package org.ethereum.net.rlpx;

import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import java.io.IOException;
import java.security.SecureRandom;
import javax.annotation.Nullable;
import org.ethereum.crypto.ECIESCoder;
import org.ethereum.crypto.ECKey;
import org.ethereum.crypto.HashUtil;
import org.ethereum.util.ByteUtil;
import org.ethereum.vm.GasCost;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.crypto.digests.KeccakDigest;
import org.spongycastle.math.ec.ECPoint;

/* loaded from: input_file:org/ethereum/net/rlpx/EncryptionHandshake.class */
public class EncryptionHandshake {
    public static final int NONCE_SIZE = 32;
    public static final int MAC_SIZE = 256;
    public static final int SECRET_SIZE = 32;
    private SecureRandom random;
    private boolean isInitiator;
    private ECKey ephemeralKey;
    private ECPoint remotePublicKey;
    private ECPoint remoteEphemeralKey;
    private byte[] initiatorNonce;
    private byte[] responderNonce;
    private Secrets secrets;

    /* loaded from: input_file:org/ethereum/net/rlpx/EncryptionHandshake$Secrets.class */
    public static class Secrets {
        byte[] aes;
        byte[] mac;
        byte[] token;
        KeccakDigest egressMac;
        KeccakDigest ingressMac;

        public byte[] getAes() {
            return this.aes;
        }

        public byte[] getMac() {
            return this.mac;
        }

        public byte[] getToken() {
            return this.token;
        }

        public KeccakDigest getIngressMac() {
            return this.ingressMac;
        }

        public KeccakDigest getEgressMac() {
            return this.egressMac;
        }
    }

    public EncryptionHandshake(ECPoint eCPoint) {
        this.random = new SecureRandom();
        this.remotePublicKey = eCPoint;
        this.ephemeralKey = new ECKey(this.random);
        this.initiatorNonce = new byte[32];
        this.random.nextBytes(this.initiatorNonce);
        this.isInitiator = true;
    }

    EncryptionHandshake(ECPoint eCPoint, ECKey eCKey, byte[] bArr, byte[] bArr2, boolean z) {
        this.random = new SecureRandom();
        this.remotePublicKey = eCPoint;
        this.ephemeralKey = eCKey;
        this.initiatorNonce = bArr;
        this.responderNonce = bArr2;
        this.isInitiator = z;
    }

    public EncryptionHandshake() {
        this.random = new SecureRandom();
        this.ephemeralKey = new ECKey(this.random);
        this.responderNonce = new byte[32];
        this.random.nextBytes(this.responderNonce);
        this.isInitiator = false;
    }

    public AuthInitiateMessageV4 createAuthInitiateV4(ECKey eCKey) {
        AuthInitiateMessageV4 authInitiateMessageV4 = new AuthInitiateMessageV4();
        authInitiateMessageV4.signature = this.ephemeralKey.sign(xor(ByteUtil.bigIntegerToBytes(eCKey.keyAgreement(this.remotePublicKey), 32), this.initiatorNonce));
        authInitiateMessageV4.publicKey = eCKey.getPubKeyPoint();
        authInitiateMessageV4.nonce = this.initiatorNonce;
        return authInitiateMessageV4;
    }

    public byte[] encryptAuthInitiateV4(AuthInitiateMessageV4 authInitiateMessageV4) {
        return encryptAuthEIP8(padEip8(authInitiateMessageV4.encode()));
    }

    public AuthInitiateMessageV4 decryptAuthInitiateV4(byte[] bArr, ECKey eCKey) throws InvalidCipherTextException {
        try {
            byte[] bArr2 = new byte[2];
            System.arraycopy(bArr, 0, bArr2, 0, 2);
            int bigEndianToShort = ByteUtil.bigEndianToShort(bArr2, 0);
            byte[] bArr3 = new byte[bigEndianToShort];
            System.arraycopy(bArr, 2, bArr3, 0, bigEndianToShort);
            return AuthInitiateMessageV4.decode(ECIESCoder.decrypt(eCKey.getPrivKey(), bArr3, bArr2));
        } catch (IOException e) {
            throw Throwables.propagate(e);
        } catch (InvalidCipherTextException e2) {
            throw e2;
        }
    }

    public byte[] encryptAuthResponseV4(AuthResponseMessageV4 authResponseMessageV4) {
        return encryptAuthEIP8(padEip8(authResponseMessageV4.encode()));
    }

