package org.signal.libsignal.metadata;

import java.security.InvalidAlgorithmParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.signal.libsignal.metadata.protocol.UnidentifiedSenderMessage;
import org.signal.libsignal.metadata.protocol.UnidentifiedSenderMessageContent;
import org.whispersystems.libsignal.DeviceId;
import org.whispersystems.libsignal.DuplicateMessageException;
import org.whispersystems.libsignal.InvalidKeyException;
import org.whispersystems.libsignal.InvalidKeyIdException;
import org.whispersystems.libsignal.InvalidMacException;
import org.whispersystems.libsignal.InvalidMessageException;
import org.whispersystems.libsignal.InvalidVersionException;
import org.whispersystems.libsignal.LegacyMessageException;
import org.whispersystems.libsignal.NoSessionException;
import org.whispersystems.libsignal.SessionCipher;
import org.whispersystems.libsignal.SignalProtocolAddress;
import org.whispersystems.libsignal.ecc.Curve;
import org.whispersystems.libsignal.ecc.ECKeyPair;
import org.whispersystems.libsignal.ecc.ECPrivateKey;
import org.whispersystems.libsignal.ecc.ECPublicKey;
import org.whispersystems.libsignal.kdf.HKDFv3;
import org.whispersystems.libsignal.protocol.CiphertextMessage;
import org.whispersystems.libsignal.protocol.PreKeySignalMessage;
import org.whispersystems.libsignal.protocol.SignalMessage;
import org.whispersystems.libsignal.state.SignalProtocolStore;
import org.whispersystems.libsignal.util.ByteUtil;

/* loaded from: classes2.dex */
public class SealedSessionCipher {
    private final DeviceId localDeviceId;
    private final SignalProtocolStore signalProtocolStore;

    /* loaded from: classes2.dex */
    public static class DecryptionResult {
        private final byte[] paddedMessage;
        private final SignalProtocolAddress senderAddress;

        private DecryptionResult(SignalProtocolAddress signalProtocolAddress, byte[] bArr) {
            this.senderAddress = signalProtocolAddress;
            this.paddedMessage = bArr;
        }

        public byte[] getPaddedMessage() {
            return this.paddedMessage;
        }

        public SignalProtocolAddress getSenderAddress() {
            return this.senderAddress;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class EphemeralKeys {
        private final byte[] chainKey;
        private final SecretKeySpec cipherKey;
        private final SecretKeySpec macKey;

        private EphemeralKeys(byte[] bArr, byte[] bArr2, byte[] bArr3) {
            this.chainKey = bArr;
            this.cipherKey = new SecretKeySpec(bArr2, "AES");
            this.macKey = new SecretKeySpec(bArr3, "HmacSHA256");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class StaticKeys {
        private final SecretKeySpec cipherKey;
        private final SecretKeySpec macKey;

        private StaticKeys(byte[] bArr, byte[] bArr2) {
            this.cipherKey = new SecretKeySpec(bArr, "AES");
            this.macKey = new SecretKeySpec(bArr2, "HmacSHA256");
        }
    }

    public SealedSessionCipher(SignalProtocolStore signalProtocolStore, DeviceId deviceId) {
        this.signalProtocolStore = signalProtocolStore;
        this.localDeviceId = deviceId;
    }

    private EphemeralKeys calculateEphemeralKeys(ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey, byte[] bArr) throws InvalidKeyException {
        try {
            byte[][] split = ByteUtil.split(new HKDFv3().deriveSecrets(Curve.calculateAgreement(eCPublicKey, eCPrivateKey), bArr, new byte[0], 96), 32, 32, 32);
            return new EphemeralKeys(split[0], split[1], split[2]);
        } catch (ParseException e) {
            throw new AssertionError(e);
        }
    }

    private StaticKeys calculateStaticKeys(ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey, byte[] bArr) throws InvalidKeyException {
        try {
            byte[][] split = ByteUtil.split(new HKDFv3().deriveSecrets(Curve.calculateAgreement(eCPublicKey, eCPrivateKey), bArr, new byte[0], 96), 32, 32, 32);
            return new StaticKeys(split[1], split[2]);
        } catch (ParseException e) {
            throw new AssertionError(e);
        }
    }

