package de.cardcontact.scdp.gp.crypto;

import de.cardcontact.scdp.gp.ByteString;
import de.cardcontact.scdp.gp.GPErrorException;
import de.cardcontact.scdp.gp.GPKey;
import de.cardcontact.tlv.ConstructedTLV;
import de.cardcontact.tlv.ObjectIdentifierRegistry;
import de.cardcontact.tlv.PrimitiveTLV;
import de.cardcontact.tlv.TLV;
import de.cardcontact.tlv.TLVEncodingException;
import de.cardcontact.tlv.Tag;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.interfaces.RSAKey;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.interfaces.ECPrivateKey;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.math.ec.ECPoint;

/* loaded from: input_file:de/cardcontact/scdp/gp/crypto/CryptoBC.class */
public class CryptoBC extends AbstractCrypto {
    private static final byte[] defaultICV = {0, 0, 0, 0, 0, 0, 0, 0};

    @Override // de.cardcontact.scdp.gp.crypto.AbstractCrypto
    public String getProviderName() {
        return "BC";
    }

    @Override // de.cardcontact.scdp.gp.crypto.AbstractCrypto, de.cardcontact.scdp.gp.crypto.ICrypto
    public byte[] encrypt(GPKey gPKey, int i, byte[] bArr, byte[] bArr2) throws GPErrorException {
        byte[] doFinal;
        int keySize;
        String concat;
        if (bArr2 == null) {
            bArr2 = defaultICV;
        }
        try {
            Key jCEKey = gPKey.getJCEKey(getProviderName());
            if (jCEKey instanceof SecretKey) {
                String algorithm = jCEKey.getAlgorithm();
                switch (i) {
                    case 2:
                        if (!algorithm.startsWith("DES")) {
                            throw new GPErrorException(14, i, "Key does not match mechanism - not a DES key");
                        }
                        concat = algorithm.concat("/CBC/NoPadding");
                        break;
                    case 5:
                        if (!algorithm.startsWith("DES")) {
                            throw new GPErrorException(14, i, "Key does not match mechanism - not a DES key");
                        }
                        concat = algorithm.concat("/ECB/NoPadding");
                        bArr2 = null;
                        break;
                    case ICrypto.AES_ECB /* 50 */:
                        if (!algorithm.startsWith("AES")) {
                            throw new GPErrorException(14, i, "Key does not match mechanism - not an AES key");
                        }
                        concat = algorithm.concat("/ECB/NoPadding");
                        bArr2 = null;
                        break;
                    case ICrypto.AES_CBC /* 51 */:
                        if (!algorithm.startsWith("AES")) {
                            throw new GPErrorException(14, i, "Key does not match mechanism - not an AES key");
                        }
                        concat = algorithm.concat("/CBC/NoPadding");
                        break;
                    case ICrypto.AES_CTR /* 52 */:
                        if (!algorithm.startsWith("AES")) {
                            throw new GPErrorException(14, i, "Key does not match mechanism - not an AES key");
                        }
                        concat = algorithm.concat("/CTR/NoPadding");
                        break;
                    default:
                        throw new GPErrorException(14, i, "Specified mechanism not supported!");
                }
                Cipher cipher = Cipher.getInstance(concat, getProviderName());
                if (bArr2 != null) {
                    cipher.init(1, jCEKey, new IvParameterSpec(bArr2));
                } else {
                    cipher.init(1, jCEKey);
                }
                doFinal = cipher.doFinal(bArr);
            } else {
                String str = "RSA";
                switch (i) {
                    case 14:
                        break;
                    case 15:
                        break;
                    case 16:
                    case 17:
                    case 18:
                    case 19:
                    case 20:
                    case 21:
                    case 22:
                    case 23:
                    case 24:
                    case 25:
                    case 26:
                    case 27:
                    case 28:
                    case 29:
                    case 30:
                    case 31:
                    case 32:
                    case 33:
                    case 34:
                    case 35:
                    case 36:
                    case ICrypto.RSA_SHA512 /* 37 */:
                    default:
                        throw new GPErrorException(14, i, "Specified mechanism not supported!");
                    case ICrypto.RSA_OAEP /* 38 */:
                        str = "RSA/NONE/OAEPWithSHA1AndMGF1Padding";
                        break;
                    case ICrypto.RSA_OAEP_SHA224 /* 39 */:
                        str = "RSA/NONE/OAEPWithSHA224AndMGF1Padding";
                        break;
                    case ICrypto.RSA_OAEP_SHA256 /* 40 */:
                        str = "RSA/NONE/OAEPWithSHA256AndMGF1Padding";
                        break;
                    case ICrypto.RSA_OAEP_SHA384 /* 41 */:
                        str = "RSA/NONE/OAEPWithSHA3841AndMGF1Padding";
                        break;
                    case ICrypto.RSA_OAEP_SHA512 /* 42 */:
                        str = "RSA/NONE/OAEPWithSHA512AndMGF1Padding";
                        break;
                    case ICrypto.RSA_PKCS1 /* 43 */:
                        str = "RSA/NONE/PKCS1Padding";
                        break;
                }
                RSAKey rSAKey = (RSAKey) jCEKey;
                if (i == 15 && (bArr[bArr.length - 1] & 15) != 12) {
                    throw new GPErrorException(9, 0, "The input block for RSA_ISO9796_2 must end with 'xC'");
                }
                Cipher cipher2 = Cipher.getInstance(str, getProviderName());
                cipher2.init(1, jCEKey);
                cipher2.update(bArr);
                doFinal = cipher2.doFinal();
                if (i == 15) {
                    BigInteger bigInteger = new BigInteger(1, doFinal);
                    BigInteger modulus = rSAKey.getModulus();
                    if (bigInteger.compareTo(modulus.shiftRight(1)) > 0) {
                        BigInteger subtract = modulus.subtract(bigInteger);
                        doFinal = GPKey.unsignedBigIntegerToByteArray(subtract, subtract.bitLength());
                    }
                } else if (i == 14 && doFinal.length < (keySize = gPKey.getKeySize() >> 3)) {
                    byte[] bArr3 = new byte[keySize];
                    System.arraycopy(doFinal, 0, bArr3, keySize - doFinal.length, doFinal.length);
                    doFinal = bArr3;
                }
            }
            return doFinal;
        } catch (GeneralSecurityException e) {
            throw new GPErrorException(5, i, e.getMessage());
        }
    }

