package fmgp.crypto;

import com.nimbusds.jose.crypto.impl.AAD;
import com.nimbusds.jose.crypto.impl.ContentCryptoProvider;
import com.nimbusds.jose.crypto.impl.CriticalHeaderParamsDeferral;
import com.nimbusds.jose.crypto.impl.ECDH1PU;
import com.nimbusds.jose.crypto.utils.ECChecks;
import com.nimbusds.jose.jca.JWEJCAContext;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.gen.ECKeyGenerator;
import com.nimbusds.jose.util.Base64URL;
import fmgp.crypto.error.CryptoErrorCollection$;
import fmgp.crypto.error.CryptoFailToParse$;
import fmgp.crypto.error.CryptoFailed;
import fmgp.crypto.error.KeyMissingEpkJWEHeader$;
import fmgp.crypto.error.PointNotOnCurve$;
import fmgp.crypto.error.SomeThrowable$;
import fmgp.did.VerificationMethodReferenced;
import fmgp.did.comm.AuthHeaderBuilder;
import fmgp.did.comm.EncryptedMessageGeneric;
import fmgp.did.comm.ProtectedHeader;
import fmgp.did.comm.ProtectedHeader$;
import fmgp.util.Base64Obj;
import java.io.Serializable;
import java.security.Provider;
import java.security.interfaces.ECPrivateKey;
import javax.crypto.SecretKey;
import scala.MatchError;
import scala.Option$;
import scala.Tuple2;
import scala.Tuple2$;
import scala.Tuple4$;
import scala.Tuple8$;
import scala.collection.immutable.Seq;
import scala.runtime.ModuleSerializationProxy;
import scala.util.Either;
import scala.util.Left;
import scala.util.Right;
import scala.util.Try$;
import zio.json.package$;
import zio.json.package$DecoderOps$;

/* compiled from: ECDH_EC.scala */
/* loaded from: input_file:fmgp/crypto/ECDH_AuthEC$.class */
public final class ECDH_AuthEC$ implements ECDH_UtilsEC, Serializable {
    public static final ECDH_AuthEC$ MODULE$ = new ECDH_AuthEC$();

    private ECDH_AuthEC$() {
    }

    @Override // fmgp.crypto.ECDH_UtilsEC
    public /* bridge */ /* synthetic */ Either getCurve(Seq seq) {
        Either curve;
        curve = getCurve(seq);
        return curve;
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(ECDH_AuthEC$.class);
    }

    public Either<CryptoFailed, EncryptedMessageGeneric> encrypt(ECKey eCKey, Seq<Tuple2<VerificationMethodReferenced, ECKey>> seq, AuthHeaderBuilder authHeaderBuilder, byte[] bArr) {
        return getCurve(seq).map(curve -> {
            return UtilsJVM$.MODULE$.toJWKCurve(curve);
        }).map(curve2 -> {
            ECKey generate = new ECKeyGenerator(curve2).generate();
            return Tuple4$.MODULE$.apply(curve2, generate, generate.toECPublicKey(), generate.toECPrivateKey());
        }).flatMap(tuple4 -> {
            if (tuple4 != null) {
                ECKey eCKey2 = (ECKey) tuple4._2();
                Curve curve3 = (Curve) tuple4._1();
                if (eCKey2 != null) {
                    ECPrivateKey eCPrivateKey = (ECPrivateKey) tuple4._4();
                    return package$DecoderOps$.MODULE$.fromJson$extension(package$.MODULE$.DecoderOps(eCKey2.toJSONString()), ECPublicKey$.MODULE$.decoder()).left().map(str -> {
                        return CryptoFailToParse$.MODULE$.apply(str);
                    }).map(eCPublicKey -> {
                        ProtectedHeader buildWithKey = authHeaderBuilder.buildWithKey(eCPublicKey);
                        byte[] compute = AAD.compute(UtilsJVM$unsafe$given_Conversion_ProtectedHeader_JWEHeader$.MODULE$.apply(buildWithKey));
                        JWEJCAContext jWEJCAContext = new JWEJCAContext();
                        SecretKey generateCEK = ContentCryptoProvider.generateCEK(UtilsJVM$unsafe$given_Conversion_ENCAlgorithm_EncryptionMethod$.MODULE$.apply(buildWithKey.enc()), jWEJCAContext.getSecureRandom());
                        ECDH_AuthCryptoProvider eCDH_AuthCryptoProvider = new ECDH_AuthCryptoProvider(curve3, generateCEK);
                        Seq<Tuple2<VerificationMethodReferenced, SecretKey>> seq2 = (Seq) seq.map(tuple2 -> {
                            if (tuple2 == null) {
                                throw new MatchError(tuple2);
                            }
                            return Tuple2$.MODULE$.apply((VerificationMethodReferenced) tuple2._1(), ECDH1PU.deriveSenderZ(UtilsJVM$.MODULE$.toJWK(eCKey).toECPrivateKey(), UtilsJVM$.MODULE$.toJWK((ECKey) tuple2._2()).toECPublicKey(), eCPrivateKey, jWEJCAContext.getKeyEncryptionProvider()));
                        });
                        return Tuple8$.MODULE$.apply(eCPublicKey, buildWithKey, compute, jWEJCAContext, generateCEK, eCDH_AuthCryptoProvider, seq2, eCDH_AuthCryptoProvider.encryptAUX(buildWithKey, seq2, bArr, compute));
                    }).map(tuple8 -> {
                        if (tuple8 != null) {
                            JWEJCAContext jWEJCAContext = (JWEJCAContext) tuple8._4();
                            SecretKey secretKey = (SecretKey) tuple8._5();
                            if (jWEJCAContext != null && secretKey != null) {
                                return (EncryptedMessageGeneric) tuple8._8();
                            }
                        }
                        throw new MatchError(tuple8);
                    });
                }
            }
            throw new MatchError(tuple4);
        });
    }

