package com.huawei.wisesecurity.keyindex.crypto;

import c.a.a.a.a;
import com.huawei.wisesecurity.keyindex.crypto.ec.ECCipher;
import com.huawei.wisesecurity.keyindex.crypto.ec.ECDHAlg;
import com.huawei.wisesecurity.keyindex.crypto.ec.ECHandler;
import com.huawei.wisesecurity.keyindex.exception.KiCryptoException;
import com.huawei.wisesecurity.kfs.crypto.digest.DigestAlg;
import com.huawei.wisesecurity.kfs.crypto.digest.KfsDigest;
import com.huawei.wisesecurity.kfs.crypto.signer.SignAlg;
import com.huawei.wisesecurity.kfs.crypto.signer.hmac.HmacSigner;
import com.huawei.wisesecurity.kfs.exception.CryptoException;
import com.huawei.wisesecurity.kfs.util.ByteUtil;

/* loaded from: classes.dex */
public class KiSessionKey {
    public static final int ECDH_KEY_LEN = 32;
    public static final int ECDH_MAX_TIMES = 4;
    public static final String SIGN_MATERIAL = "sessionKey";
    public ECDHAlg alg;
    public byte[] myEPK;
    public byte[] myLPK;
    public byte[] peerLPK;
    public byte[] peerTPK;
    public String receiverUid;
    public String senderUid;

    private byte[] getCombinedECDHKey(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, int i2) throws KiCryptoException {
        byte[] compute;
        ECHandler handler = ECCipher.getHandler();
        byte[] bArr5 = new byte[i2 * 32];
        int i3 = 0;
        while (i3 < 4) {
            if (i3 == 0) {
                compute = handler.fromMyKey(bArr).fromPeerKey(bArr3).compute();
            } else if (i3 == 1) {
                compute = handler.fromMyKey(bArr2).fromPeerKey(bArr4).compute();
            } else if (i3 == 2) {
                compute = handler.fromMyKey(bArr).fromPeerKey(bArr4).compute();
            } else {
                if (i3 != 3) {
                    throw new KiCryptoException(a.a("ECDH unsupported round : ", i3));
                }
                compute = handler.fromMyKey(bArr2).fromPeerKey(bArr3).compute();
            }
            System.arraycopy(compute, 0, bArr5, i3 * 32, 32);
            i3++;
            if (i3 >= i2) {
                break;
            }
        }
        return bArr5;
    }

    public byte[] build() throws KiCryptoException {
        try {
            if (this.myLPK == null || this.myEPK == null || this.peerLPK == null || this.peerTPK == null || this.alg == null) {
                throw new KiCryptoException("keys and alg can't be null");
            }
            byte[] digest = KfsDigest.getDigestHandler(DigestAlg.SHA256).from(getCombinedECDHKey(this.myLPK, this.myEPK, this.peerLPK, this.peerTPK, this.alg.getExchangeTimes())).digest();
            StringBuilder sb = new StringBuilder();
            sb.append(this.senderUid);
            sb.append(this.receiverUid);
            sb.append(SIGN_MATERIAL);
            return new HmacSigner.Builder().withAlg(SignAlg.HMAC_SHA256).withKey(digest).build().getSignHandler().from(sb.toString()).sign();
        } catch (CryptoException e2) {
            throw new KiCryptoException(a.a(e2, a.a("generate sessionKey error : ")));
        }
    }

    public KiSessionKey withAlg(ECDHAlg eCDHAlg) {
        this.alg = eCDHAlg;
        return this;
    }

    public KiSessionKey withMyEPK(byte[] bArr) {
        this.myEPK = ByteUtil.clone(bArr);
        return this;
    }

    public KiSessionKey withMyLPK(byte[] bArr) {
        this.myLPK = ByteUtil.clone(bArr);
        return this;
    }

    public KiSessionKey withPeerLPK(byte[] bArr) {
        this.peerLPK = ByteUtil.clone(bArr);
        return this;
    }

    public KiSessionKey withPeerTPK(byte[] bArr) {
        this.peerTPK = ByteUtil.clone(bArr);
        return this;
    }

    public KiSessionKey withReceiverUid(String str) {
        this.receiverUid = str;
        return this;
    }

    public KiSessionKey withSenderUid(String str) {
        this.senderUid = str;
        return this;
    }
}
