package com.android.internal.net.ipsec.ike.message;

import android.annotation.Nullable;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
import android.util.SparseArray;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.ipsec.ike.IkeDhParams;
import com.android.internal.net.ipsec.ike.utils.RandomnessFactory;
import com.android.internal.net.utils.BigIntegerUtils;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;

/* loaded from: input_file:com/android/internal/net/ipsec/ike/message/IkeKePayload.class */
public final class IkeKePayload extends IkePayload {
    private static final int KE_HEADER_LEN = 4;
    private static final int KE_HEADER_RESERVED = 0;
    private static final int DH_GROUP_1024_BIT_MODP_PUBLIC_KEY_LEN = 128;
    private static final int DH_GROUP_1536_BIT_MODP_PUBLIC_KEY_LEN = 192;
    private static final int DH_GROUP_2048_BIT_MODP_PUBLIC_KEY_LEN = 256;
    private static final int DH_GROUP_3072_BIT_MODP_PUBLIC_KEY_LEN = 384;
    private static final int DH_GROUP_4096_BIT_MODP_PUBLIC_KEY_LEN = 512;
    private static final int DH_GROUP_CURVE_25519_PUBLIC_KEY_LEN = 32;
    private static final SparseArray<Integer> PUBLIC_KEY_LEN_MAP = new SparseArray<>();
    private static final SparseArray<BigInteger> MODP_PRIME_MAP;
    private static final byte[] CURVE_25519_X509_PUB_KEY_HEADER;
    private static final String KEY_EXCHANGE_ALGORITHM_MODP = "DH";
    private static final String KEY_EXCHANGE_ALGORITHM_CURVE = "XDH";
    private static final String KEY_EXCHANGE_CURVE_PROVIDER = "AndroidOpenSSL";
    public final int dhGroup;
    public final byte[] keyExchangeData;
    public final boolean isOutbound;

    @Nullable
    public final PrivateKey localPrivateKey;

    @VisibleForTesting
    public IkeKePayload(boolean z, byte[] bArr) throws IkeProtocolException {
        super(34, z);
        this.isOutbound = false;
        this.localPrivateKey = null;
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        this.dhGroup = Short.toUnsignedInt(wrap.getShort());
        wrap.getShort();
        int length = bArr.length - 4;
        if (PUBLIC_KEY_LEN_MAP.contains(this.dhGroup) && length != PUBLIC_KEY_LEN_MAP.get(this.dhGroup).intValue()) {
            throw new InvalidSyntaxException("Expecting data size to be " + PUBLIC_KEY_LEN_MAP.get(this.dhGroup) + " but found " + length);
        }
        this.keyExchangeData = new byte[length];
        wrap.get(this.keyExchangeData);
    }

    private IkeKePayload(int i, byte[] bArr, PrivateKey privateKey) {
        super(34, true);
        this.dhGroup = i;
        this.isOutbound = true;
        this.keyExchangeData = bArr;
        this.localPrivateKey = privateKey;
    }

    public static IkeKePayload createOutboundKePayload(int i, RandomnessFactory randomnessFactory) {
        switch (i) {
            case 2:
            case 5:
            case 14:
            case 15:
            case 16:
                return createOutboundModpKePayload(i, randomnessFactory);
            case 31:
                return createOutboundCurveKePayload(i, randomnessFactory);
            default:
                throw new IllegalArgumentException("Unsupported DH group: " + i);
        }
    }

    private static IkeKePayload createOutboundModpKePayload(int i, RandomnessFactory randomnessFactory) {
        BigInteger bigInteger = MODP_PRIME_MAP.get(i);
        int intValue = PUBLIC_KEY_LEN_MAP.get(i).intValue();
        try {
            DHParameterSpec dHParameterSpec = new DHParameterSpec(bigInteger, BigInteger.valueOf(2L));
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_EXCHANGE_ALGORITHM_MODP);
            SecureRandom random = randomnessFactory.getRandom();
            keyPairGenerator.initialize(dHParameterSpec, random == null ? new SecureRandom() : random);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            return new IkeKePayload(i, BigIntegerUtils.bigIntegerToUnsignedByteArray(((DHPublicKey) generateKeyPair.getPublic()).getY(), intValue), (DHPrivateKey) generateKeyPair.getPrivate());
        } catch (InvalidAlgorithmParameterException e) {
            throw new IllegalArgumentException("Failed to initialize key generator", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new ProviderException("Failed to obtain DH", e2);
        }
    }

