package de.cotech.hw.fido2.internal.pinauth;

import de.cotech.hw.fido2.exceptions.FidoClientPinTooShortException;
import de.cotech.hw.fido2.internal.cose.CoseIdentifiers;
import de.cotech.hw.fido2.internal.cose.CosePublicKeyUtils;
import de.cotech.hw.fido2.internal.crypto.P256;
import de.cotech.hw.util.Arrays;
import de.cotech.hw.util.HashUtil;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class PinAuthCryptoUtil {
    private static final byte ZERO_BYTE = 0;

    private byte[] getIv() {
        byte[] bArr = new byte[16];
        Arrays.fill(bArr, (byte) 0);
        return bArr;
    }

    private byte[] hmacSha256(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
            return mac.doFinal(bArr2);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private byte[] hmacSha256Left16Bytes(byte[] bArr, byte[] bArr2) {
        return Arrays.copyOfRange(hmacSha256(bArr, bArr2), 0, 16);
    }

    public byte[] calculatePinAuth(byte[] bArr, byte[] bArr2) {
        return hmacSha256Left16Bytes(bArr, bArr2);
    }

    byte[] calculatePinHash(String str) throws IOException {
        if (str.length() >= 4) {
            return Arrays.copyOfRange(HashUtil.sha256(str.getBytes()), 0, 16);
        }
        throw new FidoClientPinTooShortException();
    }

    public byte[] calculatePinHashEnc(byte[] bArr, String str) throws IOException {
        byte[] calculatePinHash = calculatePinHash(str);
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
            IvParameterSpec ivParameterSpec = new IvParameterSpec(getIv());
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            cipher.init(1, secretKeySpec, ivParameterSpec);
            return cipher.doFinal(calculatePinHash);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new IllegalStateException(e);
        }
    }

    public byte[] cosePublicKeyFromPublicKey(PublicKey publicKey) throws IOException {
        return CosePublicKeyUtils.encodex962PublicKeyAsCose(P256.serializePublicKey(publicKey), CoseIdentifiers.CoseAlg.ECDH_ES_w_HKDF_256);
    }

    public byte[] decryptPinToken(byte[] bArr, byte[] bArr2) throws IOException {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
            IvParameterSpec ivParameterSpec = new IvParameterSpec(new byte[16]);
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            cipher.init(2, secretKeySpec, ivParameterSpec);
            return cipher.doFinal(bArr2);
        } catch (InvalidAlgorithmParameterException e) {
            e = e;
            throw new IOException("Error decrypting pinToken from authenticator", e);
        } catch (InvalidKeyException e2) {
            e = e2;
            throw new IOException("Error decrypting pinToken from authenticator", e);
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            throw new IllegalStateException(e);
        } catch (BadPaddingException e4) {
            e = e4;
            throw new IOException("Error decrypting pinToken from authenticator", e);
        } catch (IllegalBlockSizeException e5) {
            e = e5;
            throw new IOException("Error decrypting pinToken from authenticator", e);
        } catch (NoSuchPaddingException e6) {
            e = e6;
            throw new IllegalStateException(e);
        }
    }

    public KeyPair generatePlatformKeyPair() {
        try {
            return P256.newKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        } catch (GeneralSecurityException e2) {
            throw new IllegalStateException(e2);
        }
    }

    public byte[] generateSharedSecret(PrivateKey privateKey, PublicKey publicKey) {
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(privateKey);
            keyAgreement.doPhase(publicKey, true);
            return HashUtil.sha256(keyAgreement.generateSecret());
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException("Invalid key used for ECDH. This is a bug, perhaps a PrivateKey or PublicKey from a different provider was used?", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("Missing ECDH algorithm in crypto provider! This is a build system bug, perhaps proguard stripped the crypto provider.", e2);
        }
    }

    byte[] padPin(String str) throws IOException {
        if (str.length() < 4) {
            throw new FidoClientPinTooShortException();
        }
        byte[] bytes = str.getBytes(Charset.forName("UTF-8"));
        if (bytes.length > 63) {
            throw new IOException("PIN UTF-8 encoding must not exceed 63 bytes length!");
        }
        byte[] bArr = new byte[64];
        System.arraycopy(bytes, 0, bArr, 0, bytes.length);
        return bArr;
    }

    public PublicKey publicKeyFromCosePublicKey(byte[] bArr) throws IOException {
        try {
            return P256.deserializePublicKey(CosePublicKeyUtils.encodeCosePublicKeyAsX962(bArr));
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("Missing ECDH algorithm in crypto provider! This is a build system bug, perhaps proguard stripped the crypto provider.", e);
        } catch (GeneralSecurityException e2) {
            throw new IOException("Failed decoding authenticator public key", e2);
        }
    }
}
