package org.bouncycastle.mls;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.hpke.HPKEContextWithEncapsulation;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.mls.codec.MLSOutputStream;
import org.bouncycastle.mls.codec.PreSharedKeyID;
import org.bouncycastle.mls.crypto.MlsCipherSuite;
import org.bouncycastle.mls.crypto.Secret;
import org.bouncycastle.util.Arrays;

/* loaded from: input_file:org/bouncycastle/mls/KeyScheduleEpoch.class */
public class KeyScheduleEpoch {
    final MlsCipherSuite suite;
    public final Secret initSecret;
    public Secret senderDataSecret;
    public final Secret exporterSecret;
    public final Secret confirmationKey;
    public Secret membershipKey;
    public final Secret resumptionPSK;
    public final Secret epochAuthenticator;
    public final Secret encryptionSecret;
    public final Secret externalSecret;
    final AsymmetricCipherKeyPair externalKeyPair;
    public final GroupKeySet groupKeySet;
    public Secret joinerSecret;

    /* loaded from: input_file:org/bouncycastle/mls/KeyScheduleEpoch$ExternalInitParams.class */
    public static class ExternalInitParams {
        public byte[] kemOutput;
        public Secret initSecret;

        public ExternalInitParams(MlsCipherSuite mlsCipherSuite, AsymmetricKeyParameter asymmetricKeyParameter) {
            byte[] bytes = "MLS 1.0 external init secret".getBytes(StandardCharsets.UTF_8);
            int hashLength = mlsCipherSuite.getKDF().getHashLength();
            HPKEContextWithEncapsulation hPKEContextWithEncapsulation = mlsCipherSuite.getHPKE().setupBaseS(asymmetricKeyParameter, (byte[]) null);
            this.kemOutput = hPKEContextWithEncapsulation.getEncapsulation();
            this.initSecret = new Secret(hPKEContextWithEncapsulation.export(bytes, hashLength));
        }

        public Secret getInitSecret() {
            return this.initSecret;
        }

        public byte[] getKEMOutput() {
            return this.kemOutput;
        }
    }

    /* loaded from: input_file:org/bouncycastle/mls/KeyScheduleEpoch$JoinSecrets.class */
    public static class JoinSecrets {
        private final MlsCipherSuite suite;
        public final Secret joinerSecret;
        public Secret welcomeSecret;
        public Secret welcomeKey;
        public Secret welcomeNonce;
        private Secret memberSecret;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:org/bouncycastle/mls/KeyScheduleEpoch$JoinSecrets$PSKLabel.class */
        public static class PSKLabel implements MLSOutputStream.Writable {
            PreSharedKeyID id;
            short index;
            short count;

            public PSKLabel(PreSharedKeyID preSharedKeyID, short s, short s2) {
                this.id = preSharedKeyID;
                this.index = s;
                this.count = s2;
            }

            @Override // org.bouncycastle.mls.codec.MLSOutputStream.Writable
            public void writeTo(MLSOutputStream mLSOutputStream) throws IOException {
                mLSOutputStream.write(this.id);
                mLSOutputStream.write(Short.valueOf(this.index));
                mLSOutputStream.write(Short.valueOf(this.count));
            }
        }

        public static Secret pskSecret(MlsCipherSuite mlsCipherSuite, List<PSKWithSecret> list) throws IOException {
            Secret zero = Secret.zero(mlsCipherSuite);
            if (list == null || list.isEmpty()) {
                return zero;
            }
            short s = 0;
            short size = (short) list.size();
            for (PSKWithSecret pSKWithSecret : list) {
                byte[] encode = MLSOutputStream.encode(new PSKLabel(pSKWithSecret.id, s, size));
                s = (short) (s + 1);
                zero = Secret.extract(mlsCipherSuite, Secret.extract(mlsCipherSuite, Secret.zero(mlsCipherSuite), pSKWithSecret.secret).expandWithLabel(mlsCipherSuite, "derived psk", encode, mlsCipherSuite.getKDF().getHashLength()), zero);
            }
            return zero;
        }

        public static JoinSecrets forMember(MlsCipherSuite mlsCipherSuite, Secret secret, Secret secret2, Secret secret3, byte[] bArr) throws IOException {
            return new JoinSecrets(mlsCipherSuite, Secret.extract(mlsCipherSuite, secret, secret2).expandWithLabel(mlsCipherSuite, "joiner", bArr, mlsCipherSuite.getKDF().getHashLength()), secret3);
        }

