package org.sufficientlysecure.keychain.securitytoken.operations;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Hex;
import org.sufficientlysecure.keychain.securitytoken.CardException;
import org.sufficientlysecure.keychain.securitytoken.EcKeyFormat;
import org.sufficientlysecure.keychain.securitytoken.KeyFormat;
import org.sufficientlysecure.keychain.securitytoken.ResponseApdu;
import org.sufficientlysecure.keychain.securitytoken.RsaKeyFormat;
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenConnection;
import timber.log.Timber;

/* loaded from: classes.dex */
public class SecurityTokenPsoSignTokenOp {
    private final SecurityTokenConnection connection;

    private SecurityTokenPsoSignTokenOp(SecurityTokenConnection securityTokenConnection) {
        this.connection = securityTokenConnection;
    }

    public static SecurityTokenPsoSignTokenOp create(SecurityTokenConnection securityTokenConnection) {
        return new SecurityTokenPsoSignTokenOp(securityTokenConnection);
    }

    private byte[] encodeSignature(byte[] bArr, KeyFormat keyFormat) throws IOException {
        if (keyFormat instanceof RsaKeyFormat) {
            int modulusLength = ((RsaKeyFormat) keyFormat).modulusLength() / 8;
            if (bArr.length == modulusLength) {
                return bArr;
            }
            throw new IOException("Bad signature length! Expected " + modulusLength + " bytes, got " + bArr.length);
        }
        if (!(keyFormat instanceof EcKeyFormat)) {
            throw new IOException("Not supported key format!");
        }
        if (((EcKeyFormat) keyFormat).isEdDsa()) {
            return bArr;
        }
        if (bArr.length % 2 != 0) {
            throw new IOException("Bad signature length!");
        }
        int length = bArr.length / 2;
        byte[] bArr2 = new byte[length];
        int length2 = bArr.length / 2;
        byte[] bArr3 = new byte[length2];
        for (int i2 = 0; i2 < length; i2++) {
            bArr2[i2] = bArr[i2];
            bArr3[i2] = bArr[length + i2];
        }
        if (bArr2[0] == 0 && (bArr2[1] & 128) == 0) {
            bArr2 = Arrays.copyOfRange(bArr2, 1, length);
        }
        if (bArr3[0] == 0 && (bArr3[1] & 128) == 0) {
            bArr3 = Arrays.copyOfRange(bArr3, 1, length2);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ASN1OutputStream create = ASN1OutputStream.create(byteArrayOutputStream);
        create.writeObject((ASN1Primitive) new DERSequence(new ASN1Encodable[]{new ASN1Integer(bArr2), new ASN1Integer(bArr3)}));
        create.flush();
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] prepareData(byte[] bArr, int i2, KeyFormat keyFormat) throws IOException {
        if (keyFormat instanceof RsaKeyFormat) {
            return prepareDsi(bArr, i2);
        }
        if (keyFormat instanceof EcKeyFormat) {
            return bArr;
        }
        throw new IOException("Not supported key type!");
    }

    private byte[] prepareDsi(byte[] bArr, int i2) throws IOException {
        Timber.i("Hash: " + i2, new Object[0]);
        if (i2 == 2) {
            if (bArr.length == 20) {
                return Arrays.concatenate(Hex.decode("3021300906052B0E03021A05000414"), bArr);
            }
            throw new IOException("Bad hash length (" + bArr.length + ", expected 10!");
        }
        if (i2 == 3) {
            if (bArr.length == 20) {
                return Arrays.concatenate(Hex.decode("3021300906052B2403020105000414"), bArr);
            }
            throw new IOException("Bad hash length (" + bArr.length + ", expected 20!");
        }
        switch (i2) {
            case 8:
                if (bArr.length == 32) {
                    return Arrays.concatenate(Hex.decode("3031300D060960864801650304020105000420"), bArr);
                }
                throw new IOException("Bad hash length (" + bArr.length + ", expected 32!");
            case 9:
                if (bArr.length == 48) {
                    return Arrays.concatenate(Hex.decode("3041300D060960864801650304020205000430"), bArr);
                }
                throw new IOException("Bad hash length (" + bArr.length + ", expected 48!");
            case 10:
                if (bArr.length == 64) {
                    return Arrays.concatenate(Hex.decode("3051300D060960864801650304020305000440"), bArr);
                }
                throw new IOException("Bad hash length (" + bArr.length + ", expected 64!");
            case 11:
                if (bArr.length == 28) {
                    return Arrays.concatenate(Hex.decode("302D300D06096086480165030402040500041C"), bArr);
                }
                throw new IOException("Bad hash length (" + bArr.length + ", expected 28!");
            default:
                throw new IOException("Not supported hash algo!");
        }
    }

    public byte[] calculateAuthenticationSignature(byte[] bArr, int i2) throws IOException {
        this.connection.verifyPinForOther();
        KeyFormat authKeyFormat = this.connection.getOpenPgpCapabilities().getAuthKeyFormat();
        ResponseApdu communicate = this.connection.communicate(this.connection.getCommandFactory().createInternalAuthCommand(prepareData(bArr, i2, authKeyFormat)));
        if (communicate.isSuccess()) {
            return encodeSignature(communicate.getData(), authKeyFormat);
        }
        throw new CardException("Failed to sign", communicate.getSw());
    }

    public byte[] calculateSignature(byte[] bArr, int i2) throws IOException {
        this.connection.verifyPinForSignature();
        KeyFormat signKeyFormat = this.connection.getOpenPgpCapabilities().getSignKeyFormat();
        ResponseApdu communicate = this.connection.communicate(this.connection.getCommandFactory().createComputeDigitalSignatureCommand(prepareData(bArr, i2, signKeyFormat)));
        this.connection.invalidateSingleUsePw1();
        if (communicate.isSuccess()) {
            return encodeSignature(communicate.getData(), signKeyFormat);
        }
        throw new CardException("Failed to sign", communicate.getSw());
    }
}
