package org.cweb.crypto;

import java.nio.ByteBuffer;
import java.util.Arrays;
import org.apache.commons.lang3.tuple.Pair;
import org.cweb.crypto.Decoded;
import org.cweb.crypto.IdentityCryptoService;
import org.cweb.crypto.lib.AEAD;
import org.cweb.crypto.lib.ECKeyPair;
import org.cweb.crypto.lib.ECUtils;
import org.cweb.crypto.lib.HashingUtils;
import org.cweb.crypto.lib.RSAUtils;
import org.cweb.crypto.lib.SecureRandomUtils;
import org.cweb.crypto.lib.X3DH;
import org.cweb.payload.TypedPayloadUtils;
import org.cweb.schemas.crypto.X3DHInitialMessage;
import org.cweb.schemas.crypto.X3DHPreKeyBundle;
import org.cweb.schemas.identity.IdentityDescriptor;
import org.cweb.schemas.keys.KeyPair;
import org.cweb.schemas.keys.KeyType;
import org.cweb.schemas.keys.PublicKey;
import org.cweb.schemas.wire.CryptoEnvelope;
import org.cweb.schemas.wire.CryptoEnvelopeContent;
import org.cweb.schemas.wire.SignatureMetadata;
import org.cweb.schemas.wire.SignedEnvelope;
import org.cweb.schemas.wire.SymmetricEncryptedEnvelope;
import org.cweb.schemas.wire.TypedPayload;
import org.cweb.utils.ThriftUtils;
import org.cweb.utils.Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class CryptoHelper {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CryptoHelper.class);
    private final IdentityCryptoService identityCryptoService;
    private final String tracePrefix;

    public CryptoHelper(String str, IdentityCryptoService identityCryptoService) {
        this.identityCryptoService = identityCryptoService;
        this.tracePrefix = str;
    }

    public static Decoded<DecodedTypedPayload> decodeCryptoEnvelope(byte[] bArr, CryptoEnvelopeDecodingParams cryptoEnvelopeDecodingParams, CryptoContext cryptoContext) {
        SignatureMetadata signatureMetadata = null;
        while (true) {
            CryptoEnvelope cryptoEnvelope = (CryptoEnvelope) ThriftUtils.deserializeSafe(bArr, CryptoEnvelope.class);
            if (cryptoEnvelope == null) {
                return new Decoded<>(Decoded.Error.CRYPTO_ENVELOPE_DESERIALIZATION);
            }
            CryptoEnvelopeContent content = cryptoEnvelope.getContent();
            if (content.isSetTypedPayload()) {
                return new Decoded<>(new DecodedTypedPayload(signatureMetadata, content.getTypedPayload()));
            }
            if (content.isSetSignedEnvelope()) {
                Decoded<Pair<SignatureMetadata, byte[]>> extractSignedPayload = extractSignedPayload(content.getSignedEnvelope(), cryptoEnvelopeDecodingParams, cryptoContext);
                if (extractSignedPayload.getError() != null) {
                    return new Decoded<>(extractSignedPayload.getError());
                }
                signatureMetadata = extractSignedPayload.getData().getLeft();
                bArr = extractSignedPayload.getData().getRight();
            } else if (content.isSetPkEncryptedEnvelope()) {
                CryptoHelper cryptoHelper = cryptoContext.cryptoHelper;
                if (cryptoHelper == null) {
                    return new Decoded<>(Decoded.Error.INVALID_CONTEXT);
                }
                Decoded<byte[]> decrypt = cryptoHelper.identityCryptoService.decrypt(content.getPkEncryptedEnvelope());
                if (decrypt.getError() != null) {
                    return new Decoded<>(decrypt.getError());
                }
                bArr = decrypt.getData();
            } else {
                if (!content.isSetSymmetricEncryptedEnvelope()) {
                    return new Decoded<>(Decoded.Error.CRYPTO_ENVELOPE_TYPE);
                }
                byte[] bArr2 = cryptoEnvelopeDecodingParams.symmetricDecryptionKey;
                if (bArr2 == null) {
                    return new Decoded<>(Decoded.Error.SYMMETRIC_KEY_PARAM_MISSING);
                }
                Decoded<byte[]> decryptSymmetric = decryptSymmetric(bArr2, content.getSymmetricEncryptedEnvelope(), cryptoEnvelopeDecodingParams.symmetricAssociatedData);
                if (decryptSymmetric.getError() != null) {
                    return new Decoded<>(decryptSymmetric.getError());
                }
                bArr = decryptSymmetric.getData();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Decoded<byte[]> decryptSymmetric(byte[] bArr, SymmetricEncryptedEnvelope symmetricEncryptedEnvelope, byte[] bArr2) {
        if (!AEAD.getCipherName().equals(symmetricEncryptedEnvelope.getPayloadEncryptionAlgorightm())) {
            return new Decoded<>(Decoded.Error.SYMMETRIC_UNKNOWN_CIPHER);
        }
        if (symmetricEncryptedEnvelope.getKeyHash() != null && !Arrays.equals(symmetricEncryptedEnvelope.getKeyHash(), hashKey(bArr))) {
            return new Decoded<>(Decoded.Error.SYMMETRIC_KEY_HASH_MISMATCH);
        }
        byte[] decrypt = AEAD.decrypt(bArr, symmetricEncryptedEnvelope.getPayload(), bArr2);
        return decrypt == null ? new Decoded<>(Decoded.Error.SYMMETRIC_DECRYPTION) : new Decoded<>(decrypt);
    }