    private static IkeKePayload createOutboundCurveKePayload(int i, RandomnessFactory randomnessFactory) {
        try {
            KeyPair generateKeyPair = KeyPairGenerator.getInstance("XDH", KEY_EXCHANGE_CURVE_PROVIDER).generateKeyPair();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            byte[] encoded = generateKeyPair.getPublic().getEncoded();
            return new IkeKePayload(i, Arrays.copyOfRange(encoded, CURVE_25519_X509_PUB_KEY_HEADER.length, encoded.length), privateKey);
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new ProviderException("Failed to obtain XDH", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.android.internal.net.ipsec.ike.message.IkePayload
    public void encodeToByteBuffer(int i, ByteBuffer byteBuffer) {
        encodePayloadHeaderToByteBuffer(i, getPayloadLength(), byteBuffer);
        byteBuffer.putShort((short) this.dhGroup).putShort((short) 0).put(this.keyExchangeData);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.android.internal.net.ipsec.ike.message.IkePayload
    public int getPayloadLength() {
        return 8 + this.keyExchangeData.length;
    }

    public static byte[] getSharedKey(PrivateKey privateKey, byte[] bArr, int i) throws GeneralSecurityException {
        switch (i) {
            case 2:
            case 5:
            case 14:
            case 15:
            case 16:
                return getModpSharedKey(privateKey, bArr, i);
            case 31:
                return getCurveSharedKey(privateKey, bArr, i);
            default:
                throw new IllegalArgumentException("Invalid DH group: " + i);
        }
    }

    private static byte[] getModpSharedKey(PrivateKey privateKey, byte[] bArr, int i) throws GeneralSecurityException {
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance(KEY_EXCHANGE_ALGORITHM_MODP);
            KeyFactory keyFactory = KeyFactory.getInstance(KEY_EXCHANGE_ALGORITHM_MODP);
            keyAgreement.init(privateKey);
            keyAgreement.doPhase((DHPublicKey) keyFactory.generatePublic(new DHPublicKeySpec(BigIntegerUtils.unsignedByteArrayToBigInteger(bArr), MODP_PRIME_MAP.get(i), BigInteger.valueOf(2L))), true);
            return keyAgreement.generateSecret();
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("Failed to construct or initialize KeyAgreement", e);
        }
    }

    private static byte[] getCurveSharedKey(PrivateKey privateKey, byte[] bArr, int i) throws GeneralSecurityException {
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("XDH", KEY_EXCHANGE_CURVE_PROVIDER);
            KeyFactory keyFactory = KeyFactory.getInstance("XDH", KEY_EXCHANGE_CURVE_PROVIDER);
            keyAgreement.init(privateKey);
            byte[] bArr2 = new byte[CURVE_25519_X509_PUB_KEY_HEADER.length + 32];
            System.arraycopy(CURVE_25519_X509_PUB_KEY_HEADER, 0, bArr2, 0, CURVE_25519_X509_PUB_KEY_HEADER.length);
            System.arraycopy(bArr, 0, bArr2, CURVE_25519_X509_PUB_KEY_HEADER.length, 32);
            keyAgreement.doPhase(keyFactory.generatePublic(new X509EncodedKeySpec(bArr2)), true);
            return keyAgreement.generateSecret();
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("Failed to construct or initialize KeyAgreement", e);
        }
    }

    @Override // com.android.internal.net.ipsec.ike.message.IkePayload
    public String getTypeString() {
        return "KE";
    }

    static {
        PUBLIC_KEY_LEN_MAP.put(2, 128);
        PUBLIC_KEY_LEN_MAP.put(5, 192);
        PUBLIC_KEY_LEN_MAP.put(14, 256);
        PUBLIC_KEY_LEN_MAP.put(15, 384);
        PUBLIC_KEY_LEN_MAP.put(16, 512);
        PUBLIC_KEY_LEN_MAP.put(31, 32);
        MODP_PRIME_MAP = new SparseArray<>();
        MODP_PRIME_MAP.put(2, BigIntegerUtils.unsignedHexStringToBigInteger(IkeDhParams.PRIME_1024_BIT_MODP));
        MODP_PRIME_MAP.put(5, BigIntegerUtils.unsignedHexStringToBigInteger(IkeDhParams.PRIME_1536_BIT_MODP));
        MODP_PRIME_MAP.put(14, BigIntegerUtils.unsignedHexStringToBigInteger(IkeDhParams.PRIME_2048_BIT_MODP));
        MODP_PRIME_MAP.put(15, BigIntegerUtils.unsignedHexStringToBigInteger(IkeDhParams.PRIME_3072_BIT_MODP));
        MODP_PRIME_MAP.put(16, BigIntegerUtils.unsignedHexStringToBigInteger(IkeDhParams.PRIME_4096_BIT_MODP));
        CURVE_25519_X509_PUB_KEY_HEADER = new byte[]{48, 42, 48, 5, 6, 3, 43, 101, 110, 3, 33, 0};
    }
}
