package net.jmhertlein.core.crypto;

import java.io.Serializable;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import net.jmhertlein.adminbuddy.shaded.net.jmhertlein.core.crypto.Keys;

/* loaded from: input_file:net/jmhertlein/core/crypto/EncryptedSecretKey.class */
public final class EncryptedSecretKey implements Serializable {
    private static final String ALGORITHM = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    private final byte[] encoded;
    private final byte[] signature;

    public EncryptedSecretKey(SecretKey secretKey, PublicKey publicKey) throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException {
        Cipher cipher = Cipher.getInstance(ALGORITHM);
        cipher.init(1, publicKey);
        this.encoded = cipher.doFinal(secretKey.getEncoded());
        this.signature = null;
    }

    public EncryptedSecretKey(SecretKey secretKey, PublicKey publicKey, PrivateKey privateKey) throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, ShortBufferException, SignatureException {
        Cipher cipher = Cipher.getInstance(ALGORITHM);
        cipher.init(1, publicKey);
        this.encoded = cipher.doFinal(secretKey.getEncoded());
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        for (byte b : this.encoded) {
            signature.update(b);
        }
        this.signature = signature.sign();
    }

    public byte[] getEncoded() {
        return this.encoded;
    }

    public SecretKey decrypt(PrivateKey privateKey) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = Cipher.getInstance(ALGORITHM);
        cipher.init(2, privateKey);
        return Keys.getAESSecretKeyFromEncoded(cipher.doFinal(this.encoded));
    }

    public SecretKey decrypt(PrivateKey privateKey, PublicKey publicKey) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, ShortBufferException, SignatureException {
        if (!isSigned()) {
            throw new RuntimeException("This secret key is not signed, but signature checking was requested.");
        }
        Cipher cipher = Cipher.getInstance(ALGORITHM);
        cipher.init(2, privateKey);
        byte[] doFinal = cipher.doFinal(this.encoded);
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initVerify(publicKey);
        for (byte b : this.encoded) {
            signature.update(b);
        }
        if (signature.verify(this.signature)) {
            return Keys.getAESSecretKeyFromEncoded(doFinal);
        }
        return null;
    }

    public boolean isSigned() {
        return this.signature != null;
    }
}
