package com.allawn.cryptography.digitalenvelope;

import com.allawn.cryptography.EncryptException;
import com.allawn.cryptography.algorithm.EccUtil;
import com.allawn.cryptography.algorithm.HkdfUtil;
import com.allawn.cryptography.core.CryptoCore;
import com.allawn.cryptography.digitalenvelope.entity.EciesCurveEnum;
import com.allawn.cryptography.digitalenvelope.entity.EciesKDFEnum;
import com.allawn.cryptography.digitalenvelope.entity.EciesNegotiationInfo;
import com.allawn.cryptography.digitalenvelope.entity.EciesNegotiationParam;
import com.allawn.cryptography.digitalenvelope.entity.EciesSceneData;
import com.allawn.cryptography.entity.BizPublicKeyConfig;
import com.allawn.cryptography.entity.CipherContainer;
import com.allawn.cryptography.entity.NegotiationParam;
import com.allawn.cryptography.entity.SceneConfig;
import com.allawn.cryptography.entity.SceneData;
import com.allawn.cryptography.exception.BizDataNotFoundException;
import com.allawn.cryptography.exception.InvalidArgumentException;
import com.allawn.cryptography.keymanager.entity.UpgradeCertResponse;
import com.allawn.cryptography.util.Base64Utils;
import com.allawn.cryptography.util.KeyUtil;
import com.allawn.cryptography.util.LogUtil;
import com.allawn.cryptography.util.SceneUtil;
import com.oplus.baselib.utils.SecurityUtils;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import javax.crypto.SecretKey;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class EciesDigitalEnvelopeUtil {
    public static final Object EC_SCENE_DATA_LOCK = new Object();

    public static EciesSceneData createAndSaveSceneData(CryptoCore cryptoCore, String str, SceneConfig sceneConfig, NegotiationParam negotiationParam) throws InvalidArgumentException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidAlgorithmParameterException, InvalidKeyException, EncryptException {
        PublicKey publicKey = null;
        long j = 0;
        if (!cryptoCore.isUseHardcodedPublicKey(str)) {
            try {
                if (cryptoCore.checkBizCert(str)) {
                    UpgradeCertResponse makeCopy = cryptoCore.getBizKeyMemoryDataSource().getUpgradeCertResponse(str).makeCopy();
                    publicKey = makeCopy.getCert4Encrypt().getPublicKey();
                    j = makeCopy.getVersion();
                }
            } catch (BizDataNotFoundException unused) {
                LogUtil.d("EciesDigitalEnvelopeUtil", "createAndSaveSceneData no valid domain name set");
            }
            if (publicKey == null) {
                LogUtil.d("EciesDigitalEnvelopeUtil", "createAndSaveSceneData missing " + str + " online certificate");
            }
        }
        if (publicKey == null) {
            BizPublicKeyConfig hardcodedPublicKey = cryptoCore.getBizKeyMemoryDataSource().getHardcodedPublicKey(str);
            if (hardcodedPublicKey != null && hardcodedPublicKey.getPublicKeyForEncrypt() != null) {
                publicKey = KeyUtil.bytesToPublicKey(Base64Utils.decodeFromString(hardcodedPublicKey.getPublicKeyForEncrypt()), SecurityUtils.ECDSA.KEY_ALGORITHM);
                j = hardcodedPublicKey.getVersion();
            }
            if (publicKey == null) {
                LogUtil.d("EciesDigitalEnvelopeUtil", "createAndSaveSceneData missing " + str + " hardcoded public key");
            }
        }
        if (negotiationParam != null && !(negotiationParam instanceof EciesNegotiationParam)) {
            throw new InvalidArgumentException("Negotiation parameters only support type EciesNegotiationParam");
        }
        EciesSceneData createSceneData = createSceneData(sceneConfig, (EciesNegotiationParam) negotiationParam, publicKey, j);
        LogUtil.d("EciesDigitalEnvelopeUtil", "createAndSaveSceneData negotiate a latest secret key");
        if (sceneConfig.isNeedReuse()) {
            synchronized (EC_SCENE_DATA_LOCK) {
                SceneData sceneData = cryptoCore.getSceneData(str, sceneConfig.getScene());
                if (sceneData != null && !sceneData.isExpired() && (sceneData instanceof EciesSceneData)) {
                    createSceneData = (EciesSceneData) sceneData;
                }
                cryptoCore.saveSceneData(str, createSceneData);
                LogUtil.d("EciesDigitalEnvelopeUtil", "createAndSaveSceneData adopt and save to cryptoCore");
            }
        }
        return createSceneData;
    }

    public static EciesSceneData createSceneData(SceneConfig sceneConfig, EciesNegotiationParam eciesNegotiationParam, PublicKey publicKey, long j) throws NoSuchAlgorithmException, InvalidArgumentException, InvalidKeyException, InvalidAlgorithmParameterException, EncryptException {
        if (publicKey == null) {
            throw new InvalidKeyException("Missing biz public key.");
        }
        if (!publicKey.getAlgorithm().equals(SecurityUtils.ECDSA.KEY_ALGORITHM)) {
            throw new InvalidKeyException("Current scene only supports EC key, not " + publicKey.getAlgorithm() + ". Please specify the correct biz or biz public key.");
        }
        EciesSceneData eciesSceneData = new EciesSceneData();
        SceneUtil.setSceneData(sceneConfig, eciesSceneData);
        EciesNegotiationInfo eciesNegotiationInfo = new EciesNegotiationInfo();
        eciesSceneData.setEncryptKey(negotiateEncryptKey(EciesCurveEnum.NIST_P, EciesKDFEnum.HKDF256, publicKey, eciesNegotiationParam, sceneConfig.getEncryptAlgorithm().getKeyLength() / 8, eciesNegotiationInfo));
        eciesSceneData.setNegotiationInfo(eciesNegotiationInfo);
        eciesSceneData.setCertVersion(j);
        return eciesSceneData;
    }

