package org.signal.libsignal.metadata;

import java.security.InvalidAlgorithmParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.util.UUID;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.signal.libsignal.metadata.certificate.CertificateValidator;
import org.signal.libsignal.metadata.certificate.InvalidCertificateException;
import org.signal.libsignal.metadata.certificate.SenderCertificate;
import org.signal.libsignal.metadata.protocol.UnidentifiedSenderMessage;
import org.signal.libsignal.metadata.protocol.UnidentifiedSenderMessageContent;
import org.whispersystems.libsignal.DuplicateMessageException;
import org.whispersystems.libsignal.IdentityKeyPair;
import org.whispersystems.libsignal.InvalidKeyException;
import org.whispersystems.libsignal.InvalidKeyIdException;
import org.whispersystems.libsignal.InvalidMacException;
import org.whispersystems.libsignal.InvalidMessageException;
import org.whispersystems.libsignal.InvalidVersionException;
import org.whispersystems.libsignal.LegacyMessageException;
import org.whispersystems.libsignal.NoSessionException;
import org.whispersystems.libsignal.SessionCipher;
import org.whispersystems.libsignal.SignalProtocolAddress;
import org.whispersystems.libsignal.UntrustedIdentityException;
import org.whispersystems.libsignal.ecc.Curve;
import org.whispersystems.libsignal.ecc.ECKeyPair;
import org.whispersystems.libsignal.ecc.ECPrivateKey;
import org.whispersystems.libsignal.ecc.ECPublicKey;
import org.whispersystems.libsignal.kdf.HKDFv3;
import org.whispersystems.libsignal.protocol.CiphertextMessage;
import org.whispersystems.libsignal.protocol.PreKeySignalMessage;
import org.whispersystems.libsignal.protocol.SignalMessage;
import org.whispersystems.libsignal.state.SignalProtocolStore;
import org.whispersystems.libsignal.util.ByteUtil;
import org.whispersystems.libsignal.util.guava.Optional;

/* loaded from: classes.dex */
public class SealedSessionCipher {
    private static final String TAG = SealedSessionCipher.class.getSimpleName();
    private final int localDeviceId;
    private final String localE164Address;
    private final String localUuidAddress;
    private final SignalProtocolStore signalProtocolStore;

    /* loaded from: classes.dex */
    public static class DecryptionResult {
        private final int deviceId;
        private final byte[] paddedMessage;
        private final Optional<String> senderE164;
        private final Optional<String> senderUuid;

        private DecryptionResult(Optional<String> optional, Optional<String> optional2, int i, byte[] bArr) {
            this.senderUuid = optional;
            this.senderE164 = optional2;
            this.deviceId = i;
            this.paddedMessage = bArr;
        }

        public int getDeviceId() {
            return this.deviceId;
        }

        public byte[] getPaddedMessage() {
            return this.paddedMessage;
        }

        public Optional<String> getSenderE164() {
            return this.senderE164;
        }

        public Optional<String> getSenderUuid() {
            return this.senderUuid;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class EphemeralKeys {
        private final byte[] chainKey;
        private final SecretKeySpec cipherKey;
        private final SecretKeySpec macKey;

        private EphemeralKeys(byte[] bArr, byte[] bArr2, byte[] bArr3) {
            this.chainKey = bArr;
            this.cipherKey = new SecretKeySpec(bArr2, "AES");
            this.macKey = new SecretKeySpec(bArr3, "HmacSHA256");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class StaticKeys {
        private final SecretKeySpec cipherKey;
        private final SecretKeySpec macKey;

        private StaticKeys(byte[] bArr, byte[] bArr2) {
            this.cipherKey = new SecretKeySpec(bArr, "AES");
            this.macKey = new SecretKeySpec(bArr2, "HmacSHA256");
        }
    }

    public SealedSessionCipher(SignalProtocolStore signalProtocolStore, UUID uuid, String str, int i) {
        this.signalProtocolStore = signalProtocolStore;
        this.localUuidAddress = uuid != null ? uuid.toString() : null;
        this.localE164Address = str;
        this.localDeviceId = i;
    }

