package iaik.cms.ecc;

import iaik.asn1.ASN;
import iaik.asn1.ASN1Object;
import iaik.asn1.CON_SPEC;
import iaik.asn1.DerCoder;
import iaik.asn1.OCTET_STRING;
import iaik.asn1.SEQUENCE;
import iaik.asn1.structures.AlgorithmID;
import iaik.cms.CMSAlgorithmID;
import iaik.cms.CMSException;
import iaik.cms.IaikProvider;
import iaik.security.ecc.ECCException;
import iaik.security.ecc.ecdsa.ECDSAKeyPairGeneratorImpl;
import iaik.security.ecc.ecdsa.ECDSAParameter;
import iaik.security.ecc.ecdsa.ECPrivateKey;
import iaik.security.ecc.ecdsa.ECPublicKey;
import iaik.security.ecc.interfaces.ECDSAParams;
import iaik.security.ecc.math.ecgroup.ECPoint;
import iaik.security.ecc.provider.ECCProvider;
import iaik.security.md.SHA;
import iaik.utils.CriticalObject;
import iaik.utils.CryptoUtils;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class IaikEccProvider extends IaikProvider {
    private static final String a = "IAIK_ECC";

    public IaikEccProvider() {
        if (Security.getProvider(a) == null) {
            ECCProvider.addAsProvider();
        }
        if (Security.getProvider(a) == null) {
            System.err.println("Could not add ECC provider! IAIK-ECC crypto provider not installed!");
            throw new RuntimeException("Could not add ECC provider! IAIK-ECC crypto provider not installed!");
        }
    }

    private static void a(byte[] bArr, int i, int i2) {
        for (int i3 = (i + i2) - 1; i3 >= i; i3--) {
            byte b = (byte) (bArr[i3] + 1);
            bArr[i3] = b;
            if (b != 0) {
                return;
            }
        }
    }

    private static byte[] a(AlgorithmID algorithmID, byte[] bArr, int i) {
        if (algorithmID == null) {
            throw new NullPointerException("Cannot create SharedInfo. Key encryption algorithm must not be null.");
        }
        if (i < 0) {
            throw new IllegalArgumentException("Cannot create SharedInfo. Kek length must not be negative.");
        }
        SEQUENCE sequence = new SEQUENCE();
        ASN1Object parameter = algorithmID.getParameter();
        if (parameter == null || !parameter.isA(ASN.NULL)) {
            AlgorithmID algorithmID2 = (AlgorithmID) algorithmID.clone();
            algorithmID.setParameter(null);
            algorithmID = algorithmID2;
        }
        sequence.addComponent(algorithmID.toASN1Object());
        if (bArr != null) {
            sequence.addComponent(new CON_SPEC(0, new OCTET_STRING(bArr)));
        }
        byte[] bArr2 = new byte[4];
        CryptoUtils.spreadIntsToBytes(new int[]{i}, 0, bArr2, 0, 1);
        sequence.addComponent(new CON_SPEC(2, new OCTET_STRING(bArr2)));
        return DerCoder.encode(sequence);
    }

    private static byte[] a(byte[] bArr, int i, byte[] bArr2) {
        if (bArr == null) {
            throw new NullPointerException("Shared secret (Z) must not be null.");
        }
        if (i < 0) {
            throw new IllegalArgumentException("Keydatalen must not be negative.");
        }
        int length = bArr.length;
        int i2 = ((i + 20) - 1) / 20;
        byte[] bArr3 = new byte[i2 * 20];
        byte[] bArr4 = new byte[(bArr2 != null ? bArr2.length : 0) + length + 4];
        System.arraycopy(bArr, 0, bArr4, 0, length);
        bArr4[length + 3] = 1;
        if (bArr2 != null) {
            System.arraycopy(bArr2, 0, bArr4, length + 4, bArr2.length);
        }
        SHA sha = new SHA();
        for (int i3 = 0; i3 < i2; i3++) {
            System.arraycopy(sha.digest(bArr4), 0, bArr3, i3 * 20, 20);
            a(bArr4, length, 4);
        }
        CriticalObject.destroy(bArr4);
        byte[] bArr5 = new byte[i];
        System.arraycopy(bArr3, 0, bArr5, 0, i);
        CriticalObject.destroy(bArr3);
        return bArr5;
    }

