package com.idemia.mdw.security;

import com.idemia.mdw.exception.GenericServiceException;
import com.idemia.mdw.security.spec.AccessKeySpec;
import idemia.bioserver.metadata.android.core.Configuration;
import java.security.AuthProvider;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.login.LoginException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class SEECDHKeyAgreement extends KeyAgreementSpi {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f1120a = LoggerFactory.getLogger((Class<?>) SEECDHKeyAgreement.class);
    private static final Map<String, Integer> b;
    private AuthProvider c;
    private r d;
    private ECPublicKey e;
    private int f;

    static {
        HashMap hashMap = new HashMap();
        b = hashMap;
        hashMap.put("DES", 64);
        hashMap.put("DESEDE", 192);
        hashMap.put(Configuration.AES, 256);
    }

    public SEECDHKeyAgreement(AuthProvider authProvider, String str) {
        this.c = authProvider;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected Key engineDoPhase(Key key, boolean z) throws InvalidKeyException, IllegalStateException {
        if (this.d == null) {
            throw new IllegalStateException("Not initialized");
        }
        if (this.e != null) {
            throw new IllegalStateException("Phase already executed");
        }
        if (!z) {
            throw new IllegalStateException("Only two party agreement supported, lastPhase must be true");
        }
        if (!(key instanceof ECPublicKey)) {
            throw new InvalidKeyException("Key must be a PublicKey with algorithm EC");
        }
        ECPublicKey eCPublicKey = (ECPublicKey) key;
        this.e = eCPublicKey;
        this.f = (eCPublicKey.getParams().getCurve().getField().getFieldSize() + 7) >> 3;
        return null;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected int engineGenerateSecret(byte[] bArr, int i) throws IllegalStateException, ShortBufferException {
        if (bArr.length < this.f + i) {
            throw new ShortBufferException("Need " + this.f + " bytes, only " + (bArr.length - i) + " available");
        }
        byte[] engineGenerateSecret = engineGenerateSecret();
        System.arraycopy(engineGenerateSecret, 0, bArr, i, engineGenerateSecret.length);
        int length = engineGenerateSecret.length;
        Arrays.fill(engineGenerateSecret, (byte) 0);
        return length;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected SecretKey engineGenerateSecret(String str) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        if (str == null) {
            throw new NoSuchAlgorithmException("Algorithm must not be null");
        }
        Map<String, Integer> map = b;
        if (!map.containsKey(str.toUpperCase())) {
            throw new NoSuchAlgorithmException("Unsupported secret key algorithm: " + str);
        }
        int intValue = map.get(str.toUpperCase()).intValue() >> 3;
        byte[] bArr = new byte[intValue];
        byte[] engineGenerateSecret = engineGenerateSecret();
        if (engineGenerateSecret.length < intValue) {
            throw new InvalidKeyException("Key material is too short for " + str.toUpperCase() + " cipher");
        }
        System.arraycopy(engineGenerateSecret, 0, bArr, 0, intValue);
        Arrays.fill(engineGenerateSecret, (byte) 0);
        return new SecretKeySpec(bArr, str);
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected byte[] engineGenerateSecret() throws IllegalStateException {
        r rVar = this.d;
        if (rVar == null || this.e == null) {
            throw new IllegalStateException("Not initialized correctly");
        }
        com.idemia.mdw.j.e f = rVar.b().f();
        if (f == null) {
            throw new IllegalStateException("Smartcard not initialized for Key Agreement operation");
        }
        try {
            if (f.b()) {
                String f2 = f.f();
                if (this.c.containsKey("Property.lock type") && (this.c.get("Property.lock type") instanceof String)) {
                    f2 = (String) this.c.get("Property.lock type");
                } else {
                    f1120a.warn("Provider property is not set - Property.lock type = " + f2);
                }
                com.idemia.mdw.provider.a aVar = new com.idemia.mdw.provider.a(f, f2);
                this.c.login(null, aVar);
                f.a(new AccessKeySpec(com.idemia.mdw.c.a.d.a(aVar.a().getPassword()), "", f2));
            }
            com.idemia.mdw.provider.b bVar = new com.idemia.mdw.provider.b(this.c, f);
            f1120a.debug("Computing ECDH Key Agreement with '" + this.d.b().c() + "' (isUserAuthenticationRequired=" + this.d.b().h() + ")");
            if ((this.d.b().h() || !bVar.c(com.idemia.mdw.j.f.CIPHER, this.d.a())) && !bVar.a(com.idemia.mdw.j.f.CIPHER, this.d.a())) {
                throw new LoginException("Authentication failed");
            }
            return f.a(this.d.b(), this.e);
        } catch (GenericServiceException | NoSuchAlgorithmException | LoginException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, SecureRandom secureRandom) throws InvalidKeyException {
        if (key == null) {
            throw new InvalidKeyException("Key value is null");
        }
        if (!(key instanceof r)) {
            throw new InvalidKeyException("Key is not instance of SEPrivateKey");
        }
        r rVar = (r) key;
        this.d = rVar;
        if (!rVar.getAlgorithm().equals("DH") && !this.d.getAlgorithm().equals("EC")) {
            throw new InvalidKeyException("Invalid key type: " + this.d.getAlgorithm());
        }
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (algorithmParameterSpec != null) {
            throw new InvalidAlgorithmParameterException("Parameters not supported");
        }
        engineInit(key, secureRandom);
    }
}
