package com.streamr.client.utils;

import com.streamr.client.exceptions.InvalidGroupKeyException;
import com.streamr.client.exceptions.InvalidRSAKeyException;
import com.streamr.client.exceptions.UnableToDecryptException;
import com.streamr.client.protocol.message_layer.StreamMessage;
import java.io.IOException;
import java.io.StringWriter;
import java.lang.reflect.Field;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.util.io.pem.PemObject;
import org.spongycastle.util.io.pem.PemWriter;

/* loaded from: input_file:com/streamr/client/utils/EncryptionUtil.class */
public class EncryptionUtil {
    private static final Logger log = LoggerFactory.getLogger(EncryptionUtil.class);
    private static final SecureRandom SRAND = new SecureRandom();
    private static final ThreadLocal<Cipher> aesCipher = ThreadLocal.withInitial(() -> {
        return getAESCipher();
    });
    private static final ThreadLocal<Cipher> rsaCipher = ThreadLocal.withInitial(() -> {
        return getRSACipher();
    });
    private final RSAPublicKey publicKey;
    private final RSAPrivateKey privateKey;

    public EncryptionUtil(RSAPublicKey rSAPublicKey, RSAPrivateKey rSAPrivateKey) {
        if (rSAPublicKey != null || rSAPrivateKey != null) {
            this.publicKey = rSAPublicKey;
            this.privateKey = rSAPrivateKey;
        } else {
            KeyPair generateKeyPair = generateKeyPair();
            this.publicKey = (RSAPublicKey) generateKeyPair.getPublic();
            this.privateKey = (RSAPrivateKey) generateKeyPair.getPrivate();
        }
    }

    public EncryptionUtil() {
        this(null, null);
    }

    public byte[] decryptWithPrivateKey(String str) throws UnableToDecryptException {
        byte[] parseHexBinary = DatatypeConverter.parseHexBinary(str);
        try {
            rsaCipher.get().init(2, this.privateKey);
            return rsaCipher.get().doFinal(parseHexBinary);
        } catch (Exception e) {
            throw new UnableToDecryptException(str);
        }
    }

    public void decryptWithPrivateKey(StreamMessage streamMessage) throws UnableToDecryptException {
        if (streamMessage.getEncryptionType() != StreamMessage.EncryptionType.RSA) {
            throw new IllegalArgumentException("Given StreamMessage is not encrypted with RSA!");
        }
        streamMessage.setEncryptionType(StreamMessage.EncryptionType.NONE);
        streamMessage.setSerializedContent(decryptWithPrivateKey(streamMessage.getSerializedContent()));
    }

    public RSAPublicKey getPublicKey() {
        return this.publicKey;
    }

    public String getPublicKeyAsPemString() {
        return exportKeyAsPemString(this.publicKey, true);
    }

    public static void encryptWithPublicKey(StreamMessage streamMessage, String str) {
        streamMessage.setEncryptionType(StreamMessage.EncryptionType.RSA);
        streamMessage.setGroupKeyId(str);
        streamMessage.setSerializedContent(encryptWithPublicKey(streamMessage.getSerializedContentAsBytes(), str));
    }

    public static String encryptWithPublicKey(byte[] bArr, String str) {
        validatePublicKey(str);
        return encryptWithPublicKey(bArr, getPublicKeyFromString(str));
    }

    public static String encryptWithPublicKey(byte[] bArr, RSAPublicKey rSAPublicKey) {
        try {
            rsaCipher.get().init(1, rSAPublicKey);
            return Hex.encodeHexString(rsaCipher.get().doFinal(bArr));
        } catch (Exception e) {
            log.error("Failed to encrypt plaintext: " + bArr, e);
            throw new RuntimeException(e);
        }
    }

    public static String encryptWithPublicKey(String str, String str2) {
        return encryptWithPublicKey(DatatypeConverter.parseHexBinary(str), str2);
    }

    public static String encryptWithPublicKey(String str, RSAPublicKey rSAPublicKey) {
        return encryptWithPublicKey(DatatypeConverter.parseHexBinary(str), rSAPublicKey);
    }

    public static String encrypt(byte[] bArr, GroupKey groupKey) {
        try {
            byte[] bArr2 = new byte[16];
            SRAND.nextBytes(bArr2);
            aesCipher.get().init(1, groupKey.toSecretKey(), new IvParameterSpec(bArr2));
            return Hex.encodeHexString(bArr2) + Hex.encodeHexString(aesCipher.get().doFinal(bArr));
        } catch (Exception e) {
            log.error("Failed to encrypt with groupKey", e);
            return null;
        }
    }

    public static byte[] decrypt(String str, GroupKey groupKey) throws Exception {
        if (groupKey == null) {
            throw new InvalidGroupKeyException(0);
        }
        aesCipher.get().init(2, groupKey.toSecretKey(), new IvParameterSpec(DatatypeConverter.parseHexBinary(str.substring(0, 32))));
        return aesCipher.get().doFinal(DatatypeConverter.parseHexBinary(str.substring(32)));
    }

    public static EncryptedGroupKey encryptGroupKey(GroupKey groupKey, GroupKey groupKey2) {
        return new EncryptedGroupKey(groupKey.getGroupKeyId(), encrypt(DatatypeConverter.parseHexBinary(groupKey.getGroupKeyHex()), groupKey2));
    }

