package de.authada.eid.card.pace.steps;

import de.authada.eid.card.api.Card;
import de.authada.eid.card.api.CardLostException;
import de.authada.eid.card.api.CardProcessingException;
import de.authada.eid.card.api.CommandAPDU;
import de.authada.eid.card.asn1.pace.EncryptedNonce;
import de.authada.eid.card.asn1.pace.PACEInfo;
import de.authada.eid.card.pace.ECUtils;
import de.authada.eid.card.pace.PACEException;
import de.authada.eid.card.pace.PACESupportedCurves;
import de.authada.eid.card.pace.apdus.GeneralAuthenticateEncryptedNonceBuilder;
import de.authada.eid.card.pace.apdus.GeneralAuthenticateMapNonceBuilder;
import de.authada.eid.card.pace.apdus.InvalidSecretException;
import de.authada.eid.card.pace.crypto.ECKeyPairGenerator;
import de.authada.eid.card.pace.crypto.Nonce;
import de.authada.eid.card.pace.crypto.NonceDecryptor;
import de.authada.eid.card.pace.steps.SecretTypeAndSelectPACEInfoPACEStep;
import de.authada.mobile.org.spongycastle.crypto.AsymmetricCipherKeyPair;
import de.authada.mobile.org.spongycastle.crypto.InvalidCipherTextException;
import de.authada.mobile.org.spongycastle.crypto.params.ECDomainParameters;
import de.authada.mobile.org.spongycastle.crypto.params.ECPrivateKeyParameters;
import de.authada.mobile.org.spongycastle.crypto.params.ECPublicKeyParameters;
import java.io.IOException;
import java.security.SecureRandom;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes3.dex */
public class DomainParameterAgreementPACEStep {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DomainParameterAgreementPACEStep.class);
    private final NonceDecryptor nonceDecryptor = new NonceDecryptor();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static final class DomainParameterAgreementPACEContext extends PACEContextDelegate {
        private ECDomainParameters domainParameters;
        private final PACEInfo paceInfo;

        private DomainParameterAgreementPACEContext(SecretTypeAndSelectPACEInfoPACEStep.SecretTypeAndSelectPACEInfoPACEContext secretTypeAndSelectPACEInfoPACEContext) {
            super(secretTypeAndSelectPACEInfoPACEContext.getPACEContext());
            this.paceInfo = secretTypeAndSelectPACEInfoPACEContext.getPaceInfo();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void setDomainParameters(ECDomainParameters eCDomainParameters) {
            this.domainParameters = eCDomainParameters;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Card getCard() {
            return getPACEContext().getCard();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ECDomainParameters getDomainParameters() {
            return this.domainParameters;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public PACEInfo getPaceInfo() {
            return this.paceInfo;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public SecureRandom getSecureRandom() {
            return getPACEContext().getSecureRandom();
        }
    }

    public DomainParameterAgreementPACEContext processStep(SecretTypeAndSelectPACEInfoPACEStep.SecretTypeAndSelectPACEInfoPACEContext secretTypeAndSelectPACEInfoPACEContext) throws PACEException, CardLostException, InvalidSecretException {
        try {
            LOGGER.info("Retrieve and decrypt nonce");
            Nonce decrypt = this.nonceDecryptor.decrypt((EncryptedNonce) secretTypeAndSelectPACEInfoPACEContext.getCard().transceive(new GeneralAuthenticateEncryptedNonceBuilder().build()), secretTypeAndSelectPACEInfoPACEContext.getUserSecret());
            LOGGER.info("Generate terminal random Key pair on curve");
            AsymmetricCipherKeyPair generateRandomKeyPairOnCurve = new ECKeyPairGenerator(PACESupportedCurves.getCurve(secretTypeAndSelectPACEInfoPACEContext.getPaceInfo().getParameterId()), secretTypeAndSelectPACEInfoPACEContext.getSecureRandom()).generateRandomKeyPairOnCurve();
            LOGGER.info("Build MappingData APDU");
            CommandAPDU<ECPublicKeyParameters> build = new GeneralAuthenticateMapNonceBuilder().ecPublicKeyParameters((ECPublicKeyParameters) generateRandomKeyPairOnCurve.getPublic()).build();
            LOGGER.info("Retrieve MappingData from card");
            ECPublicKeyParameters eCPublicKeyParameters = (ECPublicKeyParameters) secretTypeAndSelectPACEInfoPACEContext.getCard().transceive(build);
            LOGGER.info("genereate ephemeral domain parameters");
            ECPrivateKeyParameters eCPrivateKeyParameters = (ECPrivateKeyParameters) generateRandomKeyPairOnCurve.getPrivate();
            DomainParameterAgreementPACEContext domainParameterAgreementPACEContext = new DomainParameterAgreementPACEContext(secretTypeAndSelectPACEInfoPACEContext);
            domainParameterAgreementPACEContext.setDomainParameters(ECUtils.calcEphemeralDomainParameters(decrypt, eCPrivateKeyParameters, eCPublicKeyParameters));
            return domainParameterAgreementPACEContext;
        } catch (InvalidSecretException e) {
            throw e;
        } catch (CardProcessingException e2) {
            e = e2;
            throw new PACEException("Error during ephemeral domain parameter agreement", e);
        } catch (InvalidCipherTextException e3) {
            e = e3;
            throw new PACEException("Error during ephemeral domain parameter agreement", e);
        } catch (IOException e4) {
            e = e4;
            throw new PACEException("Error during ephemeral domain parameter agreement", e);
        }
    }
}
