package org.apache.tuweni.scuttlebutt.handshake;

import org.apache.tuweni.bytes.Bytes;
import org.apache.tuweni.bytes.Bytes32;
import org.apache.tuweni.crypto.sodium.Allocated;
import org.apache.tuweni.crypto.sodium.Box;
import org.apache.tuweni.crypto.sodium.Concatenate;
import org.apache.tuweni.crypto.sodium.DiffieHelman;
import org.apache.tuweni.crypto.sodium.HMACSHA512256;
import org.apache.tuweni.crypto.sodium.SHA256Hash;
import org.apache.tuweni.crypto.sodium.SecretBox;
import org.apache.tuweni.crypto.sodium.Signature;

/* loaded from: input_file:org/apache/tuweni/scuttlebutt/handshake/SecureScuttlebuttHandshakeServer.class */
public final class SecureScuttlebuttHandshakeServer {
    private final Signature.KeyPair longTermKeyPair;
    private final Box.KeyPair ephemeralKeyPair = Box.KeyPair.random();
    private final HMACSHA512256.Key networkIdentifier;
    private Box.PublicKey clientEphemeralPublicKey;
    private DiffieHelman.Secret sharedSecret;
    private DiffieHelman.Secret sharedSecret2;
    private Signature.PublicKey clientLongTermPublicKey;
    private DiffieHelman.Secret sharedSecret3;
    private Allocated detachedSignature;

    public static SecureScuttlebuttHandshakeServer create(Signature.KeyPair keyPair, Bytes32 bytes32) {
        return new SecureScuttlebuttHandshakeServer(keyPair, bytes32);
    }

    private SecureScuttlebuttHandshakeServer(Signature.KeyPair keyPair, Bytes32 bytes32) {
        this.longTermKeyPair = keyPair;
        this.networkIdentifier = HMACSHA512256.Key.fromBytes(bytes32);
    }

    public Bytes createHello() {
        return Bytes.concatenate(new Bytes[]{HMACSHA512256.authenticate(this.ephemeralKeyPair.publicKey().bytes(), this.networkIdentifier), this.ephemeralKeyPair.publicKey().bytes()});
    }

    public void readHello(Bytes bytes) {
        if (bytes.size() != 64) {
            throw new HandshakeException("Invalid handshake message length: " + bytes.size());
        }
        Bytes slice = bytes.slice(0, 32);
        Bytes slice2 = bytes.slice(32, 32);
        if (!HMACSHA512256.verify(slice, slice2, this.networkIdentifier)) {
            throw new HandshakeException("MAC does not match our network identifier");
        }
        this.clientEphemeralPublicKey = Box.PublicKey.fromBytes(slice2);
        computeSharedSecrets();
    }

    void computeSharedSecrets() {
        this.sharedSecret = DiffieHelman.Secret.forKeys(DiffieHelman.SecretKey.forBoxSecretKey(this.ephemeralKeyPair.secretKey()), DiffieHelman.PublicKey.forBoxPublicKey(this.clientEphemeralPublicKey));
        this.sharedSecret2 = DiffieHelman.Secret.forKeys(DiffieHelman.SecretKey.forSignatureSecretKey(this.longTermKeyPair.secretKey()), DiffieHelman.PublicKey.forBoxPublicKey(this.clientEphemeralPublicKey));
    }

    DiffieHelman.Secret sharedSecret() {
        return this.sharedSecret;
    }

    DiffieHelman.Secret sharedSecret2() {
        return this.sharedSecret2;
    }

    DiffieHelman.Secret sharedSecret3() {
        return this.sharedSecret3;
    }

    Signature.PublicKey clientLongTermPublicKey() {
        return this.clientLongTermPublicKey;
    }

    public void readIdentityMessage(Bytes bytes) {
        Bytes decrypt = SecretBox.decrypt(bytes, SecretBox.Key.fromHash(SHA256Hash.hash(SHA256Hash.Input.fromPointer(new Concatenate().add(this.networkIdentifier).add(this.sharedSecret).add(this.sharedSecret2).concatenate()))), SecretBox.Nonce.fromBytes(new byte[24]));
        if (decrypt == null) {
            throw new HandshakeException("Could not decrypt the plaintext with our shared secrets");
        }
        if (decrypt.size() != 96) {
            throw new HandshakeException("Identity message should be 96 bytes long, was " + decrypt.size());
        }
        this.detachedSignature = Allocated.fromBytes(decrypt.slice(0, 64));
        this.clientLongTermPublicKey = Signature.PublicKey.fromBytes(decrypt.slice(64, 32));
        if (!this.clientLongTermPublicKey.verify(new Concatenate().add(this.networkIdentifier).add(this.longTermKeyPair.publicKey()).add(SHA256Hash.hash(SHA256Hash.Input.fromSecret(this.sharedSecret))).concatenate(), this.detachedSignature)) {
            throw new HandshakeException("Identity message signature does not match");
        }
        this.sharedSecret3 = DiffieHelman.Secret.forKeys(DiffieHelman.SecretKey.forBoxSecretKey(this.ephemeralKeyPair.secretKey()), DiffieHelman.PublicKey.forSignaturePublicKey(this.clientLongTermPublicKey));
    }

    public Bytes createAcceptMessage() {
        return SecretBox.encrypt(Signature.signDetached(new Concatenate().add(this.networkIdentifier).add(this.detachedSignature).add(this.clientLongTermPublicKey).add(SHA256Hash.hash(SHA256Hash.Input.fromSecret(this.sharedSecret))).concatenate(), this.longTermKeyPair.secretKey()), SecretBox.Key.fromHash(SHA256Hash.hash(SHA256Hash.Input.fromPointer(new Concatenate().add(this.networkIdentifier).add(this.sharedSecret).add(this.sharedSecret2).add(this.sharedSecret3).concatenate()))), SecretBox.Nonce.fromBytes(new byte[24])).bytes();
    }

    SHA256Hash.Hash clientToServerSecretBoxKey() {
        return SHA256Hash.hash(SHA256Hash.Input.fromPointer(new Concatenate().add(SHA256Hash.hash(SHA256Hash.Input.fromHash(SHA256Hash.hash(SHA256Hash.Input.fromPointer(new Concatenate().add(this.networkIdentifier).add(this.sharedSecret).add(this.sharedSecret2).add(this.sharedSecret3).concatenate()))))).add(this.longTermKeyPair.publicKey()).concatenate()));
    }

    Bytes clientToServerNonce() {
        return HMACSHA512256.authenticate(this.ephemeralKeyPair.publicKey().bytes(), this.networkIdentifier).slice(0, 24);
    }

    SHA256Hash.Hash serverToClientSecretBoxKey() {
        return SHA256Hash.hash(SHA256Hash.Input.fromPointer(new Concatenate().add(SHA256Hash.hash(SHA256Hash.Input.fromHash(SHA256Hash.hash(SHA256Hash.Input.fromPointer(new Concatenate().add(this.networkIdentifier).add(this.sharedSecret).add(this.sharedSecret2).add(this.sharedSecret3).concatenate()))))).add(this.clientLongTermPublicKey).concatenate()));
    }

    Bytes serverToClientNonce() {
        return HMACSHA512256.authenticate(this.clientEphemeralPublicKey.bytes(), this.networkIdentifier).slice(0, 24);
    }

    public SecureScuttlebuttStreamServer createStream() {
        return new SecureScuttlebuttStream(clientToServerSecretBoxKey(), clientToServerNonce(), serverToClientSecretBoxKey(), serverToClientNonce());
    }
}