    @Override // de.cardcontact.scdp.gp.crypto.AbstractCrypto, de.cardcontact.scdp.gp.crypto.ICrypto
    public byte[] decrypt(GPKey gPKey, int i, byte[] bArr, byte[] bArr2) throws GPErrorException {
        byte[] bytes;
        String concat;
        if (bArr2 == null) {
            bArr2 = defaultICV;
        }
        try {
            Key jCEKey = gPKey.getJCEKey(getProviderName());
            if (!(jCEKey instanceof SecretKey)) {
                switch (i) {
                    case 14:
                    case 15:
                    case ICrypto.RSA_OAEP /* 38 */:
                    case ICrypto.RSA_OAEP_SHA224 /* 39 */:
                    case ICrypto.RSA_OAEP_SHA256 /* 40 */:
                    case ICrypto.RSA_OAEP_SHA384 /* 41 */:
                    case ICrypto.RSA_OAEP_SHA512 /* 42 */:
                    case ICrypto.RSA_PKCS1 /* 43 */:
                        String str = "RSA";
                        switch (i) {
                            case ICrypto.RSA_OAEP /* 38 */:
                                str = "RSA/NONE/OAEPWithSHA1AndMGF1Padding";
                                break;
                            case ICrypto.RSA_OAEP_SHA224 /* 39 */:
                                str = "RSA/NONE/OAEPWithSHA224AndMGF1Padding";
                                break;
                            case ICrypto.RSA_OAEP_SHA256 /* 40 */:
                                str = "RSA/NONE/OAEPWithSHA256AndMGF1Padding";
                                break;
                            case ICrypto.RSA_OAEP_SHA384 /* 41 */:
                                str = "RSA/NONE/OAEPWithSHA3841AndMGF1Padding";
                                break;
                            case ICrypto.RSA_OAEP_SHA512 /* 42 */:
                                str = "RSA/NONE/OAEPWithSHA512AndMGF1Padding";
                                break;
                            case ICrypto.RSA_PKCS1 /* 43 */:
                                str = "RSA/NONE/PKCS1Padding";
                                break;
                        }
                        Cipher cipher = Cipher.getInstance(str, getProviderName());
                        cipher.init(2, jCEKey);
                        cipher.update(bArr);
                        bytes = cipher.doFinal();
                        if (i == 15 && (bytes[bytes.length - 1] & 15) != 12) {
                            BigInteger subtract = ((RSAKey) jCEKey).getModulus().subtract(new BigInteger(1, bytes));
                            bytes = GPKey.unsignedBigIntegerToByteArray(subtract, subtract.bitLength());
                        }
                        if (i == 14) {
                            int keySize = gPKey.getKeySize() >> 3;
                            if (bytes.length < keySize) {
                                byte[] bArr3 = new byte[keySize];
                                System.arraycopy(bytes, 0, bArr3, keySize - bytes.length, bytes.length);
                                bytes = bArr3;
                            }
                            break;
                        }
                        break;
                    case 16:
                    case 17:
                    case 18:
                    case 22:
                    case 23:
                    case 24:
                    case 25:
                    case 26:
                    case 27:
                    case 28:
                    case 29:
                    case 30:
                    case 31:
                    case 32:
                    case 33:
                    case 34:
                    case 35:
                    case 36:
                    case ICrypto.RSA_SHA512 /* 37 */:
                    case ICrypto.RSA_PSS /* 44 */:
                    case ICrypto.RSA_PSS_SHA1 /* 45 */:
                    case ICrypto.RSA_PSS_SHA224 /* 46 */:
                    case ICrypto.RSA_PSS_SHA256 /* 47 */:
                    case ICrypto.RSA_PSS_SHA384 /* 48 */:
