package com.share.connect.security;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import androidx.room.Room;
import com.easy.logger.EasyLog;
import com.google.crypto.tink.subtle.Bytes;
import com.google.crypto.tink.subtle.Hkdf;
import com.ucar.protocol.security.SecurityManager;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.AlgorithmParameters;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class KeyNegotiator {
    private static final int PIN_CODE_SIZE = 6;
    private static final String TAG = "KeyNegotiator";
    protected static PeerDatabase sDb = null;
    private static final String sSessionKeyAlias = "session_key";
    private static final int sSessionKeySize = 16;
    private static final String sUibcSessionKeyAlias = "uibc_session_key";
    private static final int sVersion = 1;
    private KeyPair mAgreementKeyPair;
    private byte[] mNonce;
    private byte[] mPin;

    /* loaded from: classes2.dex */
    public static class ProtoResult {
        public static final int INTERNAL_ERROR = 3;
        public static final int NEED_NORMAL_PROCEDURE = 1;
        public static final int NEED_USER_CONFIRMATION = 2;
        public static final int OK = 0;
    }

    public KeyNegotiator(Context context) {
        initDb(context);
    }

    private ECPublicKey decodePublicKey(String str, byte[] bArr) throws Exception {
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
        algorithmParameters.init(new ECGenParameterSpec(str));
        ECParameterSpec eCParameterSpec = (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class);
        int bitLength = eCParameterSpec.getOrder().bitLength() / 8;
        if (bArr.length != bitLength * 2) {
            throw new RuntimeException("encoded key with wrong size");
        }
        return (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Arrays.copyOfRange(bArr, 0, bitLength)), new BigInteger(1, Arrays.copyOfRange(bArr, bitLength, bitLength + bitLength))), eCParameterSpec));
    }

    protected static void deleteAuthKeyAlias(String str) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        keyStore.deleteEntry(str);
    }

    protected static JSONObject generateKeyNegotiationInfo() throws Exception {
        return new JSONObject().put("ver", 1);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int getProtocolVersion() {
        return 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void initDb(Context context) {
        if (sDb == null) {
            synchronized (KeyNegotiator.class) {
                if (sDb == null) {
                    sDb = (PeerDatabase) Room.databaseBuilder(context, PeerDatabase.class, "peer.db").allowMainThreadQueries().build();
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void removePeer(byte[] bArr, String str) {
        try {
            deleteAuthKeyAlias(str);
            sDb.peerDao().delete(new String(bArr, StandardCharsets.UTF_8));
        } catch (Exception e) {
            EasyLog.e(TAG, "removePeer Exception", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean agreeOnSessionKey(Key key, byte[] bArr) throws Exception {
        if (this.mAgreementKeyPair == null || key == null) {
            return false;
        }
        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
        keyAgreement.init(this.mAgreementKeyPair.getPrivate());
        keyAgreement.doPhase(key, true);
        byte[] computeHkdf = Hkdf.computeHkdf("HMACSHA256", keyAgreement.generateSecret(), MessageDigest.getInstance("SHA-256").digest(bArr), makeByteArray(sSessionKeyAlias), 16);
        SecurityManager.setSessionKey(computeHkdf, sSessionKeyAlias);
        SecurityManager.setSessionKey(computeHkdf, sUibcSessionKeyAlias);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] decodeBase64(String str) {
        return Base64.getDecoder().decode(str);
    }

    protected void deletePeer(byte[] bArr) {
        sDb.peerDao().delete(new String(bArr, StandardCharsets.UTF_8));
    }

