package io.dimeformat.crypto;

import com.goterl.lazysodium.SodiumJava;
import com.sun.jna.Pointer;
import io.dimeformat.Item;
import io.dimeformat.Key;
import io.dimeformat.Utility;
import io.dimeformat.enums.Claim;
import io.dimeformat.enums.KeyCapability;
import io.dimeformat.exceptions.CryptographyException;
import java.nio.charset.StandardCharsets;
import java.util.List;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/dimeformat/crypto/NaClSuite.class */
public class NaClSuite implements ICryptoSuite {
    static final String SUITE_NAME = "NaCl";
    protected static final int NBR_SIGNATURE_BYTES = 64;
    protected static final int NBR_A_KEY_BYTES = 32;
    protected static final int NBR_S_KEY_BYTES = 32;
    protected static final int NBR_X_KEY_BYTES = 32;
    protected static final int NBR_NONCE_BYTES = 24;
    protected static final int NBR_MAC_BYTES = 16;
    protected static final int NBR_HASH_BYTES = 32;
    protected static final int KEY_NAME_LENGTH = 8;
    protected final SodiumJava _sodium = new SodiumJava();
    protected final String _suiteName;

    @Override // io.dimeformat.crypto.ICryptoSuite
    public String getName() {
        return this._suiteName;
    }

    public NaClSuite(String str) {
        this._suiteName = str;
    }

    @Override // io.dimeformat.crypto.ICryptoSuite
    public String generateKeyName(Key key) {
        byte[] keyBytes = key.getKeyBytes(Claim.PUB);
        if (keyBytes == null || keyBytes.length <= 0) {
            return null;
        }
        try {
            return Utility.toHex(Utility.subArray(hash(keyBytes), 0, KEY_NAME_LENGTH));
        } catch (CryptographyException e) {
            return null;
        }
    }

    @Override // io.dimeformat.crypto.ICryptoSuite
    public byte[] generateSignature(Item item, Key key) throws CryptographyException {
        byte[] bytes = item.generateThumbprint(false, this._suiteName).getBytes(StandardCharsets.UTF_8);
        if (bytes.length <= 0) {
            throw new IllegalArgumentException("Failed to generate signature, item thumbprint was null or empty.");
        }
        byte[] bArr = new byte[NBR_SIGNATURE_BYTES];
        int crypto_sign_detached = this._sodium.crypto_sign_detached(bArr, (Pointer) null, bytes, bytes.length, key.getKeyBytes(Claim.KEY));
        if (crypto_sign_detached != 0) {
            throw new CryptographyException("Failed to generate signature, error code returned: " + crypto_sign_detached);
        }
        return bArr;
    }

    @Override // io.dimeformat.crypto.ICryptoSuite
    public boolean verifySignature(Item item, byte[] bArr, Key key) throws CryptographyException {
        byte[] bytes = item.generateThumbprint(false, this._suiteName).getBytes(StandardCharsets.UTF_8);
        if (bytes.length > 0) {
            return this._sodium.crypto_sign_verify_detached(bArr, bytes, (long) bytes.length, key.getKeyBytes(Claim.PUB)) == 0;
        }
        throw new IllegalArgumentException("Failed to generate signature, item thumbprint was null or empty.");
    }

