package com.blueair.bluetooth.espressif;

import android.util.Log;
import com.google.crypto.tink.subtle.X25519;
import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import espressif.Sec1;
import espressif.Session;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import timber.log.Timber;

/* loaded from: classes3.dex */
public class Security1 implements Security {
    private static final int SESSION_STATE_FINISHED = 3;
    private static final int SESSION_STATE_REQUEST1 = 0;
    private static final int SESSION_STATE_RESPONSE1_REQUEST2 = 1;
    private static final int SESSION_STATE_RESPONSE2 = 2;
    private static final String TAG = "Espressif::Security1";
    private Cipher cipher;
    private byte[] proofOfPossession;
    private int sessionState = 0;
    private byte[] privateKey = null;
    private byte[] publicKey = null;
    private byte[] clientVerify = null;

    public Security1(String str) {
        this.proofOfPossession = null;
        if (str != null) {
            this.proofOfPossession = str.getBytes();
        }
    }

    private void generateKeyPair() throws InvalidKeyException {
        byte[] generatePrivateKey = X25519.generatePrivateKey();
        this.privateKey = generatePrivateKey;
        this.publicKey = X25519.publicFromPrivate(generatePrivateKey);
    }

    private byte[] getStep0Request() {
        Timber.d("getStep0Request", new Object[0]);
        try {
            generateKeyPair();
            return Session.SessionData.newBuilder().setSecVer(Session.SecSchemeVersion.SecScheme1).setSec1(Sec1.Sec1Payload.newBuilder().setSc0(Sec1.SessionCmd0.newBuilder().setClientPubkey(ByteString.copyFrom(this.publicKey)).build()).build()).build().toByteArray();
        } catch (InvalidKeyException e) {
            Timber.e("getStep0Request: InvalidKeyException", new Object[0]);
            Log.e(TAG, e.getMessage());
            return null;
        }
    }

    private byte[] getStep1Request() {
        Timber.d("getStep1Request: sessionState = " + this.sessionState + ", clientVerify = " + this.clientVerify, new Object[0]);
        return Session.SessionData.newBuilder().setSecVer(Session.SecSchemeVersion.SecScheme1).setSec1(Sec1.Sec1Payload.newBuilder().setSc1(Sec1.SessionCmd1.newBuilder().setClientVerifyData(ByteString.copyFrom(this.clientVerify)).build()).setMsg(Sec1.Sec1MsgType.Session_Command1).build()).build().toByteArray();
    }

    private void processStep0Response(byte[] bArr) throws RuntimeException {
        Timber.d("processStep0Response: hexData = " + bArr, new Object[0]);
        try {
            if (bArr == null) {
                throw new RuntimeException("No response from device");
            }
            Session.SessionData parseFrom = Session.SessionData.parseFrom(bArr);
            Timber.d("processStep0Response: responseData = " + parseFrom, new Object[0]);
            if (parseFrom.getSecVer() != Session.SecSchemeVersion.SecScheme1) {
                throw new RuntimeException("Security version mismatch");
            }
            byte[] byteArray = parseFrom.getSec1().getSr0().getDevicePubkey().toByteArray();
            byte[] byteArray2 = parseFrom.getSec1().getSr0().getDeviceRandom().toByteArray();
            byte[] computeSharedSecret = X25519.computeSharedSecret(this.privateKey, byteArray);
            Timber.d("processStep0Response: proofOfPossession.length = " + this.proofOfPossession.length + ", proofOfPossession = " + this.proofOfPossession, new Object[0]);
            if (this.proofOfPossession.length > 0) {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
                messageDigest.update(this.proofOfPossession);
                computeSharedSecret = HexEncoder.xor(computeSharedSecret, messageDigest.digest());
            }
            Timber.d("processStep0Response: sharedKey = " + computeSharedSecret, new Object[0]);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(byteArray2);
            SecretKeySpec secretKeySpec = new SecretKeySpec(computeSharedSecret, 0, computeSharedSecret.length, "AES");
            Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
            this.cipher = cipher;
            cipher.init(1, secretKeySpec, ivParameterSpec);
            this.clientVerify = encrypt(byteArray);
            Timber.d("processStep0Response: clientVerify = " + this.clientVerify, new Object[0]);
        } catch (InvalidProtocolBufferException e) {
            Timber.e(e, "processStep0Response: InvalidProtocolBufferException", new Object[0]);
            Log.e(TAG, e.getMessage());
        } catch (InvalidAlgorithmParameterException e2) {
            Timber.e("processStep0Response: InvalidAlgorithmParameterException", new Object[0]);
            e2.printStackTrace();
        } catch (InvalidKeyException e3) {
            Timber.e("processStep0Response: InvalidKeyException", new Object[0]);
            Log.e(TAG, e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            Timber.e("processStep0Response: NoSuchAlgorithmException", new Object[0]);
            Log.e(TAG, e4.getMessage());
        } catch (NoSuchPaddingException e5) {
            Timber.e("processStep0Response: NoSuchPaddingException", new Object[0]);
            e5.printStackTrace();
        }
    }

    private void processStep1Response(byte[] bArr) throws RuntimeException {
        try {
            if (bArr == null) {
                throw new RuntimeException("No response from device");
            }
            Session.SessionData parseFrom = Session.SessionData.parseFrom(bArr);
            if (parseFrom.getSecVer() != Session.SecSchemeVersion.SecScheme1) {
                throw new RuntimeException("Security version mismatch");
            }
            if (!Arrays.equals(this.publicKey, decrypt(parseFrom.getSec1().getSr1().getDeviceVerifyData().toByteArray()))) {
                throw new RuntimeException("Session establishment failed !");
            }
        } catch (InvalidProtocolBufferException e) {
            Log.e(TAG, e.getMessage());
        }
    }

    @Override // com.blueair.bluetooth.espressif.Security
    public byte[] decrypt(byte[] bArr) {
        return this.cipher.update(bArr);
    }

    @Override // com.blueair.bluetooth.espressif.Security
    public byte[] encrypt(byte[] bArr) {
        return this.cipher.update(bArr);
    }

    @Override // com.blueair.bluetooth.espressif.Security
    public byte[] getNextRequestInSession(byte[] bArr) {
        Timber.d("getNextRequestInSession: sessionState = " + this.sessionState + ", hexData = " + bArr, new Object[0]);
        int i = this.sessionState;
        if (i == 0) {
            this.sessionState = 1;
            return getStep0Request();
        }
        if (i == 1) {
            this.sessionState = 2;
            processStep0Response(bArr);
            return getStep1Request();
        }
        if (i == 2) {
            this.sessionState = 3;
            processStep1Response(bArr);
        }
        return null;
    }
}