    public Either<CryptoFailed, byte[]> decrypt(ECKey eCKey, Seq<Tuple2<VerificationMethodReferenced, ECKey>> seq, Base64Obj<ProtectedHeader> base64Obj, Seq<JWERecipient> seq2, String str, String str2, String str3) {
        return getCurve(seq).map(curve -> {
            return UtilsJVM$.MODULE$.toJWKCurve(curve);
        }).map(curve2 -> {
            CriticalHeaderParamsDeferral criticalHeaderParamsDeferral = new CriticalHeaderParamsDeferral();
            criticalHeaderParamsDeferral.ensureHeaderPasses(UtilsJVM$package$given_Conversion_Base64Obj_JWEHeader$.MODULE$.apply((Base64Obj<ProtectedHeader>) base64Obj));
            return Tuple2$.MODULE$.apply(curve2, criticalHeaderParamsDeferral);
        }).flatMap(tuple2 -> {
            if (tuple2 != null) {
                CriticalHeaderParamsDeferral criticalHeaderParamsDeferral = (CriticalHeaderParamsDeferral) tuple2._2();
                Curve curve3 = (Curve) tuple2._1();
                if (criticalHeaderParamsDeferral != null) {
                    return Option$.MODULE$.apply(UtilsJVM$package$given_Conversion_Base64Obj_JWEHeader$.MODULE$.apply((Base64Obj<ProtectedHeader>) base64Obj).getEphemeralPublicKey()).map(jwk -> {
                        return (ECKey) jwk;
                    }).toRight(this::decrypt$$anonfun$6$$anonfun$2).flatMap(eCKey2 -> {
                        return CryptoErrorCollection$.MODULE$.unfold((Seq) seq.map(tuple2 -> {
                            if (!(tuple2 instanceof Tuple2)) {
                                throw new MatchError(tuple2);
                            }
                            ECKey jwk2 = UtilsJVM$.MODULE$.toJWK((ECKey) tuple2._2());
                            if (!ECChecks.isPointOnCurve(eCKey2.toECPublicKey(), jwk2.toECPrivateKey())) {
                                return scala.package$.MODULE$.Left().apply(PointNotOnCurve$.MODULE$.apply("Curve of ephemeral public key does not match curve of private key"));
                            }
                            Left either = Try$.MODULE$.apply(() -> {
                                return r1.decrypt$$anonfun$6$$anonfun$3$$anonfun$1$$anonfun$1(r2, r3, r4);
                            }).toEither();
                            if (either instanceof Left) {
                                return scala.package$.MODULE$.Left().apply(SomeThrowable$.MODULE$.apply((Throwable) either.value()));
                            }
                            if (!(either instanceof Right)) {
                                throw new MatchError(either);
                            }
                            return scala.package$.MODULE$.Right().apply(Tuple2$.MODULE$.apply(tuple2._1(), (SecretKey) ((Right) either).value()));
                        })).flatMap(seq3 -> {
                            return new ECDH_AuthCryptoProvider(curve3, null).decryptAUX(base64Obj, seq3, seq2, str, str2, str3, AAD.compute(new Base64URL(base64Obj.base64url(ProtectedHeader$.MODULE$.encoder())))).map(bArr -> {
                                return bArr;
                            });
                        });
                    });
                }
            }
            throw new MatchError(tuple2);
        });
    }

    private final KeyMissingEpkJWEHeader$ decrypt$$anonfun$6$$anonfun$2() {
        return KeyMissingEpkJWEHeader$.MODULE$;
    }

    private final SecretKey decrypt$$anonfun$6$$anonfun$3$$anonfun$1$$anonfun$1(ECKey eCKey, ECKey eCKey2, ECKey eCKey3) {
        return ECDH1PU.deriveRecipientZ(eCKey.toECPrivateKey(), UtilsJVM$.MODULE$.toJWK(eCKey2).toECPublicKey(), eCKey3.toECPublicKey(), (Provider) null);
    }
}