    @Override // iaik.cms.IaikProvider, iaik.cms.SecurityProvider
    public void checkDomainParameters(PrivateKey privateKey, PublicKey publicKey) throws InvalidParameterException {
        privateKey.getAlgorithm();
        if (!(privateKey instanceof ECPrivateKey) || !(publicKey instanceof ECPublicKey)) {
            super.checkDomainParameters(privateKey, publicKey);
            return;
        }
        ECDSAParameter parameter = ((ECPrivateKey) privateKey).getParameter();
        ECDSAParameter parameter2 = ((ECPublicKey) publicKey).getParameter();
        if (parameter != null && parameter2 != null && !parameter.equals(parameter2)) {
            throw new InvalidParameterException("Different domain parameters for ECDH!");
        }
    }

    @Override // iaik.cms.IaikProvider, iaik.cms.SecurityProvider
    public SecretKey createSharedKeyEncryptionKey(AlgorithmID algorithmID, PrivateKey privateKey, PublicKey publicKey, AlgorithmID algorithmID2, int i, byte[] bArr, String str) throws InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException {
        if (!algorithmID.equals(CMSAlgorithmID.dhSinglePass_stdDH_sha1kdf_scheme) && !algorithmID.equals(CMSAlgorithmID.dhSinglePass_cofactorDH_sha1kdf_scheme)) {
            return super.createSharedKeyEncryptionKey(algorithmID, privateKey, publicKey, algorithmID2, i, bArr, str);
        }
        KeyAgreement keyAgreementInstance = algorithmID.getKeyAgreementInstance(a);
        keyAgreementInstance.init(privateKey);
        if (publicKey instanceof a) {
            if (!(privateKey instanceof ECPrivateKey)) {
                throw new InvalidKeyException("Private key not an ECPrivateKey!");
            }
            try {
                ECDSAParams parameter = ((ECPrivateKey) privateKey).getParameter();
                if (parameter == null) {
                    throw new InvalidKeyException("Missing parameters in Private!");
                }
                publicKey = new ECPublicKey(parameter, new ECPoint(((a) publicKey).getPublicKey(), parameter.getG().getCurve()));
            } catch (ECCException e) {
                throw new InvalidKeyException(e.toString());
            }
        }
        keyAgreementInstance.doPhase(publicKey, true);
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(a(keyAgreementInstance.generateSecret(), i / 8, a(algorithmID2, bArr, i)), str);
            try {
                return SecretKeyFactory.getInstance(str).generateSecret(secretKeySpec);
            } catch (InvalidKeySpecException e2) {
                return secretKeySpec;
            }
        } catch (InvalidKeySpecException e3) {
            return null;
        }
    }

    @Override // iaik.cms.IaikProvider, iaik.cms.SecurityProvider
    public KeyPair generateKeyAgreementKeyPair(AlgorithmID algorithmID, PublicKey publicKey) throws InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException {
        if (!(publicKey instanceof ECPublicKey)) {
            return super.generateKeyAgreementKeyPair(algorithmID, publicKey);
        }
        try {
            ECDSAKeyPairGeneratorImpl keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", a);
            keyPairGenerator.initialize(((ECPublicKey) publicKey).getParameter(), getSecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchProviderException e) {
            throw new NoSuchAlgorithmException("Cannot get ECDH KeyPairGenerator: No such provider: IAIK_ECC");
        }
    }

    @Override // iaik.cms.IaikProvider, iaik.cms.SecurityProvider
    public ASN1Object getASN1OriginatorPublicKey(PublicKey publicKey) throws CMSException {
        return publicKey instanceof ECPublicKey ? new a(((ECPublicKey) publicKey).getW()).toASN1Object() : super.getASN1OriginatorPublicKey(publicKey);
    }

    @Override // iaik.cms.SecurityProvider
    public PublicKey getOriginatorPublicKey(ASN1Object aSN1Object) throws CMSException {
        try {
            return new a(aSN1Object);
        } catch (Throwable th) {
            return super.getOriginatorPublicKey(aSN1Object);
        }
    }
}