    private EphemeralKeys calculateEphemeralKeys(ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey, byte[] bArr) throws InvalidKeyException {
        try {
            byte[][] split = ByteUtil.split(new HKDFv3().deriveSecrets(Curve.calculateAgreement(eCPublicKey, eCPrivateKey), bArr, new byte[0], 96), 32, 32, 32);
            return new EphemeralKeys(split[0], split[1], split[2]);
        } catch (ParseException e) {
            throw new AssertionError(e);
        }
    }

    private StaticKeys calculateStaticKeys(ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey, byte[] bArr) throws InvalidKeyException {
        try {
            byte[][] split = ByteUtil.split(new HKDFv3().deriveSecrets(Curve.calculateAgreement(eCPublicKey, eCPrivateKey), bArr, new byte[0], 96), 32, 32, 32);
            return new StaticKeys(split[1], split[2]);
        } catch (ParseException e) {
            throw new AssertionError(e);
        }
    }

    private byte[] decrypt(SecretKeySpec secretKeySpec, SecretKeySpec secretKeySpec2, byte[] bArr) throws InvalidMacException {
        try {
            if (bArr.length < 10) {
                throw new InvalidMacException("Ciphertext not long enough for MAC!");
            }
            byte[][] split = ByteUtil.split(bArr, bArr.length - 10, 10);
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec2);
            if (!MessageDigest.isEqual(ByteUtil.trim(mac.doFinal(split[0]), 10), split[1])) {
                throw new InvalidMacException("Bad mac!");
            }
            Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
            cipher.init(2, secretKeySpec, new IvParameterSpec(new byte[16]));
            return cipher.doFinal(split[0]);
        } catch (InvalidAlgorithmParameterException | java.security.InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new AssertionError(e);
        }
    }

    private byte[] decrypt(UnidentifiedSenderMessageContent unidentifiedSenderMessageContent) throws InvalidVersionException, InvalidMessageException, InvalidKeyException, DuplicateMessageException, InvalidKeyIdException, UntrustedIdentityException, LegacyMessageException, NoSessionException {
        SignalProtocolAddress preferredAddress = getPreferredAddress(this.signalProtocolStore, unidentifiedSenderMessageContent.getSenderCertificate());
        int type = unidentifiedSenderMessageContent.getType();
        if (type == 2) {
            return new SessionCipher(this.signalProtocolStore, preferredAddress).decrypt(new SignalMessage(unidentifiedSenderMessageContent.getContent()));
        }
        if (type == 3) {
            return new SessionCipher(this.signalProtocolStore, preferredAddress).decrypt(new PreKeySignalMessage(unidentifiedSenderMessageContent.getContent()));
        }
        throw new InvalidMessageException("Unknown type: " + unidentifiedSenderMessageContent.getType());
    }

    private byte[] encrypt(SecretKeySpec secretKeySpec, SecretKeySpec secretKeySpec2, byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
            cipher.init(1, secretKeySpec, new IvParameterSpec(new byte[16]));
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec2);
            byte[] doFinal = cipher.doFinal(bArr);
            return ByteUtil.combine(doFinal, ByteUtil.trim(mac.doFinal(doFinal), 10));
        } catch (InvalidAlgorithmParameterException | java.security.InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new AssertionError(e);
        }
    }

    private static SignalProtocolAddress getPreferredAddress(SignalProtocolStore signalProtocolStore, SenderCertificate senderCertificate) {
        SignalProtocolAddress signalProtocolAddress = senderCertificate.getSenderUuid().isPresent() ? new SignalProtocolAddress(senderCertificate.getSenderUuid().get(), senderCertificate.getSenderDeviceId()) : null;
        SignalProtocolAddress signalProtocolAddress2 = senderCertificate.getSenderE164().isPresent() ? new SignalProtocolAddress(senderCertificate.getSenderE164().get(), senderCertificate.getSenderDeviceId()) : null;
        return (signalProtocolAddress == null || !signalProtocolStore.containsSession(signalProtocolAddress)) ? (signalProtocolAddress2 == null || !signalProtocolStore.containsSession(signalProtocolAddress2)) ? new SignalProtocolAddress(senderCertificate.getSender(), senderCertificate.getSenderDeviceId()) : signalProtocolAddress2 : signalProtocolAddress;
    }

