package es.gob.jmulticard;

import es.gob.jmulticard.CryptoHelper;
import es.inteco.labs.android.usb.device.ccid.response.UsbResponse;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECField;
import java.security.spec.ECFieldFp;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.EllipticCurve;
import java.security.spec.InvalidKeySpecException;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.spongycastle.crypto.engines.AESEngine;
import org.spongycastle.crypto.macs.CMac;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.jce.ECNamedCurveTable;
import org.spongycastle.jce.ECPointUtil;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.jce.spec.ECNamedCurveParameterSpec;
import org.spongycastle.jce.spec.ECNamedCurveSpec;
import org.spongycastle.math.ec.ECCurve;
import org.spongycastle.math.ec.ECFieldElement;

/* loaded from: classes.dex */
public final class JseCryptoHelper extends CryptoHelper {
    private static final String ECDH = "ECDH";
    private static final Logger LOGGER = Logger.getLogger("es.gob.jmulticard");

    private static ECPoint add(ECPoint eCPoint, ECPoint eCPoint2, ECParameterSpec eCParameterSpec) {
        return fromSpongyCastleECPoint(toSpongyCastleECPoint(eCPoint, eCParameterSpec).add(toSpongyCastleECPoint(eCPoint2, eCParameterSpec)));
    }

    private static byte[] aesCrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) throws IOException {
        if (bArr == null) {
            throw new IllegalArgumentException("Los datos a cifrar no pueden ser nulos");
        }
        if (bArr3 == null) {
            throw new IllegalArgumentException("La clave de cifrado no puede ser nula");
        }
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            if (bArr2 == null) {
                LOGGER.info("Se usara un vector de inicializacion AES aleatorio");
                bArr2 = new byte[cipher.getBlockSize()];
                new SecureRandom().nextBytes(bArr2);
            } else if (bArr2.length == 0) {
                LOGGER.warning("Se usara un vector de inicializacion AES vacio");
                bArr2 = new byte[cipher.getBlockSize()];
            }
            try {
                cipher.init(i, new SecretKeySpec(bArr3, "AES"), new IvParameterSpec(bArr2));
                try {
                    return cipher.doFinal(bArr);
                } catch (Exception e) {
                    throw new IOException("Error en el descifrado, posiblemente los datos proporcionados no sean validos: " + e, e);
                }
            } catch (Exception e2) {
                throw new IOException("La clave proporcionada no es valida: " + e2, e2);
            }
        } catch (Exception e3) {
            throw new IOException("No se ha podido obtener una instancia del cifrador 'AES/CBC/NoPadding': " + e3, e3);
        }
    }

    private static BigInteger computeAffineY(BigInteger bigInteger, ECParameterSpec eCParameterSpec) {
        ECCurve spongyCastleECCurve = toSpongyCastleECCurve(eCParameterSpec);
        ECFieldElement a = spongyCastleECCurve.getA();
        ECFieldElement b = spongyCastleECCurve.getB();
        ECFieldElement fromBigInteger = spongyCastleECCurve.fromBigInteger(bigInteger);
        return fromBigInteger.multiply(fromBigInteger).add(a).multiply(fromBigInteger).add(b).sqrt().toBigInteger();
    }

    private static byte[] doDes(byte[] bArr, byte[] bArr2, int i) throws IOException {
        if (bArr2 == null) {
            throw new IllegalArgumentException("La clave DES no puede ser nula");
        }
        if (bArr2.length != 8) {
            throw new IllegalArgumentException("La clave DES debe ser de 8 octetos, pero la proporcionada es de " + bArr2.length);
        }
        try {
            Cipher cipher = Cipher.getInstance("DES/ECB/NoPadding");
            cipher.init(i, new SecretKeySpec(bArr2, "DES"));
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new IOException("Error cifrando los datos con DES: " + e, e);
        }
    }

    private static byte[] doDesede(byte[] bArr, byte[] bArr2, int i) throws IOException {
        byte[] bArr3 = new byte[8];
        for (int i2 = 0; i2 < 8; i2++) {
            bArr3[i2] = 0;
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(prepareDesedeKey(bArr2), "DESede");
        try {
            Cipher cipher = Cipher.getInstance("DESede/CBC/NoPadding");
            cipher.init(i, secretKeySpec, new IvParameterSpec(bArr3));
            byte[] doFinal = cipher.doFinal(bArr);
            for (int i3 = 0; i3 < bArr.length; i3++) {
                bArr[i3] = 0;
            }
            return doFinal;
        } catch (Exception e) {
            for (int i4 = 0; i4 < bArr.length; i4++) {
                bArr[i4] = 0;
            }
            throw new IOException("Error encriptando datos: " + e, e);
        }
    }

    private static byte[] doRsa(byte[] bArr, Key key, int i) throws IOException {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/NOPADDING");
            cipher.init(i, key);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new IOException("Error cifrando/descifrando los datos mediante la clave RSA: " + e, e);
        }
    }

