package com.telink.ble.mesh.core;

import com.telink.ble.mesh.util.MeshLogger;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.KeyAgreement;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.crypto.engines.AESEngine;
import org.spongycastle.crypto.engines.AESLightEngine;
import org.spongycastle.crypto.macs.CMac;
import org.spongycastle.crypto.modes.CCMBlockCipher;
import org.spongycastle.crypto.params.AEADParameters;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.jce.ECNamedCurveTable;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.jce.spec.ECNamedCurveParameterSpec;
import org.spongycastle.jce.spec.ECPublicKeySpec;
import org.spongycastle.util.BigIntegers;

/* loaded from: classes2.dex */
public final class Encipher {
    private static final byte[] SALT_INPUT_K2 = "smk2".getBytes();
    private static final byte[] SALT_INPUT_K3 = "smk3".getBytes();
    private static final byte[] SALT_INPUT_K4 = "smk4".getBytes();
    private static final byte[] SALT_K3_M = {105, 100, 54, 52, 1};
    private static final byte[] SALT_K4_M = {105, 100, 54, 1};
    private static final byte[] SALT_NKIK = "nkik".getBytes();
    private static final byte[] SALT_BKIK = "nkbk".getBytes();
    private static final byte[] SALT_ID128 = "id128".getBytes();
    private static final byte[] NODE_IDENTITY_HASH_PADDING = {0, 0, 0, 0, 0, 0};
    public static final byte[] PRCK = "prck".getBytes();
    public static final byte[] PRSK = "prsk".getBytes();
    public static final byte[] PRSN = "prsn".getBytes();
    public static final byte[] PRDK = "prdk".getBytes();
    private static final byte[] SALT_KEY_ZERO = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

    public static byte[] aes(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length];
        KeyParameter keyParameter = new KeyParameter(bArr2);
        AESLightEngine aESLightEngine = new AESLightEngine();
        aESLightEngine.init(true, keyParameter);
        aESLightEngine.processBlock(bArr, 0, bArr3, 0);
        return bArr3;
    }

    public static byte[] aesCmac(byte[] bArr, byte[] bArr2) {
        KeyParameter keyParameter = new KeyParameter(bArr2);
        CMac cMac = new CMac(new AESEngine());
        cMac.init(keyParameter);
        cMac.update(bArr, 0, bArr.length);
        byte[] bArr3 = new byte[16];
        cMac.doFinal(bArr3, 0);
        return bArr3;
    }

    public static byte[][] calculateNetKeyK2(byte[] bArr) {
        return k2(bArr, new byte[]{0});
    }

    public static byte[] ccm(byte[] bArr, byte[] bArr2, byte[] bArr3, int i, boolean z) {
        byte[] bArr4 = new byte[bArr.length + (z ? i : -i)];
        CCMBlockCipher cCMBlockCipher = new CCMBlockCipher(new AESEngine());
        cCMBlockCipher.init(z, new AEADParameters(new KeyParameter(bArr2), i * 8, bArr3));
        cCMBlockCipher.processBytes(bArr, 0, bArr.length, bArr4, bArr.length);
        try {
            cCMBlockCipher.doFinal(bArr4, 0);
            return bArr4;
        } catch (InvalidCipherTextException unused) {
            return null;
        }
    }

    public static byte[] checkCertificate(byte[] bArr) {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            if (x509Certificate.getVersion() != 3) {
                MeshLogger.d("version check err");
                return null;
            }
            if (x509Certificate.getSerialNumber().intValue() != 4096) {
                MeshLogger.d("serial number check err");
                return null;
            }
            x509Certificate.checkValidity();
            x509Certificate.getVersion();
            x509Certificate.getSubjectAlternativeNames();
            x509Certificate.getExtendedKeyUsage();
            Signature signature = Signature.getInstance(x509Certificate.getSigAlgName(), BouncyCastleProvider.PROVIDER_NAME);
            signature.initVerify(x509Certificate);
            signature.update(x509Certificate.getTBSCertificate());
            boolean verify = signature.verify(x509Certificate.getSignature());
            ECPublicKey eCPublicKey = (ECPublicKey) x509Certificate.getPublicKey();
            byte[] byteArray = eCPublicKey.getW().getAffineX().toByteArray();
            if (byteArray.length > 32) {
                byte[] bArr2 = new byte[32];
                System.arraycopy(byteArray, 1, bArr2, 0, 32);
                byteArray = bArr2;
            }
            byte[] byteArray2 = eCPublicKey.getW().getAffineY().toByteArray();
            if (byteArray2.length > 32) {
                byte[] bArr3 = new byte[32];
                System.arraycopy(byteArray2, 1, bArr3, 0, 32);
                byteArray2 = bArr3;
            }
            byte[] bArr4 = new byte[byteArray.length + byteArray2.length];
            System.arraycopy(byteArray, 0, bArr4, 0, byteArray.length);
            System.arraycopy(byteArray2, 0, bArr4, byteArray.length, byteArray2.length);
            if (verify) {
                System.out.println("signature validation pass");
                return bArr4;
            }
            System.out.println("signature validation failed");
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static byte[] decryptOnlineStatus(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[4];
        System.arraycopy(bArr, 0, bArr3, 0, 4);
        byte[] bArr4 = new byte[2];
        System.arraycopy(bArr, bArr.length - 2, bArr4, 0, 2);
        int length = (bArr.length - 4) - 2;
        byte[] bArr5 = new byte[length];
        System.arraycopy(bArr, 4, bArr5, 0, length);
        byte[] bArr6 = new byte[16];
        System.arraycopy(bArr3, 0, bArr6, 1, 4);
        byte[] bArr7 = new byte[16];
        for (int i = 0; i < length; i++) {
            int i2 = i & 15;
            if (i2 == 0) {
                bArr7 = aes(bArr6, bArr2);
                bArr6[0] = (byte) (bArr6[0] + 1);
            }
            bArr5[i] = (byte) (bArr7[i2] ^ bArr5[i]);
        }
        byte[] bArr8 = new byte[16];
        System.arraycopy(bArr3, 0, bArr8, 0, 4);
        bArr8[4] = (byte) length;
        byte[] aes = aes(bArr8, bArr2);
        for (int i3 = 0; i3 < length; i3++) {
            int i4 = i3 & 15;
            aes[i4] = (byte) (aes[i4] ^ bArr5[i3]);
            if (i4 == 15 || i3 == length - 1) {
                aes = aes(aes, bArr2);
            }
        }
        for (int i5 = 0; i5 < 2; i5++) {
            if (bArr4[i5] != aes[i5]) {
                return null;
            }
        }
        System.arraycopy(bArr5, 0, bArr, 4, bArr5.length);
        return bArr;
    }