    public DecryptionResult decrypt(CertificateValidator certificateValidator, byte[] bArr, long j) throws InvalidMetadataMessageException, InvalidMetadataVersionException, ProtocolInvalidMessageException, ProtocolInvalidKeyException, ProtocolNoSessionException, ProtocolLegacyMessageException, ProtocolInvalidVersionException, ProtocolDuplicateMessageException, ProtocolInvalidKeyIdException, ProtocolUntrustedIdentityException, SelfSendException {
        try {
            IdentityKeyPair identityKeyPair = this.signalProtocolStore.getIdentityKeyPair();
            UnidentifiedSenderMessage unidentifiedSenderMessage = new UnidentifiedSenderMessage(bArr);
            boolean z = false;
            EphemeralKeys calculateEphemeralKeys = calculateEphemeralKeys(unidentifiedSenderMessage.getEphemeral(), identityKeyPair.getPrivateKey(), ByteUtil.combine("UnidentifiedDelivery".getBytes(), identityKeyPair.getPublicKey().getPublicKey().serialize(), unidentifiedSenderMessage.getEphemeral().serialize()));
            byte[] decrypt = decrypt(calculateEphemeralKeys.cipherKey, calculateEphemeralKeys.macKey, unidentifiedSenderMessage.getEncryptedStatic());
            StaticKeys calculateStaticKeys = calculateStaticKeys(Curve.decodePoint(decrypt, 0), identityKeyPair.getPrivateKey(), ByteUtil.combine(calculateEphemeralKeys.chainKey, unidentifiedSenderMessage.getEncryptedStatic()));
            UnidentifiedSenderMessageContent unidentifiedSenderMessageContent = new UnidentifiedSenderMessageContent(decrypt(calculateStaticKeys.cipherKey, calculateStaticKeys.macKey, unidentifiedSenderMessage.getEncryptedMessage()));
            certificateValidator.validate(unidentifiedSenderMessageContent.getSenderCertificate(), j);
            if (!MessageDigest.isEqual(unidentifiedSenderMessageContent.getSenderCertificate().getKey().serialize(), decrypt)) {
                throw new InvalidKeyException("Sender's certificate key does not match key used in message");
            }
            boolean z2 = this.localE164Address != null && this.localE164Address.equals(unidentifiedSenderMessageContent.getSenderCertificate().getSenderE164().orNull());
            if (this.localUuidAddress != null && this.localUuidAddress.equals(unidentifiedSenderMessageContent.getSenderCertificate().getSenderUuid().orNull())) {
                z = true;
            }
            if ((z2 || z) && unidentifiedSenderMessageContent.getSenderCertificate().getSenderDeviceId() == this.localDeviceId) {
                throw new SelfSendException();
            }
            try {
                return new DecryptionResult(unidentifiedSenderMessageContent.getSenderCertificate().getSenderUuid(), unidentifiedSenderMessageContent.getSenderCertificate().getSenderE164(), unidentifiedSenderMessageContent.getSenderCertificate().getSenderDeviceId(), decrypt(unidentifiedSenderMessageContent));
            } catch (DuplicateMessageException e) {
                throw new ProtocolDuplicateMessageException(e, unidentifiedSenderMessageContent.getSenderCertificate().getSender(), unidentifiedSenderMessageContent.getSenderCertificate().getSenderDeviceId());
            } catch (InvalidKeyException e2) {
                throw new ProtocolInvalidKeyException(e2, unidentifiedSenderMessageContent.getSenderCertificate().getSender(), unidentifiedSenderMessageContent.getSenderCertificate().getSenderDeviceId());
            } catch (InvalidKeyIdException e3) {
                throw new ProtocolInvalidKeyIdException(e3, unidentifiedSenderMessageContent.getSenderCertificate().getSender(), unidentifiedSenderMessageContent.getSenderCertificate().getSenderDeviceId());
            } catch (InvalidMessageException e4) {
                throw new ProtocolInvalidMessageException(e4, unidentifiedSenderMessageContent.getSenderCertificate().getSender(), unidentifiedSenderMessageContent.getSenderCertificate().getSenderDeviceId());
            } catch (InvalidVersionException e5) {
                throw new ProtocolInvalidVersionException(e5, unidentifiedSenderMessageContent.getSenderCertificate().getSender(), unidentifiedSenderMessageContent.getSenderCertificate().getSenderDeviceId());
            } catch (LegacyMessageException e6) {
                throw new ProtocolLegacyMessageException(e6, unidentifiedSenderMessageContent.getSenderCertificate().getSender(), unidentifiedSenderMessageContent.getSenderCertificate().getSenderDeviceId());
            } catch (NoSessionException e7) {
                throw new ProtocolNoSessionException(e7, unidentifiedSenderMessageContent.getSenderCertificate().getSender(), unidentifiedSenderMessageContent.getSenderCertificate().getSenderDeviceId());
            } catch (UntrustedIdentityException e8) {
                throw new ProtocolUntrustedIdentityException(e8, unidentifiedSenderMessageContent.getSenderCertificate().getSender(), unidentifiedSenderMessageContent.getSenderCertificate().getSenderDeviceId());
            }
        } catch (InvalidCertificateException | InvalidKeyException | InvalidMacException e9) {
            throw new InvalidMetadataMessageException(e9);
        }
    }