                    case ICrypto.RSA_PSS_SHA512 /* 49 */:
                    case ICrypto.AES_ECB /* 50 */:
                    case ICrypto.AES_CBC /* 51 */:
                    case ICrypto.AES_CTR /* 52 */:
                    case ICrypto.AES_MAC /* 53 */:
                    case ICrypto.AES_CMAC /* 54 */:
                    case ICrypto.HMAC_SHA1 /* 55 */:
                    case ICrypto.HMAC_SHA256 /* 56 */:
                    case ICrypto.HMAC_MD5 /* 57 */:
                    case ICrypto.ISO9797_METHOD_1_16 /* 58 */:
                    case ICrypto.ISO9797_METHOD_2_16 /* 59 */:
                    default:
                        throw new GPErrorException(14, 14, "Specified mechanism not supported!");
                    case 19:
                    case 20:
                    case 21:
                        if (!(jCEKey instanceof ECPrivateKey)) {
                            throw new GPErrorException(12, 0, "The key must be an EC private key");
                        }
                        Key key = (ECPrivateKey) jCEKey;
                        int length = bArr.length;
                        if ((length & 1) != 1) {
                            int i2 = length >> 1;
                            byte[] bArr4 = new byte[i2];
                            System.arraycopy(bArr, 0, bArr4, 0, i2);
                            BigInteger bigInteger = new BigInteger(1, bArr4);
                            System.arraycopy(bArr, i2, bArr4, 0, i2);
                            BigInteger bigInteger2 = new BigInteger(1, bArr4);
                            ECParameterSpec parameters = key.getParameters();
                            ECPoint createPoint = parameters.getCurve().createPoint(bigInteger, bigInteger2);
                            if (i == 21) {
                                ECPoint normalize = createPoint.multiply(key.getD()).normalize();
                                byte[] unsignedBigIntegerToByteArray = GPKey.unsignedBigIntegerToByteArray(normalize.getAffineXCoord().toBigInteger(), gPKey.getKeySize());
                                byte[] unsignedBigIntegerToByteArray2 = GPKey.unsignedBigIntegerToByteArray(normalize.getAffineYCoord().toBigInteger(), gPKey.getKeySize());
                                bytes = new byte[unsignedBigIntegerToByteArray.length + unsignedBigIntegerToByteArray.length];
                                System.arraycopy(unsignedBigIntegerToByteArray, 0, bytes, 0, unsignedBigIntegerToByteArray.length);
                                System.arraycopy(unsignedBigIntegerToByteArray2, 0, bytes, unsignedBigIntegerToByteArray.length, unsignedBigIntegerToByteArray2.length);
                                break;
                            } else {
                                PublicKey generatePublic = KeyFactory.getInstance("EC", getProviderName()).generatePublic(new ECPublicKeySpec(createPoint, parameters));
                                KeyAgreement keyAgreement = KeyAgreement.getInstance(i == 19 ? "ECDH" : "ECDHC", getProviderName());
                                keyAgreement.init(key);
                                keyAgreement.doPhase(generatePublic, true);
                                bytes = keyAgreement.generateSecret();
                                break;
                            }
                        } else {
                            throw new GPErrorException(9, 0, "The number of bytes in the cipher input must be even (x || y)");
                        }
                    case ICrypto.ECELGAMAL /* 60 */:
                        TLV factory = TLV.factory(bArr);
                        ConstructedTLV constructedTLV = (ConstructedTLV) factory.getChildAt(0);
                        ECPoint normalize2 = getPointFromPubKeySeq((ConstructedTLV) factory.getChildAt(1)).subtract(getPointFromPubKeySeq(constructedTLV).multiply(((ECPrivateKey) jCEKey).getD())).normalize();
