package com.metabit.custom.safe.iip2;

import com.metabit.custom.safe.iip.shared.AlgorithmSpec;
import com.metabit.custom.safe.iip.shared.CryptoFactory;
import com.metabit.custom.safe.safeseal.impl.CryptoSettingsStruct;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import lombok.NonNull;
import org.bouncycastle.crypto.DataLengthException;

/* loaded from: input_file:com/metabit/custom/safe/iip2/IntegrityPaddingSignature.class */
public final class IntegrityPaddingSignature {
    static final byte[] MAGIC_ID;
    static final int LENGTH_SIZE = 4;
    static final int SEQUENCE_SIZE = 4;
    private final int RSA_PREFIX_SIZE = 2;
    private final SecureRandom rng = new SecureRandom();
    private final IvParameterSpec constantSK1IV;
    private final IvParameterSpec constantSK2IV;
    private final IvParameterSpec constantSK3IV;
    private final Cipher symmetricCipher;
    private final Cipher asymmetricCipher;
    private final AlgorithmSpec asymmetricEncryptionSpec;
    private final int innerBlockSize;
    private final int nonceSize;
    private final int headerSize;
    private final int outerBlockSize;
    private final int numPayloadBytesPerOuterBlock;
    static final /* synthetic */ boolean $assertionsDisabled;

    public IntegrityPaddingSignature(CryptoFactory cryptoFactory, CryptoSettingsStruct cryptoSettingsStruct) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException {
        this.asymmetricEncryptionSpec = cryptoSettingsStruct.getEncryption();
        this.asymmetricCipher = cryptoFactory.getCipherFromCipherSpec(this.asymmetricEncryptionSpec);
        AlgorithmSpec sig1 = cryptoSettingsStruct.getSig1();
        this.symmetricCipher = cryptoFactory.getCipherFromCipherSpec(sig1);
        this.innerBlockSize = sig1.getUsableBlockSize();
        this.outerBlockSize = SharedCode.outerBlockSize(cryptoSettingsStruct);
        this.nonceSize = this.innerBlockSize - 8;
        this.headerSize = MAGIC_ID.length + this.nonceSize + 4 + 4;
        this.numPayloadBytesPerOuterBlock = this.outerBlockSize - this.headerSize;
        byte[] bArr = new byte[this.innerBlockSize];
        this.constantSK1IV = new IvParameterSpec(bArr);
        bArr[0] = 64;
        this.constantSK2IV = new IvParameterSpec(bArr);
        bArr[0] = Byte.MIN_VALUE;
        this.constantSK3IV = new IvParameterSpec(bArr);
    }

    public byte[] performEncryption(byte[] bArr, PrivateKey privateKey, Key key, Key key2, Key key3) throws InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, ShortBufferException {
        if (bArr == null || privateKey == null || key == null || key2 == null || key3 == null) {
            throw new IllegalArgumentException("parameters must not be null");
        }
        int length = bArr.length;
        int i = ((length + this.numPayloadBytesPerOuterBlock) - 1) / this.numPayloadBytesPerOuterBlock;
        if (i == 0) {
            i = 1;
        }
        int i2 = i * this.outerBlockSize;
        byte[] bArr2 = new byte[i2 + 2];
        prepareBufferWithPadding(bArr2, i, bArr, length);
        performEncryptionSteps(bArr2, i2, i, privateKey, key, key2, key3);
        return bArr2;
    }

