package EcdhEdkWrapping_Compile;

import Actions_Compile.Action;
import Actions_Compile.ActionWithResult;
import BoundedInts_Compile.uint8;
import MaterialWrapping_Compile.UnwrapInput;
import MaterialWrapping_Compile.UnwrapMaterial;
import MaterialWrapping_Compile.UnwrapOutput;
import UTF8.ValidUTF8Bytes;
import Wrappers_Compile.Outcome;
import Wrappers_Compile.Result;
import dafny.DafnySequence;
import dafny.Helpers;
import dafny.TypeDescriptor;
import java.math.BigInteger;
import java.util.Objects;
import software.amazon.cryptography.materialproviders.internaldafny.types.AlgorithmSuiteInfo;
import software.amazon.cryptography.materialproviders.internaldafny.types.Error;
import software.amazon.cryptography.primitives.internaldafny.AtomicPrimitivesClient;
import software.amazon.cryptography.primitives.internaldafny.types.AESDecryptInput;
import software.amazon.cryptography.primitives.internaldafny.types.ECDHCurveSpec;

/* loaded from: input_file:EcdhEdkWrapping_Compile/EcdhUnwrap.class */
public class EcdhUnwrap implements UnwrapMaterial<EcdhUnwrapInfo>, ActionWithResult<UnwrapInput, UnwrapOutput<EcdhUnwrapInfo>, Error>, Action<UnwrapInput, Result<UnwrapOutput<EcdhUnwrapInfo>, Error>> {
    public DafnySequence<? extends Byte> _senderPublicKey = DafnySequence.empty(uint8._typeDescriptor());
    public DafnySequence<? extends Byte> _recipientPublicKey = DafnySequence.empty(uint8._typeDescriptor());
    public DafnySequence<? extends Byte> _sharedSecret = DafnySequence.empty(uint8._typeDescriptor());
    public DafnySequence<? extends Byte> _keyringVersion = DafnySequence.empty(uint8._typeDescriptor());
    public ECDHCurveSpec _curveSpec = ECDHCurveSpec.Default();
    public AtomicPrimitivesClient _crypto = null;
    private static final TypeDescriptor<EcdhUnwrap> _TYPE = TypeDescriptor.referenceWithInitializer(EcdhUnwrap.class, () -> {
        return (EcdhUnwrap) null;
    });

    public void __ctor(DafnySequence<? extends Byte> dafnySequence, DafnySequence<? extends Byte> dafnySequence2, DafnySequence<? extends Byte> dafnySequence3, DafnySequence<? extends Byte> dafnySequence4, ECDHCurveSpec eCDHCurveSpec, AtomicPrimitivesClient atomicPrimitivesClient) {
        this._senderPublicKey = dafnySequence;
        this._recipientPublicKey = dafnySequence2;
        this._sharedSecret = dafnySequence3;
        this._keyringVersion = dafnySequence4;
        this._curveSpec = eCDHCurveSpec;
        this._crypto = atomicPrimitivesClient;
    }

