package com.tokera.ate.security;

import com.google.common.base.Charsets;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.tokera.ate.BootstrapConfig;
import com.tokera.ate.common.ImmutalizableArrayList;
import com.tokera.ate.common.LoggerHook;
import com.tokera.ate.dao.enumerations.KeyType;
import com.tokera.ate.dao.msg.MessageKeyType;
import com.tokera.ate.dao.msg.MessagePrivateKey;
import com.tokera.ate.dao.msg.MessagePublicKey;
import com.tokera.ate.delegates.AteDelegate;
import com.tokera.ate.delegates.ResourceFileDelegate;
import com.tokera.ate.dto.EffectivePermissions;
import com.tokera.ate.dto.KeysPreLoadConfig;
import com.tokera.ate.dto.PrivateKeyWithSeedDto;
import com.tokera.ate.dto.msg.MessageKeyPartDto;
import com.tokera.ate.dto.msg.MessagePrivateKeyDto;
import com.tokera.ate.dto.msg.MessagePublicKeyDto;
import com.tokera.ate.dto.msg.MessageSecurityCastleDto;
import com.tokera.ate.enumerations.LinuxCmds;
import com.tokera.ate.enumerations.PrivateKeyType;
import com.tokera.ate.exceptions.KeyGenerationException;
import com.tokera.ate.io.api.IAteIO;
import com.tokera.ate.io.api.IPartitionKey;
import com.tokera.ate.providers.PartitionKeySerializer;
import com.tokera.ate.qualifiers.BackendStorageSystem;
import com.tokera.ate.scopes.Startup;
import com.tokera.ate.security.core.IRandomFactory;
import com.tokera.ate.security.core.PredictablyRandomFactory;
import com.tokera.ate.security.core.RainbowKeySerializer;
import com.tokera.ate.security.core.SecureRandomFactory;
import com.tokera.ate.security.core.XmssKeySerializer;
import com.tokera.ate.security.core.ntru_predictable.EncryptionKeyPairGenerator;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.lang.annotation.Annotation;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.PostConstruct;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.spi.CDI;
import javax.enterprise.util.AnnotationLiteral;
import javax.inject.Inject;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.time.StopWatch;
import org.apache.kafka.common.utils.Utils;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.KeyGenerationParameters;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.pqc.crypto.ExchangePair;
import org.bouncycastle.pqc.crypto.newhope.NHAgreement;
import org.bouncycastle.pqc.crypto.newhope.NHExchangePairGenerator;
import org.bouncycastle.pqc.crypto.newhope.NHKeyPairGenerator;
import org.bouncycastle.pqc.crypto.newhope.NHPrivateKeyParameters;
import org.bouncycastle.pqc.crypto.newhope.NHPublicKeyParameters;
import org.bouncycastle.pqc.crypto.ntru.NTRUEncryptionKeyGenerationParameters;
import org.bouncycastle.pqc.crypto.ntru.NTRUEncryptionPrivateKeyParameters;
import org.bouncycastle.pqc.crypto.ntru.NTRUEncryptionPublicKeyParameters;
import org.bouncycastle.pqc.crypto.ntru.NTRUEngine;
import org.bouncycastle.pqc.crypto.ntru.NTRUSigningPrivateKeyParameters;
import org.bouncycastle.pqc.crypto.ntru.NTRUSigningPublicKeyParameters;
import org.bouncycastle.pqc.crypto.qtesla.QTESLAKeyGenerationParameters;
import org.bouncycastle.pqc.crypto.qtesla.QTESLAKeyPairGenerator;
import org.bouncycastle.pqc.crypto.qtesla.QTESLAPrivateKeyParameters;
import org.bouncycastle.pqc.crypto.qtesla.QTESLAPublicKeyParameters;
import org.bouncycastle.pqc.crypto.qtesla.QTESLASigner;
import org.bouncycastle.pqc.crypto.rainbow.RainbowKeyGenerationParameters;
import org.bouncycastle.pqc.crypto.rainbow.RainbowKeyPairGenerator;
import org.bouncycastle.pqc.crypto.rainbow.RainbowParameters;
import org.bouncycastle.pqc.crypto.rainbow.RainbowPrivateKeyParameters;
import org.bouncycastle.pqc.crypto.rainbow.RainbowPublicKeyParameters;
import org.bouncycastle.pqc.crypto.rainbow.RainbowSigner;
import org.bouncycastle.pqc.crypto.xmss.XMSSMTKeyGenerationParameters;
import org.bouncycastle.pqc.crypto.xmss.XMSSMTKeyPairGenerator;
import org.bouncycastle.pqc.crypto.xmss.XMSSMTParameters;
import org.bouncycastle.pqc.crypto.xmss.XMSSMTPrivateKeyParameters;
import org.bouncycastle.pqc.crypto.xmss.XMSSMTPublicKeyParameters;
import org.bouncycastle.pqc.crypto.xmss.XMSSMTSigner;

@ApplicationScoped
@Startup
/* loaded from: input_file:com/tokera/ate/security/Encryptor.class */
public class Encryptor implements Runnable {

    @Inject
    private LoggerHook LOG;

    @Inject
    private BootstrapConfig config;
    private static Encryptor g_Instance;
    private static MessageDigest g_sha256digest;
    private static MessageDigest g_md5digest;
    private MessageDigest sha256digest;
    private MessageDigest md5digest;
    public static final int GCM_NONCE_LENGTH = 12;
    public static final int AES_KEY_SIZE = 128;
    public static final int AES_KEY_SIZE_BYTES = 16;
    public static final int GCM_TAG_LENGTH = 16;
    public static final int retryAttempts = 10;
    private PrivateKeyWithSeedDto trustOfPublicRead;
    private PrivateKeyWithSeedDto trustOfPublicWrite;
    private static Cache<String, MessagePrivateKeyDto> seededKeyCache = CacheBuilder.newBuilder().maximumSize(10000).expireAfterWrite(60, TimeUnit.MINUTES).build();
    AteDelegate d = AteDelegate.get();
    private final SecureRandom srandom = new SecureRandom();
    private final ArrayList<Thread> threads = new ArrayList<>();
    private int c_KeyPreGenThreads = 6;
    private int c_KeyPreGenDelay = 60;
    private int c_KeyPreGen64 = 80;
    private int c_KeyPreGen128 = 80;
    private int c_KeyPreGen256 = 20;
    private int c_AesPreGen128 = 800;
    private int c_AesPreGen256 = 200;
    private int c_AesPreGen512 = 100;
    private final ConcurrentLinkedQueue<MessagePrivateKeyDto> genSign64Queue = new ConcurrentLinkedQueue<>();
    private final ConcurrentLinkedQueue<MessagePrivateKeyDto> genSign128Queue = new ConcurrentLinkedQueue<>();
    private final ConcurrentLinkedQueue<MessagePrivateKeyDto> genSign256Queue = new ConcurrentLinkedQueue<>();
    private final ConcurrentLinkedQueue<PrivateKeyWithSeedDto> genSignAndSeed64Queue = new ConcurrentLinkedQueue<>();
    private final ConcurrentLinkedQueue<PrivateKeyWithSeedDto> genSignAndSeed128Queue = new ConcurrentLinkedQueue<>();
    private final ConcurrentLinkedQueue<PrivateKeyWithSeedDto> genSignAndSeed256Queue = new ConcurrentLinkedQueue<>();
    private final ConcurrentLinkedQueue<PrivateKeyWithSeedDto> genEncryptAndSeed128Queue = new ConcurrentLinkedQueue<>();
    private final ConcurrentLinkedQueue<PrivateKeyWithSeedDto> genEncryptAndSeed256Queue = new ConcurrentLinkedQueue<>();
    private final ConcurrentLinkedQueue<MessagePrivateKeyDto> genEncrypt128Queue = new ConcurrentLinkedQueue<>();
    private final ConcurrentLinkedQueue<MessagePrivateKeyDto> genEncrypt256Queue = new ConcurrentLinkedQueue<>();
    private final ConcurrentLinkedQueue<String> genAes128Queue = new ConcurrentLinkedQueue<>();
    private final ConcurrentLinkedQueue<String> genAes256Queue = new ConcurrentLinkedQueue<>();
    private final ConcurrentLinkedQueue<String> genAes512Queue = new ConcurrentLinkedQueue<>();
    private final ConcurrentLinkedQueue<String> genSaltQueue = new ConcurrentLinkedQueue<>();
    private Set<Integer> validEncryptSizes = new HashSet(Lists.newArrayList(new Integer[]{32, 64, Integer.valueOf(AES_KEY_SIZE), 192, 256, 512}));

    /* loaded from: input_file:com/tokera/ate/security/Encryptor$KeyPairBytes.class */
    public class KeyPairBytes {
        public final byte[] privateKey;
        public final byte[] publicKey;

        public KeyPairBytes(byte[] bArr, byte[] bArr2) {
            this.privateKey = bArr;
            this.publicKey = bArr2;
        }
    }

    public Set<Integer> getValidEncryptSizes() {
        return this.validEncryptSizes;
    }

    public void setValidEncryptSizes(Set<Integer> set) {
        this.validEncryptSizes = set;
    }

    @PostConstruct
    public void init() {
        g_Instance = this;
        try {
            this.sha256digest = MessageDigest.getInstance("SHA-256");
            this.md5digest = MessageDigest.getInstance("MD5");
            Security.addProvider(new BouncyCastleProvider());
            loadPreLoadEntropyConfig();
            for (int i = 0; i < this.c_KeyPreGenThreads; i++) {
                Thread thread = new Thread(this);
                thread.setPriority(1);
                thread.setDaemon(true);
                thread.start();
                this.threads.add(thread);
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public void setBootstrapConfig(BootstrapConfig bootstrapConfig) {
        this.config = bootstrapConfig;
    }

    public void setKeyPreGenThreads(int i) {
        this.c_KeyPreGenThreads = i;
    }

    public void setKeyPreGenDelay(int i) {
        this.c_KeyPreGenDelay = i;
    }

    public void setKeyPreGen64(int i) {
        this.c_KeyPreGen64 = i;
    }

    public void setKeyPreGen128(int i) {
        this.c_KeyPreGen128 = i;
    }

    public void setKeyPreGen256(int i) {
        this.c_KeyPreGen256 = i;
    }

    public void setAesPreGen128(int i) {
        this.c_AesPreGen128 = i;
    }

    public void setAesPreGen256(int i) {
        this.c_AesPreGen256 = i;
    }

    public void setAesPreGen512(int i) {
        this.c_AesPreGen512 = i;
    }

    @Override // java.lang.Runnable
    public void run() {
        Long l = 500L;
        Long l2 = 2000L;
        synchronized (this) {
            try {
                wait(l2.longValue());
            } catch (InterruptedException e) {
                this.LOG.warn(e);
            }
        }
        StopWatch stopWatch = new StopWatch();
        stopWatch.start();
        while (true) {
            try {
                long time = (stopWatch.getTime() / 1000) - this.c_KeyPreGenDelay;
                if (time > 0) {
                    runGenerateKeys(2 + (time / 8));
                }
                synchronized (this) {
                    wait(4000L);
                }
                l = 500L;
            } catch (Throwable th) {
                try {
                    Thread.sleep(l.longValue());
                    l = Long.valueOf(l.longValue() * 2);
                    if (l.longValue() > 4000) {
                        l = 4000L;
                    }
                } catch (InterruptedException e2) {
                    this.LOG.warn(e2);
                    return;
                }
            }
        }
    }

