package com.metabit.custom.safe.iip2;

import com.metabit.custom.safe.iip.AsymmetricEncryptionWithIIP;
import com.metabit.custom.safe.iip.RSAWithIntegrityPadding;
import com.metabit.custom.safe.iip.shared.AlgorithmSpecCollection;
import com.metabit.custom.safe.iip.shared.CryptoFactory;
import com.metabit.custom.safe.safeseal.impl.CryptoSettingsStruct;
import com.metabit.custom.safe.safeseal.impl.InternalTransportTuple;
import com.metabit.custom.safe.safeseal.impl.TransportFormatConverter;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.zip.DataFormatException;
import java.util.zip.Deflater;
import java.util.zip.Inflater;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.crypto.DataLengthException;

/* loaded from: input_file:com/metabit/custom/safe/iip2/SAFESeal2.class */
public class SAFESeal2 {
    private final CryptoFactory cryptoFactory;
    private TransportFormatConverter formatConverter;
    private AsymmetricEncryptionWithIIP asymmetricLayer;
    private boolean compressionMode = false;
    private CryptoSettingsStruct css;

    public SAFESeal2(CryptoFactory cryptoFactory, int i, int i2) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
        this.cryptoFactory = cryptoFactory;
        init(i, i2);
    }

    public boolean getCompressionMode() {
        return this.compressionMode;
    }

    public void setCompressionMode(boolean z) {
        this.compressionMode = z;
    }

    private static byte[] tryToCompress(byte[] bArr, InternalTransportTuple internalTransportTuple) throws NoSuchAlgorithmException {
        byte[] bArr2;
        int length = bArr.length;
        byte[] bArr3 = new byte[length];
        Deflater deflater = new Deflater(9, true);
        deflater.setInput(bArr);
        deflater.finish();
        int deflate = deflater.deflate(bArr3);
        if (deflate >= length) {
            bArr2 = bArr;
            internalTransportTuple.getCryptoSettings().setCompressionOID(AlgorithmSpecCollection.COMPRESSION_NONE.getOID());
        } else {
            bArr2 = new byte[deflate];
            System.arraycopy(bArr3, 0, bArr2, 0, deflate);
            internalTransportTuple.getCryptoSettings().setCompressionOID(AlgorithmSpecCollection.COMPRESSION_GZIP.getOID());
        }
        deflater.end();
        return bArr2;
    }

    private void init(int i, int i2) {
        this.formatConverter = new TransportFormatConverter();
        this.css = new CryptoSettingsStruct(i, i2);
    }

    public byte[] seal(byte[] bArr, PrivateKey privateKey, PublicKey[] publicKeyArr, Long l) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IllegalBlockSizeException, InvalidKeySpecException, BadPaddingException, IOException, ShortBufferException, InvalidAlgorithmParameterException {
        int rSAPrivateKeyLengthInBits = SharedCode.getRSAPrivateKeyLengthInBits(privateKey.toString());
        switch (rSAPrivateKeyLengthInBits) {
            case 1024:
                this.asymmetricLayer = new RSAWithIntegrityPadding(this.cryptoFactory, AlgorithmSpecCollection.RSA1024);
                break;
            case 2048:
                this.asymmetricLayer = new RSAWithIntegrityPadding(this.cryptoFactory, AlgorithmSpecCollection.RSA2048);
                break;
            case 4096:
                this.asymmetricLayer = new RSAWithIntegrityPadding(this.cryptoFactory, AlgorithmSpecCollection.RSA4096);
                break;
            default:
                throw new InvalidKeySpecException("key of unsupported size " + rSAPrivateKeyLengthInBits);
        }
        InternalTransportTuple internalTransportTuple = new InternalTransportTuple(new CryptoSettingsStruct(2, 0));
        internalTransportTuple.getCryptoSettings().setEncryptionKeySize(rSAPrivateKeyLengthInBits);
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        SecretKey generateKey = keyGenerator.generateKey();
        SecretKey generateKey2 = keyGenerator.generateKey();
        SecretKey generateKey3 = keyGenerator.generateKey();
        internalTransportTuple.setEphemeralSymmetricKeyBytes(generateKey.getEncoded(), generateKey2.getEncoded(), generateKey3.getEncoded());
        internalTransportTuple.setEncryptedData(new IntegrityPaddingSignature(this.cryptoFactory, this.css).performEncryption(!this.compressionMode ? bArr : tryToCompress(bArr, internalTransportTuple), privateKey, generateKey, generateKey2, generateKey3));
        return this.formatConverter.wrapForTransport(internalTransportTuple);
    }