        public JoinSecrets(MlsCipherSuite mlsCipherSuite, Secret secret, List<PSKWithSecret> list) throws IOException {
            this.suite = mlsCipherSuite;
            this.joinerSecret = secret;
            this.memberSecret = Secret.extract(mlsCipherSuite, secret, pskSecret(mlsCipherSuite, list));
            this.welcomeSecret = this.memberSecret.deriveSecret(mlsCipherSuite, "welcome");
            this.welcomeKey = this.welcomeSecret.expand(mlsCipherSuite, "key", mlsCipherSuite.getAEAD().getKeySize());
            this.welcomeNonce = this.welcomeSecret.expand(mlsCipherSuite, "nonce", mlsCipherSuite.getAEAD().getNonceSize());
        }

        public JoinSecrets(MlsCipherSuite mlsCipherSuite, Secret secret, Secret secret2) throws IOException {
            this.suite = mlsCipherSuite;
            this.joinerSecret = secret;
            this.memberSecret = Secret.extract(mlsCipherSuite, secret, secret2);
            this.welcomeSecret = this.memberSecret.deriveSecret(mlsCipherSuite, "welcome");
            this.welcomeKey = this.welcomeSecret.expand(mlsCipherSuite, "key", mlsCipherSuite.getAEAD().getKeySize());
            this.welcomeNonce = this.welcomeSecret.expand(mlsCipherSuite, "nonce", mlsCipherSuite.getAEAD().getNonceSize());
        }

        public void injectPskSecret(Secret secret) throws IOException {
            this.memberSecret = Secret.extract(this.suite, this.joinerSecret, secret);
            this.welcomeSecret = this.memberSecret.deriveSecret(this.suite, "welcome");
            this.welcomeKey = this.welcomeSecret.expand(this.suite, "key", this.suite.getAEAD().getKeySize());
            this.welcomeNonce = this.welcomeSecret.expand(this.suite, "nonce", this.suite.getAEAD().getNonceSize());
        }

        public KeyScheduleEpoch complete(TreeSize treeSize, byte[] bArr) throws IOException, IllegalAccessException {
            KeyScheduleEpoch keyScheduleEpoch = new KeyScheduleEpoch(this.suite, treeSize, this.memberSecret.expandWithLabel(this.suite, "epoch", bArr, this.suite.getKDF().getHashLength()));
            keyScheduleEpoch.setJoinerSecret(this.joinerSecret);
            return keyScheduleEpoch;
        }
    }

    /* loaded from: input_file:org/bouncycastle/mls/KeyScheduleEpoch$PSKWithSecret.class */
    public static class PSKWithSecret {
        public PreSharedKeyID id;
        public Secret secret;

        public PSKWithSecret(PreSharedKeyID preSharedKeyID, Secret secret) {
            this.id = preSharedKeyID;
            this.secret = secret;
        }
    }

    public byte[] receiveExternalInit(byte[] bArr) throws IOException {
        int hashLength = this.suite.getKDF().getHashLength();
        return this.suite.getHPKE().setupBaseR(bArr, this.externalKeyPair, new byte[0]).export("MLS 1.0 external init secret".getBytes(StandardCharsets.UTF_8), hashLength);
    }

    public Secret getJoinerSecret() {
        return this.joinerSecret;
    }

    public void setJoinerSecret(Secret secret) {
        this.joinerSecret = secret;
    }

    public GroupKeySet getEncryptionKeys(TreeSize treeSize) throws IOException, IllegalAccessException {
        return new GroupKeySet(this.suite, treeSize, this.encryptionSecret);
    }

    public static KeyGeneration senderDataKeys(MlsCipherSuite mlsCipherSuite, byte[] bArr, byte[] bArr2) throws IOException {
        Secret secret = new Secret(bArr);
        byte[] copyOf = Arrays.copyOf(bArr2, mlsCipherSuite.getKDF().getHashLength());
        return new KeyGeneration(0, secret.expandWithLabel(mlsCipherSuite, "key", copyOf, mlsCipherSuite.getAEAD().getKeySize()), secret.expandWithLabel(mlsCipherSuite, "nonce", copyOf, mlsCipherSuite.getAEAD().getNonceSize()));
    }

    public static Secret welcomeSecret(MlsCipherSuite mlsCipherSuite, byte[] bArr, List<PSKWithSecret> list) throws IOException {
        return new Secret(mlsCipherSuite.getKDF().extract(bArr, JoinSecrets.pskSecret(mlsCipherSuite, list).value())).deriveSecret(mlsCipherSuite, "welcome");
    }