                        byte[] unsignedBigIntegerToByteArray3 = GPKey.unsignedBigIntegerToByteArray(normalize2.getAffineXCoord().toBigInteger(), gPKey.getKeySize());
                        byte[] unsignedBigIntegerToByteArray4 = GPKey.unsignedBigIntegerToByteArray(normalize2.getAffineYCoord().toBigInteger(), gPKey.getKeySize());
                        byte[] bArr5 = new byte[(unsignedBigIntegerToByteArray3.length * 2) + 1];
                        bArr5[0] = 4;
                        System.arraycopy(unsignedBigIntegerToByteArray3, 0, bArr5, 1, unsignedBigIntegerToByteArray3.length);
                        System.arraycopy(unsignedBigIntegerToByteArray4, 0, bArr5, 1 + unsignedBigIntegerToByteArray3.length, unsignedBigIntegerToByteArray4.length);
                        ConstructedTLV constructedTLV2 = new ConstructedTLV(new Tag(32585));
                        constructedTLV2.add(new PrimitiveTLV(6, constructedTLV.findTag(new Tag(6), (TLV) null).getBytes()));
                        constructedTLV2.add(new PrimitiveTLV(new Tag(134), bArr5));
                        ConstructedTLV constructedTLV3 = new ConstructedTLV(48);
                        constructedTLV3.add(constructedTLV2);
                        bytes = constructedTLV3.getBytes();
                        break;
                }
            } else {
                String algorithm = jCEKey.getAlgorithm();
                switch (i) {
                    case 2:
                        if (!algorithm.startsWith("DES")) {
                            throw new GPErrorException(14, 14, "Key does not match mechanism - not a DES key");
                        }
                        concat = algorithm.concat("/CBC/NoPadding");
                        break;
                    case 5:
                        if (!algorithm.startsWith("DES")) {
                            throw new GPErrorException(14, 14, "Key does not match mechanism - not a DES key");
                        }
                        concat = algorithm.concat("/ECB/NoPadding");
                        bArr2 = null;
                        break;
                    case ICrypto.AES_ECB /* 50 */:
                        if (!algorithm.startsWith("AES")) {
                            throw new GPErrorException(14, 14, "Key does not match mechanism - not an AES key");
                        }
                        concat = algorithm.concat("/ECB/NoPadding");
                        bArr2 = null;
                        break;
                    case ICrypto.AES_CBC /* 51 */:
                        if (!algorithm.startsWith("AES")) {
                            throw new GPErrorException(14, 14, "Key does not match mechanism - not an AES key");
                        }
                        concat = algorithm.concat("/CBC/NoPadding");
                        break;
                    case ICrypto.AES_CTR /* 52 */:
                        if (!algorithm.startsWith("AES")) {
                            throw new GPErrorException(14, 14, "Key does not match mechanism - not an AES key");
                        }
                        concat = algorithm.concat("/CTR/NoPadding");
                        break;
                    default:
                        throw new GPErrorException(14, 14, "Specified mechanism not supported!");
                }
                Cipher cipher2 = Cipher.getInstance(concat, getProviderName());
                if (bArr2 != null) {
                    cipher2.init(2, jCEKey, new IvParameterSpec(bArr2));
                } else {
                    cipher2.init(2, jCEKey);
                }
                bytes = cipher2.doFinal(bArr);
            }
            return bytes;
        } catch (TLVEncodingException e) {
            throw new GPErrorException(5, i, e.getMessage());
        } catch (GeneralSecurityException e2) {
            throw new GPErrorException(5, i, e2.getMessage());
        }
    }

