package com.ts.sdkhost.impl;

import com.ts.common.api.core.encryption.Encryptor;
import com.ts.common.internal.core.encryption.pre18.Base64;
import com.ts.common.internal.core.logger.Log;
import com.ts.mobile.sdk.AuthenticationErrorCode;
import com.ts.mobile.sdk.impl.AuthenticationErrorImpl;
import com.ts.mobile.sdk.util.Util;
import com.ts.mobile.sdkhost.KeyClass;
import com.ts.org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
import com.ts.org.bouncycastle.crypto.digests.SHA256Digest;
import com.ts.org.bouncycastle.crypto.generators.KDF2BytesGenerator;
import com.ts.org.bouncycastle.jcajce.provider.asymmetric.ec.KeyPairGeneratorSpi;
import com.ts.org.bouncycastle.jce.ECNamedCurveTable;
import com.ts.org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import com.ts.org.bouncycastle.jce.spec.ECNamedCurveSpec;
import com.ts.org.bouncycastle.jce.spec.IESParameterSpec;
import cz.o2.smartbox.crypto.ecies.AESCBCBlockCipher;
import cz.o2.smartbox.crypto.ecies.IESCipherGCM;
import cz.o2.smartbox.crypto.ecies.IESEngineGCM;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.IntBuffer;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Arrays;
import org.json.JSONException;
import org.json.JSONObject;
import runtime.Strings.StringIndexer;

/* loaded from: classes6.dex */
public class VolatileRawEcKeyPairImpl extends VolatileKeyPairImpl {
    private static final String TAG = Log.getLogTag(VolatileRawEcKeyPairImpl.class);
    private static byte[] zeroIv = new byte[16];

    /* JADX INFO: Access modifiers changed from: package-private */
    public VolatileRawEcKeyPairImpl(String str, Encryptor encryptor) throws GeneralSecurityException {
        super(str, encryptor);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public VolatileRawEcKeyPairImpl(String str, boolean z, Encryptor encryptor) throws NoSuchAlgorithmException, InvalidKeySpecException {
        super(str, z, encryptor);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public VolatileRawEcKeyPairImpl(BigInteger bigInteger, Encryptor encryptor) throws NoSuchAlgorithmException, InvalidKeySpecException {
        super(new ECPrivateKeySpec(bigInteger, getCurveParams()), (KeySpec) null, encryptor);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public VolatileRawEcKeyPairImpl(final byte[] bArr, Encryptor encryptor, final boolean z) throws GeneralSecurityException {
        super(encryptor);
        SecureRandom secureRandom = new SecureRandom() { // from class: com.ts.sdkhost.impl.VolatileRawEcKeyPairImpl.1
            MessageDigest md = null;

            private void nextBytesBE(byte[] bArr2) {
                int length = bArr2.length * 8;
                int i = (length + 31) >> 5;
                int[] iArr = new int[i];
                for (int i2 = 0; i2 < i; i2++) {
                    iArr[i2] = nextInt();
                }
                int i3 = i - 1;
                iArr[i3] = iArr[i3] >>> ((-length) & 31);
                IntBuffer asIntBuffer = ByteBuffer.wrap(bArr2).asIntBuffer();
                for (int i4 = 0; i4 < i; i4++) {
                    asIntBuffer.put(i3 - i4, iArr[i4]);
                }
            }

            @Override // java.security.SecureRandom, java.util.Random
            public synchronized void nextBytes(byte[] bArr2) {
                if (!z && bArr2.length > 4) {
                    nextBytesBE(bArr2);
                    return;
                }
                try {
                    if (this.md == null) {
                        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
                        this.md = messageDigest;
                        messageDigest.update(bArr);
                    }
                    int i = 0;
                    while (i < bArr2.length) {
                        this.md.update((byte) 0);
                        byte[] digest = ((MessageDigest) this.md.clone()).digest();
                        int min = Math.min(bArr2.length - i, digest.length);
                        System.arraycopy(digest, 0, bArr2, i, min);
                        i += min;
                    }
                } catch (CloneNotSupportedException | NoSuchAlgorithmException e) {
                    throw new RuntimeException("Cannot clone MessageDigest " + this.md, e);
                }
            }
        };
        KeyPairGeneratorSpi.EC ec = new KeyPairGeneratorSpi.EC();
        ec.initialize(getKeySize(), secureRandom);
        KeyPair generateKeyPair = ec.generateKeyPair();
        this.privateKey = generateKeyPair.getPrivate();
        this.publicKey = generateKeyPair.getPublic();
    }

    private static void addAffineAxisCoordinateToRepresentation(byte[] bArr, int i, byte[] bArr2, int i2, int i3) throws InvalidKeySpecException {
        if (i3 < 32) {
            int i4 = (i + 32) - i3;
            Arrays.fill(bArr, i, i4 - 1, (byte) 0);
            System.arraycopy(bArr2, i2, bArr, i4, i3);
        } else if (i3 == 32) {
            System.arraycopy(bArr2, i2, bArr, i, 32);
        } else {
            if (i3 != 33) {
                throw new InvalidKeySpecException("Bad affine axis coordinate length: " + i3);
            }
            System.arraycopy(bArr2, i2 + 1, bArr, i, 32);
        }
    }

