package bisq.network.crypto;

import bisq.common.crypto.CryptoException;
import bisq.common.crypto.Encryption;
import bisq.common.crypto.Hash;
import bisq.common.crypto.KeyRing;
import bisq.common.crypto.PubKeyRing;
import bisq.common.crypto.SealedAndSigned;
import bisq.common.crypto.Sig;
import bisq.common.proto.network.NetworkEnvelope;
import bisq.common.proto.network.NetworkProtoResolver;
import bisq.network.Socks5MultiDiscovery;
import bisq.network.p2p.DecryptedMessageWithPubKey;
import com.google.protobuf.InvalidProtocolBufferException;
import io.bisq.generated.protobuffer.PB;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.crypto.SecretKey;
import javax.inject.Inject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:bisq/network/crypto/EncryptionService.class */
public class EncryptionService {
    private static final Logger log = LoggerFactory.getLogger(EncryptionService.class);
    private final KeyRing keyRing;
    private final NetworkProtoResolver networkProtoResolver;

    @Inject
    public EncryptionService(KeyRing keyRing, NetworkProtoResolver networkProtoResolver) {
        this.keyRing = keyRing;
        this.networkProtoResolver = networkProtoResolver;
    }

    public SealedAndSigned encryptAndSign(PubKeyRing pubKeyRing, NetworkEnvelope networkEnvelope) throws CryptoException {
        return encryptHybridWithSignature(networkEnvelope, this.keyRing.getSignatureKeyPair(), pubKeyRing.getEncryptionPubKey());
    }

    public DecryptedDataTuple decryptHybridWithSignature(SealedAndSigned sealedAndSigned, PrivateKey privateKey) throws CryptoException {
        SecretKey decryptSecretKey = Encryption.decryptSecretKey(sealedAndSigned.getEncryptedSecretKey(), privateKey);
        if (!Sig.verify(sealedAndSigned.getSigPublicKey(), Hash.getSha256Hash(sealedAndSigned.getEncryptedPayloadWithHmac()), sealedAndSigned.getSignature())) {
            throw new CryptoException("Signature verification failed.");
        }
        try {
            return new DecryptedDataTuple(this.networkProtoResolver.fromProto(PB.NetworkEnvelope.parseFrom(Encryption.decryptPayloadWithHmac(sealedAndSigned.getEncryptedPayloadWithHmac(), decryptSecretKey))), sealedAndSigned.getSigPublicKey());
        } catch (InvalidProtocolBufferException e) {
            throw new CryptoException("Unable to parse protobuffer message.", e);
        }
    }

    public DecryptedMessageWithPubKey decryptAndVerify(SealedAndSigned sealedAndSigned) throws CryptoException {
        DecryptedDataTuple decryptHybridWithSignature = decryptHybridWithSignature(sealedAndSigned, this.keyRing.getEncryptionKeyPair().getPrivate());
        return new DecryptedMessageWithPubKey(decryptHybridWithSignature.getNetworkEnvelope(), decryptHybridWithSignature.getSigPublicKey());
    }

    private static byte[] encryptPayloadWithHmac(NetworkEnvelope networkEnvelope, SecretKey secretKey) throws CryptoException {
        return Encryption.encryptPayloadWithHmac(networkEnvelope.toProtoNetworkEnvelope().toByteArray(), secretKey);
    }

    public static SealedAndSigned encryptHybridWithSignature(NetworkEnvelope networkEnvelope, KeyPair keyPair, PublicKey publicKey) throws CryptoException {
        SecretKey generateSecretKey = Encryption.generateSecretKey(Socks5MultiDiscovery.SOCKS5_DISCOVER_ONION);
        byte[] encryptSecretKey = Encryption.encryptSecretKey(generateSecretKey, publicKey);
        byte[] encryptPayloadWithHmac = encryptPayloadWithHmac(networkEnvelope, generateSecretKey);
        return new SealedAndSigned(encryptSecretKey, encryptPayloadWithHmac, Sig.sign(keyPair.getPrivate(), Hash.getSha256Hash(encryptPayloadWithHmac)), keyPair.getPublic());
    }
}
