package net.java.otr4j.crypto;

import eu.siacs.conversations.services.ExportBackupService;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.ProtocolException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.java.otr4j.io.SerializationUtils;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: classes5.dex */
public class OtrCryptoEngineImpl implements OtrCryptoEngine {
    private static final int DSA_RAW_DATA_LENGTH_BYTES = 20;
    private static final String DSA_SIGNATURE_ALGORITHM = "NONEwithDSA";

    private Cipher aesCipher(int i, byte[] bArr, byte[] bArr2) throws OtrCryptoException {
        try {
            Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, ExportBackupService.KEYTYPE);
            if (bArr2 == null) {
                bArr2 = new byte[16];
            }
            cipher.init(i, secretKeySpec, new IvParameterSpec(bArr2));
            return cipher;
        } catch (InvalidAlgorithmParameterException e) {
            e = e;
            throw new OtrCryptoException(e);
        } catch (InvalidKeyException e2) {
            e = e2;
            throw new OtrCryptoException(e);
        } catch (NoSuchAlgorithmException e3) {
            throw new IllegalStateException("BUG: AES cipher is not supported by Java run-time.", e3);
        } catch (NoSuchPaddingException e4) {
            throw new IllegalStateException("BUG: no padding is supposed to be used.", e4);
        }
    }

    private byte[] bytesModQ(BigInteger bigInteger, byte[] bArr) {
        return bArr.length == 20 ? bArr : Util.asUnsignedByteArray(20, new BigInteger(1, bArr).mod(bigInteger));
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public byte[] aesDecrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws OtrCryptoException {
        try {
            return aesCipher(2, bArr, bArr2).doFinal(bArr3);
        } catch (BadPaddingException e) {
            throw new IllegalStateException("BUG: no padding is supposed to be used.", e);
        } catch (IllegalBlockSizeException e2) {
            throw new IllegalStateException("BUG: invalid block size specified.", e2);
        }
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public byte[] aesEncrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws OtrCryptoException {
        try {
            return aesCipher(1, bArr, bArr2).doFinal(bArr3);
        } catch (BadPaddingException e) {
            throw new IllegalStateException("BUG: no padding is supposed to be used.", e);
        } catch (IllegalBlockSizeException e2) {
            throw new IllegalStateException("BUG: invalid block size specified.", e2);
        }
    }

    byte[] convertSignatureASN1ToP1363(byte[] bArr) throws OtrCryptoException {
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        if (wrap.remaining() < 1 || wrap.get() != 48) {
            throw new OtrCryptoException(new ProtocolException("Invalid signature content: missing or unsupported type."));
        }
        byte b = wrap.remaining() > 0 ? wrap.get() : (byte) 0;
        if (b < 0 || b != wrap.remaining()) {
            throw new OtrCryptoException(new ProtocolException("Invalid signature content: unexpected length for signature."));
        }
        if (wrap.remaining() < 1 || wrap.get() != 2) {
            throw new OtrCryptoException(new ProtocolException("Invalid signature content: missing or unexpected type for parameter r."));
        }
        int i = wrap.remaining() > 0 ? wrap.get() : 0;
        if (i <= 0 || i > wrap.remaining()) {
            throw new OtrCryptoException(new ProtocolException("Invalid signature content: unexpected length or missing bytes for parameter r."));
        }
        byte[] bArr2 = new byte[i];
        wrap.get(bArr2);
        BigInteger bigInteger = new BigInteger(bArr2);
        if (wrap.remaining() < 1 || wrap.get() != 2) {
            throw new OtrCryptoException(new ProtocolException("Invalid signature content: missing or unexpected type for parameter s."));
        }
        int i2 = wrap.remaining() > 0 ? wrap.get() : 0;
        if (i2 <= 0 || i2 > wrap.remaining()) {
            throw new OtrCryptoException(new ProtocolException("Invalid signature content: unexpected length or missing bytes for parameter s."));
        }
        byte[] bArr3 = new byte[i2];
        wrap.get(bArr3);
        BigInteger bigInteger2 = new BigInteger(bArr3);
        byte[] bArr4 = new byte[40];
        Util.asUnsignedByteArray(bigInteger, bArr4, 0, 20);
        Util.asUnsignedByteArray(bigInteger2, bArr4, 20, 20);
        return bArr4;
    }

