package com.samourai.wallet.crypto;

import com.samourai.wallet.crypto.impl.ECDHKeySet;
import com.samourai.wallet.crypto.impl.EncryptedMessage;
import com.samourai.wallet.util.RandomUtil;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.ArrayUtils;
import org.bitcoinj.core.ECKey;
import org.bitcoinj.core.Sha256Hash;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.JCEECPrivateKey;
import org.bouncycastle.jce.provider.JCEECPublicKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes3.dex */
public class CryptoUtil {
    private static final String ALGO_CRYPTO = "AES";
    private static final String ALGO_HASH = "SHA256";
    private static final String ALGO_HMAC = "HmacSHA512";
    private static final String CYPHER = "AES/CTR/NoPadding";
    private static CryptoUtil instance;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CryptoUtil.class);
    private String provider;
    private final RandomUtil randomUtil = RandomUtil.getInstance();

    protected CryptoUtil(String str) {
        this.provider = str;
    }

    private void checkHMAC(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws Exception {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr3, ALGO_HMAC);
        Mac mac = Mac.getInstance(ALGO_HMAC, this.provider);
        mac.init(secretKeySpec);
        if (!MessageDigest.isEqual(mac.doFinal(ArrayUtils.addAll(bArr4, bArr2)), bArr)) {
            throw new RuntimeException("HMAC does not match..");
        }
    }

    private byte[] decryptAES_CTR(byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, ALGO_CRYPTO);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr3);
        Cipher cipher = Cipher.getInstance(CYPHER, this.provider);
        cipher.init(2, secretKeySpec, ivParameterSpec);
        return cipher.doFinal(bArr);
    }

    private byte[] encryptAES_CTR(byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, ALGO_CRYPTO);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr3);
        Cipher cipher = Cipher.getInstance(CYPHER, this.provider);
        cipher.init(2, secretKeySpec, ivParameterSpec);
        return cipher.doFinal(bArr);
    }

    private byte[] getHMAC(byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, ALGO_HMAC);
        Mac mac = Mac.getInstance(ALGO_HMAC, this.provider);
        mac.init(secretKeySpec);
        return mac.doFinal(ArrayUtils.addAll(bArr3, bArr));
    }

    public static CryptoUtil getInstance(Provider provider) {
        if (instance == null) {
            try {
                Security.addProvider(new BouncyCastleProvider());
            } catch (Exception e) {
                log.error("", (Throwable) e);
            }
            instance = new CryptoUtil(provider.getName());
        }
        return instance;
    }

    public byte[] createSignature(ECKey eCKey, byte[] bArr) throws NoSuchProviderException, NoSuchAlgorithmException {
        return eCKey.sign(Sha256Hash.of(bArr)).encodeToDER();
    }

    public byte[] decrypt(byte[] bArr, ECDHKeySet eCDHKeySet) throws Exception {
        EncryptedMessage unserialize = EncryptedMessage.unserialize(bArr);
        checkHMAC(unserialize.hmac, unserialize.payload, eCDHKeySet.hmacKey, unserialize.iv);
        return decryptAES_CTR(unserialize.payload, eCDHKeySet.encryptionKey, unserialize.iv);
    }

    public String decryptString(byte[] bArr, ECDHKeySet eCDHKeySet) throws Exception {
        return new String(decrypt(bArr, eCDHKeySet), "UTF-8");
    }

    public byte[] encrypt(String str, ECDHKeySet eCDHKeySet) throws Exception {
        return encrypt(str.getBytes("UTF-8"), eCDHKeySet);
    }

    public byte[] encrypt(byte[] bArr, ECDHKeySet eCDHKeySet) throws Exception {
        byte[] nextBytes = this.randomUtil.nextBytes(16);
        byte[] encryptAES_CTR = encryptAES_CTR(bArr, eCDHKeySet.encryptionKey, nextBytes);
        return new EncryptedMessage(nextBytes, getHMAC(encryptAES_CTR, eCDHKeySet.hmacKey, nextBytes), encryptAES_CTR).serialize();
    }

    public ECDHKeySet getSharedSecret(ECKey eCKey, ECKey eCKey2) throws Exception {
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC", this.provider);
        algorithmParameters.init(new ECGenParameterSpec("secp256k1"));
        ECParameterSpec eCParameterSpec = (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class);
        ECPrivateKeySpec eCPrivateKeySpec = new ECPrivateKeySpec(eCKey.getPrivKey(), eCParameterSpec);
        ECPublicKeySpec eCPublicKeySpec = new ECPublicKeySpec(new ECPoint(eCKey2.getPubKeyPoint().getXCoord().toBigInteger(), eCKey2.getPubKeyPoint().getYCoord().toBigInteger()), eCParameterSpec);
        KeyFactory keyFactory = KeyFactory.getInstance("EC", this.provider);
        ECPrivateKey eCPrivateKey = (ECPrivateKey) keyFactory.generatePrivate(eCPrivateKeySpec);
        ECPublicKey eCPublicKey = (ECPublicKey) keyFactory.generatePublic(eCPublicKeySpec);
        JCEECPrivateKey jCEECPrivateKey = new JCEECPrivateKey(eCPrivateKey);
        JCEECPublicKey jCEECPublicKey = new JCEECPublicKey(eCPublicKey);
        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", this.provider);
        keyAgreement.init(jCEECPrivateKey);
        keyAgreement.doPhase(jCEECPublicKey, true);
        return new ECDHKeySet(keyAgreement.generateSecret(), this.provider);
    }

    public boolean verifySignature(ECKey eCKey, byte[] bArr, byte[] bArr2) throws NoSuchProviderException, NoSuchAlgorithmException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA256", this.provider);
            messageDigest.update(bArr);
            return eCKey.verify(messageDigest.digest(), bArr2);
        } catch (Exception e) {
            log.error("", (Throwable) e);
            return false;
        }
    }
}
