package org.apache.tuweni.scuttlebutt.handshake;

import org.apache.tuweni.bytes.Bytes;
import org.apache.tuweni.bytes.Bytes32;
import org.apache.tuweni.crypto.sodium.Allocated;
import org.apache.tuweni.crypto.sodium.Box;
import org.apache.tuweni.crypto.sodium.Concatenate;
import org.apache.tuweni.crypto.sodium.DiffieHelman;
import org.apache.tuweni.crypto.sodium.HMACSHA512256;
import org.apache.tuweni.crypto.sodium.SHA256Hash;
import org.apache.tuweni.crypto.sodium.SecretBox;
import org.apache.tuweni.crypto.sodium.Signature;
import org.apache.tuweni.scuttlebutt.Identity;
import org.apache.tuweni.scuttlebutt.Invite;

/* loaded from: input_file:org/apache/tuweni/scuttlebutt/handshake/SecureScuttlebuttHandshakeClient.class */
public final class SecureScuttlebuttHandshakeClient {
    private final Signature.KeyPair longTermKeyPair;
    private final Box.KeyPair ephemeralKeyPair = Box.KeyPair.random();
    private final HMACSHA512256.Key networkIdentifier;
    private final Signature.PublicKey serverLongTermPublicKey;
    private Box.PublicKey serverEphemeralPublicKey;
    private DiffieHelman.Secret sharedSecret;
    private DiffieHelman.Secret sharedSecret2;
    private DiffieHelman.Secret sharedSecret3;
    private Allocated detachedSignature;

    public static SecureScuttlebuttHandshakeClient create(Signature.KeyPair keyPair, Bytes32 bytes32, Signature.PublicKey publicKey) {
        return new SecureScuttlebuttHandshakeClient(keyPair, bytes32, publicKey);
    }

    public static SecureScuttlebuttHandshakeClient fromInvite(Bytes32 bytes32, Invite invite) {
        if (Identity.Curve.Ed25519.equals(invite.identity().curve())) {
            return new SecureScuttlebuttHandshakeClient(Signature.KeyPair.forSecretKey(Signature.SecretKey.fromSeed(invite.seedKey())), bytes32, invite.identity().ed25519PublicKey());
        }
        throw new IllegalArgumentException("Only ed25519 keys are supported");
    }

    private SecureScuttlebuttHandshakeClient(Signature.KeyPair keyPair, Bytes32 bytes32, Signature.PublicKey publicKey) {
        this.longTermKeyPair = keyPair;
        this.networkIdentifier = HMACSHA512256.Key.fromBytes(bytes32);
        this.serverLongTermPublicKey = publicKey;
    }

    public Bytes createHello() {
        return Bytes.concatenate(new Bytes[]{HMACSHA512256.authenticate(this.ephemeralKeyPair.publicKey().bytes(), this.networkIdentifier), this.ephemeralKeyPair.publicKey().bytes()});
    }

    public void readHello(Bytes bytes) {
        if (bytes.size() != 64) {
            throw new HandshakeException("Invalid handshake message length: " + bytes.size());
        }
        Bytes slice = bytes.slice(0, 32);
        Bytes slice2 = bytes.slice(32, 32);
        if (!HMACSHA512256.verify(slice, slice2, this.networkIdentifier)) {
            throw new HandshakeException("MAC does not match our network identifier");
        }
        this.serverEphemeralPublicKey = Box.PublicKey.fromBytes(slice2);
        this.sharedSecret = DiffieHelman.Secret.forKeys(DiffieHelman.SecretKey.forBoxSecretKey(this.ephemeralKeyPair.secretKey()), DiffieHelman.PublicKey.forBoxPublicKey(this.serverEphemeralPublicKey));
        this.sharedSecret2 = DiffieHelman.Secret.forKeys(DiffieHelman.SecretKey.forBoxSecretKey(this.ephemeralKeyPair.secretKey()), DiffieHelman.PublicKey.forSignaturePublicKey(this.serverLongTermPublicKey));
        this.sharedSecret3 = DiffieHelman.Secret.forKeys(DiffieHelman.SecretKey.forSignatureSecretKey(this.longTermKeyPair.secretKey()), DiffieHelman.PublicKey.forBoxPublicKey(this.serverEphemeralPublicKey));
    }

