package io.netty.incubator.codec.ohttp;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.handler.codec.DecoderException;
import io.netty.incubator.codec.hpke.CryptoOperations;
import io.netty.incubator.codec.hpke.HPKE;
import io.netty.incubator.codec.hpke.HPKEContext;
import io.netty.incubator.codec.hpke.HybridPublicKeyEncryption;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Objects;
import java.util.Random;
import org.bouncycastle.util.Arrays;

/* loaded from: input_file:io/netty/incubator/codec/ohttp/OHttpCiphersuite.class */
public final class OHttpCiphersuite {
    private static final Random RAND = new SecureRandom();
    private static final int ENCODED_LENGTH = 7;
    private final byte keyId;
    private final HybridPublicKeyEncryption.KEM kem;
    private final HybridPublicKeyEncryption.KDF kdf;
    private final HybridPublicKeyEncryption.AEAD aead;

    public OHttpCiphersuite(byte b, HybridPublicKeyEncryption.KEM kem, HybridPublicKeyEncryption.KDF kdf, HybridPublicKeyEncryption.AEAD aead) {
        this.keyId = b;
        this.kem = (HybridPublicKeyEncryption.KEM) Objects.requireNonNull(kem, "kem");
        this.kdf = (HybridPublicKeyEncryption.KDF) Objects.requireNonNull(kdf, "kdf");
        this.aead = (HybridPublicKeyEncryption.AEAD) Objects.requireNonNull(aead, "ahead");
    }

    public int responseNonceLength() {
        return Math.max(this.aead.nk(), this.aead.nn());
    }

    public int encapsulatedKeyLength() {
        return this.kem.nenc();
    }

    public byte keyId() {
        return this.keyId;
    }

    public HybridPublicKeyEncryption.KEM kem() {
        return this.kem;
    }

    public HybridPublicKeyEncryption.KDF kdf() {
        return this.kdf;
    }

    public HybridPublicKeyEncryption.AEAD aead() {
        return this.aead;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void encode(ByteBuf byteBuf) {
        byteBuf.writeByte(this.keyId);
        byteBuf.writeShort(this.kem.id());
        byteBuf.writeShort(this.kdf.id());
        byteBuf.writeShort(this.aead.id());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] createInfo(OHttpCryptoConfiguration oHttpCryptoConfiguration) {
        byte[] requestExportContext = oHttpCryptoConfiguration.requestExportContext();
        byte[] bArr = new byte[requestExportContext.length + 8];
        ByteBuf wrappedBuffer = Unpooled.wrappedBuffer(bArr);
        try {
            wrappedBuffer.writerIndex(0).writeBytes(requestExportContext).writeByte(0);
            encode(wrappedBuffer);
            wrappedBuffer.release();
            return bArr;
        } catch (Throwable th) {
            wrappedBuffer.release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OHttpCiphersuite decode(ByteBuf byteBuf) {
        if (byteBuf.readableBytes() < ENCODED_LENGTH) {
            return null;
        }
        try {
            return new OHttpCiphersuite(byteBuf.readByte(), HybridPublicKeyEncryption.KEM.forId(byteBuf.readShort()), HybridPublicKeyEncryption.KDF.forId(byteBuf.readShort()), HybridPublicKeyEncryption.AEAD.forId(byteBuf.readShort()));
        } catch (Exception e) {
            throw new DecoderException("invalid ciphersuite", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] createResponseNonce() {
        byte[] bArr = new byte[responseNonceLength()];
        RAND.nextBytes(bArr);
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CryptoOperations createResponseAead(HybridPublicKeyEncryption hybridPublicKeyEncryption, HPKEContext hPKEContext, byte[] bArr, byte[] bArr2, OHttpCryptoConfiguration oHttpCryptoConfiguration) {
        byte[] extract = hPKEContext.extract(Arrays.concatenate(bArr, bArr2), hPKEContext.export(oHttpCryptoConfiguration.responseExportContext(), Math.max(this.aead.nk(), this.aead.nn())));
        return hybridPublicKeyEncryption.newAEADCryptoOperations(this.aead, hPKEContext.expand(extract, "key".getBytes(StandardCharsets.US_ASCII), this.aead.nk()), hPKEContext.expand(extract, "nonce".getBytes(StandardCharsets.US_ASCII), this.aead.nn()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HPKE newHPKE(HybridPublicKeyEncryption hybridPublicKeyEncryption) {
        return hybridPublicKeyEncryption.newHPKE(HybridPublicKeyEncryption.Mode.Base, this.kem, this.kdf, this.aead);
    }

    public String toString() {
        return "OHttpCiphersuite{id=" + Byte.toUnsignedInt(this.keyId) + ", kem=" + this.kem + ", kdf=" + this.kdf + ", aead=" + this.aead + "}";
    }
}
