package org.cweb.crypto;

import com.google.common.base.Preconditions;
import java.nio.ByteBuffer;
import java.security.KeyPair;
import java.security.PrivateKey;
import org.cweb.crypto.Decoded;
import org.cweb.crypto.lib.AEAD;
import org.cweb.crypto.lib.ECAEAD;
import org.cweb.crypto.lib.ECKeyPair;
import org.cweb.crypto.lib.ECUtils;
import org.cweb.crypto.lib.HashingUtils;
import org.cweb.crypto.lib.RSAUtils;
import org.cweb.crypto.lib.X3DH;
import org.cweb.schemas.identity.IdentityDescriptor;
import org.cweb.schemas.keys.KeyType;
import org.cweb.schemas.keys.PublicKey;
import org.cweb.schemas.local.IdentityKeys;
import org.cweb.schemas.wire.PKEncryptedEnvelope;
import org.cweb.schemas.wire.SignatureMetadata;
import org.cweb.schemas.wire.SignedEnvelope;
import org.cweb.schemas.wire.SignedPayload;
import org.cweb.schemas.wire.SymmetricEncryptedEnvelope;
import org.cweb.storage.local.SecretStorageService;
import org.cweb.utils.ThriftUtils;
import org.cweb.utils.Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class IdentityCryptoService {
    private final ECKeyPair ecKeyPair;
    private final PublicKey ecPublicKey;
    private final IdentityKeys identityKeys;
    private final byte[] ownId;
    private final KeyPair rsaKeyPair;
    private final PublicKey rsaPublicKey;
    private final String tracePrefix;
    private static final Logger log = LoggerFactory.getLogger(IdentityCryptoService.class);
    private static final byte[] EC_AD_KEY = {1};
    private static final byte[] EC_AD_DATA = {1};

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.cweb.crypto.IdentityCryptoService$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$cweb$schemas$keys$KeyType;

        static {
            int[] iArr = new int[KeyType.values().length];
            $SwitchMap$org$cweb$schemas$keys$KeyType = iArr;
            try {
                iArr[KeyType.RSA_2048.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$cweb$schemas$keys$KeyType[KeyType.EC25519_256.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes.dex */
    public enum SignerType {
        RSA,
        EC
    }

    private IdentityCryptoService(IdentityKeys identityKeys) {
        this.identityKeys = identityKeys;
        KeyPair constructRSAKeyPair = constructRSAKeyPair(identityKeys);
        this.rsaKeyPair = constructRSAKeyPair;
        ECKeyPair fromThrift = CryptoThriftUtils.fromThrift(identityKeys.getEcKey());
        this.ecKeyPair = fromThrift;
        this.rsaPublicKey = new PublicKey(KeyType.RSA_2048, ByteBuffer.wrap(RSAUtils.getPublicKeyX509Encoded((byte[]) constructRSAKeyPair.getPublic().getEncoded().clone())));
        this.ecPublicKey = new PublicKey(KeyType.EC25519_256, ByteBuffer.wrap((byte[]) fromThrift.publicKey.clone()));
        Preconditions.checkNotNull(constructRSAKeyPair);
        byte[] id = identityKeys.getId();
        this.ownId = id;
        this.tracePrefix = Utils.getDebugStringFromId(id);
    }

    private static KeyPair constructRSAKeyPair(IdentityKeys identityKeys) {
        org.cweb.schemas.keys.KeyPair rsaKey = identityKeys.getRsaKey();
        return new KeyPair(RSAUtils.constructPublicKey(rsaKey.getPublicKey()), RSAUtils.constructPrivateKey(rsaKey.getPrivateKey()));
    }

    private static IdentityKeys createNewKey() {
        try {
            IdentityKeys identityKeys = new IdentityKeys();
            KeyPair generateKeyPair = RSAUtils.generateKeyPair();
            identityKeys.setRsaKey(new org.cweb.schemas.keys.KeyPair(KeyType.RSA_2048, ByteBuffer.wrap(RSAUtils.getPublicKeyX509Encoded(generateKeyPair.getPublic().getEncoded())), ByteBuffer.wrap(RSAUtils.getPrivateKeyPKCS8Encoded(generateKeyPair.getPrivate().getEncoded()))));
            ECKeyPair generateKeyPair2 = ECUtils.generateKeyPair();
            identityKeys.setEcKey(new org.cweb.schemas.keys.KeyPair(KeyType.EC25519_256, ByteBuffer.wrap(generateKeyPair2.publicKey), ByteBuffer.wrap(generateKeyPair2.privateKey)));
            identityKeys.setId(idFromKey(identityKeys.getEcKey().getPublicKey()));
            log.trace(Utils.getDebugStringFromId(identityKeys.getId()) + " Generated identity keys");
            return identityKeys;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static IdentityCryptoService generateNewKeys() {
        return new IdentityCryptoService(createNewKey());
    }

