package com.microsoft.identity.internal.device;

import android.os.Build;
import android.security.keystore.KeyInfo;
import android.util.Base64;
import com.microsoft.identity.internal.AsymmetricKey;
import com.microsoft.identity.internal.CryptoOperationResponse;
import com.microsoft.identity.internal.StatusInternal;
import com.microsoft.identity.internal.SubStatusInternal;
import com.microsoft.identity.internal.TempError;
import com.microsoft.identity.internal.TempErrorFactory;
import com.yubico.yubikit.core.fido.CtapException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import javax.crypto.KeyAgreement;
import kotlin.jvm.internal.ByteCompanionObject;

/* loaded from: classes5.dex */
public class EccKeyImpl extends AsymmetricKey {
    private static final int KEY_SIZE_BITS = 256;
    private final Date mCreationDate;
    private final String mId;
    private int mIsStoredInHardware;
    private final KeyPair mKeyPair;
    private final Provider mProvider;

    public EccKeyImpl(String str, KeyPair keyPair, Provider provider, Date date) throws IllegalArgumentException {
        if (str.isEmpty()) {
            throw new IllegalArgumentException("Id is empty.");
        }
        PublicKey publicKey = keyPair.getPublic();
        if (!(publicKey instanceof ECPublicKey)) {
            throw new IllegalArgumentException("Not an EC key.");
        }
        ECPoint w = ((ECPublicKey) publicKey).getW();
        if (w.getAffineX().bitLength() > KEY_SIZE_BITS || w.getAffineY().bitLength() > KEY_SIZE_BITS) {
            throw new IllegalArgumentException("Unexpected key size.");
        }
        this.mId = str;
        this.mKeyPair = keyPair;
        this.mProvider = provider;
        this.mCreationDate = date;
        this.mIsStoredInHardware = keyPair.getPrivate() == null ? 0 : -1;
    }

    private static ECPublicKey createPublicKeyWithBcryptBlob(byte[] bArr) throws NoSuchAlgorithmException, IllegalArgumentException, InvalidParameterSpecException, InvalidKeySpecException {
        if (bArr[0] != 69 || bArr[1] != 67 || bArr[2] != 75 || bArr[3] != 49) {
            throw new IllegalArgumentException("Unexpected key format descriptor");
        }
        if (bArr[4] != 32 || bArr[5] != 0 || bArr[6] != 0 || bArr[7] != 0) {
            throw new IllegalArgumentException("Unexpected key size");
        }
        BigInteger coordinateFromBlob = getCoordinateFromBlob(bArr, 8);
        BigInteger coordinateFromBlob2 = getCoordinateFromBlob(bArr, 40);
        Provider provider = Security.getProviders("KeyAgreement.ECDH")[0];
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC", provider);
        algorithmParameters.init(new ECGenParameterSpec("prime256v1"));
        return (ECPublicKey) KeyFactory.getInstance("EC", provider).generatePublic(new ECPublicKeySpec(new ECPoint(coordinateFromBlob, coordinateFromBlob2), (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
    }

    private static CryptoOperationResponse fail(int i, StatusInternal statusInternal, String str, Throwable th) {
        return new CryptoOperationResponse("", ErrorUtils.createError(i, statusInternal, str, th));
    }

    private static BigInteger getCoordinateFromBlob(byte[] bArr, int i) {
        int i2 = (bArr[i] & ByteCompanionObject.MIN_VALUE) == 0 ? 0 : 1;
        byte[] bArr2 = new byte[i2 + 32];
        bArr2[0] = 0;
        System.arraycopy(bArr, i, bArr2, i2, 32);
        return new BigInteger(bArr2);
    }

    private static void putCoordinateIntoBlob(byte[] bArr, int i, BigInteger bigInteger) {
        byte[] byteArray = bigInteger.toByteArray();
        int i2 = byteArray.length > 32 ? 1 : 0;
        System.arraycopy(byteArray, i2, bArr, i, byteArray.length - i2);
    }

    @Override // com.microsoft.identity.internal.AsymmetricKey
    public CryptoOperationResponse decrypt(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("message", "Decrypt operation is not implemented");
        return new CryptoOperationResponse(null, TempErrorFactory.create(505993293, StatusInternal.UNEXPECTED, SubStatusInternal.NONE, hashMap));
    }

    @Override // com.microsoft.identity.internal.AsymmetricKey
    public CryptoOperationResponse generateCertificateSigningRequest(byte[] bArr) {
        HashMap hashMap = new HashMap();
        hashMap.put("message", "generateCertificateSigningRequest operation is not implemented");
        return new CryptoOperationResponse(null, TempErrorFactory.create(505771216, StatusInternal.UNEXPECTED, SubStatusInternal.NONE, hashMap));
    }

