package nec.jmrtd.protocol;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPublicKey;
import nec.bouncycastle.asn1.i;
import nec.bouncycastle.jce.interfaces.ECPublicKey;
import nec.jmrtd.APDULevelEACCACapable;
import nec.jmrtd.CardServiceProtocolException;
import nec.jmrtd.Util;
import nec.jmrtd.lds.ChipAuthenticationInfo;
import nec.jmrtd.lds.SecurityInfo;
import nec.sf.scuba.smartcards.CardServiceException;
import nec.sf.scuba.tlv.TLVUtil;
import p002.p003.C0415;

/* loaded from: classes3.dex */
public class EACCAProtocol {
    private static final Provider BC_PROVIDER;
    private static final int COMMAND_CHAINING_CHUNK_SIZE = 0;
    private static final Logger LOGGER;
    private int maxTranceiveLength;
    private APDULevelEACCACapable service;
    private boolean shouldCheckMAC;
    private SecureMessagingWrapper wrapper;

    static {
        C0415.m211(EACCAProtocol.class, 61201, 61201);
        LOGGER = Logger.getLogger(C0415.m215(2001));
        BC_PROVIDER = Util.getBouncyCastleProvider();
    }

    public EACCAProtocol(APDULevelEACCACapable aPDULevelEACCACapable, SecureMessagingWrapper secureMessagingWrapper, int i, boolean z) {
        this.service = aPDULevelEACCACapable;
        this.wrapper = secureMessagingWrapper;
        this.maxTranceiveLength = i;
        this.shouldCheckMAC = z;
    }

    public static byte[] computeSharedSecret(String str, PublicKey publicKey, PrivateKey privateKey) {
        KeyAgreement keyAgreement = KeyAgreement.getInstance(str, BC_PROVIDER);
        keyAgreement.init(privateKey);
        keyAgreement.doPhase(publicKey, true);
        return keyAgreement.generateSecret();
    }

    private static byte[] getKeyData(String str, PublicKey publicKey) {
        if (C0415.m215(2002).equals(str)) {
            return Util.i2os(((DHPublicKey) publicKey).getY());
        }
        if (C0415.m215(2003).equals(str)) {
            return ((ECPublicKey) publicKey).getQ().getEncoded(false);
        }
        throw new IllegalArgumentException(i.a(C0415.m215(2004), str));
    }

    public static byte[] getKeyHash(String str, PublicKey publicKey) {
        if (C0415.m215(2005).equals(str) || (publicKey instanceof DHPublicKey)) {
            return MessageDigest.getInstance(C0415.m215(2008)).digest(getKeyData(str, publicKey));
        }
        if (!C0415.m215(2006).equals(str) && !(publicKey instanceof java.security.interfaces.ECPublicKey)) {
            throw new IllegalArgumentException(i.a(C0415.m215(2007), str));
        }
        return Util.alignKeyDataToSize(Util.i2os(((ECPublicKey) publicKey).getQ().getAffineXCoord().toBigInteger()), (int) Math.ceil(r5.getParameters().getCurve().getFieldSize() / 8.0d));
    }

    private static String inferChipAuthenticationOIDfromPublicKeyOID(String str) {
        if (SecurityInfo.ID_PK_ECDH.equals(str)) {
            LOGGER.warning(C0415.m215(2009));
            return SecurityInfo.ID_CA_ECDH_3DES_CBC_CBC;
        }
        if (SecurityInfo.ID_PK_DH.equals(str)) {
            LOGGER.warning(C0415.m215(2010));
            return SecurityInfo.ID_CA_DH_3DES_CBC_CBC;
        }
        LOGGER.warning(C0415.m215(2011) + str);
        return null;
    }

    public static SecureMessagingWrapper restartSecureMessaging(String str, byte[] bArr, int i, boolean z) {
        String cipherAlgorithm = ChipAuthenticationInfo.toCipherAlgorithm(str);
        int keyLength = ChipAuthenticationInfo.toKeyLength(str);
        SecretKey deriveKey = Util.deriveKey(bArr, cipherAlgorithm, keyLength, 1);
        SecretKey deriveKey2 = Util.deriveKey(bArr, cipherAlgorithm, keyLength, 2);
        if (cipherAlgorithm.startsWith(C0415.m215(2012))) {
            return new DESedeSecureMessagingWrapper(deriveKey, deriveKey2, i, z, 0L);
        }
        if (cipherAlgorithm.startsWith(C0415.m215(2013))) {
            return new AESSecureMessagingWrapper(deriveKey, deriveKey2, i, z, 0L);
        }
        throw new IllegalStateException(i.a(C0415.m215(2014), cipherAlgorithm));
    }

