package org.cweb.crypto.lib;

import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public abstract class DoubleRatchet {
    private static final Logger log = LoggerFactory.getLogger(DoubleRatchet.class);
    private static final byte[] DEFAULT_SALT = new byte[32];
    private static final byte[] TYPE_MESSAGE_KEY = {1};
    private static final byte[] TYPE_CHAIN_KEY = {2};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class Header {
        final int messageSerial;
        final int messageSerialPrevChain;
        final byte[] publicKey;

        public Header(byte[] bArr, int i, int i2) {
            this.publicKey = bArr;
            this.messageSerial = i;
            this.messageSerialPrevChain = i2;
        }

        public static Header deserialize(byte[] bArr) {
            if (bArr.length != 40) {
                return null;
            }
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            wrap.order(ByteOrder.BIG_ENDIAN);
            return new Header(Arrays.copyOfRange(bArr, 8, bArr.length), wrap.getInt(), wrap.getInt());
        }

        public byte[] serialize() {
            ByteBuffer allocate = ByteBuffer.allocate(this.publicKey.length + 8);
            allocate.order(ByteOrder.BIG_ENDIAN);
            allocate.putInt(this.messageSerial);
            allocate.putInt(this.messageSerialPrevChain);
            allocate.put(this.publicKey);
            return allocate.array();
        }
    }

    /* loaded from: classes.dex */
    public static class InitialSharedSecrets {
        final byte[] headerKey;
        final byte[] nextHeaderKey;
        final byte[] sharedKey;

        public InitialSharedSecrets(byte[] bArr, byte[] bArr2, byte[] bArr3) {
            this.sharedKey = bArr;
            this.headerKey = bArr2;
            this.nextHeaderKey = bArr3;
        }
    }

    /* loaded from: classes.dex */
    public static class Message {
        public final byte[] encryptedData;
        public final byte[] encryptedHeader;

        public Message(byte[] bArr, byte[] bArr2) {
            this.encryptedHeader = bArr;
            this.encryptedData = bArr2;
        }
    }

    /* loaded from: classes.dex */
    public static class SkippedMessageKey {
        public final byte[] headerKeyRemote;
        public final byte[] messageKeyRemote;
        public final int messageSerialRemote;

        public SkippedMessageKey(byte[] bArr, int i, byte[] bArr2) {
            this.headerKeyRemote = bArr;
            this.messageSerialRemote = i;
            this.messageKeyRemote = bArr2;
        }
    }

    /* loaded from: classes.dex */
    public static class State {
        public byte[] chainKeyRemote;
        public byte[] chainKeySelf;
        public ECKeyPair dhKeyPairSelf;
        public byte[] dhPublicKeyRemote;
        public byte[] headerKeyRemote;
        public byte[] headerKeySelf;
        public int messageSerialPrevChainSelf;
        public int messageSerialRemote;
        public int messageSerialSelf;
        public byte[] nextHeaderKeyRemote;
        public byte[] nextHeaderKeySelf;
        public byte[] rootKey;
        public List skippedMessageKeys;
    }

    private static void addSkippedKey(List list, byte[] bArr, int i, byte[] bArr2) {
        SkippedMessageKey findKey = findKey(list, bArr, i);
        if (findKey != null) {
            if (Arrays.equals(findKey.messageKeyRemote, bArr2)) {
                return;
            }
            log.error("Mismatching key: " + i);
        }
        list.add(new SkippedMessageKey(bArr, i, bArr2));
    }

    private static void dhRatchet(State state, Header header, byte[] bArr) {
        state.messageSerialPrevChainSelf = state.messageSerialSelf;
        state.messageSerialSelf = 0;
        state.messageSerialRemote = 0;
        state.headerKeySelf = state.nextHeaderKeySelf;
        state.headerKeyRemote = state.nextHeaderKeyRemote;
        byte[] bArr2 = header.publicKey;
        state.dhPublicKeyRemote = bArr2;
        byte[][] computeKdf = HKDF.computeKdf(state.rootKey, ECUtils.dh(state.dhKeyPairSelf.privateKey, bArr2), bArr, 3, "dhRatchetRecv");
        state.rootKey = computeKdf[0];
        state.chainKeyRemote = computeKdf[1];
        state.nextHeaderKeyRemote = computeKdf[2];
        ECKeyPair generateKeyPair = ECUtils.generateKeyPair();
        state.dhKeyPairSelf = generateKeyPair;
        byte[][] computeKdf2 = HKDF.computeKdf(state.rootKey, ECUtils.dh(generateKeyPair.privateKey, state.dhPublicKeyRemote), bArr, 3, "dhRatchetSend");
        state.rootKey = computeKdf2[0];
        state.chainKeySelf = computeKdf2[1];
        state.nextHeaderKeySelf = computeKdf2[2];
    }