    private static ECPoint fromSpongyCastleECPoint(org.spongycastle.math.ec.ECPoint eCPoint) {
        org.spongycastle.math.ec.ECPoint normalize = eCPoint.normalize();
        if (!normalize.isValid()) {
            LOGGER.warning("Se ha proporcionaod un punto invalido");
        }
        return new ECPoint(normalize.getAffineXCoord().toBigInteger(), normalize.getAffineYCoord().toBigInteger());
    }

    private static BigInteger getPrime(ECParameterSpec eCParameterSpec) {
        if (eCParameterSpec == null) {
            throw new IllegalArgumentException("Los parametros no pueden ser nulos");
        }
        ECField field = eCParameterSpec.getCurve().getField();
        if (field instanceof ECFieldFp) {
            return ((ECFieldFp) field).getP();
        }
        throw new IllegalStateException("Solo se soporta 'ECFieldFp' y se proporciono  " + field.getClass().getCanonicalName());
    }

    private static Key loadEcPublicKey(byte[] bArr, CryptoHelper.EcCurve ecCurve) throws NoSuchAlgorithmException, InvalidKeySpecException {
        KeyFactory keyFactory;
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(ecCurve.toString());
        try {
            keyFactory = KeyFactory.getInstance(ECDH, "SC");
        } catch (NoSuchProviderException e) {
            LOGGER.warning("No se ha podido obtener el KeyFactory ECDH de BouncyCastle, se intentara el por defecto: " + e);
            keyFactory = KeyFactory.getInstance(ECDH);
        }
        ECNamedCurveSpec eCNamedCurveSpec = new ECNamedCurveSpec(ecCurve.toString(), parameterSpec.getCurve(), parameterSpec.getG(), parameterSpec.getN());
        return keyFactory.generatePublic(new ECPublicKeySpec(ECPointUtil.decodePoint(eCNamedCurveSpec.getCurve(), bArr), eCNamedCurveSpec));
    }

    private static ECParameterSpec mapNonceGMWithECDH(BigInteger bigInteger, ECPoint eCPoint, ECParameterSpec eCParameterSpec) {
        ECPoint generator = eCParameterSpec.getGenerator();
        EllipticCurve curve = eCParameterSpec.getCurve();
        BigInteger a = curve.getA();
        BigInteger b = curve.getB();
        BigInteger p = ((ECFieldFp) curve.getField()).getP();
        BigInteger order = eCParameterSpec.getOrder();
        int cofactor = eCParameterSpec.getCofactor();
        ECPoint add = add(multiply(bigInteger, generator, eCParameterSpec), eCPoint, eCParameterSpec);
        if (!toSpongyCastleECPoint(add, eCParameterSpec).isValid()) {
            LOGGER.warning("Se ha generado un punto invalido");
        }
        return new ECParameterSpec(new EllipticCurve(new ECFieldFp(p), a, b), add, order, cofactor);
    }

    private static ECPoint multiply(BigInteger bigInteger, ECPoint eCPoint, ECParameterSpec eCParameterSpec) {
        return fromSpongyCastleECPoint(toSpongyCastleECPoint(eCPoint, eCParameterSpec).multiply(bigInteger));
    }

    private static BigInteger os2i(byte[] bArr) {
        if (bArr != null) {
            return os2i(bArr, 0, bArr.length);
        }
        throw new IllegalArgumentException();
    }

    private static BigInteger os2i(byte[] bArr, int i, int i2) {
        if (bArr == null) {
            throw new IllegalArgumentException("El Octet String no puede ser nulo");
        }
        BigInteger bigInteger = BigInteger.ZERO;
        BigInteger valueOf = BigInteger.valueOf(256L);
        for (int i3 = i; i3 < i + i2; i3++) {
            bigInteger = bigInteger.multiply(valueOf).add(BigInteger.valueOf(bArr[i3] & UsbResponse.ERROR_CMD_ABORTED));
        }
        return bigInteger;
    }

    private static byte[] prepareDesedeKey(byte[] bArr) {
        if (bArr == null) {
            throw new IllegalArgumentException("La clave 3DES no puede ser nula");
        }
        if (bArr.length == 24) {
            return bArr;
        }
        if (bArr.length != 16) {
            throw new IllegalArgumentException("Longitud de clave invalida, se esperaba 16 o 24, pero se indico " + Integer.toString(bArr.length));
        }
        byte[] bArr2 = new byte[24];
        System.arraycopy(bArr, 0, bArr2, 0, 16);
        System.arraycopy(bArr, 0, bArr2, 16, 8);
        return bArr2;
    }

    private static ECCurve toSpongyCastleECCurve(ECParameterSpec eCParameterSpec) {
        EllipticCurve curve = eCParameterSpec.getCurve();
        ECField field = curve.getField();
        if (!(field instanceof ECFieldFp)) {
            throw new IllegalArgumentException("Solo se soporta 'ECFieldFp' y se proporciono  " + field.getClass().getCanonicalName());
        }
        int cofactor = eCParameterSpec.getCofactor();
        return new ECCurve.Fp(getPrime(eCParameterSpec), curve.getA(), curve.getB(), eCParameterSpec.getOrder(), BigInteger.valueOf(cofactor));
    }