    public static CryptoEnvelope encryptSymmetric(byte[] bArr, TypedPayload typedPayload, byte[] bArr2) {
        return new CryptoEnvelope(CryptoEnvelopeContent.symmetricEncryptedEnvelope(encryptSymmetricRaw(bArr, ThriftUtils.serialize(new CryptoEnvelope(CryptoEnvelopeContent.typedPayload(typedPayload))), bArr2)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SymmetricEncryptedEnvelope encryptSymmetricRaw(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return new SymmetricEncryptedEnvelope(AEAD.getCipherName(), ByteBuffer.wrap(hashKey(bArr)), ByteBuffer.wrap(AEAD.encrypt(bArr, bArr2, bArr3)));
    }

    /* JADX WARN: Removed duplicated region for block: B:28:0x00b3  */
    /* JADX WARN: Removed duplicated region for block: B:30:0x00bf  */
    /* JADX WARN: Removed duplicated region for block: B:32:0x00c7  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static org.cweb.crypto.Decoded<org.apache.commons.lang3.tuple.Pair<org.cweb.schemas.wire.SignatureMetadata, byte[]>> extractSignedPayload(org.cweb.schemas.wire.SignedEnvelope r7, org.cweb.crypto.CryptoEnvelopeDecodingParams r8, org.cweb.crypto.CryptoContext r9) {
        /*
            Method dump skipped, instructions count: 338
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.cweb.crypto.CryptoHelper.extractSignedPayload(org.cweb.schemas.wire.SignedEnvelope, org.cweb.crypto.CryptoEnvelopeDecodingParams, org.cweb.crypto.CryptoContext):org.cweb.crypto.Decoded");
    }

    public static byte[] generateAEADKey() {
        return AEAD.generateCompositeKey();
    }

    public static byte[] hashData(byte[] bArr) {
        return Arrays.copyOf(HashingUtils.SHA256(bArr), 32);
    }

    private static byte[] hashKey(byte[] bArr) {
        return Arrays.copyOf(HashingUtils.SHA256(bArr), 8);
    }