    public AuthResponseMessageV4 decryptAuthResponseV4(byte[] bArr, ECKey eCKey) {
        try {
            byte[] bArr2 = new byte[2];
            System.arraycopy(bArr, 0, bArr2, 0, 2);
            int bigEndianToShort = ByteUtil.bigEndianToShort(bArr2, 0);
            byte[] bArr3 = new byte[bigEndianToShort];
            System.arraycopy(bArr, 2, bArr3, 0, bigEndianToShort);
            return AuthResponseMessageV4.decode(ECIESCoder.decrypt(eCKey.getPrivKey(), bArr3, bArr2));
        } catch (IOException | InvalidCipherTextException e) {
            throw Throwables.propagate(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthResponseMessageV4 makeAuthInitiateV4(AuthInitiateMessageV4 authInitiateMessageV4, ECKey eCKey) {
        this.initiatorNonce = authInitiateMessageV4.nonce;
        this.remotePublicKey = authInitiateMessageV4.publicKey;
        ECKey recoverFromSignature = ECKey.recoverFromSignature(recIdFromSignatureV(authInitiateMessageV4.signature.v), authInitiateMessageV4.signature, xor(ByteUtil.bigIntegerToBytes(eCKey.keyAgreement(this.remotePublicKey), 32), this.initiatorNonce));
        if (recoverFromSignature == null) {
            throw new RuntimeException("failed to recover signatue from message");
        }
        this.remoteEphemeralKey = recoverFromSignature.getPubKeyPoint();
        AuthResponseMessageV4 authResponseMessageV4 = new AuthResponseMessageV4();
        authResponseMessageV4.ephemeralPublicKey = this.ephemeralKey.getPubKeyPoint();
        authResponseMessageV4.nonce = this.responderNonce;
        return authResponseMessageV4;
    }

    public AuthResponseMessageV4 handleAuthResponseV4(ECKey eCKey, byte[] bArr, byte[] bArr2) {
        AuthResponseMessageV4 decryptAuthResponseV4 = decryptAuthResponseV4(bArr2, eCKey);
        this.remoteEphemeralKey = decryptAuthResponseV4.ephemeralPublicKey;
        this.responderNonce = decryptAuthResponseV4.nonce;
        agreeSecret(bArr, bArr2);
        return decryptAuthResponseV4;
    }

    byte[] encryptAuthEIP8(byte[] bArr) {
        byte[] shortToBytes = ByteUtil.shortToBytes((short) (bArr.length + ECIESCoder.getOverhead()));
        byte[] encrypt = ECIESCoder.encrypt(this.remotePublicKey, bArr, shortToBytes);
        byte[] bArr2 = new byte[shortToBytes.length + encrypt.length];
        System.arraycopy(shortToBytes, 0, bArr2, 0, shortToBytes.length);
        System.arraycopy(encrypt, 0, bArr2, 0 + shortToBytes.length, encrypt.length);
        return bArr2;
    }

    public AuthInitiateMessage createAuthInitiate(@Nullable byte[] bArr, ECKey eCKey) {
        boolean z;
        AuthInitiateMessage authInitiateMessage = new AuthInitiateMessage();
        if (bArr == null) {
            z = false;
            bArr = ByteUtil.bigIntegerToBytes(eCKey.keyAgreement(this.remotePublicKey), 32);
        } else {
            z = true;
        }
        authInitiateMessage.signature = this.ephemeralKey.sign(xor(bArr, this.initiatorNonce));
        authInitiateMessage.isTokenUsed = z;
        authInitiateMessage.ephemeralPublicHash = HashUtil.sha3(this.ephemeralKey.getPubKey(), 1, 64);
        authInitiateMessage.publicKey = eCKey.getPubKeyPoint();
        authInitiateMessage.nonce = this.initiatorNonce;
        return authInitiateMessage;
    }

    private static byte[] xor(byte[] bArr, byte[] bArr2) {
        Preconditions.checkArgument(bArr.length == bArr2.length);
        byte[] bArr3 = new byte[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            bArr3[i] = (byte) (bArr[i] ^ bArr2[i]);
        }
        return bArr3;
    }

    public byte[] encryptAuthMessage(AuthInitiateMessage authInitiateMessage) {
        return ECIESCoder.encrypt(this.remotePublicKey, authInitiateMessage.encode());
    }

    public byte[] encryptAuthResponse(AuthResponseMessage authResponseMessage) {
        return ECIESCoder.encrypt(this.remotePublicKey, authResponseMessage.encode());
    }

    public AuthResponseMessage decryptAuthResponse(byte[] bArr, ECKey eCKey) {
        try {
            return AuthResponseMessage.decode(ECIESCoder.decrypt(eCKey.getPrivKey(), bArr));
        } catch (IOException | InvalidCipherTextException e) {
            throw Throwables.propagate(e);
        }
    }