    private static Cipher getAesCipher() {
        try {
            return Cipher.getInstance("AES");
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new RuntimeException(e);
        }
    }

    private static Cipher getAesCipherCbc() {
        try {
            return Cipher.getInstance("AES/CBC/PKCS5PADDING");
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new RuntimeException(e);
        }
    }

    private static Cipher getAesCipherGcm() {
        try {
            return Cipher.getInstance("AES/GCM/NoPadding", "SunJCE");
        } catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e) {
            throw new RuntimeException(e);
        }
    }

    private void runGenerateKeys(long j) {
        boolean z;
        int size = this.genSign64Queue.size();
        int size2 = this.genSign128Queue.size();
        int size3 = this.genSign256Queue.size();
        int size4 = this.genSignAndSeed64Queue.size();
        int size5 = this.genSignAndSeed128Queue.size();
        int size6 = this.genSignAndSeed256Queue.size();
        int size7 = this.genEncryptAndSeed128Queue.size();
        int size8 = this.genEncryptAndSeed256Queue.size();
        int size9 = this.genEncrypt128Queue.size();
        int size10 = this.genEncrypt256Queue.size();
        int size11 = this.genAes128Queue.size();
        int size12 = this.genAes256Queue.size();
        int size13 = this.genAes512Queue.size();
        int size14 = this.genSaltQueue.size();
        do {
            z = false;
            if (size < this.c_KeyPreGen64 && size < j) {
                this.genSign64Queue.add(genSignKeyNow(64, this.config.getDefaultSigningTypes()));
                size++;
                z = true;
            }
            if (size2 < this.c_KeyPreGen128 && size2 < j) {
                this.genSign128Queue.add(genSignKeyNow(AES_KEY_SIZE, this.config.getDefaultSigningTypes()));
                size2++;
                z = true;
            }
            if (size3 < this.c_KeyPreGen256 && size3 < j) {
                this.genSign256Queue.add(genSignKeyNow(256, this.config.getDefaultSigningTypes()));
                size3++;
                z = true;
            }
            if (size4 < this.c_KeyPreGen64 && size < j) {
                this.genSignAndSeed64Queue.add(genSignKeyAndSeedNow(64, this.config.getDefaultSigningTypes()));
                size4++;
                z = true;
            }
            if (size5 < this.c_KeyPreGen128 && size2 < j) {
                this.genSignAndSeed128Queue.add(genSignKeyAndSeedNow(AES_KEY_SIZE, this.config.getDefaultSigningTypes()));
                size5++;
                z = true;
            }
            if (size6 < this.c_KeyPreGen256 && size3 < j) {
                this.genSignAndSeed256Queue.add(genSignKeyAndSeedNow(256, this.config.getDefaultSigningTypes()));
                size6++;
                z = true;
            }
            if (size7 < this.c_KeyPreGen128 && size9 < j) {
                this.genEncryptAndSeed128Queue.add(genEncryptKeyAndSeedNow(AES_KEY_SIZE, this.config.getDefaultEncryptTypes()));
                size7++;
                z = true;
            }
            if (size8 < this.c_KeyPreGen256 && size10 < j) {
                this.genEncryptAndSeed256Queue.add(genEncryptKeyAndSeedNow(256, this.config.getDefaultEncryptTypes()));
                size8++;
                z = true;
            }
            if (size9 < this.c_KeyPreGen128 && size9 < j) {
                this.genEncrypt128Queue.add(genEncryptKeyNow(AES_KEY_SIZE, this.config.getDefaultEncryptTypes()));
                size9++;
                z = true;
            }
            if (size10 < this.c_KeyPreGen256 && size10 < j) {
                this.genEncrypt256Queue.add(genEncryptKeyNow(256, this.config.getDefaultEncryptTypes()));
                size10++;
                z = true;
            }
            if (size14 < this.c_AesPreGen128 && size14 < j) {
                this.genSaltQueue.add(new BigInteger(320, this.srandom).toString(16).toUpperCase());
                size14++;
                z = true;
            }
            if (size11 < this.c_AesPreGen128 && size11 < j) {
                this.genAes128Queue.add(generateSecret64Now(AES_KEY_SIZE));
                size11++;
                z = true;
            }
            if (size12 < this.c_AesPreGen256 && size12 < j) {
                this.genAes256Queue.add(generateSecret64Now(256));
                size12++;
                z = true;
            }
            if (size13 < this.c_AesPreGen512 && size13 < j) {
                this.genAes512Queue.add(generateSecret64Now(512));
                size13++;
                z = true;
            }
        } while (z);
    }

    public void touch() {
    }

    public void moreKeys() {
        synchronized (this) {
            notify();
        }
    }

    public static Encryptor getInstance() {
        return g_Instance;
    }

    public String encryptCbc(String str, String str2, String str3) {
        if (str2 == null) {
            str2 = LinuxCmds.Void;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            byte[] copyOfRange = Arrays.copyOfRange(messageDigest.digest(str2.getBytes(StandardCharsets.UTF_8)), 0, 16);
            byte[] copyOfRange2 = Arrays.copyOfRange(messageDigest.digest(str.getBytes(StandardCharsets.UTF_8)), 0, 16);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(copyOfRange);
            SecretKeySpec secretKeySpec = new SecretKeySpec(copyOfRange2, "AES");
            Cipher aesCipherCbc = getAesCipherCbc();
            aesCipherCbc.init(1, secretKeySpec, ivParameterSpec);
            return Base64.encodeBase64URLSafeString(aesCipherCbc.doFinal(str3.getBytes()));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException e) {
            throw new RuntimeException(e);
        }
    }

    public String decryptCbc(String str, String str2, String str3) {
        if (str2 == null) {
            str2 = LinuxCmds.Void;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            byte[] copyOfRange = Arrays.copyOfRange(messageDigest.digest(str2.getBytes(StandardCharsets.UTF_8)), 0, 16);
            byte[] copyOfRange2 = Arrays.copyOfRange(messageDigest.digest(str.getBytes(StandardCharsets.UTF_8)), 0, 16);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(copyOfRange);
            SecretKeySpec secretKeySpec = new SecretKeySpec(copyOfRange2, "AES");
            Cipher aesCipherCbc = getAesCipherCbc();
            aesCipherCbc.init(2, secretKeySpec, ivParameterSpec);
            return new String(aesCipherCbc.doFinal(Base64.decodeBase64(str3)));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException e) {
            throw new RuntimeException(e);
        }
    }

    public String encryptGcm(byte[] bArr, String str, String str2) {
        return cipherGcm(bArr, str, str2, 1);
    }

    public String decryptGcm(byte[] bArr, String str, String str2) {
        return cipherGcm(bArr, str, str2, 2);
    }

    private String cipherGcm(byte[] bArr, String str, String str2, int i) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, 0, bArr.length, "AES");
            Cipher aesCipherGcm = getAesCipherGcm();
            if (str != null) {
                byte[] digest = MessageDigest.getInstance("SHA-256").digest(str.getBytes());
                if (digest.length > 12) {
                    digest = Arrays.copyOf(digest, 12);
                }
                aesCipherGcm.init(i, secretKeySpec, new GCMParameterSpec(AES_KEY_SIZE, digest));
            } else {
                aesCipherGcm.init(i, secretKeySpec);
            }
            return Base64.encodeBase64URLSafeString(aesCipherGcm.doFinal(str2.getBytes()));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException e) {
            throw new RuntimeException(e);
        }
    }

    public byte[] encryptAes(byte[] bArr, byte[] bArr2) {
        return cipherAes(bArr, ByteBuffer.wrap(bArr2), 1);
    }

    public byte[] encryptAes(byte[] bArr, ByteBuffer byteBuffer) {
        return cipherAes(bArr, byteBuffer, 1);
    }

    public byte[] decryptAes(byte[] bArr, byte[] bArr2) {
        return cipherAes(bArr, ByteBuffer.wrap(bArr2), 2);
    }

    public byte[] decryptAes(byte[] bArr, ByteBuffer byteBuffer) {
        return cipherAes(bArr, byteBuffer, 2);
    }

    private byte[] cipherAes(byte[] bArr, ByteBuffer byteBuffer, int i) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, 0, bArr.length, "AES");
            Cipher aesCipher = getAesCipher();
            aesCipher.init(i, secretKeySpec);
            byte[] bArr2 = new byte[aesCipher.getOutputSize(byteBuffer.remaining())];
            int doFinal = aesCipher.doFinal(byteBuffer, ByteBuffer.wrap(bArr2));
            if (doFinal <= 0) {
                return bArr2;
            }
            if (doFinal != bArr2.length) {
                byte[] bArr3 = new byte[doFinal];
                System.arraycopy(bArr2, 0, bArr3, 0, doFinal);
                bArr2 = bArr3;
            }
            return bArr2;
        } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException | ShortBufferException e) {
            throw new RuntimeException(e);
        }
    }

    public MessagePrivateKeyDto genSignKey() {
        MessagePrivateKeyDto genSignKey = genSignKey(this.config.getDefaultSigningStrength());
        if (this.config.isExtraValidation()) {
            this.d.validationUtil.validateOrThrow(genSignKey);
        }
        return genSignKey;
    }

    public MessagePrivateKeyDto genSignKey(int i) {
        return genSignKeyWithAlias(i, null);
    }

    public MessagePrivateKeyDto genSignKeyWithAlias(String str) {
        return genSignKeyWithAlias(this.config.getDefaultSigningStrength(), str);
    }

    public MessagePrivateKeyDto genSignKeyWithAlias(int i, String str) {
        MessagePrivateKeyDto poll;
        MessagePrivateKeyDto poll2;
        if (i == 64 && (poll2 = this.genSign64Queue.poll()) != null) {
            if (str != null) {
                poll2.setAlias(str);
            }
            return poll2;
        }
        if (i == 128) {
            MessagePrivateKeyDto poll3 = this.genSign128Queue.poll();
            moreKeys();
            if (poll3 != null) {
                if (str != null) {
                    poll3.setAlias(str);
                }
                return poll3;
            }
        }
        if (i != 256 || (poll = this.genSign256Queue.poll()) == null) {
            return genSignKeyNowWithAlias(i, this.config.getDefaultSigningTypes(), str);
        }
        if (str != null) {
            poll.setAlias(str);
        }
        return poll;
    }

    public MessagePrivateKeyDto genSignKeyNow(int i) {
        return genSignKeyNowWithAlias(i, this.config.getDefaultSigningTypes(), null);
    }

    public MessagePrivateKeyDto genSignKeyNowWithAlias(int i, String str) {
        return genSignKeyNowWithAlias(i, this.config.getDefaultSigningTypes(), str);
    }

    public MessagePrivateKeyDto genSignKeyNow(int i, Iterable<KeyType> iterable) {
        return genSignKeyNowWithAlias(i, iterable, null);
    }