    public static KeyScheduleEpoch forCreator(MlsCipherSuite mlsCipherSuite, byte[] bArr) throws IOException, IllegalAccessException {
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr2 = new byte[mlsCipherSuite.getKDF().getHashLength()];
        secureRandom.nextBytes(bArr2);
        return joiner(mlsCipherSuite, JoinSecrets.forMember(mlsCipherSuite, new Secret(bArr2), Secret.zero(mlsCipherSuite), new Secret(new byte[0]), bArr).joinerSecret.value(), new ArrayList(), bArr);
    }

    public static KeyScheduleEpoch forCreator(MlsCipherSuite mlsCipherSuite) throws IOException, IllegalAccessException {
        return forCreator(mlsCipherSuite, new SecureRandom());
    }

    public static KeyScheduleEpoch forCreator(MlsCipherSuite mlsCipherSuite, SecureRandom secureRandom) throws IOException, IllegalAccessException {
        byte[] bArr = new byte[mlsCipherSuite.getKDF().getHashLength()];
        secureRandom.nextBytes(bArr);
        return new KeyScheduleEpoch(mlsCipherSuite, TreeSize.forLeaves(1L), new Secret(bArr));
    }

    public static KeyScheduleEpoch forExternalJoiner(MlsCipherSuite mlsCipherSuite, TreeSize treeSize, ExternalInitParams externalInitParams, Secret secret, List<PSKWithSecret> list, byte[] bArr) throws IOException, IllegalAccessException {
        return JoinSecrets.forMember(mlsCipherSuite, externalInitParams.initSecret, secret, JoinSecrets.pskSecret(mlsCipherSuite, list), bArr).complete(treeSize, bArr);
    }

    public JoinSecrets startCommit(Secret secret, List<PSKWithSecret> list, byte[] bArr) throws IOException {
        return JoinSecrets.forMember(this.suite, this.initSecret, secret, JoinSecrets.pskSecret(this.suite, list), bArr);
    }

    public byte[] confirmationTag(byte[] bArr) {
        return this.suite.getKDF().extract(this.confirmationKey.value(), bArr);
    }

    public KeyScheduleEpoch(MlsCipherSuite mlsCipherSuite, Secret secret, Secret secret2, Secret secret3, Secret secret4, Secret secret5, Secret secret6, Secret secret7, Secret secret8, Secret secret9, AsymmetricCipherKeyPair asymmetricCipherKeyPair, GroupKeySet groupKeySet, Secret secret10) {
        this.suite = mlsCipherSuite;
        this.initSecret = new Secret(secret.value());
        this.senderDataSecret = new Secret(secret2.value());
        this.exporterSecret = new Secret(secret3.value());
        this.confirmationKey = new Secret(secret4.value());
        this.membershipKey = new Secret(secret5.value());
        this.resumptionPSK = new Secret(secret6.value());
        this.epochAuthenticator = new Secret(secret7.value());
        this.encryptionSecret = new Secret(secret8.value());
        this.externalSecret = new Secret(secret9.value());
        this.externalKeyPair = asymmetricCipherKeyPair;
        this.groupKeySet = groupKeySet;
        this.joinerSecret = new Secret(secret10.value());
    }

    public KeyScheduleEpoch copy() {
        return new KeyScheduleEpoch(this.suite, this.initSecret, this.senderDataSecret, this.exporterSecret, this.confirmationKey, this.membershipKey, this.resumptionPSK, this.epochAuthenticator, this.encryptionSecret, this.externalSecret, this.externalKeyPair, this.groupKeySet, this.joinerSecret);
    }

    public static KeyScheduleEpoch joiner(MlsCipherSuite mlsCipherSuite, byte[] bArr, List<PSKWithSecret> list, byte[] bArr2) throws IOException, IllegalAccessException {
        return new JoinSecrets(mlsCipherSuite, new Secret(bArr), list).complete(TreeSize.forLeaves(1L), bArr2);
    }

    public KeyScheduleEpoch(MlsCipherSuite mlsCipherSuite) throws IOException, IllegalAccessException {
        this.suite = mlsCipherSuite;
        this.initSecret = new Secret(new byte[0]);
        this.senderDataSecret = new Secret(new byte[0]);
        this.exporterSecret = new Secret(new byte[0]);
        this.confirmationKey = null;
        this.membershipKey = new Secret(new byte[0]);
        this.resumptionPSK = new Secret(new byte[0]);
        this.epochAuthenticator = new Secret(new byte[0]);
        this.externalSecret = new Secret(new byte[0]);
        this.externalKeyPair = null;
        this.encryptionSecret = new Secret(new byte[0]);
        this.groupKeySet = null;
    }

