package com.alipay.mychain.sdk.crypto.envelope;

import com.alipay.mychain.sdk.crypto.AlgoIdEnum;
import com.alipay.mychain.sdk.crypto.cipher.AesGcmCipherV1;
import com.alipay.mychain.sdk.crypto.hash.HashFactory;
import com.alipay.mychain.sdk.crypto.keyoperator.Pkcs8KeyOperator;
import com.alipay.mychain.sdk.crypto.keypair.KeyTypeEnum;
import com.alipay.mychain.sdk.crypto.keypair.Keypair;
import com.alipay.mychain.sdk.crypto.pkeycipher.EccR1PkeyCipherV1;
import com.alipay.mychain.sdk.crypto.pkeycipher.PkeyCipherBase;
import com.alipay.mychain.sdk.errorcode.ErrorCode;
import com.alipay.mychain.sdk.exception.MychainSdkException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.exception.ExceptionUtils;

/* loaded from: input_file:com/alipay/mychain/sdk/crypto/envelope/EccR1EnvelopeV1.class */
public class EccR1EnvelopeV1 implements EnvelopeBase {
    private static final int IV_LEN = 12;
    private static final int AUTHTAG_LEN = 16;
    private static final int SEALED_KEY_LEN = 94;
    private List<PkeyCipherBase> pubkeyList;
    private PkeyCipherBase privkey;

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public AlgoIdEnum getAlgo() {
        return AlgoIdEnum.ENVELOPE_ECCR1_LOCAL_V1;
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public boolean isEncryptor() {
        return this.pubkeyList != null && this.pubkeyList.size() > 0;
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public boolean isDecryptor() {
        return this.privkey != null;
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public void setPkeyCipherList(List<PkeyCipherBase> list) {
        if (list == null || list.size() == 0) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "public keys should not empty");
        }
        if (list.size() > 65535) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "too many public keys");
        }
        this.pubkeyList = new ArrayList();
        for (PkeyCipherBase pkeyCipherBase : list) {
            if (pkeyCipherBase.getAlgo() != AlgoIdEnum.PKEY_CIPHER_ECCR1_LOCAL_V1) {
                throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "invalid keypair type!");
            }
            if (!pkeyCipherBase.isEncryptor()) {
                throw new MychainSdkException(ErrorCode.SDK_INVALID_PUBLIC_KEY, "no public key");
            }
            this.pubkeyList.add(pkeyCipherBase);
        }
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public void setPubkeyList(List<Keypair> list) {
        if (list == null || list.size() == 0) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "public keys should not empty");
        }
        if (list.size() > 65535) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "too many public keys");
        }
        this.pubkeyList = new ArrayList();
        for (Keypair keypair : list) {
            if (keypair.getType() != KeyTypeEnum.KEY_ECCR1_PKCS8) {
                throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "invalid keypair type!");
            }
            if (!keypair.isPubkey()) {
                throw new MychainSdkException(ErrorCode.SDK_INVALID_PUBLIC_KEY, "no public key");
            }
            this.pubkeyList.add(new EccR1PkeyCipherV1(keypair));
        }
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public void setPrivkey(Keypair keypair) {
        if (keypair == null) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "keypair should not null");
        }
        if (keypair.getType() != KeyTypeEnum.KEY_ECCR1_PKCS8) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "invalid keypair type!");
        }
        if (!keypair.isPrivkey()) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PRIVATE_KEY, "no private key");
        }
        this.privkey = new EccR1PkeyCipherV1(keypair);
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public void setPrivkey(PkeyCipherBase pkeyCipherBase) {
        if (pkeyCipherBase == null) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "pkeyCipher should not null");
        }
        if (pkeyCipherBase.getAlgo() != AlgoIdEnum.PKEY_CIPHER_ECCR1_LOCAL_V1) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "invalid keypair type!");
        }
        if (!pkeyCipherBase.isDecryptor()) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PRIVATE_KEY, "no private key");
        }
        this.privkey = pkeyCipherBase;
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public byte[] envelopeSeal(byte[] bArr, byte[] bArr2) {
        if (!isEncryptor()) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PUBLIC_KEY, "no public keys");
        }
        if (bArr2 != null) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "secretKey must null!");
        }
        try {
            int size = this.pubkeyList.size();
            byte[] kdf = kdf(new Pkcs8KeyOperator().generate(KeyTypeEnum.KEY_ECCR1_PKCS8).getPubkeyEncoded());
            byte[] encrypt = new AesGcmCipherV1(kdf).encrypt(bArr);
            byte[] bArr3 = new byte[2 + (size * SEALED_KEY_LEN) + encrypt.length];
            bArr3[0] = (byte) ((size >> 8) & 255);
            bArr3[1] = (byte) (size & 255);
            int i = 2;
            Iterator<PkeyCipherBase> it = this.pubkeyList.iterator();
            while (it.hasNext()) {
                byte[] encrypt2 = it.next().encrypt(kdf);
                System.arraycopy(encrypt2, 0, bArr3, i, encrypt2.length);
                i += encrypt2.length;
            }
            System.arraycopy(encrypt, 0, bArr3, i, encrypt.length);
            return bArr3;
        } catch (Exception e) {
            throw new MychainSdkException(ErrorCode.OTHERS, ExceptionUtils.getStackTrace(e));
        }
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public byte[] envelopeOpen(byte[] bArr, byte[] bArr2) {
        if (!isDecryptor() && bArr2 == null) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PRIVATE_KEY, "no private key");
        }
        if (bArr == null || bArr.length < 2) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "invalid cipher text!");
        }
        if (bArr2 != null && bArr2.length != AUTHTAG_LEN) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "invalid secret_key!");
        }
        try {
            int i = ((bArr[0] & 255) << 8) + (bArr[1] & 255);
            if (i == 0) {
                throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "invalid public key number!");
            }
            int i2 = 2;
            if (bArr2 == null) {
                int i3 = 0;
                while (i3 < i) {
                    byte[] copyOfRange = Arrays.copyOfRange(bArr, i2, i2 + SEALED_KEY_LEN);
                    i2 += SEALED_KEY_LEN;
                    try {
                        bArr2 = this.privkey.decrypt(copyOfRange);
                        i3++;
                        break;
                    } catch (Exception e) {
                        if (i3 == i - 1) {
                            throw e;
                        }
                        i3++;
                    }
                }
            }
            return new AesGcmCipherV1(bArr2).decrypt(Arrays.copyOfRange(bArr, 2 + (i * SEALED_KEY_LEN), bArr.length));
        } catch (Exception e2) {
            throw new MychainSdkException(ErrorCode.OTHERS, ExceptionUtils.getStackTrace(e2));
        }
    }

    private byte[] kdf(byte[] bArr) {
        byte[] hash = HashFactory.getHash().hash(bArr);
        byte[] copyOfRange = Arrays.copyOfRange(hash, AUTHTAG_LEN, 32);
        byte[] bArr2 = new byte[AUTHTAG_LEN];
        for (int i = 0; i < AUTHTAG_LEN; i++) {
            bArr2[i] = (byte) (hash[i] ^ copyOfRange[i]);
        }
        return bArr2;
    }
}
