package com.alchemy.aa.core;

import com.alchemy.aa.core.exceptions.StamperNotInitializedException;
import com.google.common.primitives.Bytes;
import com.google.crypto.tink.subtle.EllipticCurves;
import com.google.protobuf.InvalidProtocolBufferException;
import java.io.Serializable;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.Security;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import lombok.Generated;
import org.bitcoinj.base.Base58;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;

/* loaded from: input_file:com/alchemy/aa/core/CredentialBundle.class */
public class CredentialBundle implements Serializable {
    private byte[] bundlePrivateKey;
    private byte[] bundlePublicKey;
    private final TekManager tekManager;

    private CredentialBundle(TekManager tekManager) {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        this.tekManager = tekManager;
    }

    /* JADX WARN: Type inference failed for: r0v24, types: [byte[], byte[][]] */
    public static CredentialBundle injectCredentialBundle(String str, TekManager tekManager) throws GeneralSecurityException, InvalidProtocolBufferException {
        CredentialBundle credentialBundle = new CredentialBundle(tekManager);
        if (tekManager.getPublicKey() == null) {
            throw new StamperNotInitializedException();
        }
        byte[] byteArray = tekManager.getPublicKey().getPublicKeyBytes().toByteArray();
        ByteBuffer wrap = ByteBuffer.wrap(Base58.decodeChecked(str));
        byte[] bArr = new byte[33];
        wrap.get(bArr);
        byte[] convertToUncompress = convertToUncompress(bArr);
        byte[] bArr2 = new byte[wrap.remaining()];
        wrap.get(bArr2);
        byte[][] privateKeyToKeyPair = privateKeyToKeyPair(tekManager.hpkeDecrypt(convertToUncompress, bArr2, "turnkey_hpke".getBytes(), Bytes.concat((byte[][]) new byte[]{convertToUncompress, byteArray})));
        credentialBundle.bundlePublicKey = privateKeyToKeyPair[0];
        credentialBundle.bundlePrivateKey = privateKeyToKeyPair[1];
        return credentialBundle;
    }

    private static byte[] convertToUncompress(byte[] bArr) throws GeneralSecurityException {
        EllipticCurves.CurveType curveType = EllipticCurves.CurveType.NIST_P256;
        return EllipticCurves.pointEncode(curveType, EllipticCurves.PointFormatType.UNCOMPRESSED, EllipticCurves.pointDecode(curveType, EllipticCurves.PointFormatType.COMPRESSED, bArr));
    }

    private static byte[] convertToCompressed(byte[] bArr) throws GeneralSecurityException {
        EllipticCurves.CurveType curveType = EllipticCurves.CurveType.NIST_P256;
        return EllipticCurves.pointEncode(curveType, EllipticCurves.PointFormatType.COMPRESSED, EllipticCurves.pointDecode(curveType, EllipticCurves.PointFormatType.UNCOMPRESSED, bArr));
    }

    private static byte[] convertToCompressed(ECPublicKey eCPublicKey) throws GeneralSecurityException {
        return EllipticCurves.pointEncode(eCPublicKey.getParams().getCurve(), EllipticCurves.PointFormatType.COMPRESSED, eCPublicKey.getW());
    }

    /* JADX WARN: Type inference failed for: r0v15, types: [byte[], byte[][]] */
    private static byte[][] privateKeyToKeyPair(byte[] bArr) throws GeneralSecurityException {
        ECPrivateKey ecPrivateKey = EllipticCurves.getEcPrivateKey(EllipticCurves.CurveType.NIST_P256, bArr);
        BigInteger s = ecPrivateKey.getS();
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("secp256r1");
        ECPublicKey ecPublicKey = EllipticCurves.getEcPublicKey(KeyFactory.getInstance("EC", "BC").generatePublic(new ECPublicKeySpec(parameterSpec.getG().multiply(s).normalize(), parameterSpec)).getEncoded());
        EllipticCurves.validatePublicKey(ecPublicKey, ecPrivateKey);
        return new byte[]{convertToCompressed(ecPublicKey), ecPrivateKey.getEncoded()};
    }

    @Generated
    public byte[] getBundlePrivateKey() {
        return this.bundlePrivateKey;
    }

    @Generated
    public byte[] getBundlePublicKey() {
        return this.bundlePublicKey;
    }
}
