package de.gematik.rbellogger.util;

import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Optional;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.spec.GCMParameterSpec;
import lombok.Generated;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
import org.bouncycastle.crypto.params.HKDFParameters;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:BOOT-INF/lib/tiger-rbel-3.7.6.jar:de/gematik/rbellogger/util/CryptoUtils.class */
public class CryptoUtils {
    public static final int GCM_IV_LENGTH_IN_BYTES = 12;
    public static final int GCM_TAG_LENGTH_IN_BYTES = 16;
    private static final BouncyCastleProvider BOUNCY_CASTLE_PROVIDER = new BouncyCastleProvider();

    public static byte[] ecka(PrivateKey privateKey, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException {
        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", BOUNCY_CASTLE_PROVIDER);
        keyAgreement.init(privateKey);
        keyAgreement.doPhase(publicKey, true);
        return keyAgreement.generateSecret();
    }

    public static byte[] hkdf(byte[] bArr, String str, int i) throws IllegalArgumentException, DataLengthException {
        return hkdf(bArr, str.getBytes(StandardCharsets.UTF_8), i);
    }

    public static byte[] hkdf(byte[] bArr, byte[] bArr2, int i) throws IllegalArgumentException, DataLengthException {
        HKDFBytesGenerator hKDFBytesGenerator = new HKDFBytesGenerator(new SHA256Digest());
        hKDFBytesGenerator.init(new HKDFParameters(bArr, null, bArr2));
        byte[] bArr3 = new byte[i];
        hKDFBytesGenerator.generateBytes(bArr3, 0, i);
        return bArr3;
    }

    public static Optional<byte[]> decrypt(RbelContent rbelContent, Key key) {
        return decrypt(rbelContent, key, 12, 16);
    }

    public static Optional<byte[]> decrypt(RbelContent rbelContent, Key key, int i, int i2) {
        try {
            return Optional.ofNullable(decryptUnsafe(rbelContent, key, i, i2));
        } catch (RuntimeException | GeneralSecurityException e) {
            return Optional.empty();
        }
    }

    public static byte[] decryptUnsafe(RbelContent rbelContent, Key key, int i, int i2) throws GeneralSecurityException {
        byte[] subArray = rbelContent.subArray(0, i);
        byte[] subArray2 = rbelContent.subArray(12, rbelContent.size());
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", BOUNCY_CASTLE_PROVIDER);
        cipher.init(2, key, new GCMParameterSpec(i2 * 8, subArray));
        return cipher.doFinal(subArray2);
    }

    @Generated
    private CryptoUtils() {
    }
}
