package de.cardcontact.smartcardhsmprovider;

import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMCardService;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMECKey;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMKey;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.EllipticCurve;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import opencard.core.service.CardServiceException;
import opencard.core.terminal.CardTerminalException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/cardcontact/smartcardhsmprovider/SmartCardHSMKeyAgreement.class */
public class SmartCardHSMKeyAgreement extends KeyAgreementSpi {
    private static final Logger log = LoggerFactory.getLogger(SmartCardHSMKeyAgreement.class);
    private SmartCardHSMCardService schsm;
    private SmartCardHSMKey privateKey;
    private ECParameterSpec ecparam;
    private boolean finishedKeyAgreement;
    private byte[] secret;

    public SmartCardHSMKeyAgreement(SmartCardHSMProvider smartCardHSMProvider, String str) {
        this.schsm = smartCardHSMProvider.getSmartCardHSMCardService();
        if (!smartCardHSMProvider.isVerified()) {
            throw new ProviderException("Login required.");
        }
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected Key engineDoPhase(Key key, boolean z) throws InvalidKeyException, IllegalStateException {
        try {
            byte[] performECCDH = this.schsm.performECCDH(this.privateKey, getPublicKeyComponents(key));
            int length = (performECCDH.length - 1) / 2;
            byte[] bArr = new byte[length];
            byte[] bArr2 = new byte[length];
            System.arraycopy(performECCDH, 1, bArr, 0, length);
            System.arraycopy(performECCDH, 1 + length, bArr2, 0, length);
            try {
                PublicKey generatePublic = KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(bArr), new BigInteger(bArr2)), this.ecparam));
                if (z) {
                    this.finishedKeyAgreement = true;
                    this.secret = performECCDH;
                }
                return generatePublic;
            } catch (NoSuchAlgorithmException e) {
                log.error(e.getLocalizedMessage(), e);
                throw new ProviderException(e);
            } catch (InvalidKeySpecException e2) {
                log.error(e2.getLocalizedMessage(), e2);
                throw new ProviderException(e2);
            }
        } catch (CardTerminalException e3) {
            log.error(e3.getLocalizedMessage(), e3);
            throw new ProviderException((Throwable) e3);
        } catch (CardServiceException e4) {
            log.error(e4.getLocalizedMessage(), e4);
            throw new ProviderException((Throwable) e4);
        }
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected byte[] engineGenerateSecret() throws IllegalStateException {
        if (this.finishedKeyAgreement) {
            return this.secret;
        }
        throw new IllegalStateException("Can't genereate secret when this isn't the last phase.");
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected SecretKey engineGenerateSecret(String str) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        throw new UnsupportedOperationException();
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected int engineGenerateSecret(byte[] bArr, int i) throws IllegalStateException, ShortBufferException {
        if (!this.finishedKeyAgreement) {
            throw new IllegalStateException("Can't genereate secret when this isn't the last phase.");
        }
        if (this.secret.length + i > bArr.length) {
            throw new ShortBufferException("The input buffer is too short");
        }
        System.arraycopy(this.secret, 0, bArr, i, this.secret.length);
        return bArr.length;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, java.security.SecureRandom secureRandom) throws InvalidKeyException {
        if (!(key instanceof SmartCardHSMKey)) {
            throw new InvalidKeyException("Key must be type of SmartCardHSMECKey");
        }
        this.privateKey = (SmartCardHSMKey) key;
        this.ecparam = new ECParameterSpec(new EllipticCurve(new ECFieldFp(new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", 16)), new BigInteger("7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", 16), new BigInteger("26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", 16)), new ECPoint(new BigInteger("8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", 16), new BigInteger("547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", 16)), new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 16), 1);
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, java.security.SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (!(key instanceof SmartCardHSMECKey)) {
            throw new InvalidKeyException("Key must be type of SmartCardHSMECKey");
        }
        this.privateKey = (SmartCardHSMECKey) key;
        if (!(algorithmParameterSpec instanceof ECParameterSpec)) {
            throw new InvalidAlgorithmParameterException("Parameter must be type of ECParameterSpec");
        }
        this.ecparam = (ECParameterSpec) algorithmParameterSpec;
    }

    private byte[] getPublicKeyComponents(Key key) throws InvalidKeyException {
        if (!(key instanceof ECPublicKey)) {
            throw new InvalidKeyException("Key must be type of ECPublicKey");
        }
        ECPoint w = ((ECPublicKey) key).getW();
        BigInteger affineX = w.getAffineX();
        BigInteger affineY = w.getAffineY();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(4);
        try {
            byteArrayOutputStream.write(unsignedBigIntegerToByteArray(affineX, 256));
            byteArrayOutputStream.write(unsignedBigIntegerToByteArray(affineY, 256));
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            log.error(e.getLocalizedMessage(), e);
            throw new ProviderException(e);
        }
    }

    protected static byte[] unsignedBigIntegerToByteArray(BigInteger bigInteger, int i) {
        byte[] byteArray = bigInteger.toByteArray();
        int i2 = (i >> 3) + ((i & 7) == 0 ? 0 : 1);
        byte[] bArr = new byte[i2];
        int length = i2 - byteArray.length;
        int i3 = 0;
        if (length < 0) {
            if (length < -1 || byteArray[0] != 0) {
                throw new IllegalArgumentException("Size mismatch converting big integer to byte array");
            }
            i3 = -length;
            length = 0;
        }
        System.arraycopy(byteArray, i3, bArr, length, i2 - length);
        return bArr;
    }
}
