package nl.innovalor.mrtd;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import net.sf.scuba.smartcards.CardService;
import net.sf.scuba.smartcards.CardServiceException;
import net.sf.scuba.smartcards.CommandAPDU;
import net.sf.scuba.smartcards.ResponseAPDU;
import nl.innovalor.mrtd.ReaderConfig;
import org.jmrtd.APDULevelEACCACapable;
import org.jmrtd.Util;
import org.jmrtd.lds.ChipAuthenticationInfo;
import org.jmrtd.lds.ChipAuthenticationPublicKeyInfo;
import org.jmrtd.lds.SecurityInfo;
import org.jmrtd.lds.icao.DG14File;
import org.jmrtd.protocol.EACCAProtocol;
import org.jmrtd.protocol.SecureMessagingWrapper;

/* loaded from: classes2.dex */
public class BlindedCAProtocol {
    private CardService a;
    private APDULevelEACCACapable b;
    private SecureMessagingWrapper c;
    public static final ReaderConfig.SymmetricCipherPreferredOrder DEFAULT_SYMMETRIC_CIPHER_PREFERRED_ORDER = ReaderConfig.SymmetricCipherPreferredOrder.PREFER_DESEDE_OVER_AES;
    public static final ReaderConfig.AgreementTypePreferredOrder DEFAULT_AGREEMENT_TYPE_PREFERRED_ORDER = ReaderConfig.AgreementTypePreferredOrder.PREFER_ECDH_OVER_DH;
    private static final Provider d = Util.getBouncyCastleProvider();
    private static final Logger e = Logger.getLogger("nl.innovalor.reader");

    /* loaded from: classes2.dex */
    public static class CAParameters {
        private BlindedCAParameters a;
        private PrivateKey b;

        public CAParameters(BlindedCAParameters blindedCAParameters, PrivateKey privateKey) {
            this.a = blindedCAParameters;
            this.b = privateKey;
        }

        public BlindedCAParameters getBlindedCAParameters() {
            return this.a;
        }

        public PrivateKey getEphemeralPrivateKey() {
            return this.b;
        }
    }

    public BlindedCAProtocol(CardService cardService, APDULevelEACCACapable aPDULevelEACCACapable, SecureMessagingWrapper secureMessagingWrapper) {
        this.a = cardService;
        this.b = aPDULevelEACCACapable;
        this.c = secureMessagingWrapper;
    }

    private static String a(ChipAuthenticationInfo chipAuthenticationInfo, ChipAuthenticationPublicKeyInfo chipAuthenticationPublicKeyInfo) {
        String objectIdentifier = chipAuthenticationInfo == null ? null : chipAuthenticationInfo.getObjectIdentifier();
        if (objectIdentifier != null) {
            return objectIdentifier;
        }
        String objectIdentifier2 = chipAuthenticationPublicKeyInfo.getObjectIdentifier();
        if (SecurityInfo.ID_PK_ECDH.equals(objectIdentifier2)) {
            return SecurityInfo.ID_CA_ECDH_3DES_CBC_CBC;
        }
        if (SecurityInfo.ID_PK_DH.equals(objectIdentifier2)) {
            return SecurityInfo.ID_CA_DH_3DES_CBC_CBC;
        }
        return null;
    }

    private static KeyPair a(String str, PublicKey publicKey) {
        AlgorithmParameterSpec b = b(str, publicKey);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, d);
            try {
                keyPairGenerator.initialize(b);
                return keyPairGenerator.generateKeyPair();
            } catch (InvalidAlgorithmParameterException e2) {
                throw new IllegalStateException("Cannot initialize keypair generator with controlled parameters", e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new IllegalStateException("Cannot create create EC or DH keypair generator", e3);
        }
    }

    private static CAParameters a(String str, BigInteger bigInteger, String str2, PublicKey publicKey, KeyPair keyPair) {
        PrivateKey privateKey = keyPair.getPrivate();
        try {
            return new CAParameters(new BlindedCAParameters(bigInteger, str2, keyPair.getPublic(), EACCAProtocol.restartSecureMessaging(str2, EACCAProtocol.computeSharedSecret(str, publicKey, privateKey), 256, true).wrap(new CommandAPDU(0, 176, 142, 0, 200))), privateKey);
        } catch (GeneralSecurityException e2) {
            e.log(Level.WARNING, "Exception", (Throwable) e2);
            return null;
        }
    }

    private static ChipAuthenticationPublicKeyInfo a(ChipAuthenticationInfo chipAuthenticationInfo, Collection<SecurityInfo> collection, ReaderConfig.AgreementTypePreferredOrder agreementTypePreferredOrder) {
        return chipAuthenticationInfo != null ? SecurityInfoUtil.getChipAuthenticationPublicKeyInfo(chipAuthenticationInfo.getKeyId(), collection) : SecurityInfoUtil.getPreferredChipAuthenticationPublicKeyInfo(collection, agreementTypePreferredOrder);
    }