    public MessagePrivateKeyDto genSignKeyNowWithAlias(int i, Iterable<KeyType> iterable, String str) {
        return genSignKeyNowWithAlias(i, iterable, 10, str);
    }

    public MessagePrivateKeyDto genSignKeyNowWithAlias(int i, Iterable<KeyType> iterable, int i2, String str) {
        KeyPairBytes genSignKeyRainbowNow;
        int i3 = 1;
        while (true) {
            try {
                LinkedList linkedList = new LinkedList();
                LinkedList linkedList2 = new LinkedList();
                for (KeyType keyType : iterable) {
                    switch (keyType) {
                        case qtesla:
                            genSignKeyRainbowNow = genSignKeyQTeslaNow(i);
                            break;
                        case xmssmt:
                            genSignKeyRainbowNow = genSignKeyXmssMtNow(i);
                            break;
                        case rainbow:
                            genSignKeyRainbowNow = genSignKeyRainbowNow(i);
                            break;
                        default:
                            throw new RuntimeException("The key type [" + keyType + "] is not supported as an asymmetric encryption key.");
                    }
                    linkedList.add(new MessageKeyPartDto(keyType, i, genSignKeyRainbowNow.publicKey));
                    linkedList2.add(new MessageKeyPartDto(keyType, i, genSignKeyRainbowNow.privateKey));
                }
                MessagePrivateKeyDto messagePrivateKeyDto = new MessagePrivateKeyDto(linkedList, linkedList2);
                if (str != null) {
                    messagePrivateKeyDto.setAlias(str);
                }
                return messagePrivateKeyDto;
            } catch (ArrayIndexOutOfBoundsException e) {
                if (i3 >= i2) {
                    throw new KeyGenerationException("Failed to generate the signing keys after " + i3 + " attempts (idempotent=false).", e);
                }
                i3++;
            }
        }
    }

    public PrivateKeyWithSeedDto genSignKeyAndSeed() {
        return genSignKeyAndSeed(this.config.getDefaultSigningStrength(), this.config.getDefaultSigningTypes(), null);
    }

    public PrivateKeyWithSeedDto genSignKeyAndSeed(int i, List<KeyType> list, String str) {
        PrivateKeyWithSeedDto poll;
        PrivateKeyWithSeedDto poll2;
        if (i == 64 && (poll2 = this.genSignAndSeed64Queue.poll()) != null) {
            if (str != null) {
                poll2.setAlias(str);
            }
            return poll2;
        }
        if (i == 128) {
            PrivateKeyWithSeedDto poll3 = this.genSignAndSeed128Queue.poll();
            moreKeys();
            if (poll3 != null) {
                if (str != null) {
                    poll3.setAlias(str);
                }
                return poll3;
            }
        }
        if (i != 256 || (poll = this.genSignAndSeed256Queue.poll()) == null) {
            return genSignKeyAndSeedNow(i, list, 10, str);
        }
        if (str != null) {
            poll.setAlias(str);
        }
        return poll;
    }

    public PrivateKeyWithSeedDto genSignKeyAndSeedNow() {
        return genSignKeyAndSeedNow(this.config.getDefaultSigningStrength(), this.config.getDefaultSigningTypes(), 10, null);
    }

    public PrivateKeyWithSeedDto genSignKeyAndSeedNow(String str) {
        return genSignKeyAndSeedNow(this.config.getDefaultSigningStrength(), this.config.getDefaultSigningTypes(), 10, str);
    }

    public PrivateKeyWithSeedDto genSignKeyAndSeedNow(int i, int i2, String str) {
        return genSignKeyAndSeedNow(i, this.config.getDefaultSigningTypes(), i2, str);
    }

    public PrivateKeyWithSeedDto genSignKeyAndSeedNow(List<KeyType> list, String str) {
        return genSignKeyAndSeedNow(this.config.getDefaultSigningStrength(), list, 10, str);
    }

    public PrivateKeyWithSeedDto genSignKeyAndSeedNow(int i, List<KeyType> list) {
        return genSignKeyAndSeedNow(i, list, 10, null);
    }

    public PrivateKeyWithSeedDto genSignKeyAndSeedNow(int i, List<KeyType> list, int i2, String str) {
        int i3 = 1;
        while (true) {
            try {
                PrivateKeyWithSeedDto privateKeyWithSeedDto = new PrivateKeyWithSeedDto(PrivateKeyType.write, generateSecret64(i), i, list, (String) null, str);
                genSignKeyFromSeed(privateKeyWithSeedDto.keySize(), privateKeyWithSeedDto.algs(), privateKeyWithSeedDto.seed());
                return privateKeyWithSeedDto;
            } catch (KeyGenerationException e) {
                if (i3 >= i2) {
                    throw new KeyGenerationException("Failed to signing keys with random seeds after " + i3 + " attempts -" + e.getMessage() + ".", e);
                }
                i3++;
            }
        }
    }

    public PrivateKeyWithSeedDto genEncryptKeyAndSeed() {
        return genEncryptKeyAndSeed(this.config.getDefaultEncryptionStrength(), this.config.getDefaultEncryptTypes(), null);
    }

    public PrivateKeyWithSeedDto genEncryptKeyAndSeed(int i, List<KeyType> list, String str) {
        PrivateKeyWithSeedDto poll;
        if (i == 128) {
            PrivateKeyWithSeedDto poll2 = this.genEncryptAndSeed128Queue.poll();
            moreKeys();
            if (poll2 != null) {
                if (str != null) {
                    poll2.setAlias(str);
                }
                return poll2;
            }
        }
        if (i != 256 || (poll = this.genEncryptAndSeed256Queue.poll()) == null) {
            return genEncryptKeyAndSeedNow(i, list, 10, str);
        }
        if (str != null) {
            poll.setAlias(str);
        }
        return poll;
    }

    public PrivateKeyWithSeedDto genEncryptKeyAndSeedNow() {
        return genEncryptKeyAndSeedNow(this.config.getDefaultEncryptionStrength(), this.config.getDefaultSigningTypes(), 10, null);
    }

    public PrivateKeyWithSeedDto genEncryptKeyAndSeedNow(String str) {
        return genEncryptKeyAndSeedNow(this.config.getDefaultEncryptionStrength(), this.config.getDefaultEncryptTypes(), 10, str);
    }

    public PrivateKeyWithSeedDto genEncryptKeyAndSeedNow(int i, int i2, String str) {
        return genEncryptKeyAndSeedNow(i, this.config.getDefaultEncryptTypes(), i2, str);
    }

    public PrivateKeyWithSeedDto genEncryptKeyAndSeedNow(List<KeyType> list, String str) {
        return genEncryptKeyAndSeedNow(this.config.getDefaultEncryptionStrength(), list, 10, str);
    }

    public PrivateKeyWithSeedDto genEncryptKeyAndSeedNow(int i, List<KeyType> list) {
        return genEncryptKeyAndSeedNow(i, list, 10, null);
    }

    public PrivateKeyWithSeedDto genEncryptKeyAndSeedNow(int i, List<KeyType> list, int i2, String str) {
        int i3 = 1;
        while (true) {
            try {
                PrivateKeyWithSeedDto privateKeyWithSeedDto = new PrivateKeyWithSeedDto(PrivateKeyType.read, generateSecret64(i), i, list, (String) null, str);
                genEncryptKeyFromSeed(privateKeyWithSeedDto.keySize(), privateKeyWithSeedDto.algs(), privateKeyWithSeedDto.seed());
                return privateKeyWithSeedDto;
            } catch (KeyGenerationException e) {
                if (i3 >= i2) {
                    throw new KeyGenerationException("Failed to generate encryption keys with random seeds after " + i3 + " attempts -" + e.getMessage() + ".", e);
                }
                i3++;
            }
        }
    }

    public MessagePrivateKeyDto genSignKeyFromSeed(String str) {
        return genSignKeyFromSeed(str, 1);
    }

    public MessagePrivateKeyDto genSignKeyFromSeed(String str, int i) {
        return genSignKeyFromSeed(this.config.getDefaultSigningStrength(), str, i);
    }

    public MessagePrivateKeyDto genSignKeyFromSeed(int i, String str) {
        return genSignKeyFromSeed(i, str, 1);
    }

    public MessagePrivateKeyDto genSignKeyFromSeed(int i, String str, int i2) {
        return genSignKeyFromSeedWithAlias(i, this.config.getDefaultSigningTypes(), str, i2, null);
    }

    public MessagePrivateKeyDto genSignKeyFromSeedWithAlias(int i, String str, String str2) {
        return genSignKeyFromSeedWithAlias(i, str, 1, str2);
    }

    public MessagePrivateKeyDto genSignKeyFromSeedWithAlias(int i, String str, int i2, String str2) {
        return genSignKeyFromSeedWithAlias(i, this.config.getDefaultSigningTypes(), str, str2);
    }

    public MessagePrivateKeyDto genSignKeyFromSeed(int i, Iterable<KeyType> iterable, String str) {
        return genSignKeyFromSeed(i, iterable, str, 1);
    }

    public MessagePrivateKeyDto genSignKeyFromSeed(int i, Iterable<KeyType> iterable, String str, int i2) {
        return genSignKeyFromSeedWithAlias(i, iterable, str, i2, null);
    }

    public MessagePrivateKeyDto genSignKeyFromSeedWithAlias(int i, Iterable<KeyType> iterable, String str, String str2) {
        return genSignKeyFromSeedWithAlias(i, iterable, str, 1, str2);
    }

    public MessagePrivateKeyDto genSignKeyFromSeedWithAlias(int i, Iterable<KeyType> iterable, String str, int i2, String str2) {
        KeyPairBytes genSignKeyRainbowNow;
        PredictablyRandomFactory predictablyRandomFactory = new PredictablyRandomFactory(str);
        LinkedList linkedList = new LinkedList();
        LinkedList linkedList2 = new LinkedList();
        int i3 = 1;
        while (true) {
            try {
                for (KeyType keyType : iterable) {
                    switch (keyType) {
                        case qtesla:
                            genSignKeyRainbowNow = genSignKeyQTeslaNow(i, predictablyRandomFactory);
                            break;
                        case xmssmt:
                            genSignKeyRainbowNow = genSignKeyXmssMtNow(i, predictablyRandomFactory);
                            break;
                        case rainbow:
                            genSignKeyRainbowNow = genSignKeyRainbowNow(i, predictablyRandomFactory);
                            break;
                        default:
                            throw new KeyGenerationException("The key type [" + keyType + "] is not supported as an asymmetric encryption key.");
                    }
                    linkedList.add(new MessageKeyPartDto(keyType, i, genSignKeyRainbowNow.publicKey));
                    linkedList2.add(new MessageKeyPartDto(keyType, i, genSignKeyRainbowNow.privateKey));
                }
                MessagePrivateKeyDto messagePrivateKeyDto = new MessagePrivateKeyDto(linkedList, linkedList2);
                if (str2 != null) {
                    messagePrivateKeyDto.setAlias(str2);
                }
                return messagePrivateKeyDto;
            } catch (ArrayIndexOutOfBoundsException e) {
                if (i3 >= i2) {
                    throw new KeyGenerationException("Failed to generate the signing keys after " + i3 + " attempts (idempotent=" + predictablyRandomFactory.idempotent() + ").", e);
                }
                if (predictablyRandomFactory.idempotent()) {
                    predictablyRandomFactory.reset();
                }
                i3++;
            }
        }
    }

