package com.yubico.yubikit.piv.jca;

import com.yubico.yubikit.core.keys.EllipticCurveValues;
import com.yubico.yubikit.piv.KeyType;
import com.yubico.yubikit.piv.PinPolicy;
import com.yubico.yubikit.piv.Slot;
import com.yubico.yubikit.piv.TouchPolicy;
import com.yubico.yubikit.piv.jca.PivPrivateKey;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.util.Arrays;
import java.util.concurrent.ArrayBlockingQueue;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.Callable;
import javax.annotation.Nullable;
import javax.security.auth.Destroyable;

/* loaded from: classes7.dex */
public abstract class PivPrivateKey implements PrivateKey, Destroyable {
    private boolean destroyed = false;
    final KeyType keyType;

    @Nullable
    protected char[] pin;

    @Nullable
    private final PinPolicy pinPolicy;
    final Slot slot;

    @Nullable
    private final TouchPolicy touchPolicy;

    /* loaded from: classes7.dex */
    public static class EcKey extends PivPrivateKey implements ECKey {
        private final ECParameterSpec ecSpec;

        private EcKey(Slot slot, KeyType keyType, @Nullable PinPolicy pinPolicy, @Nullable TouchPolicy touchPolicy, ECParameterSpec eCParameterSpec, @Nullable char[] cArr) {
            super(slot, keyType, pinPolicy, touchPolicy, cArr);
            this.ecSpec = eCParameterSpec;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public byte[] lambda$keyAgreement$0(Wg.d dVar, ECPoint eCPoint) throws Exception {
            com.yubico.yubikit.piv.a aVar = (com.yubico.yubikit.piv.a) dVar.b();
            char[] cArr = this.pin;
            if (cArr != null) {
                aVar.t(cArr);
            }
            Slot slot = this.slot;
            aVar.getClass();
            KeyType keyType = eCPoint.getAffineX().bitLength() > 256 ? KeyType.ECCP384 : KeyType.ECCP256;
            EllipticCurveValues ellipticCurveValues = ((KeyType.a) keyType.params).f33697c;
            BigInteger affineX = eCPoint.getAffineX();
            BigInteger affineY = eCPoint.getAffineY();
            ellipticCurveValues.getBitLength();
            if (ellipticCurveValues == EllipticCurveValues.Ed25519 || ellipticCurveValues == EllipticCurveValues.X25519) {
                throw new IllegalArgumentException("InvalidCurve");
            }
            int ceil = (int) Math.ceil(ellipticCurveValues.getBitLength() / 8.0d);
            byte[] array = ByteBuffer.allocate((ceil * 2) + 1).put((byte) 4).put(B0.p.B(ceil, affineX)).put(B0.p.B(ceil, affineY)).array();
            Sg.a.c(com.yubico.yubikit.piv.a.f33705n, "Performing key agreement with key in slot {} of type {}", slot, keyType);
            return aVar.q(slot, keyType, array, true);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public /* synthetic */ void lambda$keyAgreement$1(BlockingQueue blockingQueue, final ECPoint eCPoint, final Wg.d dVar) {
            blockingQueue.add(Wg.d.c(new Callable() { // from class: com.yubico.yubikit.piv.jca.u
                @Override // java.util.concurrent.Callable
                public final Object call() {
                    byte[] lambda$keyAgreement$0;
                    lambda$keyAgreement$0 = PivPrivateKey.EcKey.this.lambda$keyAgreement$0(dVar, eCPoint);
                    return lambda$keyAgreement$0;
                }
            }));
        }

        @Override // java.security.interfaces.ECKey
        public ECParameterSpec getParams() {
            return this.ecSpec;
        }

        public byte[] keyAgreement(Wg.a<Wg.a<Wg.d<com.yubico.yubikit.piv.a, Exception>>> aVar, final ECPoint eCPoint) throws Exception {
            final ArrayBlockingQueue arrayBlockingQueue = new ArrayBlockingQueue(1);
            aVar.invoke(new Wg.a() { // from class: com.yubico.yubikit.piv.jca.v
                @Override // Wg.a
                public final void invoke(Object obj) {
                    PivPrivateKey.EcKey.this.lambda$keyAgreement$1(arrayBlockingQueue, eCPoint, (Wg.d) obj);
                }
            });
            return (byte[]) ((Wg.d) arrayBlockingQueue.take()).b();
        }
    }

    /* loaded from: classes7.dex */
    public static class RsaKey extends PivPrivateKey implements RSAKey {
        private final BigInteger modulus;

        private RsaKey(Slot slot, KeyType keyType, @Nullable PinPolicy pinPolicy, @Nullable TouchPolicy touchPolicy, BigInteger bigInteger, @Nullable char[] cArr) {
            super(slot, keyType, pinPolicy, touchPolicy, cArr);
            this.modulus = bigInteger;
        }