    public static GroupKey decryptGroupKey(EncryptedGroupKey encryptedGroupKey, GroupKey groupKey) throws Exception {
        return new GroupKey(encryptedGroupKey.getGroupKeyId(), Hex.encodeHexString(decrypt(encryptedGroupKey.getEncryptedGroupKeyHex(), groupKey)));
    }

    public static EncryptedGroupKey encryptWithPublicKey(GroupKey groupKey, RSAPublicKey rSAPublicKey) {
        return new EncryptedGroupKey(groupKey.getGroupKeyId(), encryptWithPublicKey(groupKey.getGroupKeyHex(), rSAPublicKey));
    }

    public GroupKey decryptWithPrivateKey(EncryptedGroupKey encryptedGroupKey) throws UnableToDecryptException, InvalidGroupKeyException {
        return new GroupKey(encryptedGroupKey.getGroupKeyId(), Hex.encodeHexString(decryptWithPrivateKey(encryptedGroupKey.getEncryptedGroupKeyHex())));
    }

    public static void encryptStreamMessage(StreamMessage streamMessage, GroupKey groupKey) throws InvalidGroupKeyException {
        streamMessage.setSerializedContent(encrypt(streamMessage.getSerializedContentAsBytes(), groupKey));
        streamMessage.setEncryptionType(StreamMessage.EncryptionType.AES);
        streamMessage.setGroupKeyId(groupKey.getGroupKeyId());
    }

    public static void decryptStreamMessage(StreamMessage streamMessage, GroupKey groupKey) throws UnableToDecryptException {
        if (streamMessage.getEncryptionType() != StreamMessage.EncryptionType.AES) {
            throw new IllegalArgumentException("Given StreamMessage is not encrypted with AES!");
        }
        try {
            streamMessage.setSerializedContent(decrypt(streamMessage.getSerializedContent(), groupKey));
            streamMessage.setEncryptionType(StreamMessage.EncryptionType.NONE);
        } catch (Exception e) {
            if (groupKey == null) {
                log.debug("No key given to decrypt stream {} msg {}", streamMessage.getStreamId(), streamMessage.getMessageRef());
            } else {
                log.debug("Failed to decrypt stream {} msg {} with key {} ", new Object[]{streamMessage.getStreamId(), streamMessage.getMessageRef(), groupKey.getGroupKeyId()});
            }
            throw new UnableToDecryptException(streamMessage.getSerializedContent());
        }
    }

    public static void validateGroupKey(String str) throws InvalidGroupKeyException {
        String substring = str.startsWith("0x") ? str.substring(2) : str;
        if (substring.length() != 64) {
            throw new InvalidGroupKeyException(substring.length() * 4);
        }
    }

    public static void validatePublicKey(String str) {
        if (str == null || !str.startsWith("-----BEGIN PUBLIC KEY-----") || !str.endsWith("-----END PUBLIC KEY-----\n")) {
            throw new InvalidRSAKeyException(true);
        }
    }

    public static void validatePrivateKey(String str) {
        if (str == null || !str.startsWith("-----BEGIN PRIVATE KEY-----") || !str.endsWith("-----END PRIVATE KEY-----\n")) {
            throw new InvalidRSAKeyException(false);
        }
    }

    public static String exportKeyAsPemString(Key key, boolean z) {
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        try {
            try {
                pemWriter.writeObject(new PemObject((z ? "PUBLIC" : "PRIVATE") + " KEY", key.getEncoded()));
                pemWriter.flush();
                return stringWriter.toString();
            } catch (IOException e) {
                log.error("Failed to write key as PEM", e);
                throw new RuntimeException(e);
            }
        } finally {
            try {
                pemWriter.close();
            } catch (IOException e2) {
                log.error("Failed to close PemWriter", e2);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Cipher getAESCipher() {
        try {
            return Cipher.getInstance("AES/CTR/NoPadding");
        } catch (Exception e) {
            log.error("Failed to get AES cipher", e);
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Cipher getRSACipher() {
        try {
            return Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding");
        } catch (Exception e) {
            log.error("Failed to get RSA cipher", e);
            throw new RuntimeException(e);
        }
    }

    public static RSAPublicKey getPublicKeyFromString(String str) {
        String replace = str.replace("-----BEGIN PUBLIC KEY-----\n", "").replace("-----END PUBLIC KEY-----", "");
        try {
            return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decodeBase64(replace)));
        } catch (Exception e) {
            log.error("Failed to parse public key from string: " + replace, e);
            throw new RuntimeException(e);
        }
    }

    public static RSAPrivateKey getPrivateKeyFromString(String str) {
        try {
            return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(str.replace("-----BEGIN PRIVATE KEY-----\n", "").replace("-----END PRIVATE KEY-----", ""))));
        } catch (Exception e) {
            log.error("Failed to parse private key", e);
            throw new RuntimeException(e);
        }
    }

    public static SecretKey getSecretKeyFromHexString(String str) throws InvalidGroupKeyException {
        validateGroupKey(str);
        try {
            Field declaredField = Class.forName("javax.crypto.JceSecurity").getDeclaredField("isRestricted");
            declaredField.setAccessible(true);
            Field declaredField2 = Field.class.getDeclaredField("modifiers");
            declaredField2.setAccessible(true);
            declaredField2.setInt(declaredField, declaredField.getModifiers() & (-17));
            declaredField.set(null, false);
            return new SecretKeySpec(DatatypeConverter.parseHexBinary(str), "AES");
        } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | NoSuchFieldException | SecurityException e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    public static KeyPair generateKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(4096, SRAND);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
