package com.biglybt.core.security.impl;

import com.biglybt.core.security.CryptoECCUtils;
import com.biglybt.core.security.CryptoManagerException;
import com.biglybt.core.security.CryptoSTSEngine;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import org.gudy.bouncycastle.jce.provider.JCEECDHKeyAgreement;

/* loaded from: classes.dex */
public final class CryptoSTSEngineImpl implements CryptoSTSEngine {
    public KeyPair a = CryptoECCUtils.createKeys();
    public final PublicKey b;
    public final PrivateKey c;
    public PublicKey d;
    public byte[] e;
    public InternalDH f;

    /* loaded from: classes.dex */
    public static class InternalDH extends JCEECDHKeyAgreement.DH {
        @Override // org.gudy.bouncycastle.jce.provider.JCEECDHKeyAgreement
        public Key doPhase(Key key, boolean z) {
            return engineDoPhase(key, z);
        }

        @Override // org.gudy.bouncycastle.jce.provider.JCEECDHKeyAgreement
        public byte[] generateSecret() {
            return engineGenerateSecret();
        }

        @Override // org.gudy.bouncycastle.jce.provider.JCEECDHKeyAgreement
        public void init(Key key) {
            engineInit(key, null);
        }
    }

    public CryptoSTSEngineImpl(PublicKey publicKey, PrivateKey privateKey) {
        this.b = publicKey;
        this.c = privateKey;
        try {
            InternalDH internalDH = new InternalDH();
            this.f = internalDH;
            internalDH.engineInit(this.a.getPrivate(), null);
        } catch (Exception e) {
            throw new CryptoManagerException("Couldn't initialize crypto handshake", e);
        }
    }

    public byte[] getBytes(ByteBuffer byteBuffer, int i) {
        int i2 = getInt(byteBuffer, i);
        if (i2 > i) {
            throw new CryptoManagerException("Invalid length");
        }
        try {
            byte[] bArr = new byte[i2];
            byteBuffer.get(bArr);
            return bArr;
        } catch (Throwable th) {
            throw new CryptoManagerException("Failed to get byte[]", th);
        }
    }

    public int getInt(ByteBuffer byteBuffer, int i) {
        try {
            return i < 256 ? byteBuffer.get() & 255 : i < 65536 ? byteBuffer.getShort() & 65535 : byteBuffer.getInt();
        } catch (Throwable th) {
            throw new CryptoManagerException("Failed to get int", th);
        }
    }

    public void getMessage(ByteBuffer byteBuffer, boolean z) {
        try {
            putInt(byteBuffer, 1, 255);
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            Signature signature = CryptoECCUtils.getSignature(this.c);
            if (!z) {
                if (this.e == null) {
                    throw new CryptoManagerException("phase error: keys not received");
                }
                byte[] bArr = new byte[secureRandom.nextInt(32) + 20];
                secureRandom.nextBytes(bArr);
                signature.update(bArr);
                signature.update(this.e);
                byte[] sign = signature.sign();
                putBytes(byteBuffer, bArr, 65535);
                putBytes(byteBuffer, sign, 65535);
                return;
            }
            byte[] keyToRawdata = CryptoECCUtils.keyToRawdata(this.b);
            byte[] keyToRawdata2 = CryptoECCUtils.keyToRawdata(this.a.getPublic());
            signature.update(keyToRawdata);
            signature.update(keyToRawdata2);
            byte[] sign2 = signature.sign();
            byte[] bArr2 = new byte[secureRandom.nextInt(32)];
            secureRandom.nextBytes(bArr2);
            putBytes(byteBuffer, keyToRawdata, 65535);
            putBytes(byteBuffer, keyToRawdata2, 65535);
            putBytes(byteBuffer, sign2, 65535);
            putBytes(byteBuffer, bArr2, 65535);
        } catch (CryptoManagerException e) {
            throw e;
        }
    }

    public void putBytes(ByteBuffer byteBuffer, byte[] bArr, int i) {
        putInt(byteBuffer, bArr.length, i);
        try {
            byteBuffer.put(bArr);
        } catch (Throwable th) {
            throw new CryptoManagerException("Failed to put byte[]", th);
        }
    }

    public void putInt(ByteBuffer byteBuffer, int i, int i2) {
        try {
            if (i2 < 256) {
                byteBuffer.put((byte) i);
            } else if (i2 < 65536) {
                byteBuffer.putShort((short) i);
            } else {
                byteBuffer.putInt(i);
            }
        } catch (Throwable th) {
            throw new CryptoManagerException("Failed to put int", th);
        }
    }

    public void putMessage(ByteBuffer byteBuffer, boolean z) {
        try {
            int i = getInt(byteBuffer, 255);
            if (i != 1) {
                throw new CryptoManagerException("invalid version (" + i + ")");
            }
            if (!z) {
                if (this.e == null) {
                    throw new CryptoManagerException("phase error: keys not received");
                }
                byte[] bytes = getBytes(byteBuffer, 65535);
                byte[] bytes2 = getBytes(byteBuffer, 65535);
                Signature signature = CryptoECCUtils.getSignature(this.d);
                signature.update(bytes);
                signature.update(this.e);
                if (!signature.verify(bytes2)) {
                    throw new CryptoManagerException("Signature check failed");
                }
                return;
            }
            if (this.e != null) {
                throw new CryptoManagerException("phase error: keys already received");
            }
            byte[] bytes3 = getBytes(byteBuffer, 65535);
            byte[] bytes4 = getBytes(byteBuffer, 65535);
            byte[] bytes5 = getBytes(byteBuffer, 65535);
            getBytes(byteBuffer, 65535);
            PublicKey rawdataToPubkey = CryptoECCUtils.rawdataToPubkey(bytes3);
            this.d = rawdataToPubkey;
            Signature signature2 = CryptoECCUtils.getSignature(rawdataToPubkey);
            signature2.update(bytes3);
            signature2.update(bytes4);
            if (!signature2.verify(bytes5)) {
                throw new CryptoManagerException("Signature check failed");
            }
            this.f.engineDoPhase(CryptoECCUtils.rawdataToPubkey(bytes4), true);
            this.e = this.f.engineGenerateSecret();
        } catch (CryptoManagerException e) {
            throw e;
        }
    }
}
