package org.openmuc.jdlms;

import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.engines.RFC3394WrapEngine;
import org.bouncycastle.crypto.params.KeyParameter;
import org.openmuc.jdlms.SecuritySuite;
import org.openmuc.jdlms.datatypes.DataObject;
import org.openmuc.jdlms.datatypes.DlmsEnumeration;

/* loaded from: input_file:org/openmuc/jdlms/SecurityUtils.class */
public class SecurityUtils {

    /* loaded from: input_file:org/openmuc/jdlms/SecurityUtils$KeyId.class */
    public enum KeyId implements DlmsEnumeration {
        GLOBAL_UNICAST_ENCRYPTION_KEY(0),
        GLOBAL_BROADCAST_ENCRYPTION_KEY(1),
        AUTHENTICATION_KEY(2);

        private final int id;

        KeyId(int i) {
            this.id = i;
        }

        public int keyId() {
            return this.id;
        }

        @Override // org.openmuc.jdlms.datatypes.DlmsEnumeration
        public long getCode() {
            return keyId();
        }
    }

    public static MethodParameter keyChangeMethodParamFor(byte[] bArr, byte[] bArr2, KeyId keyId) {
        return new MethodParameter(64, new ObisCode(0, 0, 43, 0, 0, 255), 2, DataObject.newArrayData(Arrays.asList(DataObject.newStructureData((List<DataObject>) Arrays.asList(DataObject.newEnumerateData(keyId.id), DataObject.newOctetStringData(wrapAesRFC3394Key(bArr, bArr2)))))));
    }

    public static MethodParameter securityActivateMethodParamFor(SecuritySuite.SecurityPolicy securityPolicy) {
        return new MethodParameter(64, new ObisCode(0, 0, 43, 0, 0, 255), 1, DataObject.newEnumerateData(securityPolicy.getId()));
    }

    public static byte[] cipherWithAes128(byte[] bArr, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
        cipher.init(1, secretKeySpec, ivParameterSpec);
        return cipher.doFinal(bArr3);
    }

    public static byte[] wrapAesRFC3394Key(byte[] bArr, byte[] bArr2) {
        RFC3394WrapEngine rFC3394WrapEngine = new RFC3394WrapEngine(new AESEngine());
        rFC3394WrapEngine.init(true, new KeyParameter(bArr));
        return rFC3394WrapEngine.wrap(bArr2, 0, bArr2.length);
    }

    public static byte[] unwrapAesRFC3394Key(byte[] bArr, byte[] bArr2) throws InvalidCipherTextException {
        RFC3394WrapEngine rFC3394WrapEngine = new RFC3394WrapEngine(new AESEngine());
        rFC3394WrapEngine.init(false, new KeyParameter(bArr));
        return rFC3394WrapEngine.unwrap(bArr2, 0, bArr2.length);
    }

    public static byte[] generateAES128Key() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private SecurityUtils() {
    }
}