    public byte[] encrypt(SignalProtocolAddress signalProtocolAddress, SenderCertificate senderCertificate, byte[] bArr) throws InvalidKeyException, UntrustedIdentityException {
        CiphertextMessage encrypt = new SessionCipher(this.signalProtocolStore, signalProtocolAddress).encrypt(bArr);
        IdentityKeyPair identityKeyPair = this.signalProtocolStore.getIdentityKeyPair();
        ECPublicKey publicKey = this.signalProtocolStore.getIdentity(signalProtocolAddress).getPublicKey();
        ECKeyPair generateKeyPair = Curve.generateKeyPair();
        EphemeralKeys calculateEphemeralKeys = calculateEphemeralKeys(publicKey, generateKeyPair.getPrivateKey(), ByteUtil.combine("UnidentifiedDelivery".getBytes(), publicKey.serialize(), generateKeyPair.getPublicKey().serialize()));
        byte[] encrypt2 = encrypt(calculateEphemeralKeys.cipherKey, calculateEphemeralKeys.macKey, identityKeyPair.getPublicKey().getPublicKey().serialize());
        StaticKeys calculateStaticKeys = calculateStaticKeys(publicKey, identityKeyPair.getPrivateKey(), ByteUtil.combine(calculateEphemeralKeys.chainKey, encrypt2));
        return new UnidentifiedSenderMessage(generateKeyPair.getPublicKey(), encrypt2, encrypt(calculateStaticKeys.cipherKey, calculateStaticKeys.macKey, new UnidentifiedSenderMessageContent(encrypt.getType(), senderCertificate, encrypt.serialize()).getSerialized())).getSerialized();
    }

    public int getRemoteRegistrationId(SignalProtocolAddress signalProtocolAddress) {
        return new SessionCipher(this.signalProtocolStore, signalProtocolAddress).getRemoteRegistrationId();
    }

    public int getSessionVersion(SignalProtocolAddress signalProtocolAddress) {
        return new SessionCipher(this.signalProtocolStore, signalProtocolAddress).getSessionVersion();
    }
}
