package ka;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPublicKey;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import org.jmrtd.protocol.EACCAResult;

/* loaded from: classes2.dex */
public class i {

    /* renamed from: e, reason: collision with root package name */
    private static final Logger f11483e = Logger.getLogger("org.jmrtd");

    /* renamed from: f, reason: collision with root package name */
    private static final Provider f11484f = da.p.m();

    /* renamed from: a, reason: collision with root package name */
    private da.c f11485a;

    /* renamed from: b, reason: collision with root package name */
    private w f11486b;

    /* renamed from: c, reason: collision with root package name */
    private int f11487c;

    /* renamed from: d, reason: collision with root package name */
    private boolean f11488d;

    public i(da.c cVar, w wVar, int i10, boolean z10) {
        this.f11485a = cVar;
        this.f11486b = wVar;
        this.f11487c = i10;
        this.f11488d = z10;
    }

    public static byte[] a(String str, PublicKey publicKey, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException {
        KeyAgreement keyAgreement = KeyAgreement.getInstance(str, f11484f);
        keyAgreement.init(privateKey);
        keyAgreement.doPhase(publicKey, true);
        return keyAgreement.generateSecret();
    }

    private static byte[] c(String str, PublicKey publicKey) {
        if ("DH".equals(str)) {
            return da.p.A(((DHPublicKey) publicKey).getY());
        }
        if ("ECDH".equals(str)) {
            return ((ECPublicKey) publicKey).getQ().getEncoded(false);
        }
        throw new IllegalArgumentException("Unsupported agreement algorithm " + str);
    }

    public static byte[] d(String str, PublicKey publicKey) throws NoSuchAlgorithmException {
        if ("DH".equals(str) || (publicKey instanceof DHPublicKey)) {
            return MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA1).digest(c(str, publicKey));
        }
        if ("ECDH".equals(str) || (publicKey instanceof java.security.interfaces.ECPublicKey)) {
            return da.p.b(da.p.A(((ECPublicKey) publicKey).getQ().getAffineXCoord().toBigInteger()), (int) Math.ceil(r5.getParameters().getCurve().getFieldSize() / 8.0d));
        }
        throw new IllegalArgumentException("Unsupported agreement algorithm " + str);
    }

    private static String e(String str) {
        if (org.jmrtd.lds.g.f14306d.equals(str)) {
            f11483e.warning("Could not determine ChipAuthentication algorithm, defaulting to id-CA-ECDH-3DES-CBC-CBC");
            return org.jmrtd.lds.g.f14308f;
        }
        if (org.jmrtd.lds.g.f14305c.equals(str)) {
            f11483e.warning("Could not determine ChipAuthentication algorithm, defaulting to id-CA-DH-3DES-CBC-CBC");
            return org.jmrtd.lds.g.f14307e;
        }
        f11483e.warning("No ChipAuthenticationInfo and unsupported ChipAuthenticationPublicKeyInfo public key OID " + str);
        return null;
    }

    public static w f(String str, byte[] bArr, int i10, boolean z10) throws GeneralSecurityException {
        String n10 = org.jmrtd.lds.d.n(str);
        int t10 = org.jmrtd.lds.d.t(str);
        SecretKey f10 = da.p.f(bArr, n10, t10, 1);
        SecretKey f11 = da.p.f(bArr, n10, t10, 2);
        if (n10.startsWith("DESede")) {
            return new g(f10, f11, i10, z10, 0L);
        }
        if (n10.startsWith("AES")) {
            return new d(f10, f11, i10, z10, 0L);
        }
        throw new IllegalStateException("Unsupported cipher algorithm " + n10);
    }

    private static void g(da.c cVar, w wVar, byte[] bArr) throws y7.f {
        try {
            cVar.a(wVar, bArr, true);
        } catch (y7.f e10) {
            f11483e.log(Level.WARNING, "Failed to send GENERAL AUTHENTICATE, falling back to command chaining", (Throwable) e10);
            List<byte[]> L = da.p.L(223, bArr);
            Iterator<byte[]> it = L.iterator();
            int i10 = 0;
            while (it.hasNext()) {
                i10++;
                cVar.a(wVar, it.next(), i10 >= L.size());
            }
        }
    }

    public static void h(da.c cVar, w wVar, String str, BigInteger bigInteger, PublicKey publicKey) throws y7.f {
        String s10 = org.jmrtd.lds.d.s(str);
        String n10 = org.jmrtd.lds.d.n(str);
        byte[] c10 = c(s10, publicKey);
        if (n10.startsWith("DESede")) {
            try {
                cVar.b(wVar, z7.e.i(145, c10), bigInteger != null ? z7.e.i(132, da.p.A(bigInteger)) : null);
            } catch (Exception e10) {
                throw new da.j("Exception during MSE KAT", 1, e10);
            }
        } else {
            if (!n10.startsWith("AES")) {
                throw new IllegalStateException("Cannot set up secure channel with cipher " + n10);
            }
            try {
                cVar.c(wVar, str, bigInteger);
                try {
                    g(cVar, wVar, z7.e.i(128, c10));
                } catch (Exception e11) {
                    throw new da.j("Exception during General Authenticate", 2, e11);
                }
            } catch (Exception e12) {
                throw new da.j("Exception during MSE Set AT Int Auth", 1, e12);
            }
        }
    }

    public EACCAResult b(BigInteger bigInteger, String str, String str2, PublicKey publicKey) throws y7.f {
        if (publicKey == null) {
            throw new IllegalArgumentException("PICC public key is null");
        }
        String s10 = org.jmrtd.lds.d.s(str);
        if (s10 == null) {
            throw new IllegalArgumentException("Unknown agreement algorithm");
        }
        if (!"ECDH".equals(s10) && !"DH".equals(s10)) {
            throw new IllegalArgumentException("Unsupported agreement algorithm, expected ECDH or DH, found " + s10);
        }
        if (str == null) {
            str = e(str2);
        }
        AlgorithmParameterSpec algorithmParameterSpec = null;
        try {
            if ("DH".equals(s10)) {
                algorithmParameterSpec = ((DHPublicKey) publicKey).getParams();
            } else if ("ECDH".equals(s10)) {
                algorithmParameterSpec = ((java.security.interfaces.ECPublicKey) publicKey).getParams();
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(s10, f11484f);
            keyPairGenerator.initialize(algorithmParameterSpec);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            PublicKey publicKey2 = generateKeyPair.getPublic();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            h(this.f11485a, this.f11486b, str, bigInteger, publicKey2);
            byte[] d10 = d(s10, publicKey2);
            w f10 = f(str, a(s10, publicKey, privateKey), this.f11487c, this.f11488d);
            this.f11486b = f10;
            return new EACCAResult(bigInteger, publicKey, d10, publicKey2, privateKey, f10);
        } catch (GeneralSecurityException e10) {
            throw new y7.f("Security exception during Chip Authentication", e10);
        }
    }
}
