package hi;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPublicKey;
import org.jmrtd.lds.ChipAuthenticationInfo;
import org.jmrtd.lds.SecurityInfo;

/* loaded from: classes2.dex */
public class j {

    /* renamed from: e, reason: collision with root package name */
    private static final Logger f12027e = Logger.getLogger("org.jmrtd");

    /* renamed from: f, reason: collision with root package name */
    private static final Provider f12028f = di.p.n();

    /* renamed from: a, reason: collision with root package name */
    private di.c f12029a;

    /* renamed from: b, reason: collision with root package name */
    private y f12030b;

    /* renamed from: c, reason: collision with root package name */
    private int f12031c;

    /* renamed from: d, reason: collision with root package name */
    private boolean f12032d;

    public j(di.c cVar, y yVar, int i10, boolean z10) {
        this.f12029a = cVar;
        this.f12030b = yVar;
        this.f12031c = i10;
        this.f12032d = z10;
    }

    public static byte[] a(String str, PublicKey publicKey, PrivateKey privateKey) {
        KeyAgreement keyAgreement = KeyAgreement.getInstance(str, f12028f);
        keyAgreement.init(privateKey);
        keyAgreement.doPhase(publicKey, true);
        return keyAgreement.generateSecret();
    }

    private static byte[] c(String str, PublicKey publicKey) {
        if ("DH".equals(str)) {
            return di.p.z(((DHPublicKey) publicKey).getY());
        }
        if ("ECDH".equals(str)) {
            return ((yf.c) publicKey).getQ().l(false);
        }
        throw new IllegalArgumentException("Unsupported agreement algorithm " + str);
    }

    public static byte[] d(String str, PublicKey publicKey) {
        if ("DH".equals(str) || (publicKey instanceof DHPublicKey)) {
            return MessageDigest.getInstance("SHA-1").digest(c(str, publicKey));
        }
        if ("ECDH".equals(str) || (publicKey instanceof ECPublicKey)) {
            return di.p.b(di.p.z(((yf.c) publicKey).getQ().f().t()), (int) Math.ceil(r5.getParameters().a().u() / 8.0d));
        }
        throw new IllegalArgumentException("Unsupported agreement algorithm " + str);
    }

    private static String e(String str) {
        if (SecurityInfo.ID_PK_ECDH.equals(str)) {
            f12027e.warning("Could not determine ChipAuthentication algorithm, defaulting to id-CA-ECDH-3DES-CBC-CBC");
            return SecurityInfo.ID_CA_ECDH_3DES_CBC_CBC;
        }
        if (SecurityInfo.ID_PK_DH.equals(str)) {
            f12027e.warning("Could not determine ChipAuthentication algorithm, defaulting to id-CA-DH-3DES-CBC-CBC");
            return SecurityInfo.ID_CA_DH_3DES_CBC_CBC;
        }
        f12027e.warning("No ChipAuthenticationInfo and unsupported ChipAuthenticationPublicKeyInfo public key OID " + str);
        return null;
    }

    public static y f(String str, byte[] bArr, int i10, boolean z10) {
        String cipherAlgorithm = ChipAuthenticationInfo.toCipherAlgorithm(str);
        int keyLength = ChipAuthenticationInfo.toKeyLength(str);
        SecretKey f10 = di.p.f(bArr, cipherAlgorithm, keyLength, 1);
        SecretKey f11 = di.p.f(bArr, cipherAlgorithm, keyLength, 2);
        if (cipherAlgorithm.startsWith("DESede")) {
            return new h(f10, f11, i10, z10, 0L);
        }
        if (cipherAlgorithm.startsWith("AES")) {
            return new d(f10, f11, i10, z10, 0L);
        }
        throw new IllegalStateException("Unsupported cipher algorithm " + cipherAlgorithm);
    }

    private static void g(di.c cVar, y yVar, byte[] bArr) {
        try {
            cVar.b(yVar, bArr, true);
        } catch (net.sf.scuba.smartcards.f e10) {
            f12027e.log(Level.WARNING, "Failed to send GENERAL AUTHENTICATE, falling back to command chaining", (Throwable) e10);
            List<byte[]> K = di.p.K(223, bArr);
            Iterator<byte[]> it = K.iterator();
            int i10 = 0;
            while (it.hasNext()) {
                i10++;
                cVar.b(yVar, it.next(), i10 >= K.size());
            }
        }
    }

    public static void h(di.c cVar, y yVar, String str, BigInteger bigInteger, PublicKey publicKey) {
        String keyAgreementAlgorithm = ChipAuthenticationInfo.toKeyAgreementAlgorithm(str);
        String cipherAlgorithm = ChipAuthenticationInfo.toCipherAlgorithm(str);
        byte[] c10 = c(keyAgreementAlgorithm, publicKey);
        if (cipherAlgorithm.startsWith("DESede")) {
            try {
                cVar.a(yVar, vc.e.i(145, c10), bigInteger != null ? vc.e.i(132, di.p.z(bigInteger)) : null);
            } catch (Exception e10) {
                throw new di.j("Exception during MSE KAT", 1, e10);
            }
        } else {
            if (!cipherAlgorithm.startsWith("AES")) {
                throw new IllegalStateException("Cannot set up secure channel with cipher " + cipherAlgorithm);
            }
            try {
                cVar.c(yVar, str, bigInteger);
                try {
                    g(cVar, yVar, vc.e.i(128, c10));
                } catch (Exception e11) {
                    throw new di.j("Exception during General Authenticate", 2, e11);
                }
            } catch (Exception e12) {
                throw new di.j("Exception during MSE Set AT Int Auth", 1, e12);
            }
        }
    }

    public k b(BigInteger bigInteger, String str, String str2, PublicKey publicKey) {
        String str3;
        if (publicKey == null) {
            throw new IllegalArgumentException("PICC public key is null");
        }
        if (str == null) {
            str = e(str2);
        }
        AlgorithmParameterSpec algorithmParameterSpec = null;
        try {
            str3 = ChipAuthenticationInfo.toKeyAgreementAlgorithm(str);
        } catch (NumberFormatException e10) {
            f12027e.log(Level.WARNING, "Unknown object identifier " + str, (Throwable) e10);
            str3 = null;
        }
        if (!"ECDH".equals(str3) && !"DH".equals(str3)) {
            throw new IllegalArgumentException("Unsupported agreement algorithm, expected ECDH or DH, found " + str3);
        }
        try {
            if ("DH".equals(str3)) {
                algorithmParameterSpec = ((DHPublicKey) publicKey).getParams();
            } else if ("ECDH".equals(str3)) {
                algorithmParameterSpec = ((ECPublicKey) publicKey).getParams();
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str3, f12028f);
            keyPairGenerator.initialize(algorithmParameterSpec);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            PublicKey publicKey2 = generateKeyPair.getPublic();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            h(this.f12029a, this.f12030b, str, bigInteger, publicKey2);
            byte[] d10 = d(str3, publicKey2);
            y f10 = f(str, a(str3, publicKey, privateKey), this.f12031c, this.f12032d);
            this.f12030b = f10;
            return new k(bigInteger, publicKey, d10, publicKey2, privateKey, f10);
        } catch (GeneralSecurityException e11) {
            throw new net.sf.scuba.smartcards.f("Security exception during Chip Authentication", e11);
        }
    }
}
