package it.auties.whatsapp.crypto;

import it.auties.curve25519.Curve25519;
import it.auties.whatsapp.controller.Keys;
import it.auties.whatsapp.crypto.GroupCipher;
import it.auties.whatsapp.exception.HmacValidationException;
import it.auties.whatsapp.model.signal.keypair.SignalKeyPair;
import it.auties.whatsapp.model.signal.message.SignalMessage;
import it.auties.whatsapp.model.signal.message.SignalPreKeyMessage;
import it.auties.whatsapp.model.signal.session.Session;
import it.auties.whatsapp.model.signal.session.SessionAddress;
import it.auties.whatsapp.model.signal.session.SessionChain;
import it.auties.whatsapp.model.signal.session.SessionState;
import it.auties.whatsapp.util.BytesHelper;
import it.auties.whatsapp.util.KeyHelper;
import it.auties.whatsapp.util.Spec;
import it.auties.whatsapp.util.Validate;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.NoSuchElementException;
import java.util.Optional;
import java.util.function.Supplier;
import lombok.NonNull;

/* loaded from: input_file:it/auties/whatsapp/crypto/SessionCipher.class */
public final class SessionCipher extends Record {

    @NonNull
    private final SessionAddress address;

    @NonNull
    private final Keys keys;

    public SessionCipher(@NonNull SessionAddress sessionAddress, @NonNull Keys keys) {
        if (sessionAddress == null) {
            throw new NullPointerException("address is marked non-null but is null");
        }
        if (keys == null) {
            throw new NullPointerException("keys is marked non-null but is null");
        }
        this.address = sessionAddress;
        this.keys = keys;
    }

    public GroupCipher.CipheredMessageResult encrypt(byte[] bArr) {
        if (bArr == null) {
            return new GroupCipher.CipheredMessageResult(null, Spec.Signal.UNAVAILABLE);
        }
        SessionState orElseThrow = loadSession().currentState().orElseThrow(() -> {
            return new NoSuchElementException("Missing session for address %s".formatted(this.address));
        });
        Validate.isTrue(this.keys.hasTrust(this.address, orElseThrow.remoteIdentityKey()), "Untrusted key", SecurityException.class, new Object[0]);
        SessionChain orElseThrow2 = orElseThrow.findChain(orElseThrow.ephemeralKeyPair().encodedPublicKey()).orElseThrow(() -> {
            return new NoSuchElementException("Missing chain for %s".formatted(this.address));
        });
        fillMessageKeys(orElseThrow2, orElseThrow2.counter().get() + 1);
        byte[][] deriveSecrets = Hkdf.deriveSecrets(orElseThrow2.messageKeys().get(Integer.valueOf(orElseThrow2.counter().get())), "WhisperMessageKeys".getBytes(StandardCharsets.UTF_8));
        orElseThrow2.messageKeys().remove(Integer.valueOf(orElseThrow2.counter().get()));
        byte[] encrypt = AesCbc.encrypt(Arrays.copyOf(deriveSecrets[2], 16), bArr, deriveSecrets[0]);
        return new GroupCipher.CipheredMessageResult(encrypt(orElseThrow, orElseThrow2, deriveSecrets[1], encrypt), getMessageType(orElseThrow));
    }

    private String getMessageType(SessionState sessionState) {
        return sessionState.hasPreKey() ? Spec.Signal.PKMSG : Spec.Signal.MSG;
    }

    private byte[] encrypt(SessionState sessionState, SessionChain sessionChain, byte[] bArr, byte[] bArr2) {
        byte[] serialized = new SignalMessage(sessionState.ephemeralKeyPair().encodedPublicKey(), sessionChain.counter().get(), sessionState.previousCounter(), bArr2, bArr3 -> {
            return createMessageSignature(sessionState, bArr, bArr3);
        }).serialized();
        return !sessionState.hasPreKey() ? serialized : new SignalPreKeyMessage(sessionState.pendingPreKey().preKeyId(), sessionState.pendingPreKey().baseKey(), this.keys.identityKeyPair().encodedPublicKey(), serialized, this.keys.registrationId(), sessionState.pendingPreKey().signedKeyId()).serialized();
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], byte[][]] */
    private byte[] createMessageSignature(SessionState sessionState, byte[] bArr, byte[] bArr2) {
        return Arrays.copyOfRange(Hmac.calculateSha256(BytesHelper.concat(new byte[]{this.keys.identityKeyPair().encodedPublicKey(), sessionState.remoteIdentityKey(), bArr2}), bArr), 0, 8);
    }

