package com.kica.android.fido.uaf.auth.crypto;

import com.kica.android.fido.uaf.auth.common.AuthException;
import com.kica.android.fido.uaf.util.Base64URLHelper;
import java.io.ByteArrayInputStream;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class CryptoHelper {
    public static byte[] decryptwithWrapKey(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, 0, bArr.length, CryptoConst.ALG_AES);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr3);
        try {
            javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, secretKeySpec, ivParameterSpec);
            return cipher.doFinal(bArr2);
        } catch (Exception e) {
            e.printStackTrace();
            throw new AuthException("WrapKey로 데이타를 복호화하는데 실패함");
        }
    }

    public static byte[] encryptwithWrapKey(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, 0, bArr.length, CryptoConst.ALG_AES);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr3);
        try {
            javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, secretKeySpec, ivParameterSpec);
            return cipher.doFinal(bArr2);
        } catch (Exception e) {
            e.printStackTrace();
            throw new AuthException("WrapKey로 데이타를 암호화하는데 실패함");
        }
    }

    public static KeyPair generateKeyPair(short s) {
        if (s == 3 || s == 4) {
            return RSASSA_PSS_SHA256.a();
        }
        throw new AuthException();
    }

    public static void generateRandom(byte[] bArr) {
        try {
            SecureRandom.getInstance(CryptoConst.ALG_SHA1PRNG).nextBytes(bArr);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            throw new AuthException("Random 넘버 생성에 실패함");
        }
    }

    public static byte[] generateUserVerificationToken() {
        try {
            byte[] bArr = new byte[32];
            SecureRandom.getInstance(CryptoConst.ALG_SHA1PRNG).nextBytes(bArr);
            return bArr;
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            throw new AuthException("사용자 검증 토큰 생성에 실패함");
        }
    }

    public static byte[] generateWrapKey() {
        byte[] bArr = new byte[32];
        generateRandom(bArr);
        return new SecretKeySpec(bArr, CryptoConst.ALG_AES).getEncoded();
    }

    public static PrivateKey getPrivateKeyfromBytes(byte[] bArr, short s) {
        if (s == 3 || s == 4) {
            return RSASSA_PSS_SHA256.getPrivateKey(bArr);
        }
        throw new AuthException("서명 알고리즘이 FIDO에서 정의되지 않은 것임");
    }

    public static byte[] getPublicKeyBytesfromPublicKey(PublicKey publicKey, short s, short s2) {
        if (s2 != 3 && s2 != 4) {
            throw new AuthException("서명 알고리즘이 FIDO에서 정의되지 않은 것임");
        }
        try {
            if (s == 258) {
                return RSASSA_PSS_SHA256.getRawPublicKey(publicKey.getEncoded());
            }
            if (s == 259) {
                return RSASSA_PSS_SHA256.getDerPublicKey(publicKey.getEncoded());
            }
            throw new AuthException("공개키 포맷이 FIDO에서 정의되지 않은 것임");
        } catch (Exception e) {
            throw new AuthException(e.getMessage());
        }
    }

    public static X509Certificate getX509Certificate(byte[] bArr) {
        try {
            return (X509Certificate) CertificateFactory.getInstance(CryptoConst.CERT_X509).generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            e.printStackTrace();
            throw new AuthException("인증서 바이트 배열로부터 X.509 인증서 생성에 실패함");
        }
    }

    public static byte[] hashWithSHA256(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            throw new AuthException("SHA256 알고리즘이 존재하지 않아 해시 생성에 실패함");
        }
    }

    public static String hmacWithSHA256(String str, String str2) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(str2.getBytes("UTF-8"), CryptoConst.ALG_HmacSHA256);
            Mac mac = Mac.getInstance(CryptoConst.ALG_HmacSHA256);
            mac.init(secretKeySpec);
            return Base64URLHelper.encodeToString(mac.doFinal(str.getBytes()));
        } catch (Exception e) {
            e.printStackTrace();
            throw new AuthException("SHA256으로 HMAC을 구하는데 실패함");
        }
    }

    public static byte[] sign(PrivateKey privateKey, byte[] bArr, short s) {
        if (s == 3) {
            return RSASSA_PSS_SHA256.sign(bArr, privateKey);
        }
        if (s == 4) {
            return RSASSA_PSS_SHA256.getDEREncodedSignature(RSASSA_PSS_SHA256.sign(bArr, privateKey));
        }
        throw new AuthException("서명 알고리즘이 FIDO에서 정의되지 않은 것임");
    }
}