    private static SkippedMessageKey findKey(List list, byte[] bArr, int i) {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            SkippedMessageKey skippedMessageKey = (SkippedMessageKey) it.next();
            if (skippedMessageKey.messageSerialRemote == i && Arrays.equals(skippedMessageKey.headerKeyRemote, bArr)) {
                return skippedMessageKey;
            }
        }
        return null;
    }

    public static InitialSharedSecrets generateInitialSharedSecrets(byte[] bArr) {
        byte[][] computeKdf = HKDF.computeKdf(DEFAULT_SALT, bArr, DoubleRatchetInfoConstants.INFO_SESSION, 3, "initSS");
        return new InitialSharedSecrets(computeKdf[0], computeKdf[1], computeKdf[2]);
    }

    public static State initStateFirst(InitialSharedSecrets initialSharedSecrets, byte[] bArr) {
        State state = new State();
        ECKeyPair generateKeyPair = ECUtils.generateKeyPair();
        state.dhKeyPairSelf = generateKeyPair;
        state.dhPublicKeyRemote = bArr;
        byte[][] computeKdf = HKDF.computeKdf(initialSharedSecrets.sharedKey, ECUtils.dh(generateKeyPair.privateKey, bArr), DoubleRatchetInfoConstants.INFO_SESSION, 3, "initFirst");
        state.rootKey = computeKdf[0];
        state.chainKeySelf = computeKdf[1];
        state.nextHeaderKeySelf = computeKdf[2];
        state.chainKeyRemote = null;
        state.messageSerialSelf = 0;
        state.messageSerialRemote = 0;
        state.messageSerialPrevChainSelf = 0;
        state.headerKeySelf = initialSharedSecrets.headerKey;
        state.headerKeyRemote = null;
        state.nextHeaderKeyRemote = initialSharedSecrets.nextHeaderKey;
        state.skippedMessageKeys = new ArrayList();
        return state;
    }

    public static State initStateSecond(ECKeyPair eCKeyPair, InitialSharedSecrets initialSharedSecrets) {
        State state = new State();
        state.dhKeyPairSelf = eCKeyPair;
        state.dhPublicKeyRemote = null;
        state.rootKey = initialSharedSecrets.sharedKey;
        state.chainKeySelf = null;
        state.chainKeyRemote = null;
        state.messageSerialSelf = 0;
        state.messageSerialRemote = 0;
        state.messageSerialPrevChainSelf = 0;
        state.headerKeySelf = null;
        state.headerKeyRemote = null;
        state.nextHeaderKeySelf = initialSharedSecrets.nextHeaderKey;
        state.nextHeaderKeyRemote = initialSharedSecrets.headerKey;
        state.skippedMessageKeys = new ArrayList();
        return state;
    }

    private static byte[] kdfChainKey(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
            return mac.doFinal(bArr2);
        } catch (Exception e) {
            throw new AssertionError(e);
        }
    }