    @Override // io.dimeformat.crypto.ICryptoSuite
    public Key generateKey(List<KeyCapability> list) throws CryptographyException {
        byte[] bArr;
        if (list == null || list.size() != 1) {
            throw new IllegalArgumentException("Unable to generate, invalid key capabilities requested.");
        }
        KeyCapability keyCapability = list.get(0);
        if (keyCapability == KeyCapability.ENCRYPT) {
            byte[] bArr2 = new byte[32];
            this._sodium.crypto_secretbox_keygen(bArr2);
            return new Key(list, bArr2, (byte[]) null, this._suiteName);
        }
        byte[] bArr3 = new byte[32];
        switch (keyCapability) {
            case SIGN:
                bArr = new byte[NBR_SIGNATURE_BYTES];
                this._sodium.crypto_sign_keypair(bArr3, bArr);
                break;
            case EXCHANGE:
                bArr = new byte[32];
                this._sodium.crypto_kx_keypair(bArr3, bArr);
                break;
            default:
                throw new CryptographyException("Unable to generate keypair for key type " + list + ".");
        }
        return new Key(list, bArr, bArr3, this._suiteName);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // io.dimeformat.crypto.ICryptoSuite
    public Key generateSharedSecret(Key key, Key key2, List<KeyCapability> list) throws CryptographyException {
        if (!list.contains(KeyCapability.ENCRYPT)) {
            throw new IllegalArgumentException("Unable to generate, key capability for shared secret must be ENCRYPT.");
        }
        if (list.size() > 1) {
            throw new IllegalArgumentException("Unable to generate, key capability for shared secret may only be ENCRYPT.");
        }
        byte[] bArr = {key.getKeyBytes(Claim.KEY), key.getKeyBytes(Claim.PUB)};
        byte[] bArr2 = {key2.getKeyBytes(Claim.KEY), key2.getKeyBytes(Claim.PUB)};
        byte[] bArr3 = new byte[32];
        if (bArr[0] == 0 || bArr.length != 2) {
            if (bArr2[0] == 0 || bArr2.length != 2) {
                throw new CryptographyException("Unable to generate, invalid keys provided.");
            }
            if (this._sodium.crypto_kx_server_session_keys((byte[]) null, bArr3, bArr2[1], bArr2[0], bArr[1]) != 0) {
                throw new CryptographyException("Unable to generate, cryptographic operation failed.");
            }
        } else if (this._sodium.crypto_kx_client_session_keys(bArr3, (byte[]) null, bArr[1], Utility.combine(bArr[0], bArr[1]), bArr2[1]) != 0) {
            throw new CryptographyException("Unable to generate, cryptographic operation failed.");
        }
        return new Key(list, bArr3, (byte[]) null, this._suiteName);
    }

    @Override // io.dimeformat.crypto.ICryptoSuite
    public byte[] encrypt(byte[] bArr, Key key) throws CryptographyException {
        byte[] randomBytes = Utility.randomBytes(NBR_NONCE_BYTES);
        if (randomBytes.length <= 0) {
            throw new CryptographyException("Unable to generate sufficient nonce.");
        }
        byte[] bArr2 = new byte[NBR_MAC_BYTES + bArr.length];
        if (this._sodium.crypto_secretbox_easy(bArr2, bArr, bArr.length, randomBytes, key.getKeyBytes(Claim.KEY)) != 0) {
            throw new CryptographyException("Cryptographic operation failed.");
        }
        return Utility.combine(randomBytes, bArr2);
    }

    @Override // io.dimeformat.crypto.ICryptoSuite
    public byte[] decrypt(byte[] bArr, Key key) throws CryptographyException {
        byte[] subArray = Utility.subArray(bArr, 0, NBR_NONCE_BYTES);
        byte[] subArray2 = Utility.subArray(bArr, NBR_NONCE_BYTES);
        byte[] bArr2 = new byte[subArray2.length - NBR_MAC_BYTES];
        int crypto_secretbox_open_easy = this._sodium.crypto_secretbox_open_easy(bArr2, subArray2, subArray2.length, subArray, key.getKeyBytes(Claim.KEY));
        if (crypto_secretbox_open_easy != 0) {
            throw new CryptographyException("Cryptographic operation failed (" + crypto_secretbox_open_easy + ").");
        }
        return bArr2;
    }

    @Override // io.dimeformat.crypto.ICryptoSuite
    public String generateHash(byte[] bArr) throws CryptographyException {
        return Utility.toHex(hash(bArr));
    }

    @Override // io.dimeformat.crypto.ICryptoSuite
    public String encodeKeyBytes(byte[] bArr, Claim claim) {
        return Utility.toBase64(bArr);
    }

    @Override // io.dimeformat.crypto.ICryptoSuite
    public byte[] decodeKeyBytes(String str, Claim claim) {
        return Utility.fromBase64(str);
    }

    protected byte[] hash(byte[] bArr) throws CryptographyException {
        byte[] bArr2 = new byte[32];
        if (this._sodium.crypto_generichash(bArr2, bArr2.length, bArr, bArr.length, (byte[]) null, 0) != 0) {
            throw new CryptographyException("Cryptographic operation failed.");
        }
        return bArr2;
    }
}
