    @Nullable
    public final DiffieHelman.Secret sharedSecret() {
        return this.sharedSecret;
    }

    @Nullable
    public final DiffieHelman.Secret sharedSecret2() {
        return this.sharedSecret2;
    }

    @Nullable
    public final DiffieHelman.Secret sharedSecret3() {
        return this.sharedSecret3;
    }

    @Nullable
    public final Signature.PublicKey clientLongTermPublicKey() {
        return this.clientLongTermPublicKey;
    }

    public final void readIdentityMessage(@Nullable Bytes bytes) {
        Intrinsics.checkNotNull(bytes);
        Concatenate add = new Concatenate().add(this.networkIdentifier);
        DiffieHelman.Secret secret = this.sharedSecret;
        Intrinsics.checkNotNull(secret);
        Concatenate add2 = add.add(secret);
        DiffieHelman.Secret secret2 = this.sharedSecret2;
        Intrinsics.checkNotNull(secret2);
        Bytes decrypt = SecretBox.decrypt(bytes, SecretBox.Key.fromHash(SHA256Hash.hash(SHA256Hash.Input.fromPointer(add2.add(secret2).concatenate()))), SecretBox.Nonce.fromBytes(new byte[24]));
        if (decrypt == null) {
            throw new HandshakeException("Could not decrypt the plaintext with our shared secrets");
        }
        if (decrypt.size() != 96) {
            throw new HandshakeException("Identity message should be 96 bytes long, was " + decrypt.size());
        }
        this.detachedSignature = Allocated.fromBytes(decrypt.slice(0, 64));
        this.clientLongTermPublicKey = Signature.PublicKey.fromBytes(decrypt.slice(64, 32));
        Signature.PublicKey publicKey = this.clientLongTermPublicKey;
        Intrinsics.checkNotNull(publicKey);
        Concatenate add3 = new Concatenate().add(this.networkIdentifier).add(this.longTermKeyPair.publicKey());
        DiffieHelman.Secret secret3 = this.sharedSecret;
        Intrinsics.checkNotNull(secret3);
        Allocated concatenate = add3.add(SHA256Hash.hash(SHA256Hash.Input.fromSecret(secret3))).concatenate();
        Allocated allocated = this.detachedSignature;
        Intrinsics.checkNotNull(allocated);
        if (!publicKey.verify(concatenate, allocated)) {
            throw new HandshakeException("Identity message signature does not match");
        }
        DiffieHelman.SecretKey forBoxSecretKey = DiffieHelman.SecretKey.forBoxSecretKey(this.ephemeralKeyPair.secretKey());
        Signature.PublicKey publicKey2 = this.clientLongTermPublicKey;
        Intrinsics.checkNotNull(publicKey2);
        this.sharedSecret3 = DiffieHelman.Secret.forKeys(forBoxSecretKey, DiffieHelman.PublicKey.forSignaturePublicKey(publicKey2));
    }

    @NotNull
    public final Bytes createAcceptMessage() {
        Concatenate add = new Concatenate().add(this.networkIdentifier);
        Allocated allocated = this.detachedSignature;
        Intrinsics.checkNotNull(allocated);
        Concatenate add2 = add.add(allocated);
        Signature.PublicKey publicKey = this.clientLongTermPublicKey;
        Intrinsics.checkNotNull(publicKey);
        Concatenate add3 = add2.add(publicKey);
        DiffieHelman.Secret secret = this.sharedSecret;
        Intrinsics.checkNotNull(secret);
        Allocated signDetached = Signature.signDetached(add3.add(SHA256Hash.hash(SHA256Hash.Input.fromSecret(secret))).concatenate(), this.longTermKeyPair.secretKey());
        Concatenate add4 = new Concatenate().add(this.networkIdentifier);
        DiffieHelman.Secret secret2 = this.sharedSecret;
        Intrinsics.checkNotNull(secret2);
        Concatenate add5 = add4.add(secret2);
        DiffieHelman.Secret secret3 = this.sharedSecret2;
        Intrinsics.checkNotNull(secret3);
        Concatenate add6 = add5.add(secret3);
        DiffieHelman.Secret secret4 = this.sharedSecret3;
        Intrinsics.checkNotNull(secret4);
        Bytes bytes = SecretBox.encrypt(signDetached, SecretBox.Key.fromHash(SHA256Hash.hash(SHA256Hash.Input.fromPointer(add6.add(secret4).concatenate()))), SecretBox.Nonce.fromBytes(new byte[24])).bytes();
        Intrinsics.checkNotNullExpressionValue(bytes, "encrypt(\n        signatu…))\n      )\n      .bytes()");
        return bytes;
    }