    private byte[] getECPrivateKey() {
        return this.ecKeyPair.privateKey;
    }

    private PrivateKey getRSAPrivateKey() {
        return this.rsaKeyPair.getPrivate();
    }

    public static byte[] idFromKey(byte[] bArr) {
        return HashingUtils.SHA512_256(bArr);
    }

    public static byte[] idFromPublicKey(PublicKey publicKey) {
        return idFromKey(publicKey.getPublicKey());
    }

    public static IdentityCryptoService loadFromFile(SecretStorageService secretStorageService) {
        return new IdentityCryptoService(loadIdentityKey(secretStorageService));
    }

    private static IdentityKeys loadIdentityKey(SecretStorageService secretStorageService) {
        byte[] read = secretStorageService.read("masterKey");
        if (read == null) {
            return null;
        }
        try {
            IdentityKeys identityKeys = (IdentityKeys) ThriftUtils.deserialize(read, IdentityKeys.class);
            log.trace(Utils.getDebugStringFromId(identityKeys.getId()) + " Loaded identity keys");
            return identityKeys;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static void saveIdentityKeys(SecretStorageService secretStorageService, IdentityKeys identityKeys) {
        secretStorageService.write("masterKey", ThriftUtils.serialize(identityKeys));
        log.trace(Utils.getDebugStringFromKey(identityKeys.getId()) + " Saved identity keys");
    }

    public static boolean verifySignature(IdentityDescriptor identityDescriptor, String str, SignedEnvelope signedEnvelope) {
        PublicKey ecPublicKey;
        if (RSAUtils.getSignerName().equals(str)) {
            ecPublicKey = identityDescriptor.getRsaPublicKey();
        } else {
            if (!ECUtils.getSignerName().equals(str)) {
                log.error("Unrecognized signer name " + str);
                return false;
            }
            ecPublicKey = identityDescriptor.getEcPublicKey();
        }
        return verifySignature(ecPublicKey, signedEnvelope.getSignedPayload(), signedEnvelope.getSignature());
    }

    private static boolean verifySignature(PublicKey publicKey, byte[] bArr, byte[] bArr2) {
        boolean verifySignature;
        Logger logger;
        String debugStringFromKey;
        StringBuilder sb;
        String str;
        int i = AnonymousClass1.$SwitchMap$org$cweb$schemas$keys$KeyType[publicKey.getType().ordinal()];
        if (i == 1) {
            java.security.PublicKey constructPublicKey = RSAUtils.constructPublicKey(publicKey.getPublicKey());
            if (constructPublicKey == null) {
                return false;
            }
            verifySignature = RSAUtils.verifySignature(constructPublicKey, bArr, bArr2);
            logger = log;
            debugStringFromKey = Utils.getDebugStringFromKey(publicKey);
            sb = new StringBuilder();
            str = "Verified RSA signature from ";
        } else {
            if (i != 2) {
                log.error("Unsupported key type " + publicKey.getType());
                return false;
            }
            verifySignature = ECUtils.checkSignature(publicKey.getPublicKey(), bArr, bArr2);
            logger = log;
            debugStringFromKey = Utils.getDebugStringFromKey(publicKey);
            sb = new StringBuilder();
            str = "Verified EC signature from ";
        }
        sb.append(str);
        sb.append(debugStringFromKey);
        sb.append(", result=");
        sb.append(verifySignature);
        logger.trace(sb.toString());
        return verifySignature;
    }

    public SignedEnvelope createSignedEnvelope(byte[] bArr, byte[] bArr2, Long l, SignerType signerType) {
        long currentTimeMillis = System.currentTimeMillis();
        ByteBuffer wrap = ByteBuffer.wrap(getOwnId());
        SignerType signerType2 = SignerType.RSA;
        SignatureMetadata signatureMetadata = new SignatureMetadata(wrap, signerType == signerType2 ? RSAUtils.getSignerName() : ECUtils.getSignerName());
        if (bArr != null) {
            signatureMetadata.setRecipientId(ByteBuffer.wrap(bArr));
        }
        signatureMetadata.setGeneratedAt(currentTimeMillis);
        if (l != null) {
            signatureMetadata.setValidUntil(currentTimeMillis + l.longValue());
        }
        byte[] serialize = ThriftUtils.serialize(new SignedPayload(signatureMetadata, ByteBuffer.wrap(bArr2)));
        return new SignedEnvelope(ByteBuffer.wrap(signerType == signerType2 ? signWithIdentityKeyRSA(serialize) : signWithIdentityKeyEC(serialize)), ByteBuffer.wrap(serialize));
    }

