package d.black_horses;

import d.nairud.Bytes;
import java.math.BigInteger;
import java.net.Socket;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import java.util.Set;
import java.util.TreeSet;
import org.bouncycastle.bcpg.sig.RevocationReasonTags;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.agreement.X448Agreement;
import org.bouncycastle.crypto.digests.SHA3Digest;
import org.bouncycastle.crypto.generators.X448KeyPairGenerator;
import org.bouncycastle.crypto.params.X448KeyGenerationParameters;
import org.bouncycastle.crypto.params.X448PrivateKeyParameters;
import org.bouncycastle.crypto.params.X448PublicKeyParameters;

/* loaded from: classes2.dex */
public final class RawKey {
    public static final int IV_SIZE = 12;
    public static final int KEY_SIZE = 32;
    private static final Set<Bytes> TRUSTED_SERVER_PUBLIC_KEYS = Collections.unmodifiableSortedSet(new TreeSet(Arrays.asList(new Bytes(new byte[]{-112, -41, -112, 49, -53, 34, 42, 48, -60, -88, -102, 97, -50, 22, -101, 113, 22, 38, 50, -108, -72, -125, -49, RevocationReasonTags.USER_NO_LONGER_VALID, 17, 91, 80, -11, -99, -102, Byte.MIN_VALUE, 76, RevocationReasonTags.USER_NO_LONGER_VALID, 1, -27, 122, -26, -122, 6, -58, 46, 14, -11, 81, -120, 3, -74, -35, -6, 49, 43, -99, 76, -53, -82, 62}), new Bytes(BlackHorse.INSTANCE.getSERVER_PUBLIC_KEY()))));
    public final byte[] iv;
    public final byte[] key;
    public final byte[] partner_iv;

    public RawKey(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        this.key = bArr;
        this.iv = bArr2;
        this.partner_iv = bArr3;
    }

    public static RawKey exchange_keys(Socket socket) throws Throwable {
        X448KeyPairGenerator x448KeyPairGenerator = new X448KeyPairGenerator();
        x448KeyPairGenerator.init(new X448KeyGenerationParameters(new SecureRandom(BigInteger.valueOf(System.currentTimeMillis()).toByteArray())));
        AsymmetricCipherKeyPair generateKeyPair = x448KeyPairGenerator.generateKeyPair();
        byte[] read_x_bytes = IO.read_x_bytes(socket.getInputStream(), 56);
        if (!TRUSTED_SERVER_PUBLIC_KEYS.contains(new Bytes(read_x_bytes))) {
            throw new RuntimeException(String.format("Server not trusted: %02x", new BigInteger(read_x_bytes)));
        }
        socket.getOutputStream().write(((X448PublicKeyParameters) generateKeyPair.getPublic()).getEncoded());
        socket.getOutputStream().flush();
        byte[] read_x_bytes2 = IO.read_x_bytes(socket.getInputStream(), 12);
        byte[] seed = SecureRandom.getSeed(12);
        socket.getOutputStream().write(seed);
        socket.getOutputStream().flush();
        return new RawKey(make_raw_key((X448PrivateKeyParameters) generateKeyPair.getPrivate(), read_x_bytes), seed, read_x_bytes2);
    }

    public static byte[] make_raw_key(X448PrivateKeyParameters x448PrivateKeyParameters, byte[] bArr) {
        byte[] bArr2 = new byte[32];
        X448Agreement x448Agreement = new X448Agreement();
        x448Agreement.init(x448PrivateKeyParameters);
        int agreementSize = x448Agreement.getAgreementSize();
        byte[] bArr3 = new byte[agreementSize];
        x448Agreement.calculateAgreement(new X448PublicKeyParameters(bArr), bArr3, 0);
        SHA3Digest sHA3Digest = new SHA3Digest(256);
        sHA3Digest.update(bArr3, 0, agreementSize);
        sHA3Digest.doFinal(bArr2, 0);
        return bArr2;
    }
}