    @NotNull
    public final SHA256Hash.Hash clientToServerSecretBoxKey() {
        Concatenate concatenate = new Concatenate();
        Concatenate add = new Concatenate().add(this.networkIdentifier);
        DiffieHelman.Secret secret = this.sharedSecret;
        Intrinsics.checkNotNull(secret);
        Concatenate add2 = add.add(secret);
        DiffieHelman.Secret secret2 = this.sharedSecret2;
        Intrinsics.checkNotNull(secret2);
        Concatenate add3 = add2.add(secret2);
        DiffieHelman.Secret secret3 = this.sharedSecret3;
        Intrinsics.checkNotNull(secret3);
        SHA256Hash.Hash hash = SHA256Hash.hash(SHA256Hash.Input.fromPointer(concatenate.add(SHA256Hash.hash(SHA256Hash.Input.fromHash(SHA256Hash.hash(SHA256Hash.Input.fromPointer(add3.add(secret3).concatenate()))))).add(this.longTermKeyPair.publicKey()).concatenate()));
        Intrinsics.checkNotNullExpressionValue(hash, "hash(\n        SHA256Hash…ate()\n          )\n      )");
        return hash;
    }

    @NotNull
    public final Bytes clientToServerNonce() {
        Bytes slice = HMACSHA512256.authenticate(this.ephemeralKeyPair.publicKey().bytes(), this.networkIdentifier).slice(0, 24);
        Intrinsics.checkNotNullExpressionValue(slice, "authenticate(ephemeralKe…kIdentifier).slice(0, 24)");
        return slice;
    }

    @NotNull
    public final SHA256Hash.Hash serverToClientSecretBoxKey() {
        Concatenate concatenate = new Concatenate();
        Concatenate add = new Concatenate().add(this.networkIdentifier);
        DiffieHelman.Secret secret = this.sharedSecret;
        Intrinsics.checkNotNull(secret);
        Concatenate add2 = add.add(secret);
        DiffieHelman.Secret secret2 = this.sharedSecret2;
        Intrinsics.checkNotNull(secret2);
        Concatenate add3 = add2.add(secret2);
        DiffieHelman.Secret secret3 = this.sharedSecret3;
        Intrinsics.checkNotNull(secret3);
        Concatenate add4 = concatenate.add(SHA256Hash.hash(SHA256Hash.Input.fromHash(SHA256Hash.hash(SHA256Hash.Input.fromPointer(add3.add(secret3).concatenate())))));
        Signature.PublicKey publicKey = this.clientLongTermPublicKey;
        Intrinsics.checkNotNull(publicKey);
        SHA256Hash.Hash hash = SHA256Hash.hash(SHA256Hash.Input.fromPointer(add4.add(publicKey).concatenate()));
        Intrinsics.checkNotNullExpressionValue(hash, "hash(\n        SHA256Hash…ate()\n          )\n      )");
        return hash;
    }

    @NotNull
    public final Bytes serverToClientNonce() {
        Box.PublicKey publicKey = this.clientEphemeralPublicKey;
        Intrinsics.checkNotNull(publicKey);
        Bytes slice = HMACSHA512256.authenticate(publicKey.bytes(), this.networkIdentifier).slice(0, 24);
        Intrinsics.checkNotNullExpressionValue(slice, "authenticate(clientEphem…kIdentifier).slice(0, 24)");
        return slice;
    }

    @NotNull
    public final SecureScuttlebuttStreamServer createStream() {
        return new SecureScuttlebuttStream(clientToServerSecretBoxKey(), clientToServerNonce(), serverToClientSecretBoxKey(), serverToClientNonce());
    }

    @JvmStatic
    @NotNull
    public static final SecureScuttlebuttHandshakeServer create(@NotNull Signature.KeyPair keyPair, @NotNull Bytes32 bytes32) {
        return Companion.create(keyPair, bytes32);
    }

    public /* synthetic */ SecureScuttlebuttHandshakeServer(Signature.KeyPair keyPair, Bytes32 bytes32, DefaultConstructorMarker defaultConstructorMarker) {
        this(keyPair, bytes32);
    }
}