    @Override // Actions_Compile.Action
    public Result<UnwrapOutput<EcdhUnwrapInfo>, Error> Invoke(UnwrapInput unwrapInput) {
        Result.Default(UnwrapOutput.Default(EcdhUnwrapInfo.Default()));
        AlgorithmSuiteInfo dtor_algorithmSuite = unwrapInput.dtor_algorithmSuite();
        DafnySequence<? extends Byte> dtor_wrappedMaterial = unwrapInput.dtor_wrappedMaterial();
        unwrapInput.dtor_encryptionContext();
        Outcome.Default();
        Outcome Need = Wrappers_Compile.__default.Need(Error._typeDescriptor(), BigInteger.valueOf((long) dtor_wrappedMaterial.length()).compareTo(Constants_Compile.__default.CIPHERTEXT__WRAPPED__MATERIAL__INDEX()) > 0, __default.E(DafnySequence.asString("Recieved ciphertext is shorter than expected.")));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), UnwrapOutput._typeDescriptor(EcdhUnwrapInfo._typeDescriptor()));
        }
        BigInteger bigInteger = BigInteger.ZERO;
        BigInteger valueOf = BigInteger.valueOf(AlgorithmSuites_Compile.__default.GetEncryptKeyLength(dtor_algorithmSuite));
        Outcome.Default();
        Outcome Need2 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), BigInteger.valueOf((long) dtor_wrappedMaterial.length()).compareTo(Constants_Compile.__default.ECDH__WRAPPED__KEY__MATERIAL__INDEX().add(valueOf)) > 0, Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("Received EDK Ciphertext of incorrect length.")));
        if (Need2.IsFailure(Error._typeDescriptor())) {
            return Need2.PropagateFailure(Error._typeDescriptor(), UnwrapOutput._typeDescriptor(EcdhUnwrapInfo._typeDescriptor()));
        }
        DafnySequence subsequence = dtor_wrappedMaterial.subsequence(Helpers.toInt(BigInteger.ZERO), Helpers.toInt(Constants_Compile.__default.ECDH__COMMITMENT__KEY__INDEX()));
        DafnySequence Create = DafnySequence.Create(uint8._typeDescriptor(), BigInteger.valueOf(Constants_Compile.__default.ECDH__AES__256__ENC__ALG().dtor_ivLength()), bigInteger2 -> {
            return (byte) 0;
        });
        DafnySequence<? extends Byte> subsequence2 = dtor_wrappedMaterial.subsequence(Helpers.toInt(Constants_Compile.__default.ECDH__COMMITMENT__KEY__INDEX()), Helpers.toInt(Constants_Compile.__default.ECDH__WRAPPED__KEY__MATERIAL__INDEX()));
        DafnySequence subsequence3 = dtor_wrappedMaterial.subsequence(Helpers.toInt(Constants_Compile.__default.ECDH__WRAPPED__KEY__MATERIAL__INDEX()), Helpers.toInt(Constants_Compile.__default.ECDH__WRAPPED__KEY__MATERIAL__INDEX().add(valueOf)));
        DafnySequence drop = dtor_wrappedMaterial.drop(Constants_Compile.__default.ECDH__WRAPPED__KEY__MATERIAL__INDEX().add(valueOf));
        Result.Default(ValidUTF8Bytes.defaultValue());
        Result<DafnySequence<? extends Byte>, __NewR> MapFailure = UTF8.__default.Encode(__default.CurveSpecTypeToString(curveSpec())).MapFailure(ValidUTF8Bytes._typeDescriptor(), DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), __default::E);
        if (MapFailure.IsFailure(ValidUTF8Bytes._typeDescriptor(), Error._typeDescriptor())) {
            return MapFailure.PropagateFailure(ValidUTF8Bytes._typeDescriptor(), Error._typeDescriptor(), UnwrapOutput._typeDescriptor(EcdhUnwrapInfo._typeDescriptor()));
        }
        DafnySequence<? extends Byte> Extract = MapFailure.Extract(ValidUTF8Bytes._typeDescriptor(), Error._typeDescriptor());
        Result.Default(DafnySequence.empty(uint8._typeDescriptor()));
        Result<DafnySequence<? extends Byte>, Error> EncryptionContextToAAD = CanonicalEncryptionContext_Compile.__default.EncryptionContextToAAD(unwrapInput.dtor_encryptionContext());
        if (EncryptionContextToAAD.IsFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor())) {
            return EncryptionContextToAAD.PropagateFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor(), UnwrapOutput._typeDescriptor(EcdhUnwrapInfo._typeDescriptor()));
        }
        DafnySequence<? extends Byte> SerializeFixedInfo = __default.SerializeFixedInfo(Constants_Compile.__default.ECDH__KDF__UTF8(), Extract, senderPublicKey(), recipientPublicKey(), EncryptionContextToAAD.Extract(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor()), keyringVersion());
        Result.Default(DafnySequence.empty(uint8._typeDescriptor()));
        Result<DafnySequence<? extends Byte>, Error> DeriveSharedKeyingMaterial = __default.DeriveSharedKeyingMaterial(sharedSecret(), SerializeFixedInfo, subsequence, crypto());
        if (DeriveSharedKeyingMaterial.IsFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor())) {
            return DeriveSharedKeyingMaterial.PropagateFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor(), UnwrapOutput._typeDescriptor(EcdhUnwrapInfo._typeDescriptor()));
        }
        DafnySequence<? extends Byte> Extract2 = DeriveSharedKeyingMaterial.Extract(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor());
        DafnySequence<? extends Byte> subsequence4 = Extract2.subsequence(Helpers.toInt(BigInteger.ZERO), Helpers.toInt(BigInteger.valueOf(32L)));
        DafnySequence drop2 = Extract2.drop(BigInteger.valueOf(32L));
        Outcome.Default();
        Outcome Need3 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), Objects.equals(BigInteger.valueOf(subsequence4.length()), BigInteger.valueOf(subsequence2.length())), __default.E(DafnySequence.asString("Calculated commitment key length does NOT match expected commitment key length")));
        if (Need3.IsFailure(Error._typeDescriptor())) {
            return Need3.PropagateFailure(Error._typeDescriptor(), UnwrapOutput._typeDescriptor(EcdhUnwrapInfo._typeDescriptor()));
        }
        boolean commitmentKeyCheck = commitmentKeyCheck(subsequence4, subsequence2);
        Outcome.Default();
        Outcome Need4 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), commitmentKeyCheck, __default.E(DafnySequence.asString("Commitment keys do not match")));
        if (Need4.IsFailure(Error._typeDescriptor())) {
            return Need4.PropagateFailure(Error._typeDescriptor(), UnwrapOutput._typeDescriptor(EcdhUnwrapInfo._typeDescriptor()));
        }
        Result<DafnySequence<? extends Byte>, software.amazon.cryptography.primitives.internaldafny.types.Error> AESDecrypt = crypto().AESDecrypt(AESDecryptInput.create(Constants_Compile.__default.ECDH__AES__256__ENC__ALG(), drop2, subsequence3, drop, Create, SerializeFixedInfo));
        Result.Default(DafnySequence.empty(uint8._typeDescriptor()));
        Result<DafnySequence<? extends Byte>, __NewR> MapFailure2 = AESDecrypt.MapFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), software.amazon.cryptography.primitives.internaldafny.types.Error._typeDescriptor(), Error._typeDescriptor(), error -> {
            return Error.create_AwsCryptographyPrimitives(error);
        });
        if (MapFailure2.IsFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor())) {
            return MapFailure2.PropagateFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor(), UnwrapOutput._typeDescriptor(EcdhUnwrapInfo._typeDescriptor()));
        }
        DafnySequence<? extends Byte> Extract3 = MapFailure2.Extract(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor());
        Outcome.Default();
        Outcome Need5 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), Objects.equals(BigInteger.valueOf(Extract3.length()), BigInteger.valueOf(AlgorithmSuites_Compile.__default.GetEncryptKeyLength(unwrapInput.dtor_algorithmSuite()))), __default.E(DafnySequence.asString("Invalid Key Length")));
        return Need5.IsFailure(Error._typeDescriptor()) ? Need5.PropagateFailure(Error._typeDescriptor(), UnwrapOutput._typeDescriptor(EcdhUnwrapInfo._typeDescriptor())) : Result.create_Success(UnwrapOutput.create(Extract3, EcdhUnwrapInfo.create()));
    }