    public static byte[] convertDEREcSignatureToRawEcSignature(byte[] bArr) {
        int length = bArr.length;
        byte[] bArr2 = new byte[64];
        if (length < 16 || bArr[0] != 48 || bArr[1] != length - 2) {
            Log.e(TAG, "Conversion error for: " + Util.hexStringFromByteArray(bArr));
            throw new AuthenticationErrorImpl(AuthenticationErrorCode.Internal, "Invalid EC DER encoding");
        }
        byte b = bArr[3];
        if (bArr[2] != 2 || length < b + 5) {
            Log.e(TAG, String.format("Signature format validation error for: %s, rLen = %d", Util.hexStringFromByteArray(bArr), Integer.valueOf(b)));
            throw new AuthenticationErrorImpl(AuthenticationErrorCode.Internal, "Invalid EC DER encoding");
        }
        int i = b + 4;
        byte b2 = bArr[i + 1];
        if (bArr[i] != 2 || length < b2 + 4 + b + 2) {
            Log.e(TAG, String.format("Signature format validation error for: %s, sLen = %d", Util.hexStringFromByteArray(bArr), Integer.valueOf(b2)));
            throw new AuthenticationErrorImpl(AuthenticationErrorCode.Internal, "Invalid EC DER encoding");
        }
        if (b < 32 || b2 < 32) {
            try {
                Log.e(TAG, "EC signature representation requires fixing");
            } catch (InvalidKeySpecException e) {
                Log.e(TAG, String.format(StringIndexer._getString("8332"), Util.hexStringFromByteArray(bArr)), e);
                throw new AuthenticationErrorImpl(AuthenticationErrorCode.Internal, "Invalid EC DER encoding");
            }
        }
        addAffineAxisCoordinateToRepresentation(bArr2, 0, bArr, 4, b);
        addAffineAxisCoordinateToRepresentation(bArr2, 32, bArr, i + 2, b2);
        return bArr2;
    }

    private static ECParameterSpec getCurveParams() {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("prime256v1");
        return new ECNamedCurveSpec(parameterSpec.getName(), parameterSpec.getCurve(), parameterSpec.getG(), parameterSpec.getN(), parameterSpec.getH());
    }

    public static byte[] rawPublicKeyRepresentation(ECPublicKey eCPublicKey) throws InvalidKeySpecException {
        byte[] byteArray = eCPublicKey.getW().getAffineX().toByteArray();
        byte[] byteArray2 = eCPublicKey.getW().getAffineY().toByteArray();
        byte[] bArr = new byte[65];
        bArr[0] = 4;
        if (byteArray.length < 32 || byteArray2.length < 32) {
            Log.e(TAG, "EC key representation requires fixing");
        }
        addAffineAxisCoordinateToRepresentation(bArr, 1, byteArray, 0, byteArray.length);
        addAffineAxisCoordinateToRepresentation(bArr, 33, byteArray2, 0, byteArray2.length);
        return bArr;
    }

    @Override // com.ts.sdkhost.impl.VolatileKeyPairImpl
    protected String getCipherTransformation() {
        return "EC";
    }

    @Override // com.ts.mobile.sdkhost.KeyPair
    public KeyClass getKeyClass() {
        return KeyClass.FidoECCSigningKey;
    }

    @Override // com.ts.sdkhost.impl.VolatileKeyPairImpl
    protected String getKeyGenAlgorithm() {
        return "EC";
    }

    @Override // com.ts.sdkhost.impl.VolatileKeyPairImpl
    protected int getKeySize() {
        return 256;
    }

    @Override // com.ts.sdkhost.impl.VolatileKeyPairImpl
    protected String getKeyType() {
        return "ecraw";
    }

    @Override // com.ts.sdkhost.impl.VolatileKeyPairImpl
    protected String getSignatureAlgorithm() {
        return "SHA256withECDSA";
    }

    @Override // com.ts.sdkhost.impl.VolatileKeyPairImpl
    protected byte[] internalDecrypt(byte[] bArr) throws GeneralSecurityException {
        IESParameterSpec iESParameterSpec = new IESParameterSpec(null, null, 128, 128, zeroIv);
        IESCipherGCM iESCipherGCM = new IESCipherGCM(new IESEngineGCM(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA256Digest()), new AESCBCBlockCipher()), 16);
        iESCipherGCM.engineInit(2, this.privateKey, iESParameterSpec, new SecureRandom());
        return iESCipherGCM.engineDoFinal(bArr, 0, bArr.length);
    }

    @Override // com.ts.sdkhost.impl.VolatileKeyPairImpl
    protected byte[] internalEncrypt(byte[] bArr) throws GeneralSecurityException {
        IESParameterSpec iESParameterSpec = new IESParameterSpec(null, null, 128, 128, zeroIv);
        IESCipherGCM iESCipherGCM = new IESCipherGCM(new IESEngineGCM(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA256Digest()), new AESCBCBlockCipher()), 16);
        iESCipherGCM.engineInit(1, this.publicKey, iESParameterSpec, new SecureRandom());
        return iESCipherGCM.engineDoFinal(bArr, 0, bArr.length);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ts.sdkhost.impl.VolatileKeyPairImpl
    public byte[] internalSign(byte[] bArr) throws GeneralSecurityException {
        return convertDEREcSignatureToRawEcSignature(super.internalSign(bArr));
    }

    @Override // com.ts.sdkhost.impl.VolatileKeyPairImpl, com.ts.mobile.sdkhost.KeyPair
    public JSONObject publicKeyToJson() {
        try {
            JSONObject publicKeyToJson = super.publicKeyToJson();
            publicKeyToJson.put("key", Base64.encodeToString(rawPublicKeyRepresentation((ECPublicKey) this.publicKey), 2));
            return publicKeyToJson;
        } catch (InvalidKeySpecException | JSONException e) {
            Log.e(TAG, "Error obtaining public key JSON representation", e);
            return null;
        }
    }
}
