package no.uio.ifi.crypt4gh.util;

import com.rfksystems.blake2b.security.Blake2bProvider;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.Writer;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.interfaces.XECPrivateKey;
import java.security.interfaces.XECPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.NamedParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.security.spec.XECPrivateKeySpec;
import java.security.spec.XECPublicKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.KeyAgreement;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import no.uio.ifi.crypt4gh.pojo.header.X25519ChaCha20IETFPoly1305HeaderPacket;
import no.uio.ifi.crypt4gh.pojo.key.Cipher;
import no.uio.ifi.crypt4gh.pojo.key.KDF;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.ArrayUtils;

/* loaded from: input_file:no/uio/ifi/crypt4gh/util/KeyUtils.class */
public class KeyUtils {
    public static final String CHA_CHA_20 = "ChaCha20";
    public static final String X25519 = "X25519";
    public static final String BEGIN_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----";
    public static final String END_PUBLIC_KEY = "-----END PUBLIC KEY-----";
    public static final String BEGIN_PRIVATE_KEY = "-----BEGIN PRIVATE KEY-----";
    public static final String END_PRIVATE_KEY = "-----END PRIVATE KEY-----";
    public static final String BEGIN_CRYPT4GH_PUBLIC_KEY = "-----BEGIN CRYPT4GH PUBLIC KEY-----";
    public static final String END_CRYPT4GH_PUBLIC_KEY = "-----END CRYPT4GH PUBLIC KEY-----";
    public static final String BEGIN_CRYPT4GH_ENCRYPTED_PRIVATE_KEY = "-----BEGIN CRYPT4GH ENCRYPTED PRIVATE KEY-----";
    public static final String END_CRYPT4GH_ENCRYPTED_PRIVATE_KEY = "-----END CRYPT4GH ENCRYPTED PRIVATE KEY-----";
    public static final String CRYPT4GH_AUTH_MAGIC = "c4gh-v1";
    private static KeyUtils ourInstance = new KeyUtils();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:no/uio/ifi/crypt4gh/util/KeyUtils$StaticSecureRandom.class */
    public static class StaticSecureRandom extends SecureRandom {
        private final byte[] privateKey;

        StaticSecureRandom(byte[] bArr) {
            this.privateKey = (byte[]) bArr.clone();
        }

        @Override // java.security.SecureRandom, java.util.Random
        public void nextBytes(byte[] bArr) {
            System.arraycopy(this.privateKey, 0, bArr, 0, this.privateKey.length);
        }
    }

    public static KeyUtils getInstance() {
        return ourInstance;
    }

    private KeyUtils() {
        Security.addProvider(new Blake2bProvider());
    }

    public KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        return KeyPairGenerator.getInstance(X25519).generateKeyPair();
    }

    public byte[] encodeKey(Key key) throws GeneralSecurityException {
        if (key instanceof XECPublicKey) {
            return getU((PublicKey) key);
        }
        if (key instanceof XECPrivateKey) {
            return getScalar((PrivateKey) key);
        }
        throw new GeneralSecurityException("Expected either XECPublicKey or XECPrivateKey, but got: " + key.getClass());
    }

    public byte[] getU(PublicKey publicKey) throws GeneralSecurityException {
        byte[] byteArray = ((XECPublicKeySpec) KeyFactory.getInstance(X25519).getKeySpec(publicKey, XECPublicKeySpec.class)).getU().toByteArray();
        ArrayUtils.reverse(byteArray);
        return Arrays.copyOf(byteArray, 32);
    }

    public byte[] getScalar(PrivateKey privateKey) throws GeneralSecurityException {
        return ((XECPrivateKeySpec) KeyFactory.getInstance(X25519).getKeySpec(privateKey, XECPrivateKeySpec.class)).getScalar();
    }

    public PrivateKey generatePrivateKey() throws GeneralSecurityException {
        byte[] bArr = new byte[32];
        SecureRandom.getInstanceStrong().nextBytes(bArr);
        return constructPrivateKey(bArr);
    }

    public PrivateKey constructPrivateKey(byte[] bArr) throws GeneralSecurityException {
        return KeyFactory.getInstance(X25519).generatePrivate(new XECPrivateKeySpec(new NamedParameterSpec(X25519), bArr));
    }

    public PublicKey constructPublicKey(byte[] bArr) throws GeneralSecurityException {
        KeyFactory keyFactory = KeyFactory.getInstance(X25519);
        byte[] bArr2 = (byte[]) bArr.clone();
        ArrayUtils.reverse(bArr2);
        return keyFactory.generatePublic(new XECPublicKeySpec(new NamedParameterSpec(X25519), new BigInteger(bArr2)));
    }