    private static AlgorithmParameterSpec b(String str, PublicKey publicKey) {
        if ("DH".equals(str)) {
            return ((DHPublicKey) publicKey).getParams();
        }
        if ("ECDH".equals(str)) {
            return ((ECPublicKey) publicKey).getParams();
        }
        return null;
    }

    public static CAParameters generateParameters(Collection<SecurityInfo> collection) {
        return generateParameters(collection, DEFAULT_SYMMETRIC_CIPHER_PREFERRED_ORDER, DEFAULT_AGREEMENT_TYPE_PREFERRED_ORDER);
    }

    public static CAParameters generateParameters(Collection<SecurityInfo> collection, ReaderConfig.SymmetricCipherPreferredOrder symmetricCipherPreferredOrder, ReaderConfig.AgreementTypePreferredOrder agreementTypePreferredOrder) {
        return generateParameters(collection, symmetricCipherPreferredOrder, agreementTypePreferredOrder, null);
    }

    public static CAParameters generateParameters(Collection<SecurityInfo> collection, ReaderConfig.SymmetricCipherPreferredOrder symmetricCipherPreferredOrder, ReaderConfig.AgreementTypePreferredOrder agreementTypePreferredOrder, byte[] bArr) {
        PublicKey subjectPublicKey;
        ChipAuthenticationInfo preferredChipAuthenticationInfo = SecurityInfoUtil.getPreferredChipAuthenticationInfo(collection, symmetricCipherPreferredOrder, agreementTypePreferredOrder);
        ChipAuthenticationPublicKeyInfo a = a(preferredChipAuthenticationInfo, collection, agreementTypePreferredOrder);
        if (a == null || (subjectPublicKey = a.getSubjectPublicKey()) == null) {
            return null;
        }
        String a2 = a(preferredChipAuthenticationInfo, a);
        String keyAgreementAlgorithm = ChipAuthenticationInfo.toKeyAgreementAlgorithm(a2);
        if (keyAgreementAlgorithm == null) {
            throw new IllegalArgumentException("Unknown agreement algorithm");
        }
        if (!"ECDH".equals(keyAgreementAlgorithm) && !"DH".equals(keyAgreementAlgorithm)) {
            throw new IllegalArgumentException("Unsupported agreement algorithm, expected ECDH or DH, found " + keyAgreementAlgorithm);
        }
        if (bArr == null) {
            return a(keyAgreementAlgorithm, a.getKeyId(), a2, subjectPublicKey, a(keyAgreementAlgorithm, subjectPublicKey));
        }
        try {
            PrivateKey generatePrivate = KeyFactory.getInstance(keyAgreementAlgorithm, d).generatePrivate(new PKCS8EncodedKeySpec(bArr));
            return a(keyAgreementAlgorithm, a.getKeyId(), a2, subjectPublicKey, new KeyPair(recoverKeyAgreementPublicKey(keyAgreementAlgorithm, generatePrivate), generatePrivate));
        } catch (GeneralSecurityException unused) {
            throw new IllegalArgumentException("Could not decode private key");
        }
    }

    @Deprecated
    public static CAParameters generateParameters(DG14File dG14File) {
        return generateParameters(dG14File.getSecurityInfos());
    }

    public static CAParameters generateParameters(DG14File dG14File, byte[] bArr) {
        return generateParameters(dG14File.getSecurityInfos(), DEFAULT_SYMMETRIC_CIPHER_PREFERRED_ORDER, DEFAULT_AGREEMENT_TYPE_PREFERRED_ORDER, bArr);
    }

    public static PublicKey recoverKeyAgreementPublicKey(String str, PrivateKey privateKey) throws GeneralSecurityException {
        KeyFactory keyFactory = KeyFactory.getInstance(str, d);
        if ("DH".equals(str)) {
            DHPrivateKey dHPrivateKey = (DHPrivateKey) privateKey;
            DHParameterSpec params = dHPrivateKey.getParams();
            return keyFactory.generatePublic(new DHPublicKeySpec(params.getG().modPow(dHPrivateKey.getX(), params.getP()), params.getP(), params.getG()));
        }
        if (!"ECDH".equals(str)) {
            throw new IllegalArgumentException("Unsupported agreement algorithm");
        }
        ECPrivateKey eCPrivateKey = (ECPrivateKey) privateKey;
        ECParameterSpec params2 = eCPrivateKey.getParams();
        return keyFactory.generatePublic(new ECPublicKeySpec(Util.multiply(eCPrivateKey.getS(), eCPrivateKey.getParams().getGenerator(), params2), params2));
    }

    public ResponseAPDU doBlindedCA(BigInteger bigInteger, String str, PublicKey publicKey, CommandAPDU commandAPDU) throws CardServiceException {
        EACCAProtocol.sendPublicKey(this.b, this.c, str, bigInteger, publicKey);
        return this.a.transmit(commandAPDU);
    }

    public ResponseAPDU doBlindedCA(BlindedCAParameters blindedCAParameters) throws CardServiceException {
        return doBlindedCA(blindedCAParameters.getKeyId(), blindedCAParameters.getOid(), blindedCAParameters.getEphemeralPublicKey(), blindedCAParameters.getChallenge());
    }
}