    public Decoded decrypt(PKEncryptedEnvelope pKEncryptedEnvelope) {
        byte[] decrypt;
        if (RSAUtils.getCipherName().equals(pKEncryptedEnvelope.getKeyEncryptionAlgorithm())) {
            decrypt = RSAUtils.decrypt(getRSAPrivateKey(), pKEncryptedEnvelope.getPkEncryptedKey());
        } else {
            if (!ECAEAD.getCipherName().equals(pKEncryptedEnvelope.getKeyEncryptionAlgorithm())) {
                return new Decoded(Decoded.Error.PK_KEY_UNKNOWN_CIPHER);
            }
            decrypt = ECAEAD.decrypt(getECPrivateKey(), pKEncryptedEnvelope.getPkEncryptedKey(), EC_AD_KEY);
        }
        if (decrypt == null) {
            return new Decoded(Decoded.Error.PK_KEY_DECRYPTION);
        }
        SymmetricEncryptedEnvelope symmetricEncryptedEnvelope = (SymmetricEncryptedEnvelope) ThriftUtils.deserializeSafe(pKEncryptedEnvelope.getPayload(), SymmetricEncryptedEnvelope.class);
        if (symmetricEncryptedEnvelope == null) {
            return new Decoded(Decoded.Error.CRYPTO_ENVELOPE_DESERIALIZATION);
        }
        Decoded decryptSymmetric = CryptoHelper.decryptSymmetric(decrypt, symmetricEncryptedEnvelope, EC_AD_DATA);
        return decryptSymmetric.getError() != null ? new Decoded(decryptSymmetric.getError()) : new Decoded((byte[]) decryptSymmetric.getData());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PKEncryptedEnvelope encryptFor(PublicKey publicKey, byte[] bArr) {
        byte[] generateCompositeKey = AEAD.generateCompositeKey();
        byte[] serialize = ThriftUtils.serialize(CryptoHelper.encryptSymmetricRaw(generateCompositeKey, bArr, EC_AD_DATA));
        Logger logger = log;
        logger.trace(this.tracePrefix + " Generated sym key and encrypted envelope for " + Utils.getDebugStringFromKey(publicKey));
        int i = AnonymousClass1.$SwitchMap$org$cweb$schemas$keys$KeyType[publicKey.getType().ordinal()];
        if (i == 1) {
            return new PKEncryptedEnvelope(ByteBuffer.wrap(RSAUtils.encrypt(RSAUtils.constructPublicKey(publicKey.getPublicKey()), generateCompositeKey)), RSAUtils.getCipherName(), AEAD.getCipherName(), ByteBuffer.wrap(serialize));
        }
        if (i == 2) {
            return new PKEncryptedEnvelope(ByteBuffer.wrap(ECAEAD.encrypt(publicKey.getPublicKey(), generateCompositeKey, EC_AD_KEY)), ECAEAD.getCipherName(), AEAD.getCipherName(), ByteBuffer.wrap(serialize));
        }
        logger.error("Unsupported key type " + publicKey.getType());
        return null;
    }

    public X3DH.PreKeyBundle generateX3DHPreKeyBundle(byte[] bArr) {
        ECKeyPair eCKeyPair = this.ecKeyPair;
        return X3DH.generatePreKeyBundle(eCKeyPair.privateKey, eCKeyPair.publicKey, bArr);
    }

    public X3DH.InitialMessageGenerationResult generateX3DHSessionFirst(ECKeyPair eCKeyPair, X3DH.PreKeyBundle preKeyBundle) {
        return X3DH.generateInitialMessage(this.ecKeyPair, eCKeyPair, preKeyBundle);
    }

    public X3DH.InitialMessageProcessingResult generateX3DHSessionSecond(ECKeyPair eCKeyPair, X3DH.InitialMessage initialMessage) {
        return X3DH.processInitialMessage(this.ecKeyPair, eCKeyPair, initialMessage);
    }

    public PublicKey getECPublicKey() {
        return this.ecPublicKey;
    }

    public byte[] getOwnId() {
        return this.ownId;
    }

    public PublicKey getRSAPublicKey() {
        return this.rsaPublicKey;
    }

    public void saveIdentityKeys(SecretStorageService secretStorageService) {
        saveIdentityKeys(secretStorageService, this.identityKeys);
    }

    byte[] signWithIdentityKeyEC(byte[] bArr) {
        log.trace(this.tracePrefix + " Signed with identity EC keys");
        return ECUtils.sign(getECPrivateKey(), bArr);
    }

    byte[] signWithIdentityKeyRSA(byte[] bArr) {
        log.trace(this.tracePrefix + " Signed with identity RSA keys");
        return RSAUtils.sign(getRSAPrivateKey(), bArr);
    }
}