    private ECPoint getPointFromPubKeySeq(ConstructedTLV constructedTLV) throws TLVEncodingException {
        return ECNamedCurveTable.getParameterSpec(ObjectIdentifierRegistry.getInstance().getNameFor(constructedTLV.findTag(new Tag(6), (TLV) null).getValue())).getCurve().decodePoint(constructedTLV.findTag(new Tag(134), (TLV) null).getValue());
    }

    private byte[] calculateMac(Key key, int i, byte[] bArr, byte[] bArr2) throws GPErrorException, GeneralSecurityException {
        Mac mac = null;
        switch (i) {
            case 8:
            case ICrypto.AES_MAC /* 53 */:
                return cbcMac(key, bArr, bArr2, getProviderName());
            case 9:
                if (bArr2 == null) {
                    mac = Mac.getInstance("ISO9797ALG3Mac", getProviderName());
                    break;
                } else {
                    throw new GPErrorException(14, i, "IV not supported for DES_MAC_EMV");
                }
            case ICrypto.AES_CMAC /* 54 */:
                if (bArr2 == null) {
                    mac = Mac.getInstance("AESCMAC", getProviderName());
                    break;
                } else {
                    throw new GPErrorException(14, i, "IV not supported for AES_CMAC");
                }
        }
        mac.init(key);
        return mac.doFinal(bArr);
    }

