package com.dream.magic.fido.authenticator.local.kfido;

import com.dream.magic.fido.authenticator.g;
import com.dream.magic.fido.uaf.auth.crypto.Cipher;
import com.dreamsecurity.jcaos.cms.SignedData;
import com.dreamsecurity.jcaos.cms.SignedDataGenerator;
import com.dreamsecurity.jcaos.jce.provider.JCAOSProvider;
import com.dreamsecurity.jcaos.pkcs.PKCS8PrivateKeyInfo;
import com.dreamsecurity.jcaos.x509.X509Certificate;
import com.raon.onepass.common.crypto.ks.KSDer;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.util.ArrayList;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.spongycastle.pqc.jcajce.spec.McElieceCCA2ParameterSpec;

/* loaded from: classes3.dex */
public class KSignedDataUtill {
    static {
        JCAOSProvider.installProvider(false);
    }

    private byte[] composeSignedData(byte[] bArr, byte[] bArr2) throws IOException {
        byte[][] a10 = a.a(bArr);
        if (a10.length == 2) {
            byte[] bArr3 = a10[1];
            bArr3[0] = KSDer.DERTYPE_SEQUENCE;
            a10 = a.a(a.a(bArr3)[0]);
        }
        if (a10.length < 4) {
            System.err.println(" error. data is not signed data. ");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (int i10 = 0; i10 < a10.length - 1; i10++) {
            byteArrayOutputStream.write(a10[i10]);
        }
        byte[][] a11 = a.a(a.b(a10[a10.length - 1])[0]);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        for (byte[] bArr4 : a11) {
            byteArrayOutputStream2.write(bArr4);
        }
        byteArrayOutputStream2.write(bArr2);
        byteArrayOutputStream.write(a.e(a.d(byteArrayOutputStream2.toByteArray())));
        byte[] d10 = a.d(byteArrayOutputStream.toByteArray());
        ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
        byteArrayOutputStream3.write(a.a("1.2.840.113549.1.7.2"));
        byteArrayOutputStream3.write(a.a(d10, -96));
        return a.d(byteArrayOutputStream3.toByteArray());
    }

    private String getHashAlgFromSignAlg(X509Certificate x509Certificate) throws Exception {
        if (x509Certificate.getPublicKey().getAlgorithm().equals("1.2.410.200004.1.21")) {
            return "SHA1";
        }
        String sigAlgName = x509Certificate.getSigAlgName();
        return ("SHA1withRSA".equalsIgnoreCase(sigAlgName) || "SHA1withKCDSA".equalsIgnoreCase(sigAlgName)) ? "SHA1" : ("SHA256withRSA".equalsIgnoreCase(sigAlgName) || "SHA256withKCDSA".equalsIgnoreCase(sigAlgName)) ? McElieceCCA2ParameterSpec.DEFAULT_MD : sigAlgName;
    }

    public byte[] addUnSignedAttributes(byte[] bArr, byte[] bArr2) {
        try {
            return composeSignedData(bArr, bArr2);
        } catch (Exception e10) {
            e10.printStackTrace();
            return null;
        }
    }

    public byte[] getCryptSignedData(X509Certificate x509Certificate, PKCS8PrivateKeyInfo pKCS8PrivateKeyInfo, byte[] bArr) {
        try {
            PrivateKey privateKey = pKCS8PrivateKeyInfo.getPrivateKey();
            Signature signature = Signature.getInstance(x509Certificate.getSigAlgName().substring(0, x509Certificate.getSigAlgName().indexOf("with")) + "with" + x509Certificate.getPublicKey().getAlgorithm());
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (Exception e10) {
            e10.printStackTrace();
            return null;
        }
    }

    public byte[] getCryptoRandom(SecretKey secretKey, byte[] bArr) throws Exception {
        Cipher cipher = Cipher.getInstance("SEED/CBC/PKCS5Padding");
        cipher.init(Cipher.ENCRYPT_MODE, secretKey.getEncoded());
        return cipher.doFinal(bArr);
    }

    public byte[] getCryptoSymKey(java.security.cert.X509Certificate x509Certificate, SecretKey secretKey) throws Exception {
        javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("RSA");
        cipher.init(1, x509Certificate);
        return cipher.doFinal(secretKey.getEncoded());
    }

    public byte[] getSignedData(X509Certificate x509Certificate, PKCS8PrivateKeyInfo pKCS8PrivateKeyInfo, byte[] bArr) {
        com.dream.magic.fido.authenticator.common.auth.utility.b.a(getClass().getSimpleName(), "====== in getSignedData ======");
        byte[] bArr2 = null;
        try {
            String hashAlgFromSignAlg = getHashAlgFromSignAlg(x509Certificate);
            SignedDataGenerator signedDataGenerator = new SignedDataGenerator();
            signedDataGenerator.setContent(bArr);
            SignedData generate = signedDataGenerator.generate(x509Certificate, pKCS8PrivateKeyInfo, hashAlgFromSignAlg);
            bArr2 = generate.getEncoded();
            generate.verify();
            return bArr2;
        } catch (Exception e10) {
            e10.printStackTrace();
            return bArr2;
        }
    }

    public SecretKey getSymetricKey(String str) throws Exception {
        if (str == null) {
            str = "SEED";
        }
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return new SecretKeySpec(bArr, str);
    }

    public byte[] makeUnsignedAttr(ArrayList<g> arrayList) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (int i10 = 0; i10 < arrayList.size(); i10++) {
            byteArrayOutputStream.write(arrayList.get(i10).a());
        }
        byte[] e10 = a.e(byteArrayOutputStream.toByteArray());
        e10[0] = -95;
        return e10;
    }
}