    public MessagePrivateKeyDto genEncryptKey() {
        MessagePrivateKeyDto genEncryptKey = genEncryptKey(this.config.getDefaultEncryptionStrength());
        if (this.config.isExtraValidation()) {
            this.d.validationUtil.validateOrThrow(genEncryptKey);
        }
        return genEncryptKey;
    }

    public MessagePrivateKeyDto genEncryptKey(int i) {
        MessagePrivateKeyDto poll;
        if (i == 128) {
            MessagePrivateKeyDto poll2 = this.genEncrypt128Queue.poll();
            moreKeys();
            if (poll2 != null) {
                return poll2;
            }
        }
        return (i != 256 || (poll = this.genEncrypt256Queue.poll()) == null) ? genEncryptKeyNow(i, this.config.getDefaultEncryptTypes()) : poll;
    }

    public MessagePrivateKeyDto genEncryptKeyWithAlias(String str) {
        return genEncryptKeyWithAlias(this.config.getDefaultEncryptionStrength(), str);
    }

    public MessagePrivateKeyDto genEncryptKeyWithAlias(int i, String str) {
        MessagePrivateKeyDto genEncryptKey = genEncryptKey(i);
        if (str == null) {
            return genEncryptKey;
        }
        genEncryptKey.setAlias(str);
        return genEncryptKey;
    }

    public MessagePrivateKeyDto genEncryptKeyNow(int i) {
        return genEncryptKeyNowWithAlias(i, this.config.getDefaultEncryptTypes(), null);
    }

    public MessagePrivateKeyDto genEncryptKeyNowWithAlias(int i, String str) {
        return genEncryptKeyNowWithAlias(i, this.config.getDefaultEncryptTypes(), str);
    }

    public MessagePrivateKeyDto genEncryptKeyNow(int i, Iterable<KeyType> iterable) {
        return genEncryptKeyNowWithAlias(i, iterable, null);
    }

    public MessagePrivateKeyDto genEncryptKeyNowWithAlias(int i, Iterable<KeyType> iterable, String str) {
        return genEncryptKeyNowWithAlias(i, iterable, 10, str);
    }

    public MessagePrivateKeyDto genEncryptKeyNowWithAlias(int i, Iterable<KeyType> iterable, int i2, String str) {
        KeyPairBytes genEncryptKeyNewHopeNow;
        if (Iterables.size(iterable) <= 0) {
            throw new RuntimeException("Generated encryption key must have at least one key type.");
        }
        int i3 = 1;
        while (true) {
            try {
                LinkedList linkedList = new LinkedList();
                LinkedList linkedList2 = new LinkedList();
                for (KeyType keyType : iterable) {
                    switch (AnonymousClass2.$SwitchMap$com$tokera$ate$dao$enumerations$KeyType[keyType.ordinal()]) {
                        case 4:
                            genEncryptKeyNewHopeNow = genEncryptKeyNtruNow(i);
                            break;
                        case MessageKeyType.xmss /* 5 */:
                            genEncryptKeyNewHopeNow = genEncryptKeyNewHopeNow(i);
                            break;
                        default:
                            throw new RuntimeException("The key type [" + keyType + "] is not supported as an asymmetric encryption key.");
                    }
                    linkedList.add(new MessageKeyPartDto(keyType, i, genEncryptKeyNewHopeNow.publicKey));
                    linkedList2.add(new MessageKeyPartDto(keyType, i, genEncryptKeyNewHopeNow.privateKey));
                }
                MessagePrivateKeyDto messagePrivateKeyDto = new MessagePrivateKeyDto(linkedList, linkedList2);
                if (str != null) {
                    messagePrivateKeyDto.setAlias(str);
                }
                return messagePrivateKeyDto;
            } catch (ArrayIndexOutOfBoundsException e) {
                if (i3 >= i2) {
                    throw new KeyGenerationException("Failed to generate the encryption keys after " + i3 + " attempts (idempotent=false).", e);
                }
                i3++;
            }
        }
    }

    public MessagePrivateKeyDto genEncryptKeyFromSeed(int i, String str) {
        return genEncryptKeyFromSeedWithAlias(i, this.config.getDefaultEncryptTypes(), str, null);
    }

    public MessagePrivateKeyDto genEncryptKeyFromSeed(String str) {
        return genEncryptKeyFromSeedWithAlias(this.config.getDefaultEncryptionStrength(), this.config.getDefaultEncryptTypes(), str, null);
    }

    public MessagePrivateKeyDto genEncryptKeyFromSeedWithAlias(String str, String str2) {
        return genEncryptKeyFromSeedWithAlias(this.config.getDefaultEncryptionStrength(), this.config.getDefaultEncryptTypes(), str, str2);
    }

    public MessagePrivateKeyDto genEncryptKeyFromSeedWithAlias(int i, String str, String str2) {
        return genEncryptKeyFromSeedWithAlias(i, this.config.getDefaultEncryptTypes(), str, str2);
    }

    public MessagePrivateKeyDto genEncryptKeyFromSeed(int i, Iterable<KeyType> iterable, String str) {
        return genEncryptKeyFromSeedWithAlias(i, iterable, str, null);
    }

    public MessagePrivateKeyDto genEncryptKeyFromSeedWithAlias(int i, Iterable<KeyType> iterable, String str, String str2) {
        return genEncryptKeyFromSeedWithAlias(i, iterable, str, 1, str2);
    }

    public MessagePrivateKeyDto genEncryptKeyFromSeedWithAlias(int i, Iterable<KeyType> iterable, String str, int i2, String str2) {
        KeyPairBytes genEncryptKeyNewHopeNow;
        PredictablyRandomFactory predictablyRandomFactory = new PredictablyRandomFactory(str);
        if (Iterables.size(iterable) <= 0) {
            throw new RuntimeException("Generated encryption key must have at least one key type.");
        }
        int i3 = 1;
        while (true) {
            try {
                LinkedList linkedList = new LinkedList();
                LinkedList linkedList2 = new LinkedList();
                for (KeyType keyType : iterable) {
                    switch (AnonymousClass2.$SwitchMap$com$tokera$ate$dao$enumerations$KeyType[keyType.ordinal()]) {
                        case 4:
                            genEncryptKeyNewHopeNow = genEncryptKeyNtruNow(i, predictablyRandomFactory);
                            break;
                        case MessageKeyType.xmss /* 5 */:
                            genEncryptKeyNewHopeNow = genEncryptKeyNewHopeNow(i, predictablyRandomFactory);
                            break;
                        default:
                            throw new RuntimeException("The key type [" + keyType + "] is not supported as an asymmetric encryption key.");
                    }
                    linkedList.add(new MessageKeyPartDto(keyType, i, genEncryptKeyNewHopeNow.publicKey));
                    linkedList2.add(new MessageKeyPartDto(keyType, i, genEncryptKeyNewHopeNow.privateKey));
                }
                MessagePrivateKeyDto messagePrivateKeyDto = new MessagePrivateKeyDto(linkedList, linkedList2);
                if (str2 != null) {
                    messagePrivateKeyDto.setAlias(str2);
                }
                return messagePrivateKeyDto;
            } catch (ArrayIndexOutOfBoundsException e) {
                if (i3 >= i2) {
                    throw new KeyGenerationException("Failed to generate the encryption keys after " + i3 + " attempts (idempotent=" + predictablyRandomFactory.idempotent() + ").", e);
                }
                if (predictablyRandomFactory.idempotent()) {
                    predictablyRandomFactory.reset();
                }
                i3++;
            }
        }
    }

    public KeyPairBytes genEncryptKeyNtruFromSeed(int i, String str) {
        return genEncryptKeyNtruNow(i, new PredictablyRandomFactory(str));
    }

    public KeyPairBytes genEncryptKeyNtruNow(int i) {
        return genEncryptKeyNtruNow(i, new SecureRandomFactory(this.srandom));
    }

    private NTRUEncryptionKeyGenerationParameters getNtruEncryptParamtersForKeySize(int i) {
        NTRUEncryptionKeyGenerationParameters nTRUEncryptionKeyGenerationParameters;
        SHA512Digest sHA256Digest;
        switch (i) {
            case AES_KEY_SIZE /* 128 */:
                nTRUEncryptionKeyGenerationParameters = NTRUEncryptionKeyGenerationParameters.APR2011_439;
                break;
            case 192:
                nTRUEncryptionKeyGenerationParameters = NTRUEncryptionKeyGenerationParameters.APR2011_743_FAST;
                break;
            case 256:
            case 512:
                nTRUEncryptionKeyGenerationParameters = NTRUEncryptionKeyGenerationParameters.APR2011_743;
                break;
            default:
                throw new RuntimeException("Unknown NTRU key size(" + i + ")");
        }
        int i2 = nTRUEncryptionKeyGenerationParameters.N;
        int i3 = nTRUEncryptionKeyGenerationParameters.q;
        int i4 = nTRUEncryptionKeyGenerationParameters.df;
        int i5 = nTRUEncryptionKeyGenerationParameters.dm0;
        int i6 = nTRUEncryptionKeyGenerationParameters.db;
        int i7 = nTRUEncryptionKeyGenerationParameters.c;
        int i8 = nTRUEncryptionKeyGenerationParameters.minCallsR;
        int i9 = nTRUEncryptionKeyGenerationParameters.minCallsMask;
        boolean z = nTRUEncryptionKeyGenerationParameters.hashSeed;
        byte[] bArr = nTRUEncryptionKeyGenerationParameters.oid;
        boolean z2 = nTRUEncryptionKeyGenerationParameters.sparse;
        boolean z3 = nTRUEncryptionKeyGenerationParameters.fastFp;
        String algorithmName = nTRUEncryptionKeyGenerationParameters.hashAlg.getAlgorithmName();
        if ("SHA-512".equals(algorithmName)) {
            sHA256Digest = new SHA512Digest();
        } else {
            if (!"SHA-256".equals(algorithmName)) {
                throw new RuntimeException("Unknown digest size");
            }
            sHA256Digest = new SHA256Digest();
        }
        return new NTRUEncryptionKeyGenerationParameters(i2, i3, i4, i5, i6, i7, i8, i9, z, bArr, z2, z3, sHA256Digest);
    }

    public KeyPairBytes genEncryptKeyNtruNow(int i, IRandomFactory iRandomFactory) {
        for (int i2 = 0; i2 < 8; i2++) {
            EncryptionKeyPairGenerator encryptionKeyPairGenerator = new EncryptionKeyPairGenerator();
            encryptionKeyPairGenerator.init(getNtruEncryptParamtersForKeySize(i));
            AsymmetricCipherKeyPair generateKeyPair = encryptionKeyPairGenerator.generateKeyPair(iRandomFactory);
            if (testNtruKey(generateKeyPair, i)) {
                return extractKey(generateKeyPair);
            }
        }
        throw new RuntimeException("Failed to generate encryption key");
    }

