package com.yahoo.security;

import com.yahoo.security.hpke.Aead;
import com.yahoo.security.hpke.Ciphersuite;
import com.yahoo.security.hpke.Hpke;
import com.yahoo.security.hpke.Kdf;
import com.yahoo.security.hpke.Kem;
import com.yahoo.security.token.TokenFingerprint;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.XECPrivateKey;
import java.security.interfaces.XECPublicKey;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.modes.ChaCha20Poly1305;
import org.bouncycastle.crypto.modes.GCMBlockCipher;
import org.bouncycastle.crypto.modes.GCMModeCipher;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;

/* loaded from: input_file:com/yahoo/security/SharedKeyGenerator.class */
public class SharedKeyGenerator {
    private static final int AES_GCM_KEY_BITS = 128;
    private static final int AES_GCM_AUTH_TAG_BITS = 128;
    private static final int CHACHA20_POLY1305_KEY_BITS = 256;
    private static final int CHACHA20_POLY1305_AUTH_TAG_BITS = 128;
    private static final byte[] CHACHA20_POLY1305_KDF_CONTEXT = ArrayUtils.toUtf8Bytes("ChaCha20Poly1305 key expansion");
    private static final byte[] EMPTY_BYTES = new byte[0];
    private static final SecureRandom SHARED_CSPRNG = new SecureRandom();
    private static final Ciphersuite HPKE_CIPHERSUITE = Ciphersuite.of(Kem.dHKemX25519HkdfSha256(), Kdf.hkdfSha256(), Aead.aes128Gcm());
    private static final Hpke HPKE = Hpke.of(HPKE_CIPHERSUITE);
    private static final byte[] FIXED_96BIT_IV_FOR_SINGLE_USE_KEY = {104, 101, 114, 101, 66, 100, 114, 97, 103, 111, 110, 115};

    private static SecretKey generateRandomSecretAesKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(TokenFingerprint.FINGERPRINT_BITS, SHARED_CSPRNG);
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static SecretSharedKey generateForReceiverPublicKey(PublicKey publicKey, KeyId keyId) {
        return internalSealSecretKeyForReceiver(2, generateRandomSecretAesKey(), publicKey, keyId);
    }

    public static SecretSharedKey fromSealedKey(SealedSharedKey sealedSharedKey, PrivateKey privateKey) {
        return new SecretSharedKey(new SecretKeySpec(HPKE.openBase(sealedSharedKey.enc(), (XECPrivateKey) privateKey, EMPTY_BYTES, sealedSharedKey.keyId().asBytes(), sealedSharedKey.ciphertext()), "AES"), sealedSharedKey);
    }

    public static SecretSharedKey reseal(SecretSharedKey secretSharedKey, PublicKey publicKey, KeyId keyId) {
        return internalSealSecretKeyForReceiver(secretSharedKey.sealedSharedKey().tokenVersion(), secretSharedKey.secretKey(), publicKey, keyId);
    }

    private static SecretSharedKey internalSealSecretKeyForReceiver(int i, SecretKey secretKey, PublicKey publicKey, KeyId keyId) {
        Hpke.Sealed sealBase = HPKE.sealBase((XECPublicKey) publicKey, EMPTY_BYTES, keyId.asBytes(), secretKey.getEncoded());
        return new SecretSharedKey(secretKey, new SealedSharedKey(i, keyId, sealBase.enc(), sealBase.ciphertext()));
    }

    private static AeadCipher makeAesGcmCipher(SecretSharedKey secretSharedKey, boolean z) {
        AEADParameters aEADParameters = new AEADParameters(new KeyParameter(secretSharedKey.secretKey().getEncoded()), TokenFingerprint.FINGERPRINT_BITS, FIXED_96BIT_IV_FOR_SINGLE_USE_KEY);
        GCMModeCipher newInstance = GCMBlockCipher.newInstance(AESEngine.newInstance());
        newInstance.init(z, aEADParameters);
        return AeadCipher.of(newInstance);
    }

    private static AeadCipher makeChaCha20Poly1305Cipher(SecretSharedKey secretSharedKey, boolean z) {
        AEADParameters aEADParameters = new AEADParameters(new KeyParameter(HKDF.unsaltedExtractedFrom(secretSharedKey.secretKey().getEncoded()).expand(32, CHACHA20_POLY1305_KDF_CONTEXT)), TokenFingerprint.FINGERPRINT_BITS, FIXED_96BIT_IV_FOR_SINGLE_USE_KEY);
        ChaCha20Poly1305 chaCha20Poly1305 = new ChaCha20Poly1305();
        chaCha20Poly1305.init(z, aEADParameters);
        return AeadCipher.of(new ChaCha20Poly1305AeadBlockCipherAdapter(chaCha20Poly1305));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AeadCipher makeAesGcmEncryptionCipher(SecretSharedKey secretSharedKey) {
        return makeAesGcmCipher(secretSharedKey, true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AeadCipher makeAesGcmDecryptionCipher(SecretSharedKey secretSharedKey) {
        return makeAesGcmCipher(secretSharedKey, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AeadCipher makeChaCha20Poly1305EncryptionCipher(SecretSharedKey secretSharedKey) {
        return makeChaCha20Poly1305Cipher(secretSharedKey, true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AeadCipher makeChaCha20Poly1305DecryptionCipher(SecretSharedKey secretSharedKey) {
        return makeChaCha20Poly1305Cipher(secretSharedKey, false);
    }
}