    public KeyScheduleEpoch(MlsCipherSuite mlsCipherSuite, TreeSize treeSize, Secret secret) throws IOException, IllegalAccessException {
        this.suite = mlsCipherSuite;
        this.initSecret = secret.deriveSecret(mlsCipherSuite, "init");
        this.senderDataSecret = secret.deriveSecret(mlsCipherSuite, "sender data");
        this.exporterSecret = secret.deriveSecret(mlsCipherSuite, "exporter");
        this.confirmationKey = secret.deriveSecret(mlsCipherSuite, "confirm");
        this.membershipKey = secret.deriveSecret(mlsCipherSuite, "membership");
        this.resumptionPSK = secret.deriveSecret(mlsCipherSuite, "resumption");
        this.epochAuthenticator = secret.deriveSecret(mlsCipherSuite, "authentication");
        this.externalSecret = secret.deriveSecret(mlsCipherSuite, "external");
        this.externalKeyPair = mlsCipherSuite.getHPKE().deriveKeyPair(this.externalSecret.value());
        this.encryptionSecret = secret.deriveSecret(mlsCipherSuite, "encryption");
        this.groupKeySet = new GroupKeySet(mlsCipherSuite, treeSize, this.encryptionSecret);
    }

    public KeyScheduleEpoch(MlsCipherSuite mlsCipherSuite, TreeSize treeSize, Secret secret, Secret secret2, byte[] bArr) throws IOException, IllegalAccessException {
        this.suite = mlsCipherSuite;
        Secret expandWithLabel = Secret.extract(mlsCipherSuite, secret, secret2).expandWithLabel(mlsCipherSuite, "epoch", bArr, mlsCipherSuite.getKDF().getHashLength());
        this.senderDataSecret = expandWithLabel.deriveSecret(mlsCipherSuite, "sender data");
        this.encryptionSecret = expandWithLabel.deriveSecret(mlsCipherSuite, "encryption");
        this.exporterSecret = expandWithLabel.deriveSecret(mlsCipherSuite, "exporter");
        this.epochAuthenticator = expandWithLabel.deriveSecret(mlsCipherSuite, "authentication");
        this.externalSecret = expandWithLabel.deriveSecret(mlsCipherSuite, "external");
        this.confirmationKey = expandWithLabel.deriveSecret(mlsCipherSuite, "confirm");
        this.membershipKey = expandWithLabel.deriveSecret(mlsCipherSuite, "membership");
        this.resumptionPSK = expandWithLabel.deriveSecret(mlsCipherSuite, "resumption");
        this.initSecret = expandWithLabel.deriveSecret(mlsCipherSuite, "init");
        this.externalKeyPair = mlsCipherSuite.getHPKE().deriveKeyPair(this.externalSecret.value());
        this.groupKeySet = new GroupKeySet(mlsCipherSuite, treeSize, this.encryptionSecret);
    }

    public KeyScheduleEpoch next(TreeSize treeSize, byte[] bArr, Secret secret, List<PSKWithSecret> list, byte[] bArr2) throws IOException, IllegalAccessException {
        Secret secret2 = this.initSecret;
        if (bArr != null) {
            secret2 = new Secret(bArr);
        }
        return JoinSecrets.forMember(this.suite, secret2, secret, JoinSecrets.pskSecret(this.suite, list), bArr2).complete(treeSize, bArr2);
    }

    public byte[] MLSExporter(String str, byte[] bArr, int i) throws IOException {
        return this.exporterSecret.deriveSecret(this.suite, str).expandWithLabel(this.suite, "exported", this.suite.hash(bArr), i).value();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        KeyScheduleEpoch keyScheduleEpoch = (KeyScheduleEpoch) obj;
        return this.suite.equals(keyScheduleEpoch.suite) && this.initSecret.equals(keyScheduleEpoch.initSecret) && this.senderDataSecret.equals(keyScheduleEpoch.senderDataSecret) && this.exporterSecret.equals(keyScheduleEpoch.exporterSecret) && this.confirmationKey.equals(keyScheduleEpoch.confirmationKey) && this.membershipKey.equals(keyScheduleEpoch.membershipKey) && this.resumptionPSK.equals(keyScheduleEpoch.resumptionPSK) && this.epochAuthenticator.equals(keyScheduleEpoch.epochAuthenticator) && this.groupKeySet.equals(keyScheduleEpoch.groupKeySet);
    }

    public AsymmetricKeyParameter getExternalPublicKey() {
        return this.externalKeyPair.getPublic();
    }
}