    public byte[] encryptNtruWithPublic(byte[] bArr, byte[] bArr2, int i) {
        try {
            NTRUEncryptionPublicKeyParameters nTRUEncryptionPublicKeyParameters = new NTRUEncryptionPublicKeyParameters(bArr, getNtruEncryptParamtersForKeySize(i).getEncryptionParameters());
            NTRUEngine nTRUEngine = new NTRUEngine();
            nTRUEngine.init(true, nTRUEncryptionPublicKeyParameters);
            return nTRUEngine.processBlock(bArr2, 0, bArr2.length);
        } catch (InvalidCipherTextException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public byte[] decryptNtruWithPrivate(byte[] bArr, byte[] bArr2, int i) throws IOException, InvalidCipherTextException {
        NTRUEncryptionPrivateKeyParameters nTRUEncryptionPrivateKeyParameters = new NTRUEncryptionPrivateKeyParameters(bArr, getNtruEncryptParamtersForKeySize(i).getEncryptionParameters());
        NTRUEngine nTRUEngine = new NTRUEngine();
        nTRUEngine.init(false, nTRUEncryptionPrivateKeyParameters);
        return nTRUEngine.processBlock(bArr2, 0, bArr2.length);
    }

    private boolean testNtruKey(AsymmetricCipherKeyPair asymmetricCipherKeyPair, int i) {
        NTRUEncryptionPrivateKeyParameters nTRUEncryptionPrivateKeyParameters = asymmetricCipherKeyPair.getPrivate();
        NTRUEncryptionPublicKeyParameters nTRUEncryptionPublicKeyParameters = asymmetricCipherKeyPair.getPublic();
        for (int i2 = 0; i2 < 10; i2++) {
            byte[] decodeBase64 = Base64.decodeBase64(generateSecret64());
            try {
                if (Arrays.equals(decodeBase64, decryptNtruWithPrivate(nTRUEncryptionPrivateKeyParameters.getEncoded(), encryptNtruWithPublic(nTRUEncryptionPublicKeyParameters.getEncoded(), decodeBase64, i), i))) {
                    return true;
                }
            } catch (Throwable th) {
                return false;
            }
        }
        return false;
    }

    public KeyPairBytes genEncryptKeyNewHopeFromSeed(int i, String str) {
        return genEncryptKeyNewHopeNow(i, new PredictablyRandomFactory(str));
    }

    public KeyPairBytes genEncryptKeyNewHopeNow(int i, IRandomFactory iRandomFactory) {
        KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(iRandomFactory.getRandom(), i);
        NHKeyPairGenerator nHKeyPairGenerator = new NHKeyPairGenerator();
        nHKeyPairGenerator.init(keyGenerationParameters);
        return extractKey(nHKeyPairGenerator.generateKeyPair());
    }

    public KeyPairBytes genEncryptKeyNewHopeNow(int i) {
        return genEncryptKeyNewHopeNow(i, new SecureRandomFactory(this.srandom));
    }

    public byte[] encryptNewHopeWithPublic(byte[] bArr, byte[] bArr2, int i) {
        ExchangePair generateExchange = new NHExchangePairGenerator(this.srandom).generateExchange(new NHPublicKeyParameters(bArr));
        byte[] sharedValue = generateExchange.getSharedValue();
        byte[] pubData = generateExchange.getPublicKey().getPubData();
        byte[] encryptAes = encryptAes(sharedValue, bArr2);
        ByteBuffer allocate = ByteBuffer.allocate(4 + pubData.length + encryptAes.length);
        allocate.putInt(pubData.length);
        allocate.put(pubData);
        allocate.put(encryptAes);
        return allocate.array();
    }

    public byte[] decryptNewHopeWithPrivate(byte[] bArr, byte[] bArr2, int i) {
        short[] sArr = new short[bArr.length / 2];
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        for (int i2 = 0; i2 < sArr.length; i2++) {
            sArr[i2] = wrap.getShort();
        }
        ByteBuffer wrap2 = ByteBuffer.wrap(bArr2);
        int i3 = wrap2.getInt();
        byte[] bArr3 = new byte[i3];
        byte[] bArr4 = new byte[bArr2.length - (4 + i3)];
        wrap2.get(bArr3);
        wrap2.get(bArr4);
        NHAgreement nHAgreement = new NHAgreement();
        nHAgreement.init(new NHPrivateKeyParameters(sArr));
        return decryptAes(nHAgreement.calculateAgreement(new NHPublicKeyParameters(bArr3)), bArr4);
    }

    public byte[] encrypt(MessagePublicKeyDto messagePublicKeyDto, byte[] bArr) {
        if (!this.validEncryptSizes.contains(Integer.valueOf(bArr.length * 8))) {
            StringBuilder sb = new StringBuilder();
            for (Integer num : (List) this.validEncryptSizes.stream().sorted().collect(Collectors.toList())) {
                if (sb.length() <= 0) {
                    sb.append(num);
                } else {
                    sb.append(", ");
                    sb.append(num);
                }
            }
            throw new RuntimeException("Data to be encrypted is not a valid size (" + sb.toString() + " bits) - consider wrapping an AES symmetric key instead of directly encrypting the data.");
        }
        byte[] bArr2 = bArr;
        ImmutalizableArrayList<MessageKeyPartDto> publicParts = messagePublicKeyDto.getPublicParts();
        if (publicParts == null || publicParts.size() <= 0) {
            throw new RuntimeException("Failed to encrypt the data has the public key is empty.");
        }
        for (MessageKeyPartDto messageKeyPartDto : publicParts) {
            byte[] keyBytes = messageKeyPartDto.getKeyBytes();
            if (keyBytes == null) {
                throw new RuntimeException("The public key is missing the binary data in one of its parts.");
            }
            switch (AnonymousClass2.$SwitchMap$com$tokera$ate$dao$enumerations$KeyType[messageKeyPartDto.getType().ordinal()]) {
                case 4:
                    bArr2 = encryptNtruWithPublic(keyBytes, bArr2, messageKeyPartDto.getSize());
                    break;
                case MessageKeyType.xmss /* 5 */:
                    bArr2 = encryptNewHopeWithPublic(keyBytes, bArr2, messageKeyPartDto.getSize());
                    break;
                default:
                    throw new RuntimeException("Unknown encryption crypto algorithm: " + messageKeyPartDto.getType());
            }
        }
        return bArr2;
    }

    public byte[] decrypt(MessagePrivateKeyDto messagePrivateKeyDto, byte[] bArr) throws IOException, InvalidCipherTextException {
        byte[] bArr2 = bArr;
        ImmutalizableArrayList<MessageKeyPartDto> privateParts = messagePrivateKeyDto.getPrivateParts();
        if (privateParts == null || privateParts.size() <= 0) {
            throw new RuntimeException("Failed to decrypt the data has the public key is empty.");
        }
        for (MessageKeyPartDto messageKeyPartDto : Lists.reverse(privateParts)) {
            byte[] keyBytes = messageKeyPartDto.getKeyBytes();
            if (keyBytes == null || keyBytes.length <= 0) {
                throw new RuntimeException("The private key is missing the binary data in one of its parts.");
            }
            switch (AnonymousClass2.$SwitchMap$com$tokera$ate$dao$enumerations$KeyType[messageKeyPartDto.getType().ordinal()]) {
                case 4:
                    bArr2 = decryptNtruWithPrivate(keyBytes, bArr2, messageKeyPartDto.getSize());
                    break;
                case MessageKeyType.xmss /* 5 */:
                    bArr2 = decryptNewHopeWithPrivate(keyBytes, bArr2, messageKeyPartDto.getSize());
                    break;
                default:
                    throw new RuntimeException("Unknown encryption crypto algorithm: " + messageKeyPartDto.getType());
            }
        }
        return bArr2;
    }

    public KeyPairBytes genSignKeyQTeslaFromSeed(int i, String str) {
        return genSignKeyQTeslaNow(i, new PredictablyRandomFactory(str));
    }

    public KeyPairBytes genSignKeyQTeslaNow(int i) {
        return genSignKeyQTeslaNow(i, new SecureRandomFactory(this.srandom));
    }

    private int getQTeslaSecurityCategory(int i) {
        switch (i) {
            case 64:
            case AES_KEY_SIZE /* 128 */:
                return 0;
            case 192:
            case 256:
                return 1;
            case 512:
                return 4;
            default:
                throw new RuntimeException("Unknown GMSS key size(" + i + ")");
        }
    }

    public KeyPairBytes genSignKeyQTeslaNow(int i, IRandomFactory iRandomFactory) {
        QTESLAKeyGenerationParameters qTESLAKeyGenerationParameters = new QTESLAKeyGenerationParameters(getQTeslaSecurityCategory(i), iRandomFactory.getRandom());
        QTESLAKeyPairGenerator qTESLAKeyPairGenerator = new QTESLAKeyPairGenerator();
        qTESLAKeyPairGenerator.init(qTESLAKeyGenerationParameters);
        return extractKey(qTESLAKeyPairGenerator.generateKeyPair());
    }

    public byte[] signQTesla(byte[] bArr, byte[] bArr2, int i) {
        QTESLAPrivateKeyParameters qTESLAPrivateKeyParameters = new QTESLAPrivateKeyParameters(getQTeslaSecurityCategory(i), bArr);
        QTESLASigner qTESLASigner = new QTESLASigner();
        qTESLASigner.init(true, qTESLAPrivateKeyParameters);
        return qTESLASigner.generateSignature(bArr2);
    }

    public boolean verifyQTesla(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) {
        QTESLAPublicKeyParameters qTESLAPublicKeyParameters = new QTESLAPublicKeyParameters(getQTeslaSecurityCategory(i), bArr);
        QTESLASigner qTESLASigner = new QTESLASigner();
        qTESLASigner.init(false, qTESLAPublicKeyParameters);
        return qTESLASigner.verifySignature(bArr2, bArr3);
    }

    public KeyPairBytes genSignKeyRainbowFromSeed(int i, String str) {
        return genSignKeyRainbowNow(i, new PredictablyRandomFactory(str));
    }

    private RainbowParameters getRainbowParams(int i) {
        switch (i) {
            case 64:
            case AES_KEY_SIZE /* 128 */:
                return new RainbowParameters();
            case 192:
                return new RainbowParameters();
            case 256:
                return new RainbowParameters();
            case 512:
                return new RainbowParameters();
            default:
                throw new RuntimeException("Unknown RAINBOW key size(" + i + ")");
        }
    }

    public KeyPairBytes genSignKeyRainbowNow(int i, IRandomFactory iRandomFactory) {
        RainbowKeyGenerationParameters rainbowKeyGenerationParameters = new RainbowKeyGenerationParameters(iRandomFactory.getRandom(), getRainbowParams(i));
        RainbowKeyPairGenerator rainbowKeyPairGenerator = new RainbowKeyPairGenerator();
        rainbowKeyPairGenerator.init(rainbowKeyGenerationParameters);
        return extractKey(rainbowKeyPairGenerator.generateKeyPair());
    }