    public AuthInitiateMessage decryptAuthInitiate(byte[] bArr, ECKey eCKey) throws InvalidCipherTextException {
        try {
            return AuthInitiateMessage.decode(ECIESCoder.decrypt(eCKey.getPrivKey(), bArr));
        } catch (IOException e) {
            throw Throwables.propagate(e);
        } catch (InvalidCipherTextException e2) {
            throw e2;
        }
    }

    public AuthResponseMessage handleAuthResponse(ECKey eCKey, byte[] bArr, byte[] bArr2) {
        AuthResponseMessage decryptAuthResponse = decryptAuthResponse(bArr2, eCKey);
        this.remoteEphemeralKey = decryptAuthResponse.ephemeralPublicKey;
        this.responderNonce = decryptAuthResponse.nonce;
        agreeSecret(bArr, bArr2);
        return decryptAuthResponse;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void agreeSecret(byte[] bArr, byte[] bArr2) {
        byte[] bigIntegerToBytes = ByteUtil.bigIntegerToBytes(this.ephemeralKey.keyAgreement(this.remoteEphemeralKey), 32);
        byte[] sha3 = HashUtil.sha3(bigIntegerToBytes, HashUtil.sha3(this.responderNonce, this.initiatorNonce));
        byte[] sha32 = HashUtil.sha3(bigIntegerToBytes, sha3);
        this.secrets = new Secrets();
        this.secrets.aes = sha32;
        this.secrets.mac = HashUtil.sha3(bigIntegerToBytes, sha32);
        this.secrets.token = HashUtil.sha3(sha3);
        KeccakDigest keccakDigest = new KeccakDigest(256);
        keccakDigest.update(xor(this.secrets.mac, this.responderNonce), 0, this.secrets.mac.length);
        byte[] bArr3 = new byte[32];
        new KeccakDigest(keccakDigest).doFinal(bArr3, 0);
        keccakDigest.update(bArr, 0, bArr.length);
        new KeccakDigest(keccakDigest).doFinal(bArr3, 0);
        KeccakDigest keccakDigest2 = new KeccakDigest(256);
        keccakDigest2.update(xor(this.secrets.mac, this.initiatorNonce), 0, this.secrets.mac.length);
        new KeccakDigest(keccakDigest2).doFinal(bArr3, 0);
        keccakDigest2.update(bArr2, 0, bArr2.length);
        new KeccakDigest(keccakDigest2).doFinal(bArr3, 0);
        if (this.isInitiator) {
            this.secrets.egressMac = keccakDigest;
            this.secrets.ingressMac = keccakDigest2;
        } else {
            this.secrets.egressMac = keccakDigest2;
            this.secrets.ingressMac = keccakDigest;
        }
    }

    public byte[] handleAuthInitiate(byte[] bArr, ECKey eCKey) throws InvalidCipherTextException {
        byte[] encryptAuthResponse = encryptAuthResponse(makeAuthInitiate(bArr, eCKey));
        agreeSecret(bArr, encryptAuthResponse);
        return encryptAuthResponse;
    }

    AuthResponseMessage makeAuthInitiate(byte[] bArr, ECKey eCKey) throws InvalidCipherTextException {
        return makeAuthInitiate(decryptAuthInitiate(bArr, eCKey), eCKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthResponseMessage makeAuthInitiate(AuthInitiateMessage authInitiateMessage, ECKey eCKey) {
        this.initiatorNonce = authInitiateMessage.nonce;
        this.remotePublicKey = authInitiateMessage.publicKey;
        ECKey recoverFromSignature = ECKey.recoverFromSignature(recIdFromSignatureV(authInitiateMessage.signature.v), authInitiateMessage.signature, xor(ByteUtil.bigIntegerToBytes(eCKey.keyAgreement(this.remotePublicKey), 32), this.initiatorNonce));
        if (recoverFromSignature == null) {
            throw new RuntimeException("failed to recover signatue from message");
        }
        this.remoteEphemeralKey = recoverFromSignature.getPubKeyPoint();
        AuthResponseMessage authResponseMessage = new AuthResponseMessage();
        authResponseMessage.isTokenUsed = authInitiateMessage.isTokenUsed;
        authResponseMessage.ephemeralPublicKey = this.ephemeralKey.getPubKeyPoint();
        authResponseMessage.nonce = this.responderNonce;
        return authResponseMessage;
    }

    private byte[] padEip8(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length + this.random.nextInt(GasCost.CREATE_DATA) + 100];
        this.random.nextBytes(bArr2);
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        return bArr2;
    }

    public static byte recIdFromSignatureV(int i) {
        if (i >= 31) {
            i -= 4;
        }
        return (byte) (i - 27);
    }

    public Secrets getSecrets() {
        return this.secrets;
    }

    public ECPoint getRemotePublicKey() {
        return this.remotePublicKey;
    }

    public boolean isInitiator() {
        return this.isInitiator;
    }
}