    public boolean commitmentKeyCheck(DafnySequence<? extends Byte> dafnySequence, DafnySequence<? extends Byte> dafnySequence2) {
        byte b = 0;
        BigInteger valueOf = BigInteger.valueOf(dafnySequence2.length());
        BigInteger bigInteger = BigInteger.ZERO;
        while (true) {
            BigInteger bigInteger2 = bigInteger;
            if (bigInteger2.compareTo(valueOf) >= 0) {
                break;
            }
            b = (byte) (b | ((byte) (((Byte) dafnySequence.select(Helpers.toInt(bigInteger2))).byteValue() ^ ((Byte) dafnySequence2.select(Helpers.toInt(bigInteger2))).byteValue())));
            bigInteger = bigInteger2.add(BigInteger.ONE);
        }
        return !(b != 0);
    }

    public DafnySequence<? extends Byte> senderPublicKey() {
        return this._senderPublicKey;
    }

    public DafnySequence<? extends Byte> recipientPublicKey() {
        return this._recipientPublicKey;
    }

    public DafnySequence<? extends Byte> sharedSecret() {
        return this._sharedSecret;
    }

    public DafnySequence<? extends Byte> keyringVersion() {
        return this._keyringVersion;
    }

    public ECDHCurveSpec curveSpec() {
        return this._curveSpec;
    }

    public AtomicPrimitivesClient crypto() {
        return this._crypto;
    }

    public static TypeDescriptor<EcdhUnwrap> _typeDescriptor() {
        return _TYPE;
    }

    public String toString() {
        return "EcdhEdkWrapping.EcdhUnwrap";
    }
}
