package com.alchemy.aa;

import com.alchemy.aa.core.TekManager;
import com.alchemy.aa.core.exceptions.NoInjectedBundleException;
import com.alchemy.aa.core.exceptions.StamperNotInitializedException;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.primitives.Bytes;
import com.google.crypto.tink.InsecureSecretKeyAccess;
import com.google.crypto.tink.subtle.Base64;
import com.google.crypto.tink.subtle.EllipticCurves;
import com.google.crypto.tink.subtle.Hex;
import com.google.protobuf.InvalidProtocolBufferException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.Security;
import java.security.Signature;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import org.bitcoinj.base.Base58;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;

/* loaded from: input_file:com/alchemy/aa/Stamper.class */
public class Stamper {
    private TekManager tekManager;
    private byte[] bundlePrivateKey;
    private byte[] bundlePublicKey;

    /* loaded from: input_file:com/alchemy/aa/Stamper$APIStamp.class */
    public static final class APIStamp extends Record {
        private final String publicKey;
        private final String scheme;
        private final String signature;

        public APIStamp(String str, String str2, String str3) {
            this.publicKey = str;
            this.scheme = str2;
            this.signature = str3;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, APIStamp.class), APIStamp.class, "publicKey;scheme;signature", "FIELD:Lcom/alchemy/aa/Stamper$APIStamp;->publicKey:Ljava/lang/String;", "FIELD:Lcom/alchemy/aa/Stamper$APIStamp;->scheme:Ljava/lang/String;", "FIELD:Lcom/alchemy/aa/Stamper$APIStamp;->signature:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, APIStamp.class), APIStamp.class, "publicKey;scheme;signature", "FIELD:Lcom/alchemy/aa/Stamper$APIStamp;->publicKey:Ljava/lang/String;", "FIELD:Lcom/alchemy/aa/Stamper$APIStamp;->scheme:Ljava/lang/String;", "FIELD:Lcom/alchemy/aa/Stamper$APIStamp;->signature:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, APIStamp.class, Object.class), APIStamp.class, "publicKey;scheme;signature", "FIELD:Lcom/alchemy/aa/Stamper$APIStamp;->publicKey:Ljava/lang/String;", "FIELD:Lcom/alchemy/aa/Stamper$APIStamp;->scheme:Ljava/lang/String;", "FIELD:Lcom/alchemy/aa/Stamper$APIStamp;->signature:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String publicKey() {
            return this.publicKey;
        }

        public String scheme() {
            return this.scheme;
        }

        public String signature() {
            return this.signature;
        }
    }

    /* loaded from: input_file:com/alchemy/aa/Stamper$Stamp.class */
    public static final class Stamp extends Record {
        private final String stampHeaderName;
        private final String stampHeaderValue;

        public Stamp(String str, String str2) {
            this.stampHeaderName = str;
            this.stampHeaderValue = str2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, Stamp.class), Stamp.class, "stampHeaderName;stampHeaderValue", "FIELD:Lcom/alchemy/aa/Stamper$Stamp;->stampHeaderName:Ljava/lang/String;", "FIELD:Lcom/alchemy/aa/Stamper$Stamp;->stampHeaderValue:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, Stamp.class), Stamp.class, "stampHeaderName;stampHeaderValue", "FIELD:Lcom/alchemy/aa/Stamper$Stamp;->stampHeaderName:Ljava/lang/String;", "FIELD:Lcom/alchemy/aa/Stamper$Stamp;->stampHeaderValue:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, Stamp.class, Object.class), Stamp.class, "stampHeaderName;stampHeaderValue", "FIELD:Lcom/alchemy/aa/Stamper$Stamp;->stampHeaderName:Ljava/lang/String;", "FIELD:Lcom/alchemy/aa/Stamper$Stamp;->stampHeaderValue:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String stampHeaderName() {
            return this.stampHeaderName;
        }

        public String stampHeaderValue() {
            return this.stampHeaderValue;
        }
    }

    public static String toJson(APIStamp aPIStamp) throws JsonProcessingException {
        return new ObjectMapper().writer().withDefaultPrettyPrinter().writeValueAsString(aPIStamp);
    }

    public Stamper(TekManager tekManager) {
        this();
        this.tekManager = tekManager;
    }

    private Stamper() {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        this.bundlePublicKey = null;
        this.bundlePrivateKey = null;
    }