    @Override // com.microsoft.identity.internal.AsymmetricKey
    public CryptoOperationResponse generateSharedSecret(byte[] bArr, byte[] bArr2) {
        try {
            ECPublicKey createPublicKeyWithBcryptBlob = createPublicKeyWithBcryptBlob(bArr);
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(this.mKeyPair.getPrivate());
            keyAgreement.doPhase(createPublicKeyWithBcryptBlob, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            byte[] copyOf = Arrays.copyOf(generateSecret, generateSecret.length + bArr2.length + 4);
            copyOf[generateSecret.length] = 0;
            copyOf[generateSecret.length + 1] = 0;
            copyOf[generateSecret.length + 2] = 0;
            copyOf[generateSecret.length + 3] = 1;
            System.arraycopy(bArr2, 0, copyOf, generateSecret.length + 4, bArr2.length);
            return new CryptoOperationResponse(Base64.encodeToString(MessageDigest.getInstance("SHA-256").digest(copyOf), 2), null);
        } catch (IllegalArgumentException e) {
            return fail(507822174, StatusInternal.UNEXPECTED, "Failed to generate shared secret.", e);
        } catch (InvalidKeyException e2) {
            return fail(507822175, StatusInternal.UNEXPECTED, "Failed to generate shared secret.", e2);
        } catch (NoSuchAlgorithmException e3) {
            return fail(507822177, StatusInternal.UNEXPECTED, "Failed to generate shared secret.", e3);
        } catch (InvalidKeySpecException e4) {
            return fail(507822176, StatusInternal.UNEXPECTED, "Failed to generate shared secret.", e4);
        } catch (InvalidParameterSpecException e5) {
            return fail(507822173, StatusInternal.UNEXPECTED, "Failed to generate shared secret.", e5);
        }
    }

    @Override // com.microsoft.identity.internal.AsymmetricKey
    public Date getCreatedOn() {
        return this.mCreationDate;
    }

    @Override // com.microsoft.identity.internal.AsymmetricKey
    public String getId() {
        return this.mId;
    }

    @Override // com.microsoft.identity.internal.AsymmetricKey
    public String getJsonWebKey() {
        return "";
    }

    @Override // com.microsoft.identity.internal.AsymmetricKey
    public String getPublicKey() {
        return Base64.encodeToString(this.mKeyPair.getPublic().getEncoded(), 11);
    }

    @Override // com.microsoft.identity.internal.AsymmetricKey
    public byte[] getPublicKeyBcryptBlob() {
        ECPoint w = ((ECPublicKey) this.mKeyPair.getPublic()).getW();
        BigInteger affineX = w.getAffineX();
        BigInteger affineY = w.getAffineY();
        byte[] bArr = new byte[72];
        bArr[0] = 69;
        bArr[1] = 67;
        bArr[2] = 75;
        bArr[3] = CtapException.ERR_PIN_INVALID;
        bArr[4] = 32;
        bArr[5] = 0;
        bArr[6] = 0;
        bArr[7] = 0;
        putCoordinateIntoBlob(bArr, 8, affineX);
        putCoordinateIntoBlob(bArr, 40, affineY);
        return bArr;
    }

    @Override // com.microsoft.identity.internal.AsymmetricKey
    public String getThumbprint() {
        return "";
    }

    @Override // com.microsoft.identity.internal.AsymmetricKey
    public boolean isStoredInHardware() {
        KeyFactory keyFactory;
        int securityLevel;
        if (this.mIsStoredInHardware < 0) {
            synchronized (this) {
                if (this.mIsStoredInHardware < 0) {
                    try {
                        keyFactory = KeyFactory.getInstance("EC", this.mProvider);
                    } catch (NoSuchAlgorithmException unused) {
                        keyFactory = null;
                    }
                    if (keyFactory == null) {
                        this.mIsStoredInHardware = 0;
                        return false;
                    }
                    try {
                        int i = Build.VERSION.SDK_INT;
                        KeyInfo keyInfo = (KeyInfo) keyFactory.getKeySpec(this.mKeyPair.getPrivate(), KeyInfo.class);
                        if (i < 31) {
                            boolean isInsideSecureHardware = keyInfo.isInsideSecureHardware();
                            this.mIsStoredInHardware = isInsideSecureHardware ? 1 : 0;
                            return isInsideSecureHardware;
                        }
                        securityLevel = keyInfo.getSecurityLevel();
                        if (securityLevel == -1 || securityLevel == 1 || securityLevel == 2) {
                            this.mIsStoredInHardware = 1;
                        } else {
                            this.mIsStoredInHardware = 0;
                        }
                    } catch (InvalidKeySpecException unused2) {
                        this.mIsStoredInHardware = 0;
                    }
                }
            }
        }
        return this.mIsStoredInHardware == 1;
    }

    @Override // com.microsoft.identity.internal.AsymmetricKey
    public CryptoOperationResponse sign(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("message", "EccKeyImpl does not implement ECDSA signing");
        return new CryptoOperationResponse(null, new TempError(StatusInternal.API_CONTRACT_VIOLATION, SubStatusInternal.NONE, hashMap, 0));
    }
}