    byte[] convertSignatureP1363ToASN1(byte[] bArr) {
        if (bArr.length != 40) {
            throw new IllegalArgumentException("Expected signature length to be exactly 40 bytes.");
        }
        byte[] byteArray = new BigInteger(1, Arrays.copyOfRange(bArr, 0, 20)).toByteArray();
        byte[] byteArray2 = new BigInteger(1, Arrays.copyOfRange(bArr, 20, 40)).toByteArray();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(48);
        byteArrayOutputStream.write(byteArray.length + 2 + 2 + byteArray2.length);
        byteArrayOutputStream.write(2);
        byteArrayOutputStream.write(byteArray.length);
        byteArrayOutputStream.write(byteArray, 0, byteArray.length);
        byteArrayOutputStream.write(2);
        byteArrayOutputStream.write(byteArray2.length);
        byteArrayOutputStream.write(byteArray2, 0, byteArray2.length);
        return byteArrayOutputStream.toByteArray();
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public KeyPair generateDHKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DH");
            keyPairGenerator.initialize(new DHParameterSpec(MODULUS, GENERATOR, OtrCryptoEngine.DH_PRIVATE_KEY_MINIMUM_BIT_LENGTH));
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException e) {
            throw new IllegalStateException("BUG: invalid algorithm parameter provided.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("BUG: DH algorithm is unavailable (for keypair generation).", e2);
        }
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public KeyPair generateDSAKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
            keyPairGenerator.initialize(1024);
            return keyPairGenerator.genKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("DSA algorithm is not supported.", e);
        }
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public BigInteger generateSecret(PrivateKey privateKey, PublicKey publicKey) throws OtrCryptoException {
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("DH");
            keyAgreement.init(privateKey);
            keyAgreement.doPhase(publicKey, true);
            return new BigInteger(1, keyAgreement.generateSecret());
        } catch (InvalidKeyException e) {
            throw new OtrCryptoException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("DH key agreement algorithm is unavailable.", e2);
        }
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public DHPublicKey getDHPublicKey(BigInteger bigInteger) throws OtrCryptoException {
        try {
            return (DHPublicKey) KeyFactory.getInstance("DH").generatePublic(new DHPublicKeySpec(bigInteger, MODULUS, GENERATOR));
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("DH algorithm is unavailable.", e);
        } catch (InvalidKeySpecException e2) {
            throw new OtrCryptoException(e2);
        }
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public DHPublicKey getDHPublicKey(byte[] bArr) throws OtrCryptoException {
        return getDHPublicKey(new BigInteger(bArr));
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public String getFingerprint(PublicKey publicKey) throws OtrCryptoException {
        return SerializationUtils.byteArrayToHexString(getFingerprintRaw(publicKey));
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public byte[] getFingerprintRaw(PublicKey publicKey) throws OtrCryptoException {
        try {
            byte[] writePublicKey = SerializationUtils.writePublicKey(publicKey);
            if (!publicKey.getAlgorithm().equals("DSA")) {
                return sha1Hash(writePublicKey);
            }
            int length = writePublicKey.length - 2;
            byte[] bArr = new byte[length];
            System.arraycopy(writePublicKey, 2, bArr, 0, length);
            return sha1Hash(bArr);
        } catch (IOException e) {
            throw new OtrCryptoException(e);
        }
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public byte[] sha1Hash(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA1);
            messageDigest.update(bArr, 0, bArr.length);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("SHA-1 support is unavailable.", e);
        }
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public byte[] sha1Hmac(byte[] bArr, byte[] bArr2, int i) throws OtrCryptoException {
        try {
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(new SecretKeySpec(bArr2, "HmacSHA1"));
            byte[] doFinal = mac.doFinal(bArr);
            if (i <= 0) {
                return doFinal;
            }
            byte[] bArr3 = new byte[i];
            ByteBuffer.wrap(doFinal).get(bArr3);
            return bArr3;
        } catch (InvalidKeyException e) {
            throw new OtrCryptoException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("HmacSHA1 algorithm support is unavailable.", e2);
        }
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public byte[] sha256Hash(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr, 0, bArr.length);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("SHA-256 support is unavailable.", e);
        }
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public byte[] sha256Hmac(byte[] bArr, byte[] bArr2) throws OtrCryptoException {
        return sha256Hmac(bArr, bArr2, 0);
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public byte[] sha256Hmac(byte[] bArr, byte[] bArr2, int i) throws OtrCryptoException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "HmacSHA256");
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            try {
                mac.init(secretKeySpec);
                byte[] doFinal = mac.doFinal(bArr);
                if (i <= 0) {
                    return doFinal;
                }
                byte[] bArr3 = new byte[i];
                ByteBuffer.wrap(doFinal).get(bArr3);
                return bArr3;
            } catch (InvalidKeyException e) {
                throw new OtrCryptoException(e);
            }
        } catch (NoSuchAlgorithmException unused) {
            throw new IllegalStateException("HmacSHA256 is unavailable.");
        }
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public byte[] sha256Hmac160(byte[] bArr, byte[] bArr2) throws OtrCryptoException {
        return sha256Hmac(bArr, bArr2, 20);
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public byte[] sign(byte[] bArr, PrivateKey privateKey) throws OtrCryptoException {
        if (!(privateKey instanceof DSAPrivateKey)) {
            throw new IllegalArgumentException("Illegal type of private key provided. Only DSA private keys are supported.");
        }
        try {
            Signature signature = Signature.getInstance(DSA_SIGNATURE_ALGORITHM);
            signature.initSign(privateKey);
            signature.update(bytesModQ(((DSAPrivateKey) privateKey).getParams().getQ(), bArr));
            return convertSignatureASN1ToP1363(signature.sign());
        } catch (InvalidKeyException e) {
            e = e;
            throw new OtrCryptoException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("DSA signature algorithm is not available.", e2);
        } catch (SignatureException e3) {
            e = e3;
            throw new OtrCryptoException(e);
        }
    }

    @Override // net.java.otr4j.crypto.OtrCryptoEngine
    public boolean verify(byte[] bArr, PublicKey publicKey, byte[] bArr2) throws OtrCryptoException {
        if (!(publicKey instanceof DSAPublicKey)) {
            throw new IllegalArgumentException("Illegal type of public key provided. Only DSA public keys are supported.");
        }
        try {
            Signature signature = Signature.getInstance(DSA_SIGNATURE_ALGORITHM);
            signature.initVerify(publicKey);
            signature.update(bytesModQ(((DSAPublicKey) publicKey).getParams().getQ(), bArr));
            return signature.verify(convertSignatureP1363ToASN1(bArr2));
        } catch (InvalidKeyException e) {
            e = e;
            throw new OtrCryptoException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("DSA signature algorithm is not available.", e2);
        } catch (SignatureException e3) {
            e = e3;
            throw new OtrCryptoException(e);
        }
    }
}
