package com.allawn.cryptography.digitalenvelope;

import com.allawn.cryptography.algorithm.EccUtil;
import com.allawn.cryptography.algorithm.KDFUtil;
import com.allawn.cryptography.core.CryptoCore;
import com.allawn.cryptography.digitalenvelope.entity.EciesCurveEnum;
import com.allawn.cryptography.digitalenvelope.entity.EciesKDFEnum;
import com.allawn.cryptography.digitalenvelope.entity.EciesNegotiationInfo;
import com.allawn.cryptography.digitalenvelope.entity.EciesNegotiationParam;
import com.allawn.cryptography.digitalenvelope.entity.EciesSceneData;
import com.allawn.cryptography.entity.CipherContainer;
import com.allawn.cryptography.entity.ExceptionResponse;
import com.allawn.cryptography.entity.NegotiationParam;
import com.allawn.cryptography.entity.SceneConfig;
import com.allawn.cryptography.entity.SceneData;
import com.allawn.cryptography.exception.InvalidArgumentException;
import com.allawn.cryptography.keymanager.entity.ApplicationKeyPairs;
import com.allawn.cryptography.keymanager.entity.BizPublicKeys;
import com.allawn.cryptography.util.Base64Utils;
import com.allawn.cryptography.util.CipherUtil;
import com.allawn.cryptography.util.KeyUtil;
import com.allawn.cryptography.util.LogUtil;
import com.allawn.cryptography.util.PackUtil;
import com.allawn.cryptography.util.SceneUtil;
import com.heytap.baselib.utils.SecurityUtils;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import javax.crypto.SecretKey;
import org.json.JSONObject;

/* loaded from: classes.dex */
public abstract class EciesDigitalEnvelopeUtil {
    public static final Object EC_SCENE_DATA_LOCK = new Object();

    public static EciesSceneData createAndSaveSceneData(CryptoCore cryptoCore, String str, SceneConfig sceneConfig, NegotiationParam negotiationParam) {
        PublicKey publicKey;
        long j;
        ExceptionResponse exceptionResponse = new ExceptionResponse();
        BizPublicKeys bizPublicKeys = cryptoCore.getBizPublicKeys(str, true, SecurityUtils.ECDSA.KEY_ALGORITHM, exceptionResponse);
        if (bizPublicKeys != null) {
            publicKey = bizPublicKeys.getPublic4Enc();
            j = bizPublicKeys.getVersion();
        } else {
            publicKey = null;
            j = 0;
        }
        if (publicKey == null) {
            throw new InvalidKeyException("Missing biz public key. " + exceptionResponse.getException());
        }
        if (!publicKey.getAlgorithm().equals(SecurityUtils.ECDSA.KEY_ALGORITHM)) {
            throw new InvalidKeyException("Current scene only supports EC key, not " + publicKey.getAlgorithm() + ". Please specify the correct biz or biz public key");
        }
        if (negotiationParam != null && !(negotiationParam instanceof EciesNegotiationParam)) {
            throw new InvalidArgumentException("Negotiation parameters only support type EciesNegotiationParam");
        }
        EciesSceneData createSceneData = createSceneData(sceneConfig, (EciesNegotiationParam) negotiationParam, publicKey, j);
        LogUtil.d("EciesDigitalEnvelopeUtil", "createAndSaveSceneData negotiate a latest secret key");
        if (sceneConfig.isNeedReuse()) {
            synchronized (EC_SCENE_DATA_LOCK) {
                try {
                    SceneData sceneData = cryptoCore.getSceneData(str, sceneConfig.getScene());
                    if (sceneData != null && !sceneData.isExpired() && (sceneData instanceof EciesSceneData)) {
                        createSceneData = (EciesSceneData) sceneData;
                    }
                    cryptoCore.saveSceneData(str, createSceneData);
                    LogUtil.d("EciesDigitalEnvelopeUtil", "createAndSaveSceneData adopt and save to cryptoCore");
                } finally {
                }
            }
        }
        return createSceneData;
    }

    public static EciesSceneData createSceneData(SceneConfig sceneConfig, EciesNegotiationParam eciesNegotiationParam, PublicKey publicKey, long j) {
        EciesSceneData eciesSceneData = new EciesSceneData(sceneConfig.getNegotiationAlgorithm());
        SceneUtil.setSceneData(sceneConfig, eciesSceneData);
        EciesNegotiationInfo eciesNegotiationInfo = new EciesNegotiationInfo();
        eciesSceneData.setEncryptKey(negotiateEncryptKey(EciesCurveEnum.NIST_P, EciesKDFEnum.HKDF256, publicKey, eciesNegotiationParam, sceneConfig.getEncryptAlgorithm() != null ? sceneConfig.getEncryptAlgorithm().getKeyLength() / 8 : 32, eciesNegotiationInfo));
        eciesSceneData.setNegotiationInfo(eciesNegotiationInfo);
        eciesSceneData.setCertVersion(j);
        return eciesSceneData;
    }

    public static byte[] ecdh(EciesCurveEnum eciesCurveEnum, PrivateKey privateKey, PublicKey publicKey) {
        if (eciesCurveEnum == EciesCurveEnum.NIST_P) {
            return EccUtil.ecdh(privateKey, publicKey);
        }
        throw new InvalidAlgorithmParameterException("Unsupported " + eciesCurveEnum);
    }