    public static boolean verifyIdProofEnvelope(IdentityDescriptor identityDescriptor, byte[] bArr) {
        String signerName;
        byte[] id = identityDescriptor.getId();
        Decoded<DecodedTypedPayload> decodeCryptoEnvelope = decodeCryptoEnvelope(bArr, CryptoEnvelopeDecodingParams.create().setSignerIdentityDescriptor(identityDescriptor), CryptoContext.create());
        if (decodeCryptoEnvelope.getError() != null || decodeCryptoEnvelope.getData() == null) {
            log.trace("Error verifying identity proof envelope for " + Utils.getDebugStringFromId(id) + ": " + decodeCryptoEnvelope.getError());
            return false;
        }
        DecodedTypedPayload data = decodeCryptoEnvelope.getData();
        TypedPayload payload = data.getPayload();
        SignatureMetadata signatureMetadata = data.getSignatureMetadata();
        if (!Arrays.equals(signatureMetadata.getSignerId(), id)) {
            return false;
        }
        if (identityDescriptor.getEcPublicKey() != null && Arrays.equals(id, IdentityCryptoService.idFromPublicKey(identityDescriptor.getEcPublicKey()))) {
            signerName = ECUtils.getSignerName();
        } else {
            if (identityDescriptor.getRsaPublicKey() == null || !Arrays.equals(id, IdentityCryptoService.idFromPublicKey(identityDescriptor.getRsaPublicKey()))) {
                return false;
            }
            signerName = RSAUtils.getSignerName();
        }
        return signerName.equals(signatureMetadata.getSigningAlgorightm()) && Arrays.equals(payload.getData(), id);
    }

    public CryptoEnvelope createIdProofEnvelope() {
        SignedEnvelope createSignedEnvelope;
        byte[] serialize = ThriftUtils.serialize(new CryptoEnvelope(CryptoEnvelopeContent.typedPayload(TypedPayloadUtils.wrapCustom(getOwnId(), "Core", "idProof", null))));
        if (Arrays.equals(getOwnId(), IdentityCryptoService.idFromPublicKey(getOwnECPublicKey()))) {
            createSignedEnvelope = this.identityCryptoService.createSignedEnvelope(null, serialize, null, IdentityCryptoService.SignerType.EC);
        } else {
            if (!Arrays.equals(getOwnId(), IdentityCryptoService.idFromPublicKey(getOwnRSAPublicKey()))) {
                return null;
            }
            createSignedEnvelope = this.identityCryptoService.createSignedEnvelope(null, serialize, null, IdentityCryptoService.SignerType.RSA);
        }
        return new CryptoEnvelope(CryptoEnvelopeContent.signedEnvelope(createSignedEnvelope));
    }

    public Pair<byte[], X3DHInitialMessage> createX3DHInitialMessage(IdentityDescriptor identityDescriptor, X3DHPreKeyBundle x3DHPreKeyBundle) {
        X3DH.InitialMessageGenerationResult generateX3DHSessionFirst = this.identityCryptoService.generateX3DHSessionFirst(ECUtils.generateKeyPair(), CryptoThriftUtils.fromThrift(x3DHPreKeyBundle, identityDescriptor.getEcPublicKey().getPublicKey()));
        if (generateX3DHSessionFirst.error == null) {
            return Pair.of(generateX3DHSessionFirst.masterSecret, CryptoThriftUtils.toThrift(generateX3DHSessionFirst.initialMessage));
        }
        log.trace(this.tracePrefix + " Failed to generate first session for " + Utils.getDebugStringFromId(identityDescriptor.getId()) + ": " + generateX3DHSessionFirst.error);
        return null;
    }

    public KeyPair generateNewECKeyPair() {
        log.trace(this.tracePrefix + " Generated EC key pair");
        ECKeyPair generateKeyPair = ECUtils.generateKeyPair();
        return new KeyPair(KeyType.EC25519_256, ByteBuffer.wrap(generateKeyPair.publicKey), ByteBuffer.wrap(generateKeyPair.privateKey));
    }