    public static byte[] generateBeaconKey(byte[] bArr) {
        byte[] generateSalt = generateSalt(SALT_BKIK);
        ByteBuffer allocate = ByteBuffer.allocate(SALT_ID128.length + 1);
        allocate.put(SALT_ID128);
        allocate.put((byte) 1);
        return k1(bArr, generateSalt, allocate.array());
    }

    public static byte[] generateECDH(byte[] bArr, PrivateKey privateKey) {
        try {
            BigInteger fromUnsignedByteArray = BigIntegers.fromUnsignedByteArray(bArr, 0, 32);
            BigInteger fromUnsignedByteArray2 = BigIntegers.fromUnsignedByteArray(bArr, 32, 32);
            ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("secp256r1");
            org.spongycastle.jce.interfaces.ECPublicKey eCPublicKey = (org.spongycastle.jce.interfaces.ECPublicKey) KeyFactory.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME).generatePublic(new ECPublicKeySpec(parameterSpec.getCurve().validatePoint(fromUnsignedByteArray, fromUnsignedByteArray2), parameterSpec));
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
            keyAgreement.init(privateKey);
            keyAgreement.doPhase(eCPublicKey, true);
            return keyAgreement.generateSecret();
        } catch (IllegalArgumentException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static byte[] generateIdentityKey(byte[] bArr) {
        byte[] generateSalt = generateSalt(SALT_NKIK);
        ByteBuffer allocate = ByteBuffer.allocate(SALT_ID128.length + 1);
        allocate.put(SALT_ID128);
        allocate.put((byte) 1);
        return k1(bArr, generateSalt, allocate.array());
    }

    public static KeyPair generateKeyPair() {
        try {
            ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("P-256");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
            keyPairGenerator.initialize(parameterSpec);
            return keyPairGenerator.generateKeyPair();
        } catch (Exception unused) {
            MeshLogger.log("generate key pair err!");
            return null;
        }
    }

    public static byte[] generateNodeIdentityHash(byte[] bArr, byte[] bArr2, int i) {
        ByteBuffer order = ByteBuffer.allocate(NODE_IDENTITY_HASH_PADDING.length + bArr2.length + 2).order(ByteOrder.BIG_ENDIAN);
        order.put(NODE_IDENTITY_HASH_PADDING);
        order.put(bArr2);
        order.putShort((short) i);
        byte[] aes = aes(order.array(), bArr);
        ByteBuffer allocate = ByteBuffer.allocate(8);
        allocate.put(aes, 8, 8);
        return allocate.array();
    }

    public static byte[] generateSalt(byte[] bArr) {
        return aesCmac(bArr, SALT_KEY_ZERO);
    }

    public static byte[] k1(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return aesCmac(bArr3, aesCmac(bArr, bArr2));
    }

    public static byte[][] k2(byte[] bArr, byte[] bArr2) {
        byte[] aesCmac = aesCmac(bArr, generateSalt(SALT_INPUT_K2));
        byte[] bArr3 = new byte[0];
        ByteBuffer allocate = ByteBuffer.allocate(bArr3.length + bArr2.length + 1);
        allocate.put(bArr3);
        allocate.put(bArr2);
        allocate.put((byte) 1);
        byte[] aesCmac2 = aesCmac(allocate.array(), aesCmac);
        ByteBuffer allocate2 = ByteBuffer.allocate(aesCmac2.length + bArr2.length + 1);
        allocate2.put(aesCmac2);
        allocate2.put(bArr2);
        allocate2.put((byte) 2);
        byte[] aesCmac3 = aesCmac(allocate2.array(), aesCmac);
        ByteBuffer allocate3 = ByteBuffer.allocate(aesCmac3.length + bArr2.length + 1);
        allocate3.put(aesCmac3);
        allocate3.put(bArr2);
        allocate3.put((byte) 3);
        return new byte[][]{aesCmac2, aesCmac3, aesCmac(allocate3.array(), aesCmac)};
    }

    public static byte[] k3(byte[] bArr) {
        byte[] aesCmac = aesCmac(SALT_K3_M, aesCmac(bArr, generateSalt(SALT_INPUT_K3)));
        byte[] bArr2 = new byte[8];
        System.arraycopy(aesCmac, aesCmac.length - bArr2.length, bArr2, 0, bArr2.length);
        return bArr2;
    }

    public static byte k4(byte[] bArr) {
        return (byte) (aesCmac(SALT_K4_M, aesCmac(bArr, generateSalt(SALT_INPUT_K4)))[15] & 63);
    }
}