    private static byte[] retailMac(Key key, byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException {
        Mac mac = Mac.getInstance("ISO9797ALG3Mac", str);
        mac.init(key);
        return mac.doFinal(bArr);
    }

    private static byte[] cbcMac(Key key, byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance(key.getAlgorithm() + "/CBC/NoPadding", str);
        int blockSize = cipher.getBlockSize();
        cipher.init(1, key, bArr2 != null ? new IvParameterSpec(bArr2) : new IvParameterSpec(new byte[blockSize]));
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] bArr3 = new byte[blockSize];
        System.arraycopy(doFinal, doFinal.length - blockSize, bArr3, 0, bArr3.length);
        return bArr3;
    }

    private byte[] calculateHMac(byte[] bArr, int i, byte[] bArr2) throws GPErrorException, GeneralSecurityException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, getAlgorithmName(i));
        Mac mac = Mac.getInstance(getAlgorithmName(i), getProviderName());
        mac.init(secretKeySpec);
        return mac.doFinal(bArr2);
    }

    private static String getAlgorithmName(int i) {
        String str = null;
        switch (i) {
            case 14:
            case 33:
                str = "SHA1withRSA";
                break;
            case 18:
                str = "NONEwithECDSA";
                break;
            case 28:
                str = "SHA1withECDSA";
                break;
            case 29:
                str = "SHA224withECDSA";
                break;
            case 30:
                str = "SHA256withECDSA";
                break;
            case 31:
                str = "SHA384withECDSA";
                break;
            case 32:
                str = "SHA512withECDSA";
                break;
            case 34:
                str = "SHA224withRSA";
                break;
            case 35:
                str = "SHA256withRSA";
                break;
            case 36:
                str = "SHA384withRSA";
                break;
            case ICrypto.RSA_SHA512 /* 37 */:
                str = "SHA512withRSA";
                break;
            case ICrypto.RSA_PSS_SHA1 /* 45 */:
                str = "SHA1withRSAandMGF1";
                break;
            case ICrypto.RSA_PSS_SHA224 /* 46 */:
                str = "SHA224withRSAandMGF1";
                break;
            case ICrypto.RSA_PSS_SHA256 /* 47 */:
                str = "SHA256withRSAandMGF1";
                break;
            case ICrypto.RSA_PSS_SHA384 /* 48 */:
                str = "SHA384withRSAandMGF1";
                break;
            case ICrypto.RSA_PSS_SHA512 /* 49 */:
                str = "SHA512withRSAandMGF1";
                break;
            case ICrypto.HMAC_SHA1 /* 55 */:
                str = "HmacSHA1";
                break;
            case ICrypto.HMAC_SHA256 /* 56 */:
                str = "HmacSHA256";
                break;
            case ICrypto.HMAC_MD5 /* 57 */:
                str = "HmacMD5";
                break;
            case ICrypto.HMAC_SHA384 /* 61 */:
                str = "HmacSHA384";
                break;
        }
        return str;
    }

    @Override // de.cardcontact.scdp.gp.crypto.AbstractCrypto, de.cardcontact.scdp.gp.crypto.ICrypto
    public byte[] sign(GPKey gPKey, int i, byte[] bArr, byte[] bArr2) throws GPErrorException {
        byte[] calculateMac;
        switch (i) {
            case 8:
            case 9:
            case ICrypto.AES_MAC /* 53 */:
            case ICrypto.AES_CMAC /* 54 */:
                try {
                    calculateMac = calculateMac(gPKey.getJCEKey(getProviderName()), i, bArr, bArr2);
                    break;
                } catch (GeneralSecurityException e) {
                    throw new GPErrorException(5, i, e.getMessage());
                }
            case ICrypto.HMAC_SHA1 /* 55 */:
            case ICrypto.HMAC_SHA256 /* 56 */:
            case ICrypto.HMAC_MD5 /* 57 */:
            case ICrypto.HMAC_SHA384 /* 61 */:
                ByteString component = gPKey.getComponent(25);
                if (component == null) {
                    throw new GPErrorException(12, i, "Key must be generic secret");
                }
                try {
                    calculateMac = calculateHMac(component.getBytes(), i, bArr);
                    break;
                } catch (GeneralSecurityException e2) {
                    throw new GPErrorException(5, i, e2.getMessage());
                }
            default:
                if (bArr2 != null) {
                    throw new GPErrorException(14, i, "IV not supported for selected mechanism");
                }
                String algorithmName = getAlgorithmName(i);
                if (algorithmName == null) {
                    throw new GPErrorException(14, i, "Specified mechanism not supported");
                }
                try {
                    PrivateKey privateKey = (PrivateKey) gPKey.getJCEKey(getProviderName());
                    Signature signature = Signature.getInstance(algorithmName, getProviderName());
                    signature.initSign(privateKey);
                    signature.update(bArr);
                    calculateMac = signature.sign();
                    break;
                } catch (Exception e3) {
                    Throwable cause = e3.getCause();
                    e3.printStackTrace();
                    if (cause != null) {
                        throw new GPErrorException(5, i, cause.getMessage());
                    }
                    throw new GPErrorException(5, i, e3.getMessage());
                }
        }
        return calculateMac;
    }

