package org.sufficientlysecure.keychain.securitytoken.operations;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.bouncycastle.jcajce.util.MessageDigestUtils;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.operator.PGPPad;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Hex;
import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKey;
import org.sufficientlysecure.keychain.securitytoken.CardException;
import org.sufficientlysecure.keychain.securitytoken.EcKeyFormat;
import org.sufficientlysecure.keychain.securitytoken.KeyFormat;
import org.sufficientlysecure.keychain.securitytoken.ResponseApdu;
import org.sufficientlysecure.keychain.securitytoken.RsaKeyFormat;
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenConnection;

/* loaded from: classes.dex */
public class PsoDecryptTokenOp {
    private final SecurityTokenConnection connection;
    private final JcaKeyFingerprintCalculator fingerprintCalculator;
    private static final byte[] DECIPHER_EXTERNAL_PUBLIC_KEY = Hex.decode("86");
    private static final byte[] DECIPHER_PUBLIC_KEY_DO = Hex.decode("7F49");
    private static final byte[] DECIPHER_CIPHER_DO = Hex.decode("A6");

    private PsoDecryptTokenOp(SecurityTokenConnection securityTokenConnection, JcaKeyFingerprintCalculator jcaKeyFingerprintCalculator) {
        this.connection = securityTokenConnection;
        this.fingerprintCalculator = jcaKeyFingerprintCalculator;
    }

    public static PsoDecryptTokenOp create(SecurityTokenConnection securityTokenConnection) {
        return new PsoDecryptTokenOp(securityTokenConnection, new JcaKeyFingerprintCalculator());
    }

    private byte[] decryptSessionKeyEcdh(byte[] bArr, EcKeyFormat ecKeyFormat, CanonicalizedPublicKey canonicalizedPublicKey) throws IOException {
        int mpiLength = getMpiLength(bArr) + 2;
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 2, mpiLength);
        byte[] ecDecipherPayload = getEcDecipherPayload(ecKeyFormat, copyOfRange);
        byte[] concatenate = Arrays.concatenate(DECIPHER_EXTERNAL_PUBLIC_KEY, ecDecipherPayload.length < 128 ? new byte[]{(byte) ecDecipherPayload.length} : new byte[]{-127, (byte) ecDecipherPayload.length}, ecDecipherPayload);
        byte[] concatenate2 = Arrays.concatenate(DECIPHER_PUBLIC_KEY_DO, concatenate.length < 128 ? new byte[]{(byte) concatenate.length} : new byte[]{-127, (byte) concatenate.length}, concatenate);
        ResponseApdu communicate = this.connection.communicate(this.connection.getCommandFactory().createDecipherCommand(Arrays.concatenate(DECIPHER_CIPHER_DO, concatenate2.length < 128 ? new byte[]{(byte) concatenate2.length} : new byte[]{-127, (byte) concatenate2.length}, concatenate2), copyOfRange.length));
        if (!communicate.isSuccess()) {
            throw new CardException("Deciphering with Security token failed on receive", communicate.getSw());
        }
        byte[] data = communicate.getData();
        if (data[0] == 4 && data.length % 2 == 1) {
            int length = (data.length - 1) / 2;
            byte[] bArr2 = new byte[length];
            System.arraycopy(data, 1, bArr2, 0, length);
            data = bArr2;
        }
        int i = bArr[mpiLength];
        byte[] bArr3 = new byte[i];
        System.arraycopy(bArr, mpiLength + 1, bArr3, 0, i);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestUtils.getDigestName(canonicalizedPublicKey.getSecurityTokenHashAlgorithm()));
            messageDigest.update(new byte[]{0, 0, 0, 1});
            messageDigest.update(data);
            messageDigest.update(canonicalizedPublicKey.createUserKeyingMaterial(this.fingerprintCalculator));
            byte[] digest = messageDigest.digest();
            Cipher cipher = Cipher.getInstance("AESWrap");
            cipher.init(4, new SecretKeySpec(digest, 0, canonicalizedPublicKey.getSecurityTokenSymmetricKeySize() / 8, "AES"));
            Key unwrap = cipher.unwrap(bArr3, "Session", 3);
            Arrays.fill(digest, (byte) 0);
            return PGPPad.unpadSessionData(unwrap.getEncoded());
        } catch (InvalidKeyException unused) {
            throw new CardException("Invalid KEK!");
        } catch (NoSuchAlgorithmException unused2) {
            throw new CardException("Unknown digest/encryption algorithm!");
        } catch (NoSuchPaddingException unused3) {
            throw new CardException("Unknown padding algorithm!");
        } catch (PGPException e) {
            throw new CardException(e.getMessage());
        }
    }

    private byte[] decryptSessionKeyRsa(byte[] bArr) throws IOException {
        int mpiLength = getMpiLength(bArr);
        ResponseApdu communicate = this.connection.communicate(this.connection.getCommandFactory().createDecipherCommand(getRsaOperationPayload(bArr), mpiLength));
        if (communicate.isSuccess()) {
            return communicate.getData();
        }
        throw new CardException("Deciphering with Security token failed on receive", communicate.getSw());
    }

    private byte[] getEcDecipherPayload(EcKeyFormat ecKeyFormat, byte[] bArr) throws CardException {
        if (ecKeyFormat.isX25519()) {
            return Arrays.copyOfRange(bArr, 1, 33);
        }
        ECPoint decodePoint = ECNamedCurveTable.getByOID(ecKeyFormat.curveOid()).getCurve().decodePoint(bArr);
        if (decodePoint.isValid()) {
            return decodePoint.getEncoded(false);
        }
        throw new CardException("Invalid EC point!");
    }

    private int getMpiLength(byte[] bArr) {
        return ((((bArr[0] & 255) << 8) + (bArr[1] & 255)) + 7) / 8;
    }

    public byte[] getRsaOperationPayload(byte[] bArr) throws IOException {
        int mpiLength = getMpiLength(bArr);
        if (mpiLength != bArr.length - 2) {
            throw new IOException("Malformed RSA session key!");
        }
        byte[] bArr2 = new byte[mpiLength + 1];
        bArr2[0] = 0;
        System.arraycopy(bArr, 2, bArr2, 1, mpiLength);
        return bArr2;
    }

    public byte[] verifyAndDecryptSessionKey(byte[] bArr, CanonicalizedPublicKey canonicalizedPublicKey) throws IOException {
        this.connection.verifyPinForOther();
        KeyFormat encryptKeyFormat = this.connection.getOpenPgpCapabilities().getEncryptKeyFormat();
        if (encryptKeyFormat instanceof RsaKeyFormat) {
            return decryptSessionKeyRsa(bArr);
        }
        if (encryptKeyFormat instanceof EcKeyFormat) {
            return decryptSessionKeyEcdh(bArr, (EcKeyFormat) encryptKeyFormat, canonicalizedPublicKey);
        }
        throw new CardException("Unknown encryption key type!");
    }
}