    public PublicKey derivePublicKey(PrivateKey privateKey) throws GeneralSecurityException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(X25519);
        keyPairGenerator.initialize(new NamedParameterSpec(X25519), new StaticSecureRandom(getScalar(privateKey)));
        return keyPairGenerator.generateKeyPair().getPublic();
    }

    public byte[] generateDiffieHellmanSharedKey(PrivateKey privateKey, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException {
        KeyAgreement keyAgreement = KeyAgreement.getInstance(X25519);
        keyAgreement.init(privateKey);
        keyAgreement.doPhase(publicKey, true);
        return keyAgreement.generateSecret();
    }

    public SecretKey generateWriterSharedKey(PrivateKey privateKey, PublicKey publicKey) throws GeneralSecurityException {
        PublicKey derivePublicKey = derivePublicKey(privateKey);
        return new SecretKeySpec(Arrays.copyOfRange(MessageDigest.getInstance("BLAKE2B-512").digest(ArrayUtils.addAll(ArrayUtils.addAll(generateDiffieHellmanSharedKey(privateKey, publicKey), encodeKey(publicKey)), encodeKey(derivePublicKey))), 0, 32), "ChaCha20");
    }

    public SecretKey generateReaderSharedKey(PrivateKey privateKey, PublicKey publicKey) throws GeneralSecurityException {
        PublicKey derivePublicKey = derivePublicKey(privateKey);
        return new SecretKeySpec(Arrays.copyOfRange(MessageDigest.getInstance("BLAKE2B-512").digest(ArrayUtils.addAll(ArrayUtils.addAll(generateDiffieHellmanSharedKey(privateKey, publicKey), encodeKey(derivePublicKey)), encodeKey(publicKey))), 0, 32), "ChaCha20");
    }

    public SecretKey generateSessionKey() throws NoSuchAlgorithmException {
        return KeyGenerator.getInstance("ChaCha20").generateKey();
    }

    public PublicKey readPublicKey(File file) throws IOException, GeneralSecurityException {
        return readPublicKey(FileUtils.readFileToString(file, Charset.defaultCharset()));
    }

    public PublicKey readPublicKey(String str) throws GeneralSecurityException {
        KeyFactory keyFactory = KeyFactory.getInstance(X25519);
        byte[] decodeKey = decodeKey(str);
        try {
            return keyFactory.generatePublic(new X509EncodedKeySpec(decodeKey));
        } catch (InvalidKeySpecException e) {
            return constructPublicKey(decodeKey);
        }
    }

    public PrivateKey readPrivateKey(File file, char[] cArr) throws IOException, GeneralSecurityException {
        return readPrivateKey(FileUtils.readFileToString(file, Charset.defaultCharset()), cArr);
    }

    public PrivateKey readPrivateKey(String str, char[] cArr) throws GeneralSecurityException, IllegalArgumentException {
        KeyFactory keyFactory = KeyFactory.getInstance(X25519);
        byte[] decodeKey = decodeKey(str);
        try {
            return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(decodeKey));
        } catch (IllegalArgumentException | InvalidKeySpecException e) {
            return readCrypt4GHPrivateKey(decodeKey, cArr);
        }
    }

    public PrivateKey readCrypt4GHPrivateKey(byte[] bArr, char[] cArr) throws GeneralSecurityException, IllegalArgumentException {
        ByteBuffer order = ByteBuffer.wrap(bArr).order(ByteOrder.BIG_ENDIAN);
        order.get(new byte[CRYPT4GH_AUTH_MAGIC.length()]);
        KDF valueOf = KDF.valueOf(decodeString(order).toUpperCase());
        int i = 0;
        byte[] bArr2 = new byte[0];
        if (valueOf != KDF.NONE) {
            if (cArr == null) {
                throw new IllegalArgumentException("Private key is password-protected, need a password for decryption");
            }
            int i2 = order.getShort() - 4;
            i = order.getInt();
            bArr2 = decodeArray(order, i2);
        }
        Cipher valueOf2 = Cipher.valueOf(decodeString(order).toUpperCase());
        byte[] decodeArray = decodeArray(order, order.getShort());
        if (valueOf == KDF.NONE) {
            if (valueOf2 != Cipher.NONE) {
                throw new GeneralSecurityException("Invalid private key: KDF is 'none', but cipher is not 'none");
            }
            return constructPrivateKey(decodeArray);
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(valueOf.derive(i, cArr, bArr2), "ChaCha20");
        Arrays.fill(cArr, (char) 0);
        javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(X25519ChaCha20IETFPoly1305HeaderPacket.CHA_CHA_20_POLY_1305);
        byte[] copyOfRange = Arrays.copyOfRange(decodeArray, 0, 12);
        byte[] copyOfRange2 = Arrays.copyOfRange(decodeArray, 12, decodeArray.length);
        cipher.init(2, secretKeySpec, new IvParameterSpec(copyOfRange));
        return constructPrivateKey(cipher.doFinal(copyOfRange2));
    }