    @Override // de.cardcontact.scdp.gp.crypto.AbstractCrypto, de.cardcontact.scdp.gp.crypto.ICrypto
    public boolean verify(GPKey gPKey, int i, byte[] bArr, byte[] bArr2, byte[] bArr3) throws GPErrorException {
        switch (i) {
            case 8:
            case 9:
            case ICrypto.AES_MAC /* 53 */:
            case ICrypto.AES_CMAC /* 54 */:
                try {
                    byte[] calculateMac = calculateMac(gPKey.getJCEKey(getProviderName()), i, bArr, bArr3);
                    for (int i2 = 0; i2 < bArr2.length; i2++) {
                        if (bArr2[i2] != calculateMac[i2]) {
                            return false;
                        }
                    }
                    return true;
                } catch (GeneralSecurityException e) {
                    throw new GPErrorException(5, i, e.getMessage());
                }
            default:
                if (bArr3 != null) {
                    throw new GPErrorException(14, i, "IV not supported for selected mechanism");
                }
                String algorithmName = getAlgorithmName(i);
                if (algorithmName == null) {
                    throw new GPErrorException(14, i, "Specified mechanism not supported");
                }
                try {
                    PublicKey publicKey = (PublicKey) gPKey.getJCEKey(getProviderName());
                    Signature signature = Signature.getInstance(algorithmName, getProviderName());
                    signature.initVerify(publicKey);
                    signature.update(bArr);
                    return signature.verify(bArr2);
                } catch (Exception e2) {
                    Throwable cause = e2.getCause();
                    if (cause != null) {
                        throw new GPErrorException(5, i, cause.getMessage());
                    }
                    throw new GPErrorException(5, i, e2.getMessage());
                }
        }
    }

    private static void adjustParity(byte[] bArr) {
        for (int i = 0; i < bArr.length; i++) {
            int i2 = (bArr[i] & 255) | 1;
            for (int i3 = 7; i3 > 0; i3--) {
                i2 = (i2 & 1) ^ (i2 >> 1);
            }
            bArr[i] = (byte) ((bArr[i] & 254) | i2);
        }
    }

    private void deriveDESKey(GPKey gPKey, int i, byte[] bArr, GPKey gPKey2) throws GeneralSecurityException, GPErrorException {
        Cipher cipher;
        if (bArr.length != 8 && bArr.length != 16 && bArr.length != 24) {
            throw new GPErrorException(8, bArr.length, "Size of data parameter must be 8, 16 or 24!");
        }
        String str = gPKey.getJCEKey(getProviderName()).getEncoded().length == 8 ? "DES" : "DESede";
        switch (i) {
            case 2:
                cipher = Cipher.getInstance(str + "/CBC/NoPadding", getProviderName());
                cipher.init(1, gPKey.getJCEKey(getProviderName()), new IvParameterSpec(defaultICV));
                break;
            case 5:
                cipher = Cipher.getInstance(str + "/ECB/NoPadding", getProviderName());
                cipher.init(1, gPKey.getJCEKey(getProviderName()));
                break;
            default:
                throw new GPErrorException(14, i, "Specified mechanism not supported!");
        }
        byte[] doFinal = cipher.doFinal(bArr);
        adjustParity(doFinal);
        gPKey2.put(1, gPKey2, ByteString.newInstance(gPKey2, doFinal));
        gPKey2.setKeyType(1);
        gPKey2.setJCEKey(null);
    }

    private void deriveECCKey(GPKey gPKey, int i, byte[] bArr, GPKey gPKey2) throws GeneralSecurityException, GPErrorException {
        ECPoint add;
        switch (i) {
            case 22:
            case ICrypto.EC_MULTIPLY_SUB /* 62 */:
                ECPublicKey jCEKey = gPKey.getJCEKey(getProviderName());
                if (!(jCEKey instanceof ECPublicKey)) {
                    throw new GPErrorException(12, 0, "The key must be an EC public key");
                }
                ECPublicKey eCPublicKey = jCEKey;
                ECPublicKey eCPublicKey2 = null;
                if (gPKey2.getComponent(17) != null) {
                    Key jCEKey2 = gPKey2.getJCEKey(getProviderName());
                    if (!(jCEKey2 instanceof ECPublicKey)) {
                        throw new GPErrorException(12, 4, "The key must be an EC public key");
                    }
                    eCPublicKey2 = (ECPublicKey) jCEKey2;
                }
                if (bArr != null) {
                    add = eCPublicKey.getQ().multiply(new BigInteger(1, bArr));
                    if (eCPublicKey2 != null) {
                        add = i == 22 ? add.add(eCPublicKey2.getQ()) : add.subtract(eCPublicKey2.getQ());
                    }
                } else {
                    if (eCPublicKey2 == null) {
                        throw new GPErrorException(12, 4, "The key must be an EC public key");
                    }
                    add = i == 22 ? eCPublicKey.getQ().add(eCPublicKey2.getQ()) : eCPublicKey.getQ().subtract(eCPublicKey2.getQ());
                }
                gPKey2.setJCEKey(KeyFactory.getInstance("EC", getProviderName()).generatePublic(new ECPublicKeySpec(add, gPKey2.getECParameter())));
                return;
            default:
                throw new GPErrorException(14, 14, "Specified mechanism not supported!");
        }
    }

