package com.yahoo.security;

import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.nio.ByteBuffer;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.interfaces.XECPublicKey;
import java.util.Optional;
import org.bouncycastle.util.Arrays;

/* loaded from: input_file:com/yahoo/security/SharedKeyResealingSession.class */
public class SharedKeyResealingSession {
    private final KeyPair ephemeralKeyPair;

    @FunctionalInterface
    /* loaded from: input_file:com/yahoo/security/SharedKeyResealingSession$PrivateKeyProvider.class */
    public interface PrivateKeyProvider {
        Optional<PrivateKey> privateKeyForId(KeyId keyId);
    }

    /* loaded from: input_file:com/yahoo/security/SharedKeyResealingSession$ResealingRequest.class */
    public static final class ResealingRequest extends Record {
        private final XECPublicKey ephemeralPubKey;
        private final SealedSharedKey sealedKey;
        private static final byte[] HEADER_BYTES = {82, 83};
        private static final byte CURRENT_VERSION = 1;

        public ResealingRequest(XECPublicKey xECPublicKey, SealedSharedKey sealedSharedKey) {
            this.ephemeralPubKey = xECPublicKey;
            this.sealedKey = sealedSharedKey;
        }

        public String toSerializedString() {
            byte[] rawX25519PublicKeyBytes = KeyUtils.toRawX25519PublicKeyBytes(this.ephemeralPubKey);
            byte[] serializedBytes = this.sealedKey.toSerializedBytes();
            ByteBuffer allocate = ByteBuffer.allocate(HEADER_BYTES.length + CURRENT_VERSION + CURRENT_VERSION + rawX25519PublicKeyBytes.length + serializedBytes.length);
            allocate.put(HEADER_BYTES);
            allocate.put((byte) 1);
            allocate.put((byte) rawX25519PublicKeyBytes.length);
            allocate.put(rawX25519PublicKeyBytes);
            allocate.put(serializedBytes);
            allocate.flip();
            byte[] bArr = new byte[allocate.remaining()];
            allocate.get(bArr);
            return Base62.codec().encode(bArr);
        }

        public static ResealingRequest fromSerializedString(String str) {
            verifyInputStringNotTooLarge(str);
            byte[] decode = Base62.codec().decode(str);
            if (decode.length < HEADER_BYTES.length + 2) {
                throw new IllegalArgumentException("Resealing request too short to contain a header and key length");
            }
            ByteBuffer wrap = ByteBuffer.wrap(decode);
            byte[] bArr = new byte[2];
            wrap.get(bArr);
            if (!Arrays.areEqual(bArr, HEADER_BYTES)) {
                throw new IllegalArgumentException("No resealing request header found");
            }
            if (wrap.get() != CURRENT_VERSION) {
                throw new IllegalArgumentException("Unsupported version in resealing request header");
            }
            byte[] bArr2 = new byte[Byte.toUnsignedInt(wrap.get())];
            wrap.get(bArr2);
            byte[] bArr3 = new byte[wrap.remaining()];
            wrap.get(bArr3);
            return new ResealingRequest(KeyUtils.fromRawX25519PublicKey(bArr2), SealedSharedKey.fromSerializedBytes(bArr3));
        }

        private static void verifyInputStringNotTooLarge(String str) {
            if (str.length() > 576) {
                throw new IllegalArgumentException("String is too long to possibly be a valid resealing request");
            }
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, ResealingRequest.class), ResealingRequest.class, "ephemeralPubKey;sealedKey", "FIELD:Lcom/yahoo/security/SharedKeyResealingSession$ResealingRequest;->ephemeralPubKey:Ljava/security/interfaces/XECPublicKey;", "FIELD:Lcom/yahoo/security/SharedKeyResealingSession$ResealingRequest;->sealedKey:Lcom/yahoo/security/SealedSharedKey;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, ResealingRequest.class), ResealingRequest.class, "ephemeralPubKey;sealedKey", "FIELD:Lcom/yahoo/security/SharedKeyResealingSession$ResealingRequest;->ephemeralPubKey:Ljava/security/interfaces/XECPublicKey;", "FIELD:Lcom/yahoo/security/SharedKeyResealingSession$ResealingRequest;->sealedKey:Lcom/yahoo/security/SealedSharedKey;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, ResealingRequest.class, Object.class), ResealingRequest.class, "ephemeralPubKey;sealedKey", "FIELD:Lcom/yahoo/security/SharedKeyResealingSession$ResealingRequest;->ephemeralPubKey:Ljava/security/interfaces/XECPublicKey;", "FIELD:Lcom/yahoo/security/SharedKeyResealingSession$ResealingRequest;->sealedKey:Lcom/yahoo/security/SealedSharedKey;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public XECPublicKey ephemeralPubKey() {
            return this.ephemeralPubKey;
        }

        public SealedSharedKey sealedKey() {
            return this.sealedKey;
        }
    }

    /* loaded from: input_file:com/yahoo/security/SharedKeyResealingSession$ResealingResponse.class */
    public static final class ResealingResponse extends Record {
        private final SealedSharedKey resealedKey;

        public ResealingResponse(SealedSharedKey sealedSharedKey) {
            this.resealedKey = sealedSharedKey;
        }

        public String toSerializedString() {
            return this.resealedKey.toTokenString();
        }

        public static ResealingResponse fromSerializedString(String str) {
            return new ResealingResponse(SealedSharedKey.fromTokenString(str));
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, ResealingResponse.class), ResealingResponse.class, "resealedKey", "FIELD:Lcom/yahoo/security/SharedKeyResealingSession$ResealingResponse;->resealedKey:Lcom/yahoo/security/SealedSharedKey;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, ResealingResponse.class), ResealingResponse.class, "resealedKey", "FIELD:Lcom/yahoo/security/SharedKeyResealingSession$ResealingResponse;->resealedKey:Lcom/yahoo/security/SealedSharedKey;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, ResealingResponse.class, Object.class), ResealingResponse.class, "resealedKey", "FIELD:Lcom/yahoo/security/SharedKeyResealingSession$ResealingResponse;->resealedKey:Lcom/yahoo/security/SealedSharedKey;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public SealedSharedKey resealedKey() {
            return this.resealedKey;
        }
    }

    SharedKeyResealingSession(KeyPair keyPair) {
        this.ephemeralKeyPair = keyPair;
    }

    public static SharedKeyResealingSession newEphemeralSession() {
        return new SharedKeyResealingSession(KeyUtils.generateX25519KeyPair());
    }

    public ResealingRequest resealingRequestFor(SealedSharedKey sealedSharedKey) {
        return new ResealingRequest((XECPublicKey) this.ephemeralKeyPair.getPublic(), sealedSharedKey);
    }

    public static ResealingResponse reseal(ResealingRequest resealingRequest, PrivateKeyProvider privateKeyProvider) {
        return new ResealingResponse(SharedKeyGenerator.reseal(SharedKeyGenerator.fromSealedKey(resealingRequest.sealedKey, privateKeyProvider.privateKeyForId(resealingRequest.sealedKey.keyId()).orElseThrow(() -> {
            return new IllegalArgumentException("Could not find a private key for key ID '%s'".formatted(resealingRequest.sealedKey.keyId()));
        })), resealingRequest.ephemeralPubKey, KeyId.ofString("resealed-token")).sealedSharedKey());
    }

    public SecretSharedKey openResealingResponse(ResealingResponse resealingResponse) {
        return SharedKeyGenerator.fromSealedKey(resealingResponse.resealedKey, this.ephemeralKeyPair.getPrivate());
    }
}