    public KeyPairBytes genSignKeyRainbowNow(int i) {
        return genSignKeyRainbowNow(i, new SecureRandomFactory(this.srandom));
    }

    public byte[] signRainbow(byte[] bArr, byte[] bArr2) {
        RainbowPrivateKeyParameters deserializePrivate = RainbowKeySerializer.deserializePrivate(bArr);
        RainbowSigner rainbowSigner = new RainbowSigner();
        rainbowSigner.init(true, deserializePrivate);
        return rainbowSigner.generateSignature(bArr2);
    }

    public boolean verifyRainbow(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        RainbowPublicKeyParameters deserializePublic = RainbowKeySerializer.deserializePublic(bArr);
        RainbowSigner rainbowSigner = new RainbowSigner();
        rainbowSigner.init(false, deserializePublic);
        return rainbowSigner.verifySignature(bArr2, bArr3);
    }

    public KeyPairBytes genSignKeyXmssMtFromSeed(int i, String str) {
        return genSignKeyXmssMtNow(i, new PredictablyRandomFactory(str));
    }

    public KeyPairBytes genSignKeyXmssMtNow(int i) {
        return genSignKeyXmssMtNow(i, new SecureRandomFactory(this.srandom));
    }

    public KeyPairBytes genSignKeyXmssMtNow(int i, IRandomFactory iRandomFactory) {
        SecureRandom random = iRandomFactory.getRandom();
        XMSSMTParameters xMSSMTParameters = new XMSSMTParameters(20, 10, new SHA512Digest());
        XMSSMTKeyPairGenerator xMSSMTKeyPairGenerator = new XMSSMTKeyPairGenerator();
        xMSSMTKeyPairGenerator.init(new XMSSMTKeyGenerationParameters(xMSSMTParameters, random));
        return extractKey(xMSSMTKeyPairGenerator.generateKeyPair());
    }

    public byte[] signXmssMt(byte[] bArr, byte[] bArr2) {
        XMSSMTPrivateKeyParameters deserializePrivate = XmssKeySerializer.deserializePrivate(bArr, Utils.murmur2(bArr2));
        XMSSMTSigner xMSSMTSigner = new XMSSMTSigner();
        xMSSMTSigner.init(true, deserializePrivate);
        return xMSSMTSigner.generateSignature(bArr2);
    }

    public boolean verifyXmssMt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        XMSSMTPublicKeyParameters deserializePublic = XmssKeySerializer.deserializePublic(bArr);
        XMSSMTSigner xMSSMTSigner = new XMSSMTSigner();
        xMSSMTSigner.init(false, deserializePublic);
        return xMSSMTSigner.verifySignature(bArr2, bArr3);
    }

    public byte[] sign(MessagePrivateKeyDto messagePrivateKeyDto, byte[] bArr) {
        ArrayList<byte[]> arrayList = new ArrayList();
        Iterator<MessageKeyPartDto> it = messagePrivateKeyDto.getPrivateParts().iterator();
        while (it.hasNext()) {
            MessageKeyPartDto next = it.next();
            byte[] keyBytes = next.getKeyBytes();
            if (keyBytes == null) {
                throw new RuntimeException("The private key is missing the binary data in one of its parts.");
            }
            switch (next.getType()) {
                case qtesla:
                    arrayList.add(signQTesla(keyBytes, bArr, next.getSize()));
                    break;
                case xmssmt:
                    arrayList.add(signXmssMt(keyBytes, bArr));
                    break;
                case rainbow:
                    arrayList.add(signRainbow(keyBytes, bArr));
                    break;
                default:
                    throw new RuntimeException("Unknown signing crypto algorithm: " + next.getType() + " [key=" + messagePrivateKeyDto.getAliasOrHash() + "]");
            }
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        try {
            for (byte[] bArr2 : arrayList) {
                dataOutputStream.writeInt(bArr2.length);
                dataOutputStream.write(bArr2);
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public boolean verify(MessagePublicKeyDto messagePublicKeyDto, byte[] bArr, byte[] bArr2) {
        ByteBuffer wrap = ByteBuffer.wrap(bArr2);
        ImmutalizableArrayList<MessageKeyPartDto> publicParts = messagePublicKeyDto.getPublicParts();
        if (publicParts == null || publicParts.size() <= 0) {
            return false;
        }
        for (MessageKeyPartDto messageKeyPartDto : publicParts) {
            byte[] keyBytes = messageKeyPartDto.getKeyBytes();
            if (keyBytes == null) {
                throw new RuntimeException("The public key is missing the binary data in one of its parts.");
            }
            int i = wrap.getInt();
            if (i <= 0 || i > wrap.remaining()) {
                return false;
            }
            byte[] bArr3 = new byte[i];
            wrap.get(bArr3);
            switch (messageKeyPartDto.getType()) {
                case qtesla:
                    if (!verifyQTesla(keyBytes, bArr, bArr3, messageKeyPartDto.getSize())) {
                        return false;
                    }
                    break;
                case xmssmt:
                    if (!verifyXmssMt(keyBytes, bArr, bArr3)) {
                        return false;
                    }
                    break;
                case rainbow:
                    if (!verifyRainbow(keyBytes, bArr, bArr3)) {
                        return false;
                    }
                    break;
                default:
                    throw new RuntimeException("Unknown signing crypto algorithm: " + messageKeyPartDto.getType() + " [key=" + messagePublicKeyDto.getAliasOrHash() + "]");
            }
        }
        return wrap.remaining() <= 0;
    }

    public byte[] hashSha(String str) {
        return hashSha((String) null, str);
    }

    public byte[] hashSha(String str, String str2) {
        return str != null ? hashSha(str.getBytes(Charsets.US_ASCII), str2.getBytes(Charsets.US_ASCII)) : hashSha(str2.getBytes(Charsets.US_ASCII));
    }

    public byte[] hashSha(byte[] bArr) {
        return hashSha((byte[]) null, bArr);
    }

    public byte[] hashSha(byte[] bArr, byte[] bArr2) {
        try {
            MessageDigest messageDigest = (MessageDigest) this.sha256digest.clone();
            if (bArr != null) {
                messageDigest.update(bArr);
            }
            return messageDigest.digest(bArr2);
        } catch (CloneNotSupportedException e) {
            throw new RuntimeException(e);
        }
    }

    public byte[] hashMd5(byte[] bArr) {
        return hashMd5((byte[]) null, bArr);
    }

    public byte[] hashMd5(byte[] bArr, byte[] bArr2) {
        try {
            MessageDigest messageDigest = (MessageDigest) this.md5digest.clone();
            if (bArr != null) {
                messageDigest.update(bArr);
            }
            return messageDigest.digest(bArr2);
        } catch (CloneNotSupportedException e) {
            throw new RuntimeException(e);
        }
    }

    public byte[] hashMd5(Iterable<byte[]> iterable) {
        return hashMd5((byte[]) null, iterable);
    }

    public byte[] hashMd5(byte[] bArr, Iterable<byte[]> iterable) {
        try {
            MessageDigest messageDigest = (MessageDigest) this.md5digest.clone();
            if (bArr != null) {
                messageDigest.update(bArr);
            }
            Iterator<byte[]> it = iterable.iterator();
            while (it.hasNext()) {
                messageDigest.update(it.next());
            }
            return messageDigest.digest();
        } catch (CloneNotSupportedException e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] hashShaStatic(byte[] bArr, byte[] bArr2) {
        try {
            MessageDigest messageDigest = (MessageDigest) g_sha256digest.clone();
            if (bArr != null) {
                messageDigest.update(bArr);
            }
            return messageDigest.digest(bArr2);
        } catch (CloneNotSupportedException e) {
            throw new RuntimeException(e);
        }
    }

    public String hashShaAndEncode(String str) {
        return hashShaAndEncode(str.getBytes(Charsets.US_ASCII));
    }

    public String hashShaAndEncode(String str, Iterable<String> iterable) {
        return hashShaAndEncode(Iterables.concat(Collections.singletonList(str), iterable));
    }

    public String hashShaAndEncode(String str, Iterable<String> iterable, Iterable<String> iterable2) {
        return hashShaAndEncode(Iterables.concat(Collections.singletonList(str), Iterables.concat(iterable, iterable2)));
    }

    public String computePermissionsHash(EffectivePermissions effectivePermissions) {
        return this.d.encryptor.hashShaAndEncode(new PartitionKeySerializer().write(effectivePermissions.partitionKey), effectivePermissions.rolesRead);
    }

    public String computePermissionsHash(IPartitionKey iPartitionKey, Iterable<String> iterable) {
        return this.d.encryptor.hashShaAndEncode(new PartitionKeySerializer().write(iPartitionKey), iterable);
    }

    public String computePermissionsHash(IPartitionKey iPartitionKey, MessageSecurityCastleDto messageSecurityCastleDto) {
        String write = new PartitionKeySerializer().write(iPartitionKey);
        Stream map = messageSecurityCastleDto.getGates().stream().map(messageSecurityGateDto -> {
            return messageSecurityGateDto.getPublicKeyHash();
        });
        map.getClass();
        return hashShaAndEncode(write, map::iterator);
    }

    public String hashShaAndEncode(Iterable<String> iterable) {
        try {
            MessageDigest messageDigest = (MessageDigest) this.sha256digest.clone();
            for (String str : iterable) {
                if (str != null) {
                    messageDigest.update(str.getBytes(Charsets.US_ASCII));
                }
            }
            return Base64.encodeBase64URLSafeString(messageDigest.digest());
        } catch (CloneNotSupportedException e) {
            throw new RuntimeException(e);
        }
    }

    public String hashShaAndEncode(byte[] bArr, byte[] bArr2) {
        return Base64.encodeBase64URLSafeString(hashSha(bArr, bArr2));
    }

    public String hashShaAndEncode(byte[] bArr) {
        return Base64.encodeBase64URLSafeString(hashSha(bArr));
    }

    public String hashMd5AndEncode(byte[] bArr, byte[] bArr2) {
        return Base64.encodeBase64URLSafeString(hashMd5(bArr, bArr2));
    }

    public String hashMd5AndEncode(byte[] bArr) {
        return Base64.encodeBase64URLSafeString(hashMd5(bArr));
    }

    public String hashMd5AndEncode(Iterable<byte[]> iterable) {
        return Base64.encodeBase64URLSafeString(hashMd5(iterable));
    }