    private byte[] decrypt(SecretKeySpec secretKeySpec, SecretKeySpec secretKeySpec2, byte[] bArr) throws InvalidMacException {
        try {
            if (bArr.length < 10) {
                throw new InvalidMacException("Ciphertext not long enough for MAC!");
            }
            byte[][] split = ByteUtil.split(bArr, bArr.length - 10, 10);
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec2);
            if (!MessageDigest.isEqual(ByteUtil.trim(mac.doFinal(split[0]), 10), split[1])) {
                throw new InvalidMacException("Bad mac!");
            }
            Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
            cipher.init(2, secretKeySpec, new IvParameterSpec(new byte[16]));
            return cipher.doFinal(split[0]);
        } catch (InvalidAlgorithmParameterException | java.security.InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new AssertionError(e);
        }
    }

    private byte[] decrypt(UnidentifiedSenderMessageContent unidentifiedSenderMessageContent) throws InvalidVersionException, InvalidMessageException, InvalidKeyException, DuplicateMessageException, InvalidKeyIdException, LegacyMessageException, NoSessionException {
        SignalProtocolAddress senderAddress = unidentifiedSenderMessageContent.getSenderAddress();
        int type = unidentifiedSenderMessageContent.getType();
        if (type == 2) {
            return new SessionCipher(this.signalProtocolStore, senderAddress).decrypt(new SignalMessage(unidentifiedSenderMessageContent.getContent()));
        }
        if (type == 3) {
            return new SessionCipher(this.signalProtocolStore, senderAddress).decrypt(new PreKeySignalMessage(unidentifiedSenderMessageContent.getContent()));
        }
        throw new InvalidMessageException("Unknown type: " + unidentifiedSenderMessageContent.getType());
    }

    private byte[] encrypt(SecretKeySpec secretKeySpec, SecretKeySpec secretKeySpec2, byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
            cipher.init(1, secretKeySpec, new IvParameterSpec(new byte[16]));
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec2);
            byte[] doFinal = cipher.doFinal(bArr);
            return ByteUtil.combine(doFinal, ByteUtil.trim(mac.doFinal(doFinal), 10));
        } catch (InvalidAlgorithmParameterException | java.security.InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new AssertionError(e);
        }
    }