    public byte[] reveal(byte[] bArr, PrivateKey privateKey, PublicKey publicKey) throws BadPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, NoSuchPaddingException, NoSuchProviderException, IOException, ShortBufferException {
        InternalTransportTuple unwrapTransportFormat = this.formatConverter.unwrapTransportFormat(bArr);
        if (unwrapTransportFormat.getEphemeralSymmetricKeyBytes(1) == null || unwrapTransportFormat.getEphemeralSymmetricKeyBytes(2) == null || unwrapTransportFormat.getEphemeralSymmetricKeyBytes(3) == null) {
            throw new IllegalArgumentException("ephemeral keys required for algorithm version 2");
        }
        ASN1ObjectIdentifier compressionOID = unwrapTransportFormat.getCryptoSettings().getCompressionOID();
        if (compressionOID.equals((ASN1Primitive) AlgorithmSpecCollection.COMPRESSION_GZIP.getOID())) {
            this.compressionMode = true;
        } else {
            if (!compressionOID.equals((ASN1Primitive) AlgorithmSpecCollection.COMPRESSION_NONE.getOID())) {
                throw new NoSuchAlgorithmException("invalid compression");
            }
            this.compressionMode = false;
        }
        switch (unwrapTransportFormat.getCryptoSettings().getEncryptionKeySize()) {
            case 1024:
                this.asymmetricLayer = new RSAWithIntegrityPadding(this.cryptoFactory, AlgorithmSpecCollection.RSA1024);
                break;
            case 2048:
                this.asymmetricLayer = new RSAWithIntegrityPadding(this.cryptoFactory, AlgorithmSpecCollection.RSA2048);
                break;
            case 4096:
                this.asymmetricLayer = new RSAWithIntegrityPadding(this.cryptoFactory, AlgorithmSpecCollection.RSA4096);
                break;
            default:
                throw new InvalidKeyException("specified key size not supported");
        }
        try {
            byte[] performDecryptionAndValidation = new IntegrityPaddingSignature(this.cryptoFactory, this.css).performDecryptionAndValidation(unwrapTransportFormat.getEncryptedData(), publicKey, new SecretKeySpec(unwrapTransportFormat.getEphemeralSymmetricKeyBytes(1), 0, 16, "AES"), new SecretKeySpec(unwrapTransportFormat.getEphemeralSymmetricKeyBytes(2), 0, 16, "AES"), new SecretKeySpec(unwrapTransportFormat.getEphemeralSymmetricKeyBytes(3), 0, 16, "AES"));
            if (this.compressionMode) {
                performDecryptionAndValidation = inflateZLIBcompressedData(performDecryptionAndValidation);
            }
            return performDecryptionAndValidation;
        } catch (ArrayIndexOutOfBoundsException | DataFormatException | DataLengthException e) {
            throw new BadPaddingException();
        }
    }

    private byte[] inflateZLIBcompressedData(byte[] bArr) throws DataFormatException {
        int inflate;
        Inflater inflater = new Inflater(true);
        int length = bArr.length;
        int i = 0;
        do {
            i += length;
            inflater.setInput(bArr);
            inflate = inflater.inflate(new byte[i]);
            if (inflate == 0) {
                throw new IllegalArgumentException("input compression level not handled");
            }
            inflater.reset();
        } while (i == inflate);
        byte[] bArr2 = new byte[inflate];
        inflater.setInput(bArr);
        inflater.inflate(bArr2);
        inflater.end();
        return bArr2;
    }
}