    public byte[] decodeKey(String str) {
        return Base64.getDecoder().decode(str.replaceAll("-----(.*?)-----", "").replace(System.lineSeparator(), "").replace(" ", "").trim());
    }

    public void writeOpenSSLKey(Writer writer, Key key) throws IOException {
        ArrayList arrayList = new ArrayList();
        boolean z = key instanceof PublicKey;
        if (z) {
            arrayList.add(BEGIN_PUBLIC_KEY);
        } else {
            arrayList.add(BEGIN_PRIVATE_KEY);
        }
        arrayList.add(Base64.getEncoder().encodeToString(key.getEncoded()));
        if (z) {
            arrayList.add(END_PUBLIC_KEY);
        } else {
            arrayList.add(END_PRIVATE_KEY);
        }
        IOUtils.writeLines(arrayList, (String) null, writer);
    }

    public void writeCrypt4GHKey(Writer writer, Key key, char[] cArr) throws IOException, GeneralSecurityException {
        ArrayList arrayList = new ArrayList();
        boolean z = key instanceof PublicKey;
        byte[] encodeKey = encodeKey(key);
        if (z) {
            arrayList.add(BEGIN_CRYPT4GH_PUBLIC_KEY);
            arrayList.add(Base64.getEncoder().encodeToString(encodeKey));
            arrayList.add(END_CRYPT4GH_PUBLIC_KEY);
        } else {
            byte[] bArr = new byte[16];
            SecureRandom.getInstanceStrong().nextBytes(bArr);
            SecretKeySpec secretKeySpec = new SecretKeySpec(KDF.SCRYPT.derive(0, cArr, bArr), "ChaCha20");
            Arrays.fill(cArr, (char) 0);
            byte[] bArr2 = new byte[12];
            SecureRandom.getInstanceStrong().nextBytes(bArr2);
            javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(X25519ChaCha20IETFPoly1305HeaderPacket.CHA_CHA_20_POLY_1305);
            cipher.init(1, secretKeySpec, new IvParameterSpec(bArr2));
            byte[] doFinal = cipher.doFinal(encodeKey);
            arrayList.add(BEGIN_CRYPT4GH_ENCRYPTED_PRIVATE_KEY);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                byteArrayOutputStream.write(CRYPT4GH_AUTH_MAGIC.getBytes());
                byteArrayOutputStream.write(encodeString(KDF.SCRYPT.name().toLowerCase()));
                byteArrayOutputStream.write(encodeArray(ArrayUtils.addAll(new byte[4], bArr)));
                byteArrayOutputStream.write(encodeString(Cipher.CHACHA20_POLY1305.name().toLowerCase()));
                byteArrayOutputStream.write(encodeArray(ArrayUtils.addAll(bArr2, doFinal)));
                arrayList.add(Base64.getEncoder().encodeToString(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.close();
                arrayList.add(END_CRYPT4GH_ENCRYPTED_PRIVATE_KEY);
            } catch (Throwable th) {
                try {
                    byteArrayOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        IOUtils.writeLines(arrayList, (String) null, writer);
    }

    public void writeOpenSSLKey(File file, Key key) throws IOException {
        FileWriter fileWriter = new FileWriter(file);
        try {
            writeOpenSSLKey(fileWriter, key);
            fileWriter.close();
        } catch (Throwable th) {
            try {
                fileWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public void writeCrypt4GHKey(File file, Key key, char[] cArr) throws IOException, GeneralSecurityException {
        FileWriter fileWriter = new FileWriter(file);
        try {
            writeCrypt4GHKey(fileWriter, key, cArr);
            fileWriter.close();
        } catch (Throwable th) {
            try {
                fileWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private String decodeString(ByteBuffer byteBuffer) {
        return new String(decodeArray(byteBuffer, byteBuffer.getShort()));
    }

    private byte[] decodeArray(ByteBuffer byteBuffer, int i) {
        byte[] bArr = new byte[i];
        byteBuffer.get(bArr);
        return bArr;
    }

    private byte[] encodeString(String str) {
        short length = (short) str.length();
        return ByteBuffer.allocate(2 + length).order(ByteOrder.BIG_ENDIAN).putShort(length).put(str.getBytes()).array();
    }

    private byte[] encodeArray(byte[] bArr) {
        short length = (short) bArr.length;
        return ByteBuffer.allocate(2 + length).order(ByteOrder.BIG_ENDIAN).putShort(length).put(bArr).array();
    }
}