    /* JADX WARN: Type inference failed for: r0v25, types: [byte[], byte[][]] */
    public void injectCredentialBundle(String str) throws GeneralSecurityException, InvalidProtocolBufferException {
        if (this.tekManager.getPublicKey() == null) {
            throw new StamperNotInitializedException();
        }
        byte[] byteArray = this.tekManager.getPublicKey().getPublicKeyBytes().toByteArray();
        ByteBuffer wrap = ByteBuffer.wrap(Base58.decodeChecked(str));
        byte[] bArr = new byte[33];
        wrap.get(bArr);
        byte[] convertToUncompress = convertToUncompress(bArr);
        byte[] bArr2 = new byte[wrap.remaining()];
        wrap.get(bArr2);
        byte[][] privateKeyToKeyPair = privateKeyToKeyPair(this.tekManager.hpkeDecrypt(convertToUncompress, bArr2, "turnkey_hpke".getBytes(), Bytes.concat((byte[][]) new byte[]{convertToUncompress, byteArray})));
        this.bundlePublicKey = privateKeyToKeyPair[0];
        this.bundlePrivateKey = privateKeyToKeyPair[1];
    }

    public synchronized Stamp stamp(String str) throws GeneralSecurityException, JsonProcessingException {
        if (this.bundlePrivateKey == null || this.bundlePublicKey == null) {
            throw new NoInjectedBundleException();
        }
        ECPrivateKey eCPrivateKey = (ECPrivateKey) KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(this.bundlePrivateKey));
        Signature signature = Signature.getInstance("SHA256withECDSA", "SunEC");
        signature.initSign(eCPrivateKey);
        signature.update(str.getBytes());
        return new Stamp("X-Stamp", Base64.urlSafeEncode(toJson(new APIStamp(Hex.encode(this.bundlePublicKey), "SIGNATURE_SCHEME_TK_API_P256", Hex.encode(signature.sign()))).getBytes()));
    }

    public String publicKey() throws GeneralSecurityException, InvalidProtocolBufferException {
        return org.bouncycastle.util.encoders.Hex.toHexString(this.tekManager.getPublicKey().getPublicKeyBytes().toByteArray());
    }

    public String privateKey() throws GeneralSecurityException, InvalidProtocolBufferException {
        return org.bouncycastle.util.encoders.Hex.toHexString(this.tekManager.getPrivateKey().getPrivateKeyBytes().toByteArray(InsecureSecretKeyAccess.get()));
    }

    private byte[] convertToUncompress(byte[] bArr) throws GeneralSecurityException {
        EllipticCurves.CurveType curveType = EllipticCurves.CurveType.NIST_P256;
        return EllipticCurves.pointEncode(curveType, EllipticCurves.PointFormatType.UNCOMPRESSED, EllipticCurves.pointDecode(curveType, EllipticCurves.PointFormatType.COMPRESSED, bArr));
    }

    private byte[] convertToCompressed(byte[] bArr) throws GeneralSecurityException {
        EllipticCurves.CurveType curveType = EllipticCurves.CurveType.NIST_P256;
        return EllipticCurves.pointEncode(curveType, EllipticCurves.PointFormatType.COMPRESSED, EllipticCurves.pointDecode(curveType, EllipticCurves.PointFormatType.UNCOMPRESSED, bArr));
    }

    private byte[] convertToCompressed(ECPublicKey eCPublicKey) throws GeneralSecurityException {
        return EllipticCurves.pointEncode(eCPublicKey.getParams().getCurve(), EllipticCurves.PointFormatType.COMPRESSED, eCPublicKey.getW());
    }

    /* JADX WARN: Type inference failed for: r0v15, types: [byte[], byte[][]] */
    private byte[][] privateKeyToKeyPair(byte[] bArr) throws GeneralSecurityException {
        ECPrivateKey ecPrivateKey = EllipticCurves.getEcPrivateKey(EllipticCurves.CurveType.NIST_P256, bArr);
        BigInteger s = ecPrivateKey.getS();
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("secp256r1");
        ECPublicKey ecPublicKey = EllipticCurves.getEcPublicKey(KeyFactory.getInstance("EC", "BC").generatePublic(new ECPublicKeySpec(parameterSpec.getG().multiply(s).normalize(), parameterSpec)).getEncoded());
        EllipticCurves.validatePublicKey(ecPublicKey, ecPrivateKey);
        return new byte[]{convertToCompressed(ecPublicKey), ecPrivateKey.getEncoded()};
    }
}