    public static byte[] ecdh(EciesCurveEnum eciesCurveEnum, PrivateKey privateKey, PublicKey publicKey) throws InvalidAlgorithmParameterException, EncryptException {
        if (eciesCurveEnum == EciesCurveEnum.NIST_P) {
            return EccUtil.ecdh(privateKey, publicKey);
        }
        throw new InvalidAlgorithmParameterException("Unsupported " + eciesCurveEnum);
    }

    public static KeyPair generateTempKeyPair(EciesCurveEnum eciesCurveEnum, AlgorithmParameterSpec algorithmParameterSpec) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        if (eciesCurveEnum == EciesCurveEnum.NIST_P) {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(SecurityUtils.ECDSA.KEY_ALGORITHM);
            keyPairGenerator.initialize(algorithmParameterSpec, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        }
        throw new InvalidAlgorithmParameterException("Unsupported " + eciesCurveEnum);
    }

    public static byte[] kdf(byte[] bArr, EciesKDFEnum eciesKDFEnum, EciesNegotiationParam eciesNegotiationParam, int i, EciesNegotiationInfo eciesNegotiationInfo) throws InvalidAlgorithmParameterException, EncryptException {
        boolean z;
        if (eciesKDFEnum != EciesKDFEnum.HKDF256) {
            throw new InvalidAlgorithmParameterException("Unsupported " + eciesKDFEnum);
        }
        byte[] bArr2 = null;
        if (eciesNegotiationParam != null) {
            bArr2 = eciesNegotiationParam.getInfo();
            z = eciesNegotiationParam.getUseSalt();
        } else {
            z = false;
        }
        byte[] bArr3 = new byte[32];
        if (z) {
            new SecureRandom().nextBytes(bArr3);
        } else {
            Arrays.fill(bArr3, (byte) 0);
        }
        if (eciesNegotiationInfo != null) {
            if (z) {
                eciesNegotiationInfo.setSalt(bArr3);
            }
            if (bArr2 != null) {
                eciesNegotiationInfo.setInfo(bArr2);
            }
        }
        byte[] bytes = "".getBytes(StandardCharsets.UTF_8);
        if (bArr2 == null) {
            bArr2 = bytes;
        }
        return HkdfUtil.hkdfWithSha256(bArr, bArr3, bArr2, i);
    }

    public static SecretKey negotiateEncryptKey(EciesCurveEnum eciesCurveEnum, EciesKDFEnum eciesKDFEnum, PublicKey publicKey, EciesNegotiationParam eciesNegotiationParam, int i, EciesNegotiationInfo eciesNegotiationInfo) throws NoSuchAlgorithmException, InvalidArgumentException, InvalidAlgorithmParameterException, InvalidKeyException, EncryptException {
        if (!(publicKey instanceof ECPublicKey)) {
            throw new InvalidKeyException("Only supports 'ECPublicKey' type, not '" + publicKey.getClass().getName());
        }
        KeyPair generateTempKeyPair = generateTempKeyPair(eciesCurveEnum, ((ECPublicKey) publicKey).getParams());
        PublicKey publicKey2 = generateTempKeyPair.getPublic();
        PrivateKey privateKey = generateTempKeyPair.getPrivate();
        if (eciesNegotiationInfo != null) {
            eciesNegotiationInfo.setTmpPublicKey(publicKey2.getEncoded());
        }
        return KeyUtil.bytesToSecretKey(kdf(ecdh(eciesCurveEnum, privateKey, publicKey), eciesKDFEnum, eciesNegotiationParam, i, eciesNegotiationInfo), "AES");
    }

    public static String packEciesDigitalEnvelopeCipher(EciesKDFEnum eciesKDFEnum, EciesNegotiationInfo eciesNegotiationInfo, CipherContainer cipherContainer) throws JSONException, InvalidAlgorithmParameterException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("tmpPublicKey", Base64Utils.encodeToString(eciesNegotiationInfo.getTmpPublicKey()));
        if (eciesKDFEnum != EciesKDFEnum.HKDF256) {
            throw new InvalidAlgorithmParameterException("Unsupported " + eciesKDFEnum);
        }
        if (eciesNegotiationInfo.getSalt() != null) {
            jSONObject.put("salt", Base64Utils.encodeToString(eciesNegotiationInfo.getSalt()));
        }
        if (eciesNegotiationInfo.getInfo() != null) {
            jSONObject.put("info", Base64Utils.encodeToString(eciesNegotiationInfo.getInfo()));
        }
        jSONObject.put("cipherInfo", new JSONObject(DigitalEnvelopeUtil.toJsonString(cipherContainer)));
        return jSONObject.toString();
    }
}