    public byte[] extractKey(CipherParameters cipherParameters) {
        if (cipherParameters instanceof NTRUEncryptionPublicKeyParameters) {
            return ((NTRUEncryptionPublicKeyParameters) cipherParameters).getEncoded();
        }
        if (cipherParameters instanceof NTRUEncryptionPrivateKeyParameters) {
            return ((NTRUEncryptionPrivateKeyParameters) cipherParameters).getEncoded();
        }
        if (cipherParameters instanceof NTRUSigningPublicKeyParameters) {
            return ((NTRUSigningPublicKeyParameters) cipherParameters).getEncoded();
        }
        if (cipherParameters instanceof NTRUSigningPrivateKeyParameters) {
            try {
                return ((NTRUSigningPrivateKeyParameters) cipherParameters).getEncoded();
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
        if (cipherParameters instanceof NHPublicKeyParameters) {
            return ((NHPublicKeyParameters) cipherParameters).getPubData();
        }
        if (cipherParameters instanceof NHPrivateKeyParameters) {
            short[] secData = ((NHPrivateKeyParameters) cipherParameters).getSecData();
            byte[] bArr = new byte[secData.length * 2];
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            for (short s : secData) {
                wrap.putShort(s);
            }
            return bArr;
        }
        if (cipherParameters instanceof QTESLAPublicKeyParameters) {
            return ((QTESLAPublicKeyParameters) cipherParameters).getPublicData();
        }
        if (cipherParameters instanceof QTESLAPrivateKeyParameters) {
            return ((QTESLAPrivateKeyParameters) cipherParameters).getSecret();
        }
        if (cipherParameters instanceof XMSSMTPublicKeyParameters) {
            return XmssKeySerializer.serialize((XMSSMTPublicKeyParameters) cipherParameters);
        }
        if (cipherParameters instanceof XMSSMTPrivateKeyParameters) {
            return XmssKeySerializer.serialize((XMSSMTPrivateKeyParameters) cipherParameters);
        }
        if (cipherParameters instanceof RainbowPublicKeyParameters) {
            return RainbowKeySerializer.serialize((RainbowPublicKeyParameters) cipherParameters);
        }
        if (cipherParameters instanceof RainbowPrivateKeyParameters) {
            return RainbowKeySerializer.serialize((RainbowPrivateKeyParameters) cipherParameters);
        }
        throw new RuntimeException("Unable to extract the key as it is an unknown type");
    }

    public String extractKeyHash(CipherParameters cipherParameters) {
        if (cipherParameters instanceof NTRUEncryptionPublicKeyParameters) {
            return hashShaAndEncode(((NTRUEncryptionPublicKeyParameters) cipherParameters).getEncoded());
        }
        if (cipherParameters instanceof NTRUEncryptionPrivateKeyParameters) {
            return hashShaAndEncode(((NTRUEncryptionPrivateKeyParameters) cipherParameters).getEncoded());
        }
        if (cipherParameters instanceof NTRUSigningPublicKeyParameters) {
            return hashShaAndEncode(((NTRUSigningPublicKeyParameters) cipherParameters).getEncoded());
        }
        if (cipherParameters instanceof NTRUSigningPrivateKeyParameters) {
            try {
                return hashShaAndEncode(hashShaAndEncode(((NTRUSigningPrivateKeyParameters) cipherParameters).getEncoded()));
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
        if (cipherParameters instanceof NHPublicKeyParameters) {
            return hashShaAndEncode(((NHPublicKeyParameters) cipherParameters).getPubData());
        }
        if (cipherParameters instanceof NHPrivateKeyParameters) {
            short[] secData = ((NHPrivateKeyParameters) cipherParameters).getSecData();
            byte[] bArr = new byte[secData.length * 2];
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            for (short s : secData) {
                wrap.putShort(s);
            }
            return hashShaAndEncode(bArr);
        }
        if (cipherParameters instanceof QTESLAPublicKeyParameters) {
            return hashShaAndEncode(((QTESLAPublicKeyParameters) cipherParameters).getPublicData());
        }
        if (cipherParameters instanceof XMSSMTPublicKeyParameters) {
            return hashShaAndEncode(XmssKeySerializer.serialize((XMSSMTPublicKeyParameters) cipherParameters));
        }
        if (cipherParameters instanceof XMSSMTPrivateKeyParameters) {
            return hashShaAndEncode(XmssKeySerializer.serialize((XMSSMTPrivateKeyParameters) cipherParameters));
        }
        if (cipherParameters instanceof RainbowPublicKeyParameters) {
            return hashShaAndEncode(RainbowKeySerializer.serialize((RainbowPublicKeyParameters) cipherParameters));
        }
        if (cipherParameters instanceof RainbowPrivateKeyParameters) {
            return hashShaAndEncode(RainbowKeySerializer.serialize((RainbowPrivateKeyParameters) cipherParameters));
        }
        throw new RuntimeException("Unable to extract the key as it is an unknown type");
    }

    public KeyPairBytes extractKey(AsymmetricCipherKeyPair asymmetricCipherKeyPair) {
        return new KeyPairBytes(extractKey((CipherParameters) asymmetricCipherKeyPair.getPrivate()), extractKey((CipherParameters) asymmetricCipherKeyPair.getPublic()));
    }

    public PrivateKeyWithSeedDto getTrustOfPublicRead() {
        PrivateKeyWithSeedDto privateKeyWithSeedDto = this.trustOfPublicRead;
        if (privateKeyWithSeedDto == null) {
            privateKeyWithSeedDto = new PrivateKeyWithSeedDto(PrivateKeyType.read, "public", AES_KEY_SIZE, KeyType.ntru, (String) null, "public");
            this.trustOfPublicRead = privateKeyWithSeedDto;
        }
        return privateKeyWithSeedDto;
    }

    public PrivateKeyWithSeedDto getTrustOfPublicWrite() {
        PrivateKeyWithSeedDto privateKeyWithSeedDto = this.trustOfPublicWrite;
        if (privateKeyWithSeedDto == null) {
            privateKeyWithSeedDto = new PrivateKeyWithSeedDto(PrivateKeyType.write, "public", 64, KeyType.qtesla, (String) null, "public");
            this.trustOfPublicWrite = privateKeyWithSeedDto;
        }
        return privateKeyWithSeedDto;
    }

    public String generateSalt() {
        String poll = this.genSaltQueue.poll();
        moreKeys();
        return poll != null ? poll : new BigInteger(320, this.srandom).toString(16).toUpperCase();
    }

    public String generateSecret16(int i) {
        byte[] bArr = new byte[i / 8];
        for (int i2 = 0; i2 < bArr.length; i2++) {
            bArr[i2] = (byte) this.srandom.nextInt();
        }
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            sb.append(String.format("%02X", Byte.valueOf(b)));
        }
        return sb.toString();
    }

    public String generateSecret64() {
        return generateSecret64(this.config.getDefaultAesStrength());
    }

    public String generateSecret64(int i) {
        if (i == 128) {
            String poll = this.genAes128Queue.poll();
            moreKeys();
            if (poll != null) {
                return poll;
            }
        } else if (i == 256) {
            String poll2 = this.genAes256Queue.poll();
            moreKeys();
            if (poll2 != null) {
                return poll2;
            }
        } else if (i == 512) {
            String poll3 = this.genAes512Queue.poll();
            moreKeys();
            if (poll3 != null) {
                return poll3;
            }
        }
        return generateSecret64Now(i);
    }

    public String generateSecret64Now(int i) {
        byte[] bArr = new byte[i / 8];
        for (int i2 = 0; i2 < bArr.length; i2++) {
            bArr[i2] = (byte) this.srandom.nextInt();
        }
        return Base64.encodeBase64URLSafeString(bArr);
    }

    public String encryptString(String str, String str2, String str3) {
        try {
            byte[] parseHexBinary = DatatypeConverter.parseHexBinary(str);
            byte[] parseHexBinary2 = DatatypeConverter.parseHexBinary(str2);
            byte[] bytes = str3.getBytes("UTF-8");
            SecretKeySpec secretKeySpec = new SecretKeySpec(parseHexBinary, "AES");
            IvParameterSpec ivParameterSpec = new IvParameterSpec(parseHexBinary2);
            Cipher aesCipherCbc = getAesCipherCbc();
            aesCipherCbc.init(1, secretKeySpec, ivParameterSpec);
            byte[] bArr = new byte[aesCipherCbc.getOutputSize(bytes.length)];
            int update = aesCipherCbc.update(bytes, 0, bytes.length, bArr, 0);
            int doFinal = update + aesCipherCbc.doFinal(bArr, update);
            return Base64.encodeBase64URLSafeString(bArr);
        } catch (UnsupportedEncodingException | InvalidAlgorithmParameterException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException | ShortBufferException e) {
            throw new RuntimeException("Problem encrypting encryption data:'" + str3 + "', using key:'" + str + "' and nounce:'" + str2 + "'", e);
        }
    }

    public String decryptString(String str, String str2, String str3) {
        try {
            byte[] parseHexBinary = DatatypeConverter.parseHexBinary(str);
            byte[] parseHexBinary2 = DatatypeConverter.parseHexBinary(str2);
            byte[] decodeBase64 = Base64.decodeBase64(str3);
            int length = decodeBase64.length;
            SecretKeySpec secretKeySpec = new SecretKeySpec(parseHexBinary, "AES");
            IvParameterSpec ivParameterSpec = new IvParameterSpec(parseHexBinary2);
            Cipher aesCipherCbc = getAesCipherCbc();
            aesCipherCbc.init(2, secretKeySpec, ivParameterSpec);
            byte[] bArr = new byte[aesCipherCbc.getOutputSize(length)];
            int update = aesCipherCbc.update(decodeBase64, 0, length, bArr, 0);
            int doFinal = update + aesCipherCbc.doFinal(bArr, update);
            return new String(bArr, "UTF-8");
        } catch (UnsupportedEncodingException | InvalidAlgorithmParameterException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException | ShortBufferException e) {
            throw new RuntimeException("Problem decrypting encryption data:'" + str3 + "', using key:'" + str + "' and nounce:'" + str2 + "'", e);
        }
    }

    public String getPublicKeyHash(MessagePublicKey messagePublicKey) {
        String hash = messagePublicKey.hash();
        if (hash == null) {
            throw new RuntimeException("Public key does not have a hash attached.");
        }
        return hash;
    }

    public String getPublicKeyHash(MessagePublicKeyDto messagePublicKeyDto) {
        String publicKeyHash = messagePublicKeyDto.getPublicKeyHash();
        if (publicKeyHash == null) {
            throw new RuntimeException("Public key has no hash attached.");
        }
        return publicKeyHash;
    }

    public String getPublicKeyHash(MessagePrivateKey messagePrivateKey) {
        MessagePublicKey publicKey = messagePrivateKey.publicKey();
        if (publicKey == null) {
            throw new RuntimeException("Pirvate key does not no public key attached.");
        }
        return getPublicKeyHash(publicKey);
    }

    public String getPublicKeyHash(PrivateKeyWithSeedDto privateKeyWithSeedDto) {
        return privateKeyWithSeedDto.publicHash();
    }

    public String getAlias(MessagePrivateKey messagePrivateKey) {
        MessagePublicKey publicKey = messagePrivateKey.publicKey();
        if (publicKey == null) {
            throw new RuntimeException("Private key does not no public key attached.");
        }
        return getAlias(publicKey);
    }

    public String getAlias(MessagePublicKey messagePublicKey) {
        String alias = messagePublicKey.alias();
        return alias == null ? getPublicKeyHash(messagePublicKey) : alias;
    }

    public String getAlias(IPartitionKey iPartitionKey, PrivateKeyWithSeedDto privateKeyWithSeedDto) {
        String alias = privateKeyWithSeedDto.alias();
        return alias != null ? alias : getAlias(iPartitionKey, privateKeyWithSeedDto.key());
    }

