package org.freedesktop.secret;

import at.favre.lib.crypto.HKDF;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.DestroyFailedException;
import org.freedesktop.dbus.ObjectPath;
import org.freedesktop.dbus.connections.impl.DBusConnection;
import org.freedesktop.dbus.connections.impl.DBusConnectionBuilder;
import org.freedesktop.dbus.exceptions.DBusException;
import org.freedesktop.dbus.types.Variant;
import org.freedesktop.secret.Static;

/* loaded from: input_file:org/freedesktop/secret/TransportEncryption.class */
public class TransportEncryption implements AutoCloseable {
    public static final int PRIVATE_VALUE_BITS = 1024;
    public static final int AES_BITS = 128;
    private Service service;
    private DHParameterSpec dhParameters;
    private KeyPair keypair;
    private PublicKey publicKey;
    private PrivateKey privateKey;
    private SecretKey sessionKey;
    private byte[] yb;

    public TransportEncryption() throws DBusException {
        this.dhParameters = null;
        this.keypair = null;
        this.publicKey = null;
        this.privateKey = null;
        this.sessionKey = null;
        this.yb = null;
        this.service = new Service(DBusConnectionBuilder.forSessionBus().withShared(false).build());
    }

    public TransportEncryption(DBusConnection dBusConnection) {
        this.dhParameters = null;
        this.keypair = null;
        this.publicKey = null;
        this.privateKey = null;
        this.sessionKey = null;
        this.yb = null;
        this.service = new Service(dBusConnection);
    }

    public TransportEncryption(Service service) {
        this.dhParameters = null;
        this.keypair = null;
        this.publicKey = null;
        this.privateKey = null;
        this.sessionKey = null;
        this.yb = null;
        this.service = service;
    }

    private static BigInteger fromBinary(byte[] bArr) {
        return new BigInteger(1, bArr);
    }

    private static int toBytes(int i) {
        return i / 8;
    }

    public void initialize() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        this.dhParameters = new DHParameterSpec(fromBinary(Static.RFC_2409.SecondOakleyGroup.PRIME), fromBinary(Static.RFC_2409.SecondOakleyGroup.GENERATOR), PRIVATE_VALUE_BITS);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(Static.Algorithm.DIFFIE_HELLMAN);
        keyPairGenerator.initialize(this.dhParameters);
        this.keypair = keyPairGenerator.generateKeyPair();
        this.publicKey = this.keypair.getPublic();
        this.privateKey = this.keypair.getPrivate();
    }

    public boolean openSession() throws DBusException {
        if (this.keypair == null) {
            throw new IllegalStateException("Missing own keypair. Call initialize() first.");
        }
        Pair<Variant<byte[]>, ObjectPath> openSession = this.service.openSession(Static.Algorithm.DH_IETF1024_SHA256_AES128_CBC_PKCS7, new Variant(((DHPublicKey) this.publicKey).getY().toByteArray()));
        if (openSession == null) {
            return false;
        }
        this.yb = (byte[]) openSession.a.getValue();
        return true;
    }

    public void generateSessionKey() throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException {
        if (this.yb == null) {
            throw new IllegalStateException("Missing peer public key. Call openSession() first.");
        }
        DHPublicKey dHPublicKey = (DHPublicKey) KeyFactory.getInstance(Static.Algorithm.DIFFIE_HELLMAN).generatePublic(new DHPublicKeySpec(fromBinary(this.yb), this.dhParameters.getP(), this.dhParameters.getG()));
        KeyAgreement keyAgreement = KeyAgreement.getInstance(Static.Algorithm.DIFFIE_HELLMAN);
        keyAgreement.init(this.privateKey);
        keyAgreement.doPhase(dHPublicKey, true);
        this.sessionKey = new SecretKeySpec(HKDF.fromHmacSha256().expand(HKDF.fromHmacSha256().extract((byte[]) null, keyAgreement.generateSecret()), (byte[]) null, toBytes(AES_BITS)), Static.Algorithm.AES);
    }

    public Secret encrypt(CharSequence charSequence) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        byte[] bytes = Secret.toBytes(charSequence);
        try {
            Secret encrypt = encrypt(bytes, StandardCharsets.UTF_8);
            Secret.clear(bytes);
            return encrypt;
        } catch (Throwable th) {
            Secret.clear(bytes);
            throw th;
        }
    }

    public Secret encrypt(byte[] bArr, Charset charset) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        if (bArr == null) {
            return null;
        }
        if (this.service == null) {
            throw new IllegalStateException("Missing session. Call openSession() first.");
        }
        if (this.sessionKey == null) {
            throw new IllegalStateException("Missing session key. Call generateSessionKey() first.");
        }
        byte[] bArr2 = new byte[toBytes(AES_BITS)];
        SecureRandom.getInstance(Static.Algorithm.SHA1_PRNG).nextBytes(bArr2);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
        Cipher cipher = Cipher.getInstance(Static.Algorithm.AES_CBC_PKCS5);
        cipher.init(1, this.sessionKey, ivParameterSpec);
        return new Secret(this.service.getSession().getPath(), ivParameterSpec.getIV(), cipher.doFinal(bArr), Secret.createContentType(charset));
    }

    public char[] decrypt(Secret secret) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        if (secret == null) {
            return null;
        }
        if (this.sessionKey == null) {
            throw new IllegalStateException("Missing session key. Call generateSessionKey() first.");
        }
        IvParameterSpec ivParameterSpec = new IvParameterSpec(secret.getSecretParameters());
        Cipher cipher = Cipher.getInstance(Static.Algorithm.AES_CBC_PKCS5);
        cipher.init(2, this.sessionKey, ivParameterSpec);
        byte[] doFinal = cipher.doFinal(secret.getSecretValue());
        try {
            char[] chars = Secret.toChars(doFinal);
            Secret.clear(doFinal);
            return chars;
        } catch (Throwable th) {
            Secret.clear(doFinal);
            throw th;
        }
    }

    public Service getService() {
        return this.service;
    }

    public void clear() {
        if (this.privateKey != null) {
            try {
                this.privateKey.destroy();
            } catch (DestroyFailedException e) {
                Secret.clear(this.privateKey.getEncoded());
            }
        }
        if (this.sessionKey != null) {
            try {
                this.sessionKey.destroy();
            } catch (DestroyFailedException e2) {
                Secret.clear(this.sessionKey.getEncoded());
            }
        }
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        clear();
    }
}
