package io.netty.incubator.codec.ohttp;

import io.netty.buffer.ByteBuf;
import io.netty.incubator.codec.hpke.AsymmetricCipherKeyPair;
import io.netty.incubator.codec.hpke.CryptoDecryptContext;
import io.netty.incubator.codec.hpke.CryptoEncryptContext;
import io.netty.incubator.codec.hpke.HPKERecipientContext;
import io.netty.incubator.codec.hpke.OHttpCryptoProvider;
import java.security.SecureRandom;
import java.util.Objects;
import java.util.Random;

/* loaded from: input_file:io/netty/incubator/codec/ohttp/OHttpCryptoReceiver.class */
public final class OHttpCryptoReceiver extends OHttpCrypto {
    private static final Random RAND = new SecureRandom();
    private final OHttpCryptoConfiguration configuration;
    private final HPKERecipientContext context;
    private final byte[] responseNonce;
    private final CryptoEncryptContext aead;

    /* loaded from: input_file:io/netty/incubator/codec/ohttp/OHttpCryptoReceiver$Builder.class */
    public static final class Builder {
        private OHttpCryptoProvider provider;
        private OHttpCryptoConfiguration configuration;
        private AsymmetricCipherKeyPair privateKey;
        private OHttpCiphersuite ciphersuite;
        private byte[] encapsulatedKey;
        private byte[] forcedResponseNonce;

        public Builder setOHttpCryptoProvider(OHttpCryptoProvider oHttpCryptoProvider) {
            this.provider = oHttpCryptoProvider;
            return this;
        }

        public Builder setConfiguration(OHttpCryptoConfiguration oHttpCryptoConfiguration) {
            this.configuration = oHttpCryptoConfiguration;
            return this;
        }

        public Builder setPrivateKey(AsymmetricCipherKeyPair asymmetricCipherKeyPair) {
            this.privateKey = asymmetricCipherKeyPair;
            return this;
        }

        public Builder setCiphersuite(OHttpCiphersuite oHttpCiphersuite) {
            this.ciphersuite = oHttpCiphersuite;
            return this;
        }

        public Builder setEncapsulatedKey(byte[] bArr) {
            this.encapsulatedKey = bArr;
            return this;
        }

        public Builder setForcedResponseNonce(byte[] bArr) {
            this.forcedResponseNonce = bArr;
            return this;
        }

        public OHttpCryptoReceiver build() {
            return new OHttpCryptoReceiver(this);
        }

        private Builder() {
        }
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    private OHttpCryptoReceiver(Builder builder) {
        this.configuration = (OHttpCryptoConfiguration) Objects.requireNonNull(builder.configuration, "configuration");
        OHttpCiphersuite oHttpCiphersuite = (OHttpCiphersuite) Objects.requireNonNull(builder.ciphersuite, "ciphersuite");
        byte[] bArr = (byte[]) Objects.requireNonNull(builder.encapsulatedKey, "encapsulatedKey");
        OHttpCryptoProvider oHttpCryptoProvider = (OHttpCryptoProvider) Objects.requireNonNull(builder.provider, "provider");
        AsymmetricCipherKeyPair asymmetricCipherKeyPair = (AsymmetricCipherKeyPair) Objects.requireNonNull(builder.privateKey, "privateKey");
        if (builder.forcedResponseNonce == null) {
            this.responseNonce = new byte[oHttpCiphersuite.responseNonceLength()];
            RAND.nextBytes(this.responseNonce);
        } else {
            this.responseNonce = builder.forcedResponseNonce;
        }
        this.context = oHttpCryptoProvider.setupHPKEBaseR(oHttpCiphersuite.kem(), oHttpCiphersuite.kdf(), oHttpCiphersuite.aead(), bArr, asymmetricCipherKeyPair, createInfo(oHttpCiphersuite, this.configuration.requestExportContext()));
        try {
            this.aead = createResponseAEAD(oHttpCryptoProvider, this.context, oHttpCiphersuite.aead(), bArr, this.responseNonce, this.configuration.responseExportContext());
        } catch (Throwable th) {
            this.context.close();
            throw th;
        }
    }

    public void writeResponseNonce(ByteBuf byteBuf) {
        byteBuf.writeBytes(this.responseNonce);
    }

    @Override // io.netty.incubator.codec.ohttp.OHttpCrypto
    protected CryptoEncryptContext encryptCrypto() {
        return this.aead;
    }

    @Override // io.netty.incubator.codec.ohttp.OHttpCrypto
    protected CryptoDecryptContext decryptCrypto() {
        return this.context;
    }

    @Override // io.netty.incubator.codec.ohttp.OHttpCrypto
    protected boolean useFinalAad() {
        return this.configuration.useFinalAad();
    }
}