        @Override // java.security.interfaces.RSAKey
        public BigInteger getModulus() {
            return this.modulus;
        }
    }

    public PivPrivateKey(Slot slot, KeyType keyType, @Nullable PinPolicy pinPolicy, @Nullable TouchPolicy touchPolicy, @Nullable char[] cArr) {
        this.slot = slot;
        this.keyType = keyType;
        this.pinPolicy = pinPolicy;
        this.touchPolicy = touchPolicy;
        this.pin = cArr != null ? Arrays.copyOf(cArr, cArr.length) : null;
    }

    public static PivPrivateKey from(PublicKey publicKey, Slot slot, @Nullable PinPolicy pinPolicy, @Nullable TouchPolicy touchPolicy, @Nullable char[] cArr) {
        KeyType fromKey = KeyType.fromKey(publicKey);
        return fromKey.params.f33698a == KeyType.Algorithm.RSA ? new RsaKey(slot, fromKey, pinPolicy, touchPolicy, ((RSAPublicKey) publicKey).getModulus(), cArr) : new EcKey(slot, fromKey, pinPolicy, touchPolicy, ((ECPublicKey) publicKey).getParams(), cArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] lambda$rawSignOrDecrypt$0(Wg.d dVar, byte[] bArr) throws Exception {
        com.yubico.yubikit.piv.a aVar = (com.yubico.yubikit.piv.a) dVar.b();
        char[] cArr = this.pin;
        if (cArr != null) {
            aVar.t(cArr);
        }
        Slot slot = this.slot;
        KeyType keyType = this.keyType;
        aVar.getClass();
        KeyType.b bVar = keyType.params;
        int i10 = bVar.f33699b / 8;
        if (bArr.length > i10) {
            if (bVar.f33698a != KeyType.Algorithm.EC) {
                throw new IllegalArgumentException("Payload too large for key");
            }
            bArr = Arrays.copyOf(bArr, i10);
        } else if (bArr.length < i10) {
            byte[] bArr2 = new byte[i10];
            System.arraycopy(bArr, 0, bArr2, i10 - bArr.length, bArr.length);
            bArr = bArr2;
        }
        Sg.a.c(com.yubico.yubikit.piv.a.f33705n, "Decrypting data with key in slot {} of type {}", slot, keyType);
        return aVar.q(slot, keyType, bArr, false);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$rawSignOrDecrypt$1(BlockingQueue blockingQueue, final byte[] bArr, final Wg.d dVar) {
        blockingQueue.add(Wg.d.c(new Callable() { // from class: com.yubico.yubikit.piv.jca.s
            @Override // java.util.concurrent.Callable
            public final Object call() {
                byte[] lambda$rawSignOrDecrypt$0;
                lambda$rawSignOrDecrypt$0 = PivPrivateKey.this.lambda$rawSignOrDecrypt$0(dVar, bArr);
                return lambda$rawSignOrDecrypt$0;
            }
        }));
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() {
        char[] cArr = this.pin;
        if (cArr != null) {
            Arrays.fill(cArr, (char) 0);
        }
        this.destroyed = true;
    }

    @Override // java.security.Key
    public String getAlgorithm() {
        return this.keyType.params.f33698a.name();
    }

    @Override // java.security.Key
    @Nullable
    public byte[] getEncoded() {
        return null;
    }

    @Override // java.security.Key
    @Nullable
    public String getFormat() {
        return null;
    }

    @Nullable
    public PinPolicy getPinPolicy() {
        return this.pinPolicy;
    }

    public Slot getSlot() {
        return this.slot;
    }

    @Nullable
    public TouchPolicy getTouchPolicy() {
        return this.touchPolicy;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.destroyed;
    }

    public byte[] rawSignOrDecrypt(Wg.a<Wg.a<Wg.d<com.yubico.yubikit.piv.a, Exception>>> aVar, final byte[] bArr) throws Exception {
        if (this.destroyed) {
            throw new IllegalStateException("PivPrivateKey has been destroyed");
        }
        final ArrayBlockingQueue arrayBlockingQueue = new ArrayBlockingQueue(1);
        aVar.invoke(new Wg.a() { // from class: com.yubico.yubikit.piv.jca.t
            @Override // Wg.a
            public final void invoke(Object obj) {
                PivPrivateKey.this.lambda$rawSignOrDecrypt$1(arrayBlockingQueue, bArr, (Wg.d) obj);
            }
        });
        return (byte[]) ((Wg.d) arrayBlockingQueue.take()).b();
    }

    public void setPin(@Nullable char[] cArr) {
        if (this.destroyed) {
            throw new IllegalStateException("PivPrivateKey has been destroyed");
        }
        char[] cArr2 = this.pin;
        if (cArr2 != null) {
            Arrays.fill(cArr2, (char) 0);
        }
        this.pin = cArr != null ? Arrays.copyOf(cArr, cArr.length) : null;
    }
}