    private static org.spongycastle.math.ec.ECPoint toSpongyCastleECPoint(ECPoint eCPoint, ECParameterSpec eCParameterSpec) {
        return toSpongyCastleECCurve(eCParameterSpec).createPoint(eCPoint.getAffineX(), eCPoint.getAffineY());
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] aesDecrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws IOException {
        return aesCrypt(bArr, bArr2, bArr3, 2);
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] aesEncrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws IOException {
        return aesCrypt(bArr, bArr2, bArr3, 1);
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] desDecrypt(byte[] bArr, byte[] bArr2) throws IOException {
        return doDes(bArr, bArr2, 2);
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] desEncrypt(byte[] bArr, byte[] bArr2) throws IOException {
        return doDes(bArr, bArr2, 1);
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] desedeDecrypt(byte[] bArr, byte[] bArr2) throws IOException {
        return doDesede(bArr, bArr2, 2);
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] desedeEncrypt(byte[] bArr, byte[] bArr2) throws IOException {
        return doDesede(bArr, bArr2, 1);
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] digest(CryptoHelper.DigestAlgorithm digestAlgorithm, byte[] bArr) throws IOException {
        if (digestAlgorithm == null) {
            throw new IllegalArgumentException("El algoritmo de huella digital no puede ser nulo");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("Los datos para realizar la huella digital no pueden ser nulos");
        }
        try {
            return MessageDigest.getInstance(digestAlgorithm.toString()).digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw new IOException("El sistema no soporta el algoritmo de huella digital indicado ('" + digestAlgorithm + "'): " + e, e);
        }
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] doAesCmac(byte[] bArr, byte[] bArr2) {
        CMac cMac = new CMac(new AESEngine(), 64);
        cMac.init(new KeyParameter(bArr2));
        cMac.update(bArr, 0, bArr.length);
        byte[] bArr3 = new byte[8];
        cMac.doFinal(bArr3, 0);
        return bArr3;
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] doEcDh(Key key, byte[] bArr, CryptoHelper.EcCurve ecCurve) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException {
        KeyAgreement keyAgreement;
        if (Security.getProvider("SC") == null) {
            Security.insertProviderAt(new BouncyCastleProvider(), 1);
        }
        try {
            keyAgreement = KeyAgreement.getInstance(ECDH, "SC");
        } catch (NoSuchProviderException e) {
            LOGGER.warning("No se ha podido obtener el KeyAgreement ECDH de BouncyCastle, se intentara el por defecto: " + e);
            keyAgreement = KeyAgreement.getInstance(ECDH);
        }
        keyAgreement.init(key);
        keyAgreement.doPhase(loadEcPublicKey(bArr, ecCurve), true);
        return keyAgreement.generateSecret();
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public Certificate generateCertificate(byte[] bArr) throws CertificateException {
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public KeyPair generateEcKeyPair(CryptoHelper.EcCurve ecCurve) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator;
        if (Security.getProvider("SC") == null) {
            Security.insertProviderAt(new BouncyCastleProvider(), 1);
        }
        try {
            keyPairGenerator = KeyPairGenerator.getInstance(ECDH, "SC");
        } catch (Exception e) {
            Logger.getLogger("es.gob.jmulticard").warning("No se ha podido obtener un generador de pares de claves de curva eliptica con SpongyCastle, se usara el generador por defecto: " + e);
            keyPairGenerator = KeyPairGenerator.getInstance(ECDH);
        }
        Logger.getLogger("es.gob.jmulticard").info("Seleccionado el siguiente generador de claves de curva eliptica: " + keyPairGenerator.getClass().getName());
        keyPairGenerator.initialize(new ECGenParameterSpec(ecCurve.toString()));
        return keyPairGenerator.generateKeyPair();
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] generateRandomBytes(int i) throws IOException {
        try {
            byte[] bArr = new byte[i];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
            return bArr;
        } catch (NoSuchAlgorithmException e) {
            throw new IOException("Algoritmo de generacion de aleatorios no valido: " + e, e);
        }
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public AlgorithmParameterSpec getEcPoint(byte[] bArr, byte[] bArr2, CryptoHelper.EcCurve ecCurve) {
        Object parameterSpec = ECNamedCurveTable.getParameterSpec(ecCurve.toString());
        BigInteger os2i = os2i(bArr2);
        ECParameterSpec eCParameterSpec = (ECParameterSpec) parameterSpec;
        return mapNonceGMWithECDH(os2i(bArr), new ECPoint(os2i, computeAffineY(os2i, eCParameterSpec)), eCParameterSpec);
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] rsaDecrypt(byte[] bArr, Key key) throws IOException {
        return doRsa(bArr, key, 2);
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] rsaEncrypt(byte[] bArr, Key key) throws IOException {
        return doRsa(bArr, key, 1);
    }
}