    @Override // de.cardcontact.scdp.gp.crypto.AbstractCrypto, de.cardcontact.scdp.gp.crypto.ICrypto
    public void deriveKey(GPKey gPKey, int i, byte[] bArr, GPKey gPKey2) throws GPErrorException {
        try {
            switch (i) {
                case 2:
                case 5:
                    deriveDESKey(gPKey, i, bArr, gPKey2);
                    break;
                case 22:
                case ICrypto.EC_MULTIPLY_SUB /* 62 */:
                    deriveECCKey(gPKey, i, bArr, gPKey2);
                    break;
                default:
                    throw new GPErrorException(14, 14, "Specified mechanism not supported!");
            }
        } catch (GeneralSecurityException e) {
            throw new GPErrorException(5, i, e.getMessage());
        }
    }

    @Override // de.cardcontact.scdp.gp.crypto.AbstractCrypto, de.cardcontact.scdp.gp.crypto.ICrypto
    public byte[] generateRandom(int i) throws GPErrorException {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    @Override // de.cardcontact.scdp.gp.crypto.AbstractCrypto, de.cardcontact.scdp.gp.crypto.ICrypto
    public void generateKeyPair(int i, GPKey gPKey, GPKey gPKey2) throws GPErrorException {
        KeyPairGenerator keyPairGenerator;
        try {
            if (i == 17 || i == 18) {
                keyPairGenerator = KeyPairGenerator.getInstance("EC", getProviderName());
                keyPairGenerator.initialize((AlgorithmParameterSpec) gPKey.getECParameter());
            } else {
                if (i != 14) {
                    throw new GPErrorException(14, 0, "Mechanism must be either RSA or ECDSA");
                }
                keyPairGenerator = KeyPairGenerator.getInstance("RSA", getProviderName());
                keyPairGenerator.initialize(gPKey.getKeySize());
            }
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            gPKey2.setKeySize(gPKey.getKeySize());
            gPKey.setJCEKey(generateKeyPair.getPublic());
            gPKey2.setJCEKey(generateKeyPair.getPrivate());
        } catch (GeneralSecurityException e) {
            throw new GPErrorException(5, i, e.getMessage());
        }
    }

    @Override // de.cardcontact.scdp.gp.crypto.AbstractCrypto, de.cardcontact.scdp.gp.crypto.ICrypto
    public byte[] digest(int i, byte[] bArr) throws GPErrorException {
        MessageDigest messageDigest;
        try {
            switch (i) {
                case 13:
                    messageDigest = MessageDigest.getInstance("MD5", getProviderName());
                    break;
                case 14:
                case 15:
                case 17:
                case 18:
                case 19:
                case 20:
                case 21:
                case 22:
                case 23:
                default:
                    throw new GPErrorException(14, 0, "Specified mechanism not supported!");
                case 16:
                    messageDigest = MessageDigest.getInstance("SHA1", getProviderName());
                    break;
                case 24:
                    messageDigest = MessageDigest.getInstance("SHA224", getProviderName());
                    break;
                case 25:
                    messageDigest = MessageDigest.getInstance("SHA256", getProviderName());
                    break;
                case 26:
                    messageDigest = MessageDigest.getInstance("SHA384", getProviderName());
                    break;
                case 27:
                    messageDigest = MessageDigest.getInstance("SHA512", getProviderName());
                    break;
            }
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (GeneralSecurityException e) {
            throw new GPErrorException(5, i, e.getMessage());
        }
    }
}