    private void prepareBufferWithPadding(byte[] bArr, int i, byte[] bArr2, int i2) {
        int i3 = 0;
        byte[] bArr3 = new byte[this.nonceSize];
        this.rng.nextBytes(bArr3);
        int i4 = 0 + 2;
        for (int i5 = 0; i5 < i; i5++) {
            if (i3 != i5 * this.numPayloadBytesPerOuterBlock) {
                throw new UnsupportedOperationException("offset calculation mismatch");
            }
            System.arraycopy(MAGIC_ID, 0, bArr, i4, MAGIC_ID.length);
            int length = i4 + MAGIC_ID.length;
            System.arraycopy(bArr3, 0, bArr, length, this.nonceSize);
            int i6 = length + this.nonceSize;
            SharedCode.put4ByteUnsignedIntToBuffer(bArr, i6, i2);
            int i7 = i6 + 4;
            SharedCode.put4ByteUnsignedIntToBuffer(bArr, i7, i5);
            int i8 = i7 + 4;
            int i9 = i3 + this.numPayloadBytesPerOuterBlock < i2 ? this.numPayloadBytesPerOuterBlock : i2 - i3;
            System.arraycopy(bArr2, i3, bArr, i8, i9);
            i3 += i9;
            i4 = i8 + i9;
        }
    }

    private void performEncryptionSteps(byte[] bArr, int i, int i2, PrivateKey privateKey, Key key, Key key2, Key key3) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, ShortBufferException, InvalidAlgorithmParameterException {
        int blockSize = this.symmetricCipher.getBlockSize();
        this.symmetricCipher.init(1, key, this.constantSK1IV, this.rng);
        int doFinal = this.symmetricCipher.doFinal(bArr, 2, i, bArr, 2);
        if (!$assertionsDisabled && doFinal != i) {
            throw new AssertionError();
        }
        this.symmetricCipher.init(1, key2, this.constantSK2IV, this.rng);
        int doFinal2 = this.symmetricCipher.doFinal(bArr, 2, i, bArr, 2);
        if (!$assertionsDisabled && doFinal2 != i) {
            throw new AssertionError();
        }
        reverseBuffer(bArr, 2, i, blockSize);
        this.symmetricCipher.init(1, key3, this.constantSK3IV, this.rng);
        int doFinal3 = this.symmetricCipher.doFinal(bArr, 2, i, bArr, 2);
        if (!$assertionsDisabled && doFinal3 != i) {
            throw new AssertionError();
        }
        bArr[0] = 62;
        bArr[1] = 122;
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) privateKey;
        if (!$assertionsDisabled && rSAPrivateKey.getModulus().bitLength() != this.asymmetricEncryptionSpec.getKeySizeInBit()) {
            throw new AssertionError();
        }
        this.asymmetricCipher.init(1, rSAPrivateKey);
        this.asymmetricCipher.doFinal(bArr, 0, 256, bArr, 0);
    }

    @NonNull
    public byte[] performDecryptionAndValidation(byte[] bArr, PublicKey publicKey, Key key, Key key2, Key key3) throws BadPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, ShortBufferException, IllegalBlockSizeException, DataLengthException {
        if (!$assertionsDisabled && ((RSAPublicKey) publicKey).getModulus().bitLength() != this.asymmetricEncryptionSpec.getKeySizeInBit()) {
            throw new AssertionError();
        }
        int length = bArr.length;
        if (length % this.innerBlockSize != 2) {
            throw new BadPaddingException();
        }
        int i = ((length - 2) / this.innerBlockSize) * this.innerBlockSize;
        if (i % this.outerBlockSize != 0) {
            throw new BadPaddingException();
        }
        int i2 = ((i + this.outerBlockSize) - 1) / this.outerBlockSize;
        if (i % this.outerBlockSize != 0) {
            throw new BadPaddingException();
        }
        performDecryptionSteps(publicKey, key, key2, key3, bArr, i, this.innerBlockSize);
        return verify_after_decryption(i2, bArr, length);
    }