    public DecryptionResult decrypt(byte[] bArr) throws InvalidMetadataMessageException, InvalidMetadataVersionException, ProtocolInvalidMessageException, ProtocolInvalidKeyException, ProtocolNoSessionException, ProtocolLegacyMessageException, ProtocolInvalidVersionException, ProtocolDuplicateMessageException, ProtocolInvalidKeyIdException, SelfSendException {
        try {
            ECKeyPair identityKeyPair = this.signalProtocolStore.getIdentityKeyPair();
            UnidentifiedSenderMessage unidentifiedSenderMessage = new UnidentifiedSenderMessage(bArr);
            EphemeralKeys calculateEphemeralKeys = calculateEphemeralKeys(unidentifiedSenderMessage.getEphemeral(), identityKeyPair.getPrivateKey(), ByteUtil.combine("UnidentifiedDelivery".getBytes(), identityKeyPair.getPublicKey().getBytes(), unidentifiedSenderMessage.getEphemeral().getBytes()));
            StaticKeys calculateStaticKeys = calculateStaticKeys(new ECPublicKey(decrypt(calculateEphemeralKeys.cipherKey, calculateEphemeralKeys.macKey, unidentifiedSenderMessage.getEncryptedStatic())), identityKeyPair.getPrivateKey(), ByteUtil.combine(calculateEphemeralKeys.chainKey, unidentifiedSenderMessage.getEncryptedStatic()));
            UnidentifiedSenderMessageContent unidentifiedSenderMessageContent = new UnidentifiedSenderMessageContent(decrypt(calculateStaticKeys.cipherKey, calculateStaticKeys.macKey, unidentifiedSenderMessage.getEncryptedMessage()));
            if (Arrays.equals(identityKeyPair.getPublicKey().getBytes(), unidentifiedSenderMessageContent.getSenderIdentityKey())) {
                throw new SelfSendException();
            }
            try {
                return new DecryptionResult(unidentifiedSenderMessageContent.getSenderAddress(), decrypt(unidentifiedSenderMessageContent));
            } catch (DuplicateMessageException e) {
                throw new ProtocolDuplicateMessageException(e, unidentifiedSenderMessageContent.getSenderIdentityKey(), unidentifiedSenderMessageContent.getSenderDeviceId());
            } catch (InvalidKeyException e2) {
                throw new ProtocolInvalidKeyException(e2, unidentifiedSenderMessageContent.getSenderIdentityKey(), unidentifiedSenderMessageContent.getSenderDeviceId());
            } catch (InvalidKeyIdException e3) {
                throw new ProtocolInvalidKeyIdException(e3, unidentifiedSenderMessageContent.getSenderIdentityKey(), unidentifiedSenderMessageContent.getSenderDeviceId());
            } catch (InvalidMessageException e4) {
                throw new ProtocolInvalidMessageException(e4, unidentifiedSenderMessageContent.getSenderIdentityKey(), unidentifiedSenderMessageContent.getSenderDeviceId());
            } catch (InvalidVersionException e5) {
                throw new ProtocolInvalidVersionException(e5, unidentifiedSenderMessageContent.getSenderIdentityKey(), unidentifiedSenderMessageContent.getSenderDeviceId());
            } catch (LegacyMessageException e6) {
                throw new ProtocolLegacyMessageException(e6, unidentifiedSenderMessageContent.getSenderIdentityKey(), unidentifiedSenderMessageContent.getSenderDeviceId());
            } catch (NoSessionException e7) {
                throw new ProtocolNoSessionException(e7, unidentifiedSenderMessageContent.getSenderIdentityKey(), unidentifiedSenderMessageContent.getSenderDeviceId());
            }
        } catch (InvalidKeyException | InvalidMacException e8) {
            throw new InvalidMetadataMessageException(e8);
        }
    }

    public byte[] encrypt(SignalProtocolAddress signalProtocolAddress, byte[] bArr) throws InvalidKeyException {
        return encrypt(this.signalProtocolStore.getIdentityKeyPair(), signalProtocolAddress, bArr);
    }

    byte[] encrypt(ECKeyPair eCKeyPair, SignalProtocolAddress signalProtocolAddress, byte[] bArr) throws InvalidKeyException {
        CiphertextMessage encrypt = new SessionCipher(this.signalProtocolStore, signalProtocolAddress).encrypt(bArr);
        ECPublicKey identityKey = signalProtocolAddress.getIdentityKey();
        ECKeyPair generateKeyPair = Curve.generateKeyPair();
        EphemeralKeys calculateEphemeralKeys = calculateEphemeralKeys(identityKey, generateKeyPair.getPrivateKey(), ByteUtil.combine("UnidentifiedDelivery".getBytes(), identityKey.getBytes(), generateKeyPair.getPublicKey().getBytes()));
        byte[] encrypt2 = encrypt(calculateEphemeralKeys.cipherKey, calculateEphemeralKeys.macKey, eCKeyPair.getPublicKey().getBytes());
        StaticKeys calculateStaticKeys = calculateStaticKeys(identityKey, eCKeyPair.getPrivateKey(), ByteUtil.combine(calculateEphemeralKeys.chainKey, encrypt2));
        return new UnidentifiedSenderMessage(generateKeyPair.getPublicKey(), encrypt2, encrypt(calculateStaticKeys.cipherKey, calculateStaticKeys.macKey, new UnidentifiedSenderMessageContent(encrypt.getType(), eCKeyPair.getPublicKey().getBytes(), this.localDeviceId.getBytes(), encrypt.serialize()).getSerialized())).getSerialized();
    }
}