    public static KeyPair generateTempKeyPair(EciesCurveEnum eciesCurveEnum, AlgorithmParameterSpec algorithmParameterSpec) {
        if (eciesCurveEnum == EciesCurveEnum.NIST_P) {
            return KeyUtil.generateEcKeyPair(algorithmParameterSpec);
        }
        throw new InvalidAlgorithmParameterException("Unsupported " + eciesCurveEnum);
    }

    public static byte[] kdf(byte[] bArr, EciesKDFEnum eciesKDFEnum, EciesNegotiationParam eciesNegotiationParam, int i, EciesNegotiationInfo eciesNegotiationInfo) {
        byte[] bArr2;
        boolean z;
        if (eciesKDFEnum != EciesKDFEnum.HKDF256) {
            throw new InvalidAlgorithmParameterException("Unsupported " + eciesKDFEnum);
        }
        if (eciesNegotiationParam != null) {
            bArr2 = eciesNegotiationParam.getInfo();
            z = eciesNegotiationParam.getUseSalt();
        } else {
            bArr2 = null;
            z = false;
        }
        byte[] bArr3 = new byte[32];
        if (z) {
            new SecureRandom().nextBytes(bArr3);
        } else {
            Arrays.fill(bArr3, (byte) 0);
        }
        if (eciesNegotiationInfo != null) {
            if (z) {
                eciesNegotiationInfo.setSalt(bArr3);
            }
            if (bArr2 != null) {
                eciesNegotiationInfo.setInfo(bArr2);
            }
        }
        byte[] bytes = "".getBytes(StandardCharsets.UTF_8);
        if (bArr2 == null) {
            bArr2 = bytes;
        }
        return KDFUtil.hkdfWithSha256(bArr, bArr3, bArr2, i);
    }

    public static SecretKey negotiateEncryptKey(EciesCurveEnum eciesCurveEnum, EciesKDFEnum eciesKDFEnum, PublicKey publicKey, EciesNegotiationParam eciesNegotiationParam, int i, EciesNegotiationInfo eciesNegotiationInfo) {
        if (publicKey == null) {
            throw new InvalidArgumentException("publicKey is null");
        }
        if (!(publicKey instanceof ECPublicKey)) {
            throw new InvalidKeyException("Only supports 'ECPublicKey' type, not '" + publicKey.getClass().getName());
        }
        KeyPair generateTempKeyPair = generateTempKeyPair(eciesCurveEnum, ((ECPublicKey) publicKey).getParams());
        PublicKey publicKey2 = generateTempKeyPair.getPublic();
        PrivateKey privateKey = generateTempKeyPair.getPrivate();
        if (eciesNegotiationInfo != null) {
            eciesNegotiationInfo.setTmpPublicKey(publicKey2.getEncoded());
        }
        return KeyUtil.bytesToSecretKey(kdf(ecdh(eciesCurveEnum, privateKey, publicKey), eciesKDFEnum, eciesNegotiationParam, i, eciesNegotiationInfo), "AES");
    }

    public static String packEciesDigitalEnvelopeCipher(EciesKDFEnum eciesKDFEnum, EciesNegotiationInfo eciesNegotiationInfo, CipherContainer cipherContainer) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("tmpPublicKey", Base64Utils.encodeToString(eciesNegotiationInfo.getTmpPublicKey()));
        if (eciesKDFEnum != EciesKDFEnum.HKDF256) {
            throw new InvalidAlgorithmParameterException("Unsupported " + eciesKDFEnum);
        }
        if (eciesNegotiationInfo.getSalt() != null) {
            jSONObject.put("salt", Base64Utils.encodeToString(eciesNegotiationInfo.getSalt()));
        }
        if (eciesNegotiationInfo.getInfo() != null) {
            jSONObject.put("info", Base64Utils.encodeToString(eciesNegotiationInfo.getInfo()));
        }
        jSONObject.put("cipherInfo", new JSONObject(CipherUtil.wrap(cipherContainer)));
        return jSONObject.toString();
    }

    public static byte[] signSceneData(EciesSceneData eciesSceneData, ApplicationKeyPairs applicationKeyPairs) {
        PrivateKey privateKeyForSign = applicationKeyPairs.getPrivateKeyForSign();
        if (privateKeyForSign == null) {
            LogUtil.w("EciesDigitalEnvelopeUtil", "signSceneData missing application key for sign");
            throw new KeyException("Missing application key for sign");
        }
        String accessId = applicationKeyPairs.getAccessId();
        if (accessId != null) {
            return EccUtil.ecdsaSignWithSha256(toSignString(eciesSceneData, accessId).getBytes(StandardCharsets.UTF_8), privateKeyForSign);
        }
        LogUtil.w("EciesDigitalEnvelopeUtil", "signSceneData missing application key access id");
        throw new KeyException("Missing application key access id");
    }

    public static String toSignString(EciesSceneData eciesSceneData, String str) {
        EciesNegotiationInfo negotiationInfo = eciesSceneData.getNegotiationInfo();
        return PackUtil.concatWithoutSeparator(str, negotiationInfo.getTmpPublicKey() != null ? Base64Utils.encodeToString(negotiationInfo.getTmpPublicKey()) : null, negotiationInfo.getSalt() != null ? Base64Utils.encodeToString(negotiationInfo.getSalt()) : null, negotiationInfo.getInfo() != null ? Base64Utils.encodeToString(negotiationInfo.getInfo()) : null, String.valueOf(eciesSceneData.getCertVersion()), String.valueOf(eciesSceneData.getVersion()));
    }
}