    private void performDecryptionSteps(PublicKey publicKey, Key key, Key key2, Key key3, byte[] bArr, int i, int i2) throws InvalidKeyException, ShortBufferException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
        this.asymmetricCipher.init(2, publicKey, this.rng);
        this.asymmetricCipher.doFinal(bArr, 0, this.outerBlockSize, bArr, 0);
        this.symmetricCipher.init(2, key3, this.constantSK3IV, this.rng);
        int doFinal = this.symmetricCipher.doFinal(bArr, 2, i, bArr, 2);
        if (!$assertionsDisabled && doFinal != i) {
            throw new AssertionError();
        }
        reverseBuffer(bArr, 2, i, i2);
        this.symmetricCipher.init(2, key2, this.constantSK2IV, this.rng);
        int doFinal2 = this.symmetricCipher.doFinal(bArr, 2, i, bArr, 2);
        if (!$assertionsDisabled && doFinal2 != i) {
            throw new AssertionError();
        }
        this.symmetricCipher.init(2, key, this.constantSK1IV, this.rng);
        int doFinal3 = this.symmetricCipher.doFinal(bArr, 2, i, bArr, 2);
        if (!$assertionsDisabled && doFinal3 != i) {
            throw new AssertionError();
        }
    }

    private byte[] verify_after_decryption(int i, byte[] bArr, int i2) throws BadPaddingException {
        int i3 = 2;
        int i4 = 0;
        int i5 = -1;
        int i6 = 0;
        byte[] bArr2 = null;
        byte[] bArr3 = null;
        for (int i7 = 0; i7 < i; i7++) {
            if (!SharedCode.compareBytes(bArr, i3, MAGIC_ID, 0, MAGIC_ID.length)) {
                throw new BadPaddingException();
            }
            int length = i3 + MAGIC_ID.length;
            if (bArr3 == null) {
                bArr3 = new byte[this.nonceSize];
                System.arraycopy(bArr, length, bArr3, 0, this.nonceSize);
            } else if (!SharedCode.compareBytes(bArr, length, bArr3, 0, this.nonceSize)) {
                throw new BadPaddingException();
            }
            int i8 = length + this.nonceSize;
            int intExact = Math.toIntExact(SharedCode.get4ByteUnsignedIntFromBuffer(bArr, i8));
            int i9 = i8 + 4;
            if (i5 < 0) {
                if (intExact >= i2) {
                    throw new BadPaddingException();
                }
                if (intExact / this.numPayloadBytesPerOuterBlock > i) {
                    throw new BadPaddingException();
                }
                i5 = intExact;
                bArr2 = new byte[i5];
            } else if (i5 != intExact) {
                throw new BadPaddingException();
            }
            int intExact2 = Math.toIntExact(SharedCode.get4ByteUnsignedIntFromBuffer(bArr, i9));
            int i10 = i9 + 4;
            if (intExact2 != i6) {
                throw new BadPaddingException();
            }
            i6++;
            int min = Math.min(i5 - i4, this.numPayloadBytesPerOuterBlock);
            System.arraycopy(bArr, i10, bArr2, i4, min);
            i4 += min;
            i3 = i10 + min;
        }
        if (i4 != i5) {
            throw new BadPaddingException();
        }
        return bArr2;
    }

    public static final void reverseBuffer(byte[] bArr, int i, int i2, int i3) {
        if (i2 % i3 != 0) {
            throw new IllegalArgumentException("size mismatch: blocks do not fit in without remainder");
        }
        byte[] bArr2 = new byte[i3];
        int i4 = i2 / i3;
        int i5 = i4 / 2;
        for (int i6 = 0; i6 < i5; i6++) {
            int i7 = i + (i6 * i3);
            int i8 = i + (((i4 - 1) - i6) * i3);
            System.arraycopy(bArr, i7, bArr2, 0, i3);
            System.arraycopy(bArr, i8, bArr, i7, i3);
            System.arraycopy(bArr2, 0, bArr, i8, i3);
        }
    }

    static {
        $assertionsDisabled = !IntegrityPaddingSignature.class.desiredAssertionStatus();
        MAGIC_ID = new byte[]{62, 122, -79, 112, 90, -2, -28, 33, -22, 65, -108, -28, 4, 7, 7, -22};
    }
}
