package org.thoughtcrime.securesms.crypto;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import org.signal.core.util.logging.Log;
import org.signal.libsignal.protocol.InvalidKeyException;
import org.signal.libsignal.protocol.ecc.Curve;
import org.signal.libsignal.protocol.ecc.ECPrivateKey;
import org.signal.libsignal.protocol.ecc.ECPublicKey;

/* loaded from: classes4.dex */
public class MasterCipher {
    private static final String TAG = Log.tag((Class<?>) MasterCipher.class);
    private final MasterSecret masterSecret;

    public MasterCipher(MasterSecret masterSecret) {
        this.masterSecret = masterSecret;
    }

    private byte[] getDecryptedBody(Cipher cipher, byte[] bArr) throws IllegalBlockSizeException, BadPaddingException {
        return cipher.doFinal(bArr, cipher.getBlockSize(), bArr.length - cipher.getBlockSize());
    }

    private Cipher getDecryptingCipher(SecureSecretKeySpec secureSecretKeySpec, byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(2, secureSecretKeySpec, new IvParameterSpec(bArr, 0, cipher.getBlockSize()));
        return cipher;
    }

    private byte[] getEncryptedBody(Cipher cipher, byte[] bArr) throws IllegalBlockSizeException, BadPaddingException {
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] iv = cipher.getIV();
        byte[] bArr2 = new byte[iv.length + doFinal.length];
        System.arraycopy(iv, 0, bArr2, 0, iv.length);
        System.arraycopy(doFinal, 0, bArr2, iv.length, doFinal.length);
        Arrays.fill(doFinal, (byte) 0);
        return bArr2;
    }

    private Cipher getEncryptingCipher(SecureSecretKeySpec secureSecretKeySpec) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(1, secureSecretKeySpec);
        return cipher;
    }

    private Mac getMac(SecureSecretKeySpec secureSecretKeySpec) throws GeneralSecurityException {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(secureSecretKeySpec);
        return mac;
    }

    private byte[] getMacBody(Mac mac, byte[] bArr) {
        byte[] doFinal = mac.doFinal(bArr);
        byte[] bArr2 = new byte[bArr.length + doFinal.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(doFinal, 0, bArr2, bArr.length, doFinal.length);
        return bArr2;
    }

    private byte[] verifyMacBody(Mac mac, byte[] bArr) throws GeneralSecurityException {
        if (bArr.length < mac.getMacLength()) {
            throw new GeneralSecurityException("length(encrypted body + MAC) < length(MAC)");
        }
        int length = bArr.length - mac.getMacLength();
        byte[] bArr2 = new byte[length];
        System.arraycopy(bArr, 0, bArr2, 0, length);
        int macLength = mac.getMacLength();
        byte[] bArr3 = new byte[macLength];
        System.arraycopy(bArr, bArr.length - macLength, bArr3, 0, macLength);
        if (MessageDigest.isEqual(bArr3, mac.doFinal(bArr2))) {
            return bArr2;
        }
        throw new GeneralSecurityException("MAC doesen't match.");
    }

    public byte[] decrypt(byte[] bArr) throws GeneralSecurityException {
        return decrypt(bArr, null);
    }

    public byte[] decrypt(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        Mac mac = getMac(this.masterSecret.getMacKey());
        mac.update(bArr2);
        byte[] verifyMacBody = verifyMacBody(mac, bArr);
        return getDecryptedBody(getDecryptingCipher(this.masterSecret.getEncryptionKey(), verifyMacBody), verifyMacBody);
    }

    public ECPrivateKey decryptPrivateKey(byte[] bArr) throws InvalidKeyException {
        try {
            return Curve.decodePrivatePoint(decrypt(bArr, "ECPrivateKey".getBytes()));
        } catch (GeneralSecurityException e) {
            throw new InvalidKeyException(e);
        }
    }

    public ECPublicKey decryptPublicKey(byte[] bArr) throws InvalidKeyException {
        try {
            return Curve.decodePoint(decrypt(bArr, "ECPublicKey".getBytes()), 0);
        } catch (GeneralSecurityException e) {
            throw new InvalidKeyException(e);
        }
    }

    public byte[] encrypt(byte[] bArr) {
        return encrypt(bArr, null);
    }

    public byte[] encrypt(byte[] bArr, byte[] bArr2) {
        try {
            Cipher encryptingCipher = getEncryptingCipher(this.masterSecret.getEncryptionKey());
            Mac mac = getMac(this.masterSecret.getMacKey());
            mac.update(bArr2);
            return getMacBody(mac, getEncryptedBody(encryptingCipher, bArr));
        } catch (GeneralSecurityException e) {
            throw new AssertionError(e);
        }
    }

    public byte[] encryptPrivateKey(ECPrivateKey eCPrivateKey) {
        return encrypt(eCPrivateKey.serialize(), "ECPrivateKey".getBytes());
    }

    public byte[] encryptPublicKey(ECPublicKey eCPublicKey) {
        return encrypt(eCPublicKey.serialize(), "ECPublicKey".getBytes());
    }
}
