package org.opendof.core.internal.protocol.security.credentials.key;

import java.util.Arrays;
import org.opendof.core.internal.protocol.security.AuthenticationException;
import org.opendof.core.internal.protocol.security.EncryptionUtil;
import org.opendof.core.internal.protocol.security.credentials.AuthenticatorCredentialStorage;
import org.opendof.core.internal.protocol.security.credentials.ResolutionRequest;
import org.opendof.core.internal.protocol.security.credentials.ResolutionResponse;
import org.opendof.core.oal.DOFObjectID;
import org.opendof.core.oal.security.DOFSecurityException;

/* loaded from: input_file:org/opendof/core/internal/protocol/security/credentials/key/SharedKeyStorage.class */
public final class SharedKeyStorage implements AuthenticatorCredentialStorage {
    private final DOFObjectID.Authentication identity;
    private final byte[] validA;
    private DOFObjectID.Domain domainID = null;
    private byte[] validB = null;

    public SharedKeyStorage(DOFObjectID.Authentication authentication, byte[] bArr) {
        this.identity = authentication;
        this.validA = new byte[bArr.length];
        System.arraycopy(bArr, 0, this.validA, 0, bArr.length);
    }

    @Override // org.opendof.core.oal.DOFAuthenticator.CredentialStorage
    public short getType() {
        return (short) 1;
    }

    @Override // org.opendof.core.oal.DOFAuthenticator.CredentialStorage
    public DOFObjectID.Authentication getIdentity() {
        return this.identity;
    }

    @Override // org.opendof.core.oal.DOFAuthenticator.CredentialStorage
    public byte[] getStorageKey() {
        return this.identity.getBytes();
    }

    @Override // org.opendof.core.oal.DOFAuthenticator.CredentialStorage
    public void setPrivateStorage(DOFObjectID.Domain domain, DOFObjectID.Authentication authentication, byte[] bArr) throws DOFSecurityException {
        if (bArr == null || bArr.length != 32) {
            throw new IllegalArgumentException("key == null || key.length != 32");
        }
        if (authentication != null && !this.identity.equals(authentication)) {
            throw new IllegalArgumentException("identity does not match");
        }
        this.domainID = domain;
        byte[] bArr2 = new byte[8];
        System.arraycopy(this.validA, 0, bArr2, 0, bArr2.length);
        if (!Arrays.equals(SharedKeyAlgorithm.computeValidA(bArr, bArr2), this.validA)) {
            throw new AuthenticationException(AuthenticationException.ACCESS_DENIED, "SharedKey: Failure validating shared key");
        }
        this.validB = SharedKeyAlgorithm.computeValidB(bArr, bArr2, EncryptionUtil.createRandomNonce(8), domain);
    }

    @Override // org.opendof.core.internal.protocol.security.credentials.AuthenticatorCredentialStorage
    public ResolutionResponse getResponse() throws DOFSecurityException {
        if (this.validB == null) {
            throw new AuthenticationException(AuthenticationException.ACCESS_DENIED, "Key not resolved");
        }
        return new SharedKeyResolutionResponse(this.domainID, this.validB);
    }

    @Override // org.opendof.core.internal.protocol.security.credentials.AuthenticatorCredentialStorage
    public DOFObjectID.Domain getDomainID() throws DOFSecurityException {
        if (this.domainID == null) {
            throw new AuthenticationException(AuthenticationException.ACCESS_DENIED, "Key not resolved");
        }
        return this.domainID;
    }

    @Override // org.opendof.core.internal.protocol.security.credentials.AuthenticatorCredentialStorage
    public void update(ResolutionRequest resolutionRequest) throws DOFSecurityException {
        throw new DOFSecurityException("Key is 1 stage and cannot be updated.");
    }

    @Override // org.opendof.core.internal.protocol.security.credentials.AuthenticatorCredentialStorage
    public byte[] getSharedSecret(byte[] bArr) throws DOFSecurityException {
        if (bArr == null) {
            throw new IllegalArgumentException("privateStorage == null");
        }
        if (bArr.length != 32) {
            throw new DOFSecurityException("SharedKeyStorage: Private storage invalid.");
        }
        return bArr;
    }
}