    private static void sendGeneralAuthenticate(APDULevelEACCACapable aPDULevelEACCACapable, SecureMessagingWrapper secureMessagingWrapper, byte[] bArr) {
        try {
            aPDULevelEACCACapable.sendGeneralAuthenticate(secureMessagingWrapper, bArr, true);
        } catch (CardServiceException e) {
            LOGGER.log(Level.WARNING, C0415.m215(2015), (Throwable) e);
            List<byte[]> partition = Util.partition(223, bArr);
            Iterator<byte[]> it = partition.iterator();
            int i = 0;
            while (it.hasNext()) {
                i++;
                aPDULevelEACCACapable.sendGeneralAuthenticate(secureMessagingWrapper, it.next(), i >= partition.size());
            }
        }
    }

    public static void sendPublicKey(APDULevelEACCACapable aPDULevelEACCACapable, SecureMessagingWrapper secureMessagingWrapper, String str, BigInteger bigInteger, PublicKey publicKey) {
        String keyAgreementAlgorithm = ChipAuthenticationInfo.toKeyAgreementAlgorithm(str);
        String cipherAlgorithm = ChipAuthenticationInfo.toCipherAlgorithm(str);
        byte[] keyData = getKeyData(keyAgreementAlgorithm, publicKey);
        if (cipherAlgorithm.startsWith(C0415.m215(2016))) {
            try {
                aPDULevelEACCACapable.sendMSEKAT(secureMessagingWrapper, TLVUtil.wrapDO(145, keyData), bigInteger != null ? TLVUtil.wrapDO(132, Util.i2os(bigInteger)) : null);
            } catch (Exception e) {
                throw new CardServiceProtocolException(C0415.m215(2017), 1, e);
            }
        } else {
            if (!cipherAlgorithm.startsWith(C0415.m215(2018))) {
                throw new IllegalStateException(i.a(C0415.m215(2021), cipherAlgorithm));
            }
            try {
                aPDULevelEACCACapable.sendMSESetATIntAuth(secureMessagingWrapper, str, bigInteger);
                try {
                    sendGeneralAuthenticate(aPDULevelEACCACapable, secureMessagingWrapper, TLVUtil.wrapDO(128, keyData));
                } catch (Exception e2) {
                    throw new CardServiceProtocolException(C0415.m215(2019), 2, e2);
                }
            } catch (Exception e3) {
                throw new CardServiceProtocolException(C0415.m215(2020), 1, e3);
            }
        }
    }

    public EACCAResult doCA(BigInteger bigInteger, String str, String str2, PublicKey publicKey) {
        if (publicKey == null) {
            throw new IllegalArgumentException(C0415.m215(2027));
        }
        String keyAgreementAlgorithm = ChipAuthenticationInfo.toKeyAgreementAlgorithm(str);
        if (keyAgreementAlgorithm == null) {
            throw new IllegalArgumentException(C0415.m215(2026));
        }
        String m215 = C0415.m215(2022);
        boolean equals = m215.equals(keyAgreementAlgorithm);
        String m2152 = C0415.m215(2023);
        if (!equals && !m2152.equals(keyAgreementAlgorithm)) {
            throw new IllegalArgumentException(i.a(C0415.m215(2024), keyAgreementAlgorithm));
        }
        if (str == null) {
            str = inferChipAuthenticationOIDfromPublicKeyOID(str2);
        }
        AlgorithmParameterSpec algorithmParameterSpec = null;
        try {
            if (m2152.equals(keyAgreementAlgorithm)) {
                algorithmParameterSpec = ((DHPublicKey) publicKey).getParams();
            } else if (m215.equals(keyAgreementAlgorithm)) {
                algorithmParameterSpec = ((java.security.interfaces.ECPublicKey) publicKey).getParams();
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAgreementAlgorithm, BC_PROVIDER);
            keyPairGenerator.initialize(algorithmParameterSpec);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            PublicKey publicKey2 = generateKeyPair.getPublic();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            sendPublicKey(this.service, this.wrapper, str, bigInteger, publicKey2);
            byte[] keyHash = getKeyHash(keyAgreementAlgorithm, publicKey2);
            SecureMessagingWrapper restartSecureMessaging = restartSecureMessaging(str, computeSharedSecret(keyAgreementAlgorithm, publicKey, privateKey), this.maxTranceiveLength, this.shouldCheckMAC);
            this.wrapper = restartSecureMessaging;
            return new EACCAResult(bigInteger, publicKey, keyHash, publicKey2, privateKey, restartSecureMessaging);
        } catch (GeneralSecurityException e) {
            throw new CardServiceException(C0415.m215(2025), e);
        }
    }

    public SecureMessagingWrapper getWrapper() {
        return this.wrapper;
    }
}