    public static byte[] ratchetDecrypt(State state, Message message, byte[] bArr) {
        Header header;
        SkippedMessageKey skippedMessageKey;
        byte[] bArr2;
        byte[] bArr3;
        byte[] bArr4 = state.headerKeyRemote;
        if (bArr4 == null || ((header = tryDecryptHeader(bArr4, message.encryptedHeader, bArr)) != null && header.messageSerial < state.messageSerialRemote)) {
            header = null;
        }
        boolean z = (header != null || (bArr3 = state.nextHeaderKeyRemote) == null || (header = tryDecryptHeader(bArr3, message.encryptedHeader, bArr)) == null) ? false : true;
        if (header == null) {
            for (SkippedMessageKey skippedMessageKey2 : state.skippedMessageKeys) {
                Header tryDecryptHeader = tryDecryptHeader(skippedMessageKey2.headerKeyRemote, message.encryptedHeader, bArr);
                if (tryDecryptHeader == null) {
                    header = tryDecryptHeader;
                } else {
                    if (tryDecryptHeader.messageSerial == skippedMessageKey2.messageSerialRemote) {
                        skippedMessageKey = skippedMessageKey2;
                        header = tryDecryptHeader;
                        break;
                    }
                    header = null;
                }
            }
        }
        skippedMessageKey = null;
        if (header == null) {
            return null;
        }
        if (skippedMessageKey == null) {
            if (z) {
                skipMessageKeys(state, header.messageSerialPrevChain);
                dhRatchet(state, header, DoubleRatchetInfoConstants.INFO_SESSION);
            }
            skipMessageKeys(state, header.messageSerial);
            byte[] kdfChainKey = kdfChainKey(state.chainKeyRemote, TYPE_CHAIN_KEY);
            state.chainKeyRemote = kdfChainKey;
            state.messageSerialRemote++;
            bArr2 = kdfChainKey(kdfChainKey, TYPE_MESSAGE_KEY);
        } else {
            state.skippedMessageKeys.remove(skippedMessageKey);
            bArr2 = skippedMessageKey.messageKeyRemote;
        }
        byte[][] computeKdf = HKDF.computeKdf(DEFAULT_SALT, bArr2, DoubleRatchetInfoConstants.INFO_MESSAGE, 2, "messageDecr");
        return AEAD.decrypt(computeKdf[0], computeKdf[1], message.encryptedData, BinaryUtils.concat(bArr, message.encryptedHeader));
    }

    public static Message ratchetEncrypt(State state, byte[] bArr, byte[] bArr2) {
        Header header = new Header(state.dhKeyPairSelf.publicKey, state.messageSerialSelf, state.messageSerialPrevChainSelf);
        byte[] bArr3 = DEFAULT_SALT;
        byte[][] computeKdf = HKDF.computeKdf(bArr3, state.headerKeySelf, DoubleRatchetInfoConstants.INFO_HEADERS, 2, "headerEncr");
        byte[] encrypt = AEAD.encrypt(computeKdf[0], computeKdf[1], header.serialize(), bArr2);
        byte[] kdfChainKey = kdfChainKey(state.chainKeySelf, TYPE_CHAIN_KEY);
        state.chainKeySelf = kdfChainKey;
        state.messageSerialSelf++;
        byte[][] computeKdf2 = HKDF.computeKdf(bArr3, kdfChainKey(kdfChainKey, TYPE_MESSAGE_KEY), DoubleRatchetInfoConstants.INFO_MESSAGE, 2, "messageEncr");
        return new Message(encrypt, AEAD.encrypt(computeKdf2[0], computeKdf2[1], bArr, BinaryUtils.concat(bArr2, encrypt)));
    }

    private static void skipMessageKeys(State state, int i) {
        int i2 = state.messageSerialRemote;
        if (i2 + 100 < i) {
            log.warn("Exceeded MAX_SKIPPED_KEYS: " + i2 + ":" + i);
            return;
        }
        if (state.chainKeyRemote != null) {
            while (state.messageSerialRemote < i) {
                byte[] kdfChainKey = kdfChainKey(state.chainKeyRemote, TYPE_CHAIN_KEY);
                state.chainKeyRemote = kdfChainKey;
                addSkippedKey(state.skippedMessageKeys, state.headerKeyRemote, state.messageSerialRemote, kdfChainKey(kdfChainKey, TYPE_MESSAGE_KEY));
                state.messageSerialRemote++;
            }
        }
        while (state.skippedMessageKeys.size() > 100) {
            log.warn("Deleting skipped key");
            state.skippedMessageKeys.remove(0);
        }
    }

    private static Header tryDecryptHeader(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[][] computeKdf = HKDF.computeKdf(DEFAULT_SALT, bArr, DoubleRatchetInfoConstants.INFO_HEADERS, 2, "headerDecr");
        byte[] decrypt = AEAD.decrypt(computeKdf[0], computeKdf[1], bArr2, bArr3);
        if (decrypt == null) {
            return null;
        }
        return Header.deserialize(decrypt);
    }
}
