package com.yubico.yubikit.fido.ctap;

import android.util.Pair;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class PinUvAuthProtocolV1 implements PinUvAuthProtocol {
    private static final int AUTHENTICATE_HASH_LEN = 16;
    private static final String CIPHER_ALG = "AES";
    private static final String CIPHER_TRANSFORMATION = "AES/CBC/NoPadding";
    private static final int COORDINATE_SIZE = 32;
    private static final String HASH_ALG = "SHA-256";
    private static final byte[] IV = new byte[16];
    private static final String KEY_AGREEMENT_ALG = "ECDH";
    private static final String KEY_AGREEMENT_KEY_ALG = "EC";
    private static final int KEY_SHAREDSECRET_POINT_X = -2;
    private static final int KEY_SHAREDSECRET_POINT_Y = -3;
    private static final String MAC_ALG = "HmacSHA256";
    public static final int VERSION = 1;

    static byte[] encodeCoordinate(BigInteger bigInteger) {
        byte[] byteArray = bigInteger.toByteArray();
        byte[] bArr = new byte[32];
        if (byteArray.length < 32) {
            System.arraycopy(byteArray, 0, bArr, 32 - byteArray.length, byteArray.length);
        } else {
            if (byteArray.length <= 32) {
                return byteArray;
            }
            System.arraycopy(byteArray, byteArray.length - 32, bArr, 0, 32);
        }
        return bArr;
    }

    @Override // com.yubico.yubikit.fido.ctap.PinUvAuthProtocol
    public byte[] authenticate(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance(MAC_ALG);
            mac.init(new SecretKeySpec(bArr, MAC_ALG));
            return Arrays.copyOf(mac.doFinal(bArr2), 16);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.yubico.yubikit.fido.ctap.PinUvAuthProtocol
    public byte[] decrypt(byte[] bArr, byte[] bArr2) {
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORMATION);
            cipher.init(2, new SecretKeySpec(bArr, CIPHER_ALG), new IvParameterSpec(IV));
            return cipher.doFinal(bArr2);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // com.yubico.yubikit.fido.ctap.PinUvAuthProtocol
    public Pair<Map<Integer, ?>, byte[]> encapsulate(Map<Integer, ?> map) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_AGREEMENT_KEY_ALG);
            keyPairGenerator.initialize(256);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            ECPoint w = ((ECPublicKey) generateKeyPair.getPublic()).getW();
            HashMap hashMap = new HashMap();
            hashMap.put(1, 2);
            hashMap.put(3, -25);
            hashMap.put(-1, 1);
            hashMap.put(-2, encodeCoordinate(w.getAffineX()));
            hashMap.put(-3, encodeCoordinate(w.getAffineY()));
            ECPublicKey eCPublicKey = (ECPublicKey) KeyFactory.getInstance(KEY_AGREEMENT_KEY_ALG).generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, (byte[]) map.get(-2)), new BigInteger(1, (byte[]) map.get(-3))), ((ECPublicKey) generateKeyPair.getPublic()).getParams()));
            KeyAgreement keyAgreement = KeyAgreement.getInstance(KEY_AGREEMENT_ALG);
            keyAgreement.init(generateKeyPair.getPrivate());
            keyAgreement.doPhase(eCPublicKey, true);
            return new Pair<>(hashMap, MessageDigest.getInstance("SHA-256").digest(keyAgreement.generateSecret()));
        } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // com.yubico.yubikit.fido.ctap.PinUvAuthProtocol
    public byte[] encrypt(byte[] bArr, byte[] bArr2) {
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORMATION);
            cipher.init(1, new SecretKeySpec(bArr, CIPHER_ALG), new IvParameterSpec(IV));
            return cipher.doFinal(bArr2);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // com.yubico.yubikit.fido.ctap.PinUvAuthProtocol
    public int getVersion() {
        return 1;
    }
}