    DiffieHelman.Secret sharedSecret() {
        return this.sharedSecret;
    }

    DiffieHelman.Secret sharedSecret2() {
        return this.sharedSecret2;
    }

    DiffieHelman.Secret sharedSecret3() {
        return this.sharedSecret3;
    }

    public Bytes createIdentityMessage() {
        Concatenate concatenate = new Concatenate();
        concatenate.add(this.networkIdentifier);
        concatenate.add(this.serverLongTermPublicKey);
        concatenate.add(SHA256Hash.hash(SHA256Hash.Input.fromSecret(this.sharedSecret)));
        this.detachedSignature = Signature.signDetached(concatenate.concatenate(), this.longTermKeyPair.secretKey());
        return SecretBox.encrypt(new Concatenate().add(this.detachedSignature).add(this.longTermKeyPair.publicKey()).concatenate(), SecretBox.Key.fromHash(SHA256Hash.hash(SHA256Hash.Input.fromPointer(new Concatenate().add(this.networkIdentifier).add(this.sharedSecret).add(this.sharedSecret2).concatenate()))), SecretBox.Nonce.fromBytes(new byte[24])).bytes();
    }

    public void readAcceptMessage(Bytes bytes) {
        Allocated decrypt = SecretBox.decrypt(Allocated.fromBytes(bytes), SecretBox.Key.fromHash(SHA256Hash.hash(SHA256Hash.Input.fromPointer(new Concatenate().add(this.networkIdentifier).add(this.sharedSecret).add(this.sharedSecret2).add(this.sharedSecret3).concatenate()))), SecretBox.Nonce.fromBytes(new byte[24]));
        if (decrypt == null) {
            throw new HandshakeException("Could not decrypt accept message with our shared secrets");
        }
        if (!this.serverLongTermPublicKey.verify(new Concatenate().add(this.networkIdentifier).add(this.detachedSignature).add(this.longTermKeyPair.publicKey()).add(SHA256Hash.hash(SHA256Hash.Input.fromSecret(this.sharedSecret))).concatenate(), decrypt)) {
            throw new HandshakeException("Accept message signature does not match");
        }
    }

    SHA256Hash.Hash clientToServerSecretBoxKey() {
        return SHA256Hash.hash(SHA256Hash.Input.fromPointer(new Concatenate().add(SHA256Hash.hash(SHA256Hash.Input.fromHash(SHA256Hash.hash(SHA256Hash.Input.fromPointer(new Concatenate().add(this.networkIdentifier).add(this.sharedSecret).add(this.sharedSecret2).add(this.sharedSecret3).concatenate()))))).add(this.serverLongTermPublicKey).concatenate()));
    }

    Bytes clientToServerNonce() {
        return HMACSHA512256.authenticate(this.serverEphemeralPublicKey.bytes(), this.networkIdentifier).slice(0, 24);
    }

    SHA256Hash.Hash serverToClientSecretBoxKey() {
        return SHA256Hash.hash(SHA256Hash.Input.fromPointer(new Concatenate().add(SHA256Hash.hash(SHA256Hash.Input.fromHash(SHA256Hash.hash(SHA256Hash.Input.fromPointer(new Concatenate().add(this.networkIdentifier).add(this.sharedSecret).add(this.sharedSecret2).add(this.sharedSecret3).concatenate()))))).add(this.longTermKeyPair.publicKey()).concatenate()));
    }

    Bytes serverToClientNonce() {
        return HMACSHA512256.authenticate(this.ephemeralKeyPair.publicKey().bytes(), this.networkIdentifier).slice(0, 24);
    }

    public SecureScuttlebuttStreamClient createStream() {
        return new SecureScuttlebuttStream(clientToServerSecretBoxKey(), clientToServerNonce(), serverToClientSecretBoxKey(), serverToClientNonce());
    }
}