    private void fillMessageKeys(SessionChain sessionChain, int i) {
        if (sessionChain.counter().get() >= i) {
            return;
        }
        Validate.isTrue(i - sessionChain.counter().get() <= 2000, "Message overflow: expected <= %s, got %s", Integer.valueOf(Spec.Signal.MAX_MESSAGES), Integer.valueOf(i - sessionChain.counter().get()));
        Validate.isTrue(sessionChain.key().get() != null, "Closed chain", new Object[0]);
        sessionChain.messageKeys().put(Integer.valueOf(sessionChain.counter().get() + 1), Hmac.calculateSha256(new byte[]{1}, sessionChain.key().get()));
        sessionChain.key().set(Hmac.calculateSha256(new byte[]{2}, sessionChain.key().get()));
        sessionChain.counter().getAndIncrement();
        fillMessageKeys(sessionChain, i);
    }

    public byte[] decrypt(SignalPreKeyMessage signalPreKeyMessage) {
        Session loadSession = loadSession(this::createSession);
        new SessionBuilder(this.address, this.keys).createIncoming(loadSession, signalPreKeyMessage);
        return decrypt(signalPreKeyMessage.signalMessage(), loadSession.findState(signalPreKeyMessage.version(), signalPreKeyMessage.baseKey()).orElseThrow(() -> {
            return new NoSuchElementException("Missing state");
        }));
    }

    private Optional<Session> createSession() {
        Session session = new Session();
        this.keys.putSession(this.address, session);
        return Optional.of(session);
    }

    public byte[] decrypt(SignalMessage signalMessage) {
        return (byte[]) loadSession().states().stream().map(sessionState -> {
            return tryDecrypt(signalMessage, sessionState);
        }).flatMap((v0) -> {
            return v0.stream();
        }).findFirst().orElseThrow(() -> {
            return new NoSuchElementException("Cannot decrypt message: no suitable session found");
        });
    }

    private Optional<byte[]> tryDecrypt(SignalMessage signalMessage, SessionState sessionState) {
        try {
            Validate.isTrue(this.keys.hasTrust(this.address, sessionState.remoteIdentityKey()), "Untrusted key", new Object[0]);
            return Optional.of(decrypt(signalMessage, sessionState));
        } catch (Throwable th) {
            return Optional.empty();
        }
    }

    /* JADX WARN: Type inference failed for: r0v15, types: [byte[], byte[][]] */
    private byte[] decrypt(SignalMessage signalMessage, SessionState sessionState) {
        maybeStepRatchet(signalMessage, sessionState);
        SessionChain orElseThrow = sessionState.findChain(signalMessage.ephemeralPublicKey()).orElseThrow(() -> {
            return new NoSuchElementException("Invalid chain");
        });
        fillMessageKeys(orElseThrow, signalMessage.counter().intValue());
        Validate.isTrue(orElseThrow.hasMessageKey(signalMessage.counter().intValue()), "Key used already or never filled", new Object[0]);
        byte[][] deriveSecrets = Hkdf.deriveSecrets(orElseThrow.messageKeys().get(signalMessage.counter()), "WhisperMessageKeys".getBytes(StandardCharsets.UTF_8));
        byte[] concat = BytesHelper.concat(new byte[]{sessionState.remoteIdentityKey(), this.keys.identityKeyPair().encodedPublicKey(), signalMessage.serialized()});
        Validate.isTrue(Arrays.equals(signalMessage.signature(), Arrays.copyOf(Hmac.calculateSha256(Arrays.copyOfRange(concat, 0, concat.length - 8), deriveSecrets[1]), 8)), "message_decryption", HmacValidationException.class, new Object[0]);
        byte[] decrypt = AesCbc.decrypt(Arrays.copyOf(deriveSecrets[2], 16), signalMessage.ciphertext(), deriveSecrets[0]);
        sessionState.pendingPreKey(null);
        return decrypt;
    }