    protected String encodeBase64(byte[] bArr) {
        return Base64.getEncoder().encodeToString(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] encodePublicKey(ECPublicKey eCPublicKey) {
        int bitLength = eCPublicKey.getParams().getOrder().bitLength() / 8;
        byte[] bArr = new byte[bitLength * 2];
        byte[] byteArray = eCPublicKey.getW().getAffineX().toByteArray();
        if (byteArray.length <= bitLength) {
            System.arraycopy(byteArray, 0, bArr, bitLength - byteArray.length, byteArray.length);
        } else {
            if (byteArray.length != bitLength + 1 || byteArray[0] != 0) {
                throw new RuntimeException("x coordinate with wrong size: len=" + byteArray.length);
            }
            System.arraycopy(byteArray, 1, bArr, 0, bitLength);
        }
        byte[] byteArray2 = eCPublicKey.getW().getAffineY().toByteArray();
        if (byteArray2.length <= bitLength) {
            System.arraycopy(byteArray2, 0, bArr, (bitLength + bitLength) - byteArray2.length, byteArray2.length);
        } else {
            if (byteArray2.length != bitLength + 1 || byteArray2[0] != 0) {
                throw new RuntimeException("y coordinate with wrong size: len=" + byteArray2.length);
            }
            System.arraycopy(byteArray2, 1, bArr, bitLength, bitLength);
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ECPublicKey generateAgreementPublicKey() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(new ECGenParameterSpec("secp256r1"));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        this.mAgreementKeyPair = generateKeyPair;
        return (ECPublicKey) generateKeyPair.getPublic();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ECPublicKey generateAuthenticationPublicKey(String str) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 12).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests("SHA-256").build());
        return (ECPublicKey) keyPairGenerator.generateKeyPair().getPublic();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] generateHmac(byte[] bArr, byte[] bArr2) throws Exception {
        byte[] bArr3 = this.mPin;
        if (bArr3 == null || bArr3.length < 6) {
            throw new Exception("pin is empty or too short when requested");
        }
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(MessageDigest.getInstance("SHA-256").digest(Bytes.concat(bArr2, this.mPin)), "HmacSHA256"));
        return mac.doFinal(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] generateNonce(int i) throws Exception {
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[i];
        this.mNonce = bArr;
        secureRandom.nextBytes(bArr);
        return this.mNonce;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] generateSign(String str, byte[] bArr, byte[] bArr2) throws Exception {
        PrivateKey privateKey;
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (Build.VERSION.SDK_INT <= 28) {
            privateKey = (PrivateKey) keyStore.getKey(str, null);
        } else {
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new RuntimeException("sign key not exist or invalid : " + str);
            }
            privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
        }
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);
        signature.update(Bytes.concat(bArr, bArr2));
        return signature.sign();
    }

    protected ECPublicKey getAgreementPk() {
        return (ECPublicKey) this.mAgreementKeyPair.getPublic();
    }

    protected ECPublicKey getAuthPk(String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(str, null);
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            return (ECPublicKey) ((KeyStore.PrivateKeyEntry) entry).getCertificate().getPublicKey();
        }
        throw new RuntimeException("sign key not exist or invalid : " + str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Peer getLastPeer() {
        return sDb.peerDao().getLast();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getNonce() {
        return this.mNonce;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Peer getPeer(byte[] bArr) {
        return sDb.peerDao().get(new String(bArr, StandardCharsets.UTF_8));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ECPublicKey getPeerAgreementPublicKey(byte[] bArr, byte[] bArr2, byte[] bArr3, PublicKey publicKey) throws Exception {
        if (publicKey == null) {
            return null;
        }
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initVerify(publicKey);
        signature.update(Bytes.concat(bArr, bArr2));
        if (signature.verify(bArr3)) {
            return decodePublicKey("secp256r1", bArr);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ECPublicKey getPeerAuthenticationPublicKey(byte[] bArr) throws Exception {
        return decodePublicKey("secp256r1", bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ECPublicKey getPeerAuthenticationPublicKey(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws Exception {
        if (Arrays.equals(bArr4, generateHmac(Bytes.concat(bArr, bArr2), bArr3))) {
            return decodePublicKey("secp256r1", bArr);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getPinCode() {
        return this.mPin;
    }

    protected byte[] makeByteArray(String str) {
        if (str == null) {
            return null;
        }
        return str.getBytes(StandardCharsets.UTF_8);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean savePeer(byte[] bArr, byte[] bArr2) {
        Peer peer = new Peer();
        peer.id = new String(bArr, StandardCharsets.UTF_8);
        peer.authKey = encodeBase64(bArr2);
        peer.connectionTime = System.currentTimeMillis() / 1000;
        sDb.peerDao().insert(peer);
        return true;
    }

    public void setPinCode(byte[] bArr) {
        this.mPin = bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean updateLastPeer(byte[] bArr) {
        return sDb.peerDao().updateLast(new String(bArr, StandardCharsets.UTF_8)) > 0;
    }
}
