package com.alchemy.aa.core;

import com.alchemy.aa.core.exceptions.NoTekException;
import com.google.crypto.tink.CleartextKeysetHandle;
import com.google.crypto.tink.InsecureSecretKeyAccess;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.TinkJsonProtoKeysetFormat;
import com.google.crypto.tink.hybrid.HpkeParameters;
import com.google.crypto.tink.hybrid.HpkePrivateKey;
import com.google.crypto.tink.hybrid.HpkePublicKey;
import com.google.crypto.tink.hybrid.internal.HpkeContext;
import com.google.crypto.tink.hybrid.internal.HpkeKemKeyFactory;
import com.google.crypto.tink.hybrid.internal.HpkePrimitiveFactory;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.util.Bytes;
import com.google.crypto.tink.util.SecretBytes;
import com.google.protobuf.InvalidProtocolBufferException;
import java.security.GeneralSecurityException;

/* loaded from: input_file:com/alchemy/aa/core/TekManager.class */
public class TekManager {
    private char[] serializedKeyset;
    private static HpkeParameters _hpkeParams;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static TekManager initializeTekManagerFromHpkeKey(HpkePrivateKey hpkePrivateKey) throws GeneralSecurityException {
        return initializeTekManagerFromKeySetHandle(KeysetHandle.newBuilder().addEntry(KeysetHandle.importKey(hpkePrivateKey).makePrimary().withFixedId(0)).build());
    }

    public static TekManager initializeTekManagerFromKeySetHandle(KeysetHandle keysetHandle) throws GeneralSecurityException {
        TekManager tekManager = new TekManager();
        tekManager.serializedKeyset = TinkJsonProtoKeysetFormat.serializeKeyset(keysetHandle, InsecureSecretKeyAccess.get()).toCharArray();
        return tekManager;
    }

    public static TekManager initializeTekManager() throws GeneralSecurityException, InvalidProtocolBufferException {
        TekManager tekManager = new TekManager();
        tekManager.createTek();
        return tekManager;
    }

    public HpkePublicKey createTek() throws GeneralSecurityException, InvalidProtocolBufferException {
        HpkePublicKey publicKey = getPublicKey();
        if (publicKey != null) {
            return publicKey;
        }
        KeysetHandle generateNew = KeysetHandle.generateNew(KeyTemplate.createFrom(getHpkeParams()));
        this.serializedKeyset = TinkJsonProtoKeysetFormat.serializeKeyset(generateNew, InsecureSecretKeyAccess.get()).toCharArray();
        return toHpkePublicKey(getHpkeParams(), generateNew);
    }

    public KeysetHandle getKeysetHandle() {
        if (this.serializedKeyset == null) {
            return null;
        }
        try {
            return TinkJsonProtoKeysetFormat.parseKeyset(String.valueOf(this.serializedKeyset), InsecureSecretKeyAccess.get());
        } catch (Exception e) {
            return null;
        }
    }

    public HpkePublicKey getPublicKey() throws GeneralSecurityException, InvalidProtocolBufferException {
        KeysetHandle keysetHandle = getKeysetHandle();
        if (keysetHandle == null) {
            return null;
        }
        return toHpkePublicKey(getHpkeParams(), keysetHandle);
    }

    public HpkePrivateKey getPrivateKey() throws GeneralSecurityException, InvalidProtocolBufferException {
        KeysetHandle keysetHandle = getKeysetHandle();
        if (keysetHandle == null) {
            return null;
        }
        return toHpkePrivaTekey(getHpkeParams(), keysetHandle);
    }

    public byte[] hpkeDecrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws NoTekException, GeneralSecurityException, InvalidProtocolBufferException {
        KeysetHandle keysetHandle = getKeysetHandle();
        if (keysetHandle == null) {
            throw new NoTekException();
        }
        HpkeParameters hpkeParams = getHpkeParams();
        return HpkeContext.createRecipientContext(bArr, HpkeKemKeyFactory.createPrivate(toHpkePrivaTekey(hpkeParams, keysetHandle)), HpkePrimitiveFactory.createKem(hpkeParams.getKemId()), HpkePrimitiveFactory.createKdf(hpkeParams.getKdfId()), HpkePrimitiveFactory.createAead(hpkeParams.getAeadId()), bArr3).open(bArr2, bArr4);
    }

    private static synchronized HpkeParameters getHpkeParams() throws GeneralSecurityException {
        if (_hpkeParams == null) {
            _hpkeParams = HpkeParameters.builder().setKemId(HpkeParameters.KemId.DHKEM_P256_HKDF_SHA256).setKdfId(HpkeParameters.KdfId.HKDF_SHA256).setAeadId(HpkeParameters.AeadId.AES_256_GCM).setVariant(HpkeParameters.Variant.NO_PREFIX).build();
        }
        return _hpkeParams;
    }

    private HpkePublicKey toHpkePublicKey(HpkeParameters hpkeParameters, KeysetHandle keysetHandle) throws GeneralSecurityException, InvalidProtocolBufferException {
        return HpkePublicKey.create(hpkeParameters, Bytes.copyFrom(com.google.crypto.tink.proto.HpkePublicKey.parseFrom(((Keyset.Key) CleartextKeysetHandle.getKeyset(keysetHandle.getPublicKeysetHandle()).getKeyList().get(0)).getKeyData().getValue()).getPublicKey().toByteArray()), (Integer) null);
    }

    private HpkePrivateKey toHpkePrivaTekey(HpkeParameters hpkeParameters, KeysetHandle keysetHandle) throws GeneralSecurityException, InvalidProtocolBufferException {
        HpkePublicKey hpkePublicKey = toHpkePublicKey(hpkeParameters, keysetHandle);
        KeyData keyData = ((Keyset.Key) CleartextKeysetHandle.getKeyset(keysetHandle).getKeyList().get(0)).getKeyData();
        if ($assertionsDisabled || keyData.getTypeUrl().equals("type.googleapis.com/google.crypto.tink.HpkePrivateKey")) {
            return HpkePrivateKey.create(HpkePublicKey.create(hpkeParameters, Bytes.copyFrom(hpkePublicKey.getPublicKeyBytes().toByteArray()), (Integer) null), SecretBytes.copyFrom(com.google.crypto.tink.proto.HpkePrivateKey.parseFrom(keyData.getValue()).getPrivateKey().toByteArray(), InsecureSecretKeyAccess.get()));
        }
        throw new AssertionError("invalid key type");
    }

    private TekManager() {
    }

    static {
        $assertionsDisabled = !TekManager.class.desiredAssertionStatus();
    }
}