    public X3DHPreKeyBundle generatePreKeyBundle(byte[] bArr) {
        return CryptoThriftUtils.toThrift(this.identityCryptoService.generateX3DHPreKeyBundle(bArr));
    }

    public byte[] generateRandomBytes(int i) {
        log.trace(this.tracePrefix + " Generated " + i + " random bytes");
        return SecureRandomUtils.generateRandomBytes(i);
    }

    public PublicKey getOwnECPublicKey() {
        return this.identityCryptoService.getECPublicKey();
    }

    public byte[] getOwnId() {
        return this.identityCryptoService.getOwnId();
    }

    public PublicKey getOwnRSAPublicKey() {
        return this.identityCryptoService.getRSAPublicKey();
    }

    public boolean isOwnId(byte[] bArr) {
        return Arrays.equals(bArr, this.identityCryptoService.getOwnId());
    }

    public byte[] processX3DHInitialMessage(IdentityDescriptor identityDescriptor, ECKeyPair eCKeyPair, X3DHInitialMessage x3DHInitialMessage) {
        X3DH.InitialMessageProcessingResult generateX3DHSessionSecond = this.identityCryptoService.generateX3DHSessionSecond(eCKeyPair, CryptoThriftUtils.fromThrift(x3DHInitialMessage, identityDescriptor.getEcPublicKey().getPublicKey()));
        if (generateX3DHSessionSecond.error == null) {
            return generateX3DHSessionSecond.masterSecret;
        }
        log.trace(this.tracePrefix + " Failed to generate second session from " + Utils.getDebugStringFromId(identityDescriptor.getId()) + ": " + generateX3DHSessionSecond.error);
        return null;
    }

    public CryptoEnvelope signAndEncryptFor(TypedPayload typedPayload, byte[] bArr, PublicKey publicKey, Long l) {
        byte[] serialize = ThriftUtils.serialize(new CryptoEnvelope(CryptoEnvelopeContent.signedEnvelope(this.identityCryptoService.createSignedEnvelope(bArr, ThriftUtils.serialize(new CryptoEnvelope(CryptoEnvelopeContent.typedPayload(typedPayload))), l, IdentityCryptoService.SignerType.EC))));
        log.trace(this.tracePrefix + " Signed for " + Utils.getDebugStringFromKey(publicKey));
        return new CryptoEnvelope(CryptoEnvelopeContent.pkEncryptedEnvelope(this.identityCryptoService.encryptFor(publicKey, serialize)));
    }

    public CryptoEnvelope signAndEncryptSymmetric(TypedPayload typedPayload, byte[] bArr, Long l, byte[] bArr2, byte[] bArr3) {
        SymmetricEncryptedEnvelope encryptSymmetricRaw = encryptSymmetricRaw(bArr2, ThriftUtils.serialize(new CryptoEnvelope(CryptoEnvelopeContent.signedEnvelope(this.identityCryptoService.createSignedEnvelope(bArr, ThriftUtils.serialize(new CryptoEnvelope(CryptoEnvelopeContent.typedPayload(typedPayload))), l, IdentityCryptoService.SignerType.EC)))), bArr3);
        log.trace(this.tracePrefix + " Created signed and sym-encrypted envelope");
        return new CryptoEnvelope(CryptoEnvelopeContent.symmetricEncryptedEnvelope(encryptSymmetricRaw));
    }

    public CryptoEnvelope signTypedPayload(TypedPayload typedPayload, byte[] bArr, Long l) {
        SignedEnvelope createSignedEnvelope = this.identityCryptoService.createSignedEnvelope(bArr, ThriftUtils.serialize(new CryptoEnvelope(CryptoEnvelopeContent.typedPayload(typedPayload))), l, IdentityCryptoService.SignerType.EC);
        log.trace(this.tracePrefix + " Created signed envelope");
        return new CryptoEnvelope(CryptoEnvelopeContent.signedEnvelope(createSignedEnvelope));
    }
}