    private void maybeStepRatchet(SignalMessage signalMessage, SessionState sessionState) {
        if (sessionState.hasChain(signalMessage.ephemeralPublicKey())) {
            return;
        }
        sessionState.findChain(sessionState.lastRemoteEphemeralKey()).ifPresent(sessionChain -> {
            fillMessageKeys(sessionChain, sessionState.previousCounter());
            sessionChain.key().set(null);
        });
        calculateRatchet(signalMessage, sessionState, false);
        sessionState.findChain(sessionState.ephemeralKeyPair().encodedPublicKey()).ifPresent(sessionChain2 -> {
            sessionState.previousCounter(sessionChain2.counter().get());
            sessionState.removeChain(sessionState.ephemeralKeyPair().encodedPublicKey());
        });
        sessionState.ephemeralKeyPair(SignalKeyPair.random());
        calculateRatchet(signalMessage, sessionState, true);
        sessionState.lastRemoteEphemeralKey(signalMessage.ephemeralPublicKey());
    }

    private void calculateRatchet(SignalMessage signalMessage, SessionState sessionState, boolean z) {
        byte[][] deriveSecrets = Hkdf.deriveSecrets(Curve25519.sharedKey(KeyHelper.withoutHeader(signalMessage.ephemeralPublicKey()), sessionState.ephemeralKeyPair().privateKey()), sessionState.rootKey(), "WhisperRatchet".getBytes(StandardCharsets.UTF_8), 2);
        sessionState.addChain(z ? sessionState.ephemeralKeyPair().encodedPublicKey() : signalMessage.ephemeralPublicKey(), new SessionChain(-1, deriveSecrets[1]));
        sessionState.rootKey(deriveSecrets[0]);
    }

    private Session loadSession() {
        return loadSession(() -> {
            return this.keys.findSessionByAddress(new SessionAddress(this.address.name(), 0));
        });
    }

    private Session loadSession(Supplier<Optional<Session>> supplier) {
        return this.keys.findSessionByAddress(this.address).or(supplier).orElseThrow(() -> {
            return new NoSuchElementException("Missing session for: %s".formatted(this.address));
        });
    }

    @Override // java.lang.Record
    public final String toString() {
        return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, SessionCipher.class), SessionCipher.class, "address;keys", "FIELD:Lit/auties/whatsapp/crypto/SessionCipher;->address:Lit/auties/whatsapp/model/signal/session/SessionAddress;", "FIELD:Lit/auties/whatsapp/crypto/SessionCipher;->keys:Lit/auties/whatsapp/controller/Keys;").dynamicInvoker().invoke(this) /* invoke-custom */;
    }

    @Override // java.lang.Record
    public final int hashCode() {
        return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, SessionCipher.class), SessionCipher.class, "address;keys", "FIELD:Lit/auties/whatsapp/crypto/SessionCipher;->address:Lit/auties/whatsapp/model/signal/session/SessionAddress;", "FIELD:Lit/auties/whatsapp/crypto/SessionCipher;->keys:Lit/auties/whatsapp/controller/Keys;").dynamicInvoker().invoke(this) /* invoke-custom */;
    }

    @Override // java.lang.Record
    public final boolean equals(Object obj) {
        return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, SessionCipher.class, Object.class), SessionCipher.class, "address;keys", "FIELD:Lit/auties/whatsapp/crypto/SessionCipher;->address:Lit/auties/whatsapp/model/signal/session/SessionAddress;", "FIELD:Lit/auties/whatsapp/crypto/SessionCipher;->keys:Lit/auties/whatsapp/controller/Keys;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
    }

    @NonNull
    public SessionAddress address() {
        return this.address;
    }

    @NonNull
    public Keys keys() {
        return this.keys;
    }
}