    public String getAlias(IPartitionKey iPartitionKey, MessagePublicKeyDto messagePublicKeyDto) {
        MessagePublicKeyDto publicKeyOrNull;
        String publicKeyHash = messagePublicKeyDto.getPublicKeyHash();
        String alias = messagePublicKeyDto.getAlias();
        if (alias == null && publicKeyHash != null && (publicKeyOrNull = ((IAteIO) CDI.current().select(IAteIO.class, new Annotation[]{new AnnotationLiteral<BackendStorageSystem>() { // from class: com.tokera.ate.security.Encryptor.1
        }}).get()).publicKeyOrNull(iPartitionKey, publicKeyHash)) != null) {
            alias = publicKeyOrNull.getAlias();
        }
        if (alias == null) {
            alias = messagePublicKeyDto.getPublicKeyHash();
        }
        if (alias == null) {
            throw new RuntimeException("Private key has no alias.");
        }
        return alias;
    }

    public MessagePublicKey getPublicKey(MessagePrivateKey messagePrivateKey) {
        MessagePublicKey publicKey = messagePrivateKey.publicKey();
        if (publicKey == null) {
            throw new RuntimeException("Private key does not no public key attached.");
        }
        return publicKey;
    }

    public MessagePublicKeyDto getPublicKey(MessagePrivateKeyDto messagePrivateKeyDto) {
        return new MessagePublicKeyDto(messagePrivateKeyDto);
    }

    public MessagePublicKeyDto createPublicKeyWithAlias(MessagePublicKeyDto messagePublicKeyDto, String str) {
        MessagePublicKeyDto messagePublicKeyDto2 = new MessagePublicKeyDto(messagePublicKeyDto);
        messagePublicKeyDto2.setAlias(str);
        return messagePublicKeyDto2;
    }

    public MessagePrivateKeyDto createPrivateKeyWithAlias(MessagePrivateKeyDto messagePrivateKeyDto, String str) {
        MessagePrivateKeyDto messagePrivateKeyDto2 = new MessagePrivateKeyDto(messagePrivateKeyDto);
        messagePrivateKeyDto2.setAlias(str);
        return messagePrivateKeyDto2;
    }

    public String serializePublicKey64(MessagePublicKeyDto messagePublicKeyDto) {
        return Base64.encodeBase64URLSafeString(serializePublicKey(messagePublicKeyDto));
    }

    public String serializePrivateKey64(MessagePrivateKeyDto messagePrivateKeyDto) {
        return Base64.encodeBase64URLSafeString(serializePrivateKey(messagePrivateKeyDto));
    }

    public MessagePublicKeyDto deserializePublicKey64(String str) {
        return deserializePublicKey64WithAlias(str, null);
    }

    public MessagePrivateKeyDto deserializePrivateKey64(String str) {
        return deserializePrivateKey64WithAlias(str, null);
    }

    public MessagePublicKeyDto deserializePublicKey64WithAlias(String str, String str2) {
        return deserializePublicKeyWithAlias(Base64.decodeBase64(str), str2);
    }

    public MessagePrivateKeyDto deserializePrivateKey64WithAlias(String str, String str2) {
        return deserializePrivateKeyWithAlias(Base64.decodeBase64(str), str2);
    }

    public byte[] serializePublicKey(MessagePublicKeyDto messagePublicKeyDto) {
        ByteBuffer duplicate = messagePublicKeyDto.createFlatBuffer().getByteBuffer().duplicate();
        byte[] bArr = new byte[duplicate.remaining()];
        duplicate.get(bArr);
        return bArr;
    }

    public byte[] serializePrivateKey(MessagePrivateKeyDto messagePrivateKeyDto) {
        ByteBuffer duplicate = messagePrivateKeyDto.createPrivateKeyFlatBuffer().getByteBuffer().duplicate();
        byte[] bArr = new byte[duplicate.remaining()];
        duplicate.get(bArr);
        return bArr;
    }

    public MessagePublicKeyDto deserializePublicKey(byte[] bArr) {
        return deserializePublicKeyWithAlias(bArr, null);
    }

    public MessagePublicKeyDto deserializePublicKeyWithAlias(byte[] bArr, String str) {
        MessagePublicKeyDto messagePublicKeyDto = new MessagePublicKeyDto(MessagePublicKey.getRootAsMessagePublicKey(ByteBuffer.wrap(bArr)));
        if (str != null) {
            messagePublicKeyDto.setAlias(str);
        }
        return messagePublicKeyDto;
    }

    public MessagePrivateKeyDto deserializePrivateKey(byte[] bArr) {
        return deserializePrivateKeyWithAlias(bArr, null);
    }

    public MessagePrivateKeyDto deserializePrivateKeyWithAlias(byte[] bArr, String str) {
        MessagePrivateKeyDto messagePrivateKeyDto = new MessagePrivateKeyDto(MessagePrivateKey.getRootAsMessagePrivateKey(ByteBuffer.wrap(bArr)));
        if (str != null) {
            messagePrivateKeyDto.setAlias(str);
        }
        return messagePrivateKeyDto;
    }

    public KeysPreLoadConfig generatePreLoadEntropy() {
        return generatePreLoadEntropy(Integer.MAX_VALUE);
    }

    public KeysPreLoadConfig generatePreLoadEntropy(int i) {
        KeysPreLoadConfig keysPreLoadConfig = new KeysPreLoadConfig();
        int i2 = 0;
        int i3 = 0;
        int i4 = 0;
        while (i2 < this.c_KeyPreGen64 && i2 < i) {
            keysPreLoadConfig.sign64.add(genSignKeyNow(64, this.config.getDefaultSigningTypes()));
            i2++;
        }
        while (i3 < this.c_KeyPreGen128 && i3 < i) {
            keysPreLoadConfig.sign128.add(genSignKeyNow(AES_KEY_SIZE, this.config.getDefaultSigningTypes()));
            i3++;
        }
        while (i4 < this.c_KeyPreGen256 && i4 < i) {
            keysPreLoadConfig.sign256.add(genSignKeyNow(256, this.config.getDefaultSigningTypes()));
            i4++;
        }
        for (int i5 = 0; i5 < this.c_KeyPreGen64 && i2 < i; i5++) {
            keysPreLoadConfig.signAndSeed64.add(genSignKeyAndSeedNow(64, this.config.getDefaultSigningTypes()));
        }
        for (int i6 = 0; i6 < this.c_KeyPreGen128 && i3 < i; i6++) {
            keysPreLoadConfig.signAndSeed128.add(genSignKeyAndSeedNow(AES_KEY_SIZE, this.config.getDefaultSigningTypes()));
        }
        for (int i7 = 0; i7 < this.c_KeyPreGen256 && i4 < i; i7++) {
            keysPreLoadConfig.signAndSeed256.add(genSignKeyAndSeedNow(256, this.config.getDefaultSigningTypes()));
        }
        for (int i8 = 0; i8 < this.c_KeyPreGen128 && i8 < i; i8++) {
            keysPreLoadConfig.encrypt128.add(genEncryptKeyNow(AES_KEY_SIZE, this.config.getDefaultEncryptTypes()));
        }
        for (int i9 = 0; i9 < this.c_KeyPreGen256 && i9 < i; i9++) {
            keysPreLoadConfig.encrypt256.add(genEncryptKeyNow(256, this.config.getDefaultEncryptTypes()));
        }
        for (int i10 = 0; i10 < this.c_AesPreGen128 && i10 < i; i10++) {
            keysPreLoadConfig.salt.add(new BigInteger(320, this.srandom).toString(16).toUpperCase());
        }
        for (int i11 = 0; i11 < this.c_AesPreGen128 && i11 < i; i11++) {
            keysPreLoadConfig.aes128.add(generateSecret64Now(AES_KEY_SIZE));
        }
        for (int i12 = 0; i12 < this.c_AesPreGen256 && i12 < i; i12++) {
            keysPreLoadConfig.aes256.add(generateSecret64Now(256));
        }
        for (int i13 = 0; i13 < this.c_AesPreGen512 && i13 < i; i13++) {
            keysPreLoadConfig.aes512.add(generateSecret64Now(512));
        }
        return keysPreLoadConfig;
    }

    public void preload(KeysPreLoadConfig keysPreLoadConfig) {
        this.genSign64Queue.addAll(keysPreLoadConfig.sign64);
        this.genSign128Queue.addAll(keysPreLoadConfig.sign128);
        this.genSign256Queue.addAll(keysPreLoadConfig.sign256);
        this.genSignAndSeed64Queue.addAll(keysPreLoadConfig.signAndSeed64);
        this.genSignAndSeed128Queue.addAll(keysPreLoadConfig.signAndSeed128);
        this.genSignAndSeed256Queue.addAll(keysPreLoadConfig.signAndSeed256);
        this.genEncryptAndSeed128Queue.addAll(keysPreLoadConfig.encryptAndSeed128);
        this.genEncryptAndSeed256Queue.addAll(keysPreLoadConfig.encryptAndSeed256);
        this.genEncrypt128Queue.addAll(keysPreLoadConfig.encrypt128);
        this.genEncrypt256Queue.addAll(keysPreLoadConfig.encrypt256);
        this.genAes128Queue.addAll(keysPreLoadConfig.aes128);
        this.genAes256Queue.addAll(keysPreLoadConfig.aes256);
        this.genAes512Queue.addAll(keysPreLoadConfig.aes512);
    }

    private void loadPreLoadEntropyConfig() {
        Iterator it = new ResourceFileDelegate().loadAll("preload-entropy-keys/", KeysPreLoadConfig.class).iterator();
        while (it.hasNext()) {
            preload((KeysPreLoadConfig) it.next());
        }
    }

    public MessagePrivateKeyDto genKeyFromSeed(PrivateKeyWithSeedDto privateKeyWithSeedDto) {
        try {
            return (MessagePrivateKeyDto) seededKeyCache.get(privateKeyWithSeedDto.serialize(false), () -> {
                MessagePrivateKeyDto genSignKeyFromSeed;
                switch (privateKeyWithSeedDto.type()) {
                    case read:
                        genSignKeyFromSeed = genEncryptKeyFromSeed(privateKeyWithSeedDto.keySize(), privateKeyWithSeedDto.algs(), privateKeyWithSeedDto.seed());
                        break;
                    case write:
                        genSignKeyFromSeed = genSignKeyFromSeed(privateKeyWithSeedDto.keySize(), privateKeyWithSeedDto.algs(), privateKeyWithSeedDto.seed());
                        break;
                    default:
                        throw new WebApplicationException("Unknown private key type: " + privateKeyWithSeedDto.type(), Response.Status.INTERNAL_SERVER_ERROR);
                }
                if (privateKeyWithSeedDto.alias() != null) {
                    genSignKeyFromSeed.setAlias(privateKeyWithSeedDto.alias());
                }
                return genSignKeyFromSeed;
            });
        } catch (ExecutionException e) {
            throw new WebApplicationException(e);
        }
    }

    static {
        try {
            g_sha256digest = MessageDigest.getInstance("SHA-256");
            g_md5digest = MessageDigest.getInstance("MD5");
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
