package io.olvid.messenger.webclient;

import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import io.olvid.engine.Logger;
import io.olvid.engine.crypto.Commitment;
import io.olvid.engine.crypto.PRNGService;
import io.olvid.engine.crypto.SAS;
import io.olvid.engine.crypto.Suite;
import io.olvid.engine.datatypes.EncryptedBytes;
import io.olvid.engine.datatypes.Seed;
import io.olvid.engine.datatypes.containers.CiphertextAndKey;
import io.olvid.engine.datatypes.key.asymmetric.EncryptionEciesCurve25519KeyPair;
import io.olvid.engine.datatypes.key.asymmetric.EncryptionEciesCurve25519PublicKey;
import io.olvid.engine.datatypes.key.asymmetric.EncryptionPublicKey;
import io.olvid.engine.datatypes.key.symmetric.AuthEncAES256ThenSHA256Key;
import io.olvid.engine.datatypes.key.symmetric.AuthEncKey;
import io.olvid.engine.encoder.DecodingException;
import io.olvid.messenger.webclient.protobuf.ConnectionAppDecommitmentOuterClass;
import io.olvid.messenger.webclient.protobuf.ConnectionAppIdentifierPkKemCommitSeedOuterClass;
import io.olvid.messenger.webclient.protobuf.ConnectionBrowserKemSeedOuterClass;
import io.olvid.messenger.webclient.protobuf.ConnectionColissimoOuterClass;
import java.security.InvalidKeyException;

/* loaded from: classes4.dex */
public class WebClientEstablishmentProtocol {
    private AuthEncAES256ThenSHA256Key appKey;
    private final EncryptionEciesCurve25519KeyPair appKeyPair;
    private final Seed appSeed;
    private byte[] decommitment;
    private final PRNGService prng;
    private AuthEncAES256ThenSHA256Key webKey;
    private EncryptionEciesCurve25519PublicKey webPublicKey;
    private Seed webSeed;

    public WebClientEstablishmentProtocol() {
        PRNGService defaultPRNGService = Suite.getDefaultPRNGService(0);
        this.prng = defaultPRNGService;
        this.appKeyPair = EncryptionEciesCurve25519KeyPair.generate(defaultPRNGService);
        this.appSeed = new Seed(defaultPRNGService);
    }

    public String calculateSasCode() {
        return SAS.computeSimple(this.appSeed, this.webSeed, this.webPublicKey.getCompactKey(), 4);
    }

    public AuthEncKey derivateAuthEncKey() {
        try {
            return Suite.getDefaultAuthEnc(0).generateKey(Suite.getDefaultPRNG(0, Seed.of(this.appKey, this.webKey)));
        } catch (Exception e) {
            Logger.e("Unable to derivate final AuthEncKey");
            e.printStackTrace();
            return null;
        }
    }

    public boolean handleBrowserKemSeed(byte[] bArr) {
        try {
            ConnectionColissimoOuterClass.ConnectionColissimo parseFrom = ConnectionColissimoOuterClass.ConnectionColissimo.parseFrom(bArr);
            if (parseFrom.getType() != ConnectionColissimoOuterClass.ConnectionColissimoType.CONNECTION_BROWSER_KEM_SEED) {
                Logger.e("Invalid connection message type received, ignoring");
                return false;
            }
            ConnectionBrowserKemSeedOuterClass.ConnectionBrowserKemSeed connectionBrowserKemSeed = parseFrom.getConnectionBrowserKemSeed();
            this.webSeed = new Seed(connectionBrowserKemSeed.getSeed().toByteArray());
            try {
                this.webKey = (AuthEncAES256ThenSHA256Key) Suite.getPublicKeyEncryption(this.appKeyPair.getPublicKey()).kemDecrypt(this.appKeyPair.getPrivateKey(), new EncryptedBytes(connectionBrowserKemSeed.getKemCipher().toByteArray()));
                return true;
            } catch (Exception e) {
                Logger.e("Unable to decrypt web kem");
                e.printStackTrace();
                return false;
            }
        } catch (InvalidProtocolBufferException e2) {
            Logger.e("Unable to parse connection colissimo, ignoring");
            e2.printStackTrace();
            return false;
        }
    }

    public ConnectionColissimoOuterClass.ConnectionColissimo prepareConnectionAppIdentifierPkKemCommitSeed(byte[] bArr, String str) {
        try {
            EncryptionEciesCurve25519PublicKey encryptionEciesCurve25519PublicKey = (EncryptionEciesCurve25519PublicKey) EncryptionPublicKey.of(bArr);
            this.webPublicKey = encryptionEciesCurve25519PublicKey;
            try {
                if (Suite.getPublicKeyEncryption(encryptionEciesCurve25519PublicKey) == null) {
                    Logger.e("Unable to find public key encryption");
                    return null;
                }
                CiphertextAndKey kemEncrypt = Suite.getPublicKeyEncryption(this.webPublicKey).kemEncrypt(this.webPublicKey, this.prng);
                this.appKey = (AuthEncAES256ThenSHA256Key) kemEncrypt.getKey();
                byte[] bytes = kemEncrypt.getCiphertext().getBytes();
                byte[] bArr2 = new byte[bytes.length + this.appSeed.length];
                System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
                System.arraycopy(this.appSeed.getBytes(), 0, bArr2, bytes.length, this.appSeed.length);
                Commitment.CommitmentOutput commit = Suite.getDefaultCommitment(0).commit(this.appKeyPair.getPublicKey().getCompactKey(), bArr2, this.prng);
                this.decommitment = commit.decommitment;
                return ConnectionColissimoOuterClass.ConnectionColissimo.newBuilder().setType(ConnectionColissimoOuterClass.ConnectionColissimoType.CONNECTION_APP_IDENTIFIER_PK_KEM_COMMIT_SEED).setConnectionAppIdentifierPkKemCommitSeed(ConnectionAppIdentifierPkKemCommitSeedOuterClass.ConnectionAppIdentifierPkKemCommitSeed.newBuilder().setIdentifier(str).setPublicKey(ByteString.copyFrom(this.appKeyPair.getPublicKey().getCompactKey())).setKemCipher(ByteString.copyFrom(kemEncrypt.getCiphertext().getBytes())).setCommit(ByteString.copyFrom(commit.commitment)).build()).build();
            } catch (InvalidKeyException e) {
                Logger.e("Invalid web public key for kem");
                e.printStackTrace();
                return null;
            }
        } catch (DecodingException e2) {
            Logger.e("Unable to decode web raw public key");
            e2.printStackTrace();
            return null;
        }
    }

    public ConnectionColissimoOuterClass.ConnectionColissimo prepareDecommitment() {
        return ConnectionColissimoOuterClass.ConnectionColissimo.newBuilder().setType(ConnectionColissimoOuterClass.ConnectionColissimoType.CONNECTION_APP_DECOMMITMENT).setConnectionAppDecommitment(ConnectionAppDecommitmentOuterClass.ConnectionAppDecommitment.newBuilder().setDecommitment(ByteString.copyFrom(this.decommitment)).build()).build();
    }
}
