package org.bouncycastle.mls.codec;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.mls.KeyGeneration;
import org.bouncycastle.mls.KeyScheduleEpoch;
import org.bouncycastle.mls.codec.MLSInputStream;
import org.bouncycastle.mls.codec.MLSOutputStream;
import org.bouncycastle.mls.crypto.MlsCipherSuite;
import org.bouncycastle.mls.crypto.Secret;

/* loaded from: input_file:org/bouncycastle/mls/codec/Welcome.class */
public class Welcome implements MLSInputStream.Readable, MLSOutputStream.Writable {
    short cipher_suite;
    MlsCipherSuite suite;
    List<EncryptedGroupSecrets> secrets;
    byte[] encrypted_group_info;
    private Secret joinerSecret;
    private List<PreSharedKeyID> psks;

    public MlsCipherSuite getSuite() {
        return this.suite;
    }

    public Welcome(MlsCipherSuite mlsCipherSuite, byte[] bArr, List<KeyScheduleEpoch.PSKWithSecret> list, byte[] bArr2) throws IOException, InvalidCipherTextException {
        this.cipher_suite = mlsCipherSuite.getSuiteID();
        this.suite = mlsCipherSuite;
        this.joinerSecret = new Secret(bArr);
        this.psks = new ArrayList();
        Iterator<KeyScheduleEpoch.PSKWithSecret> it = list.iterator();
        while (it.hasNext()) {
            this.psks.add(it.next().id);
        }
        KeyGeneration groupInfoKeyNonce = getGroupInfoKeyNonce(bArr, list);
        this.encrypted_group_info = mlsCipherSuite.getAEAD().seal(groupInfoKeyNonce.key, groupInfoKeyNonce.nonce, new byte[0], bArr2);
        this.secrets = new ArrayList();
    }

    public int find(KeyPackage keyPackage) throws IOException {
        byte[] refHash = this.suite.refHash(MLSOutputStream.encode(keyPackage), "MLS 1.0 KeyPackage Reference");
        for (int i = 0; i < this.secrets.size(); i++) {
            if (Arrays.equals(refHash, this.secrets.get(i).new_member)) {
                return i;
            }
        }
        return -1;
    }

    public void encrypt(KeyPackage keyPackage, Secret secret) throws IOException, InvalidCipherTextException {
        GroupSecrets groupSecrets = new GroupSecrets(this.joinerSecret.value(), null, this.psks);
        if (secret != null) {
            groupSecrets.path_secret = new PathSecret(secret.value());
        }
        byte[] encode = MLSOutputStream.encode(groupSecrets);
        MlsCipherSuite mlsCipherSuite = keyPackage.suite;
        byte[][] encryptWithLabel = mlsCipherSuite.encryptWithLabel(keyPackage.init_key, "Welcome", this.encrypted_group_info, encode);
        this.secrets.add(new EncryptedGroupSecrets(mlsCipherSuite.refHash(MLSOutputStream.encode(keyPackage), "MLS 1.0 KeyPackage Reference"), new HPKECiphertext(encryptWithLabel[1], encryptWithLabel[0])));
    }

    public GroupInfo decrypt(byte[] bArr, List<KeyScheduleEpoch.PSKWithSecret> list) throws IOException, InvalidCipherTextException {
        KeyGeneration groupInfoKeyNonce = getGroupInfoKeyNonce(bArr, list);
        return (GroupInfo) MLSInputStream.decode(this.suite.getAEAD().open(groupInfoKeyNonce.key, groupInfoKeyNonce.nonce, new byte[0], this.encrypted_group_info), GroupInfo.class);
    }

    private KeyGeneration getGroupInfoKeyNonce(byte[] bArr, List<KeyScheduleEpoch.PSKWithSecret> list) throws IOException {
        Secret welcomeSecret = KeyScheduleEpoch.welcomeSecret(this.suite, bArr, list);
        return new KeyGeneration(-1, welcomeSecret.expandWithLabel(this.suite, "key", new byte[0], this.suite.getAEAD().getKeySize()), welcomeSecret.expandWithLabel(this.suite, "nonce", new byte[0], this.suite.getAEAD().getNonceSize()));
    }

    public GroupSecrets decryptSecrets(int i, byte[] bArr) throws InvalidCipherTextException, IOException {
        HPKECiphertext hPKECiphertext = this.secrets.get(i).encrypted_group_secrets;
        return (GroupSecrets) MLSInputStream.decode(this.suite.decryptWithLabel(bArr, "Welcome", this.encrypted_group_info, hPKECiphertext.kem_output, hPKECiphertext.ciphertext), GroupSecrets.class);
    }

    Welcome(MLSInputStream mLSInputStream) throws Exception {
        this.cipher_suite = ((Short) mLSInputStream.read(Short.TYPE)).shortValue();
        this.suite = MlsCipherSuite.getSuite(this.cipher_suite);
        this.secrets = new ArrayList();
        mLSInputStream.readList(this.secrets, EncryptedGroupSecrets.class);
        this.encrypted_group_info = mLSInputStream.readOpaque();
    }

    @Override // org.bouncycastle.mls.codec.MLSOutputStream.Writable
    public void writeTo(MLSOutputStream mLSOutputStream) throws IOException {
        mLSOutputStream.write(Short.valueOf(this.cipher_suite));
        mLSOutputStream.writeList(this.secrets);
        mLSOutputStream.writeOpaque(this.encrypted_group_info);
    }
}
