package com.zettle.sdk.feature.cardreader.readers.vendors.datecs;

import com.epson.eposdevice.keyboard.Keyboard;
import com.zettle.sdk.commons.util.Log;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Arrays;
import java.util.List;
import javax.crypto.KeyAgreement;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.engines.AESEngine;
import org.spongycastle.crypto.generators.HKDFBytesGenerator;
import org.spongycastle.crypto.macs.CMac;
import org.spongycastle.crypto.params.HKDFParameters;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.jce.ECNamedCurveTable;
import org.spongycastle.jce.interfaces.ECPublicKey;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.jce.spec.ECNamedCurveParameterSpec;
import org.spongycastle.jce.spec.ECPublicKeySpec;
import org.spongycastle.math.ec.ECPoint;

/* loaded from: classes4.dex */
public final class DatecsSecretGeneratorImpl implements DatecsSecretGenerator {
    private final Lazy aesKey;
    private final Lazy keyPair;
    private final Lazy ourNonce;
    private byte[] remoteConfirmValue;
    private byte[] remoteNonce;
    private byte[] remotePublicKey;
    private byte[] secret;

    public DatecsSecretGeneratorImpl() {
        Lazy lazy;
        Lazy lazy2;
        Lazy lazy3;
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        lazy = LazyKt__LazyJVMKt.lazy(new Function0<KeyPair>() { // from class: com.zettle.sdk.feature.cardreader.readers.vendors.datecs.DatecsSecretGeneratorImpl$keyPair$1
            @Override // kotlin.jvm.functions.Function0
            public final KeyPair invoke() {
                try {
                    ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("prime256v1");
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
                    keyPairGenerator.initialize(parameterSpec);
                    return keyPairGenerator.generateKeyPair();
                } catch (ClassCastException unused) {
                    throw new AssertionError("Unexpected public key type");
                }
            }
        });
        this.keyPair = lazy;
        lazy2 = LazyKt__LazyJVMKt.lazy(new Function0<byte[]>() { // from class: com.zettle.sdk.feature.cardreader.readers.vendors.datecs.DatecsSecretGeneratorImpl$ourNonce$1
            @Override // kotlin.jvm.functions.Function0
            @NotNull
            public final byte[] invoke() {
                byte[] bArr = new byte[16];
                new SecureRandom().nextBytes(bArr);
                return bArr;
            }
        });
        this.ourNonce = lazy2;
        lazy3 = LazyKt__LazyJVMKt.lazy(new Function0<byte[]>() { // from class: com.zettle.sdk.feature.cardreader.readers.vendors.datecs.DatecsSecretGeneratorImpl$aesKey$1
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            @NotNull
            public final byte[] invoke() {
                byte[] bArr;
                bArr = DatecsSecretGeneratorImpl.this.secret;
                if (bArr == null) {
                    throw new IllegalStateException("Secret must be generated first");
                }
                HKDFBytesGenerator hKDFBytesGenerator = new HKDFBytesGenerator(new SHA256Digest());
                hKDFBytesGenerator.init(new HKDFParameters(bArr, new byte[0], new byte[]{Keyboard.VK_E, Keyboard.VK_N, Keyboard.VK_C}));
                byte[] bArr2 = new byte[32];
                hKDFBytesGenerator.generateBytes(bArr2, 0, 32);
                return bArr2;
            }
        });
        this.aesKey = lazy3;
    }

    private final byte[] createSharedSecret(byte[] bArr) {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("prime256v1");
        ECPublicKeySpec eCPublicKeySpec = new ECPublicKeySpec(parameterSpec.getCurve().decodePoint(bArr), parameterSpec);
        KeyFactory keyFactory = KeyFactory.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
        keyAgreement.init(((KeyPair) this.keyPair.getValue()).getPrivate());
        keyAgreement.doPhase(keyFactory.generatePublic(eCPublicKeySpec), true);
        return keyAgreement.generateSecret();
    }

    private final byte[] f4(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        CMac cMac = new CMac(new AESEngine());
        cMac.init(new KeyParameter(bArr3));
        cMac.update(bArr, 0, bArr.length);
        cMac.update(bArr2, 0, bArr2.length);
        cMac.update((byte) 0);
        byte[] bArr4 = new byte[16];
        cMac.doFinal(bArr4, 0);
        return bArr4;
    }

    private final long g2(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        CMac cMac = new CMac(new AESEngine());
        cMac.init(new KeyParameter(bArr3));
        cMac.update(bArr, 0, bArr.length);
        cMac.update(bArr2, 0, bArr2.length);
        cMac.update(bArr4, 0, bArr4.length);
        cMac.doFinal(new byte[16], 0);
        return (r6[15] & 255) | ((r6[12] & 255) << 24) | ((r6[13] & 255) << 16) | ((r6[14] & 255) << 8);
    }

    @Override // com.zettle.sdk.feature.cardreader.readers.vendors.datecs.DatecsSecretGenerator
    public int confirmCode() {
        PublicKey publicKey = ((KeyPair) this.keyPair.getValue()).getPublic();
        Intrinsics.checkNotNull(publicKey, "null cannot be cast to non-null type org.spongycastle.jce.interfaces.ECPublicKey");
        byte[] encoded = ((ECPublicKey) publicKey).getQ().getRawXCoord().getEncoded();
        byte[] bArr = this.remotePublicKey;
        if (bArr == null) {
            throw new IllegalStateException("Remote public key value must be specified first");
        }
        byte[] bArr2 = this.remoteNonce;
        if (bArr2 != null) {
            return (int) (g2(encoded, bArr, (byte[]) this.ourNonce.getValue(), bArr2) % 1000000);
        }
        throw new IllegalStateException("Remote nonce value must be specified first");
    }

    @Override // com.zettle.sdk.feature.cardreader.readers.vendors.datecs.DatecsSecretGenerator
    public byte[] confirmValue() {
        PublicKey publicKey = ((KeyPair) this.keyPair.getValue()).getPublic();
        Intrinsics.checkNotNull(publicKey, "null cannot be cast to non-null type org.spongycastle.jce.interfaces.ECPublicKey");
        byte[] encoded = ((ECPublicKey) publicKey).getQ().getRawXCoord().getEncoded();
        byte[] bArr = this.remotePublicKey;
        if (bArr != null) {
            return f4(encoded, bArr, (byte[]) this.ourNonce.getValue());
        }
        throw new IllegalStateException("Remote public key value must be specified first");
    }

    @Override // com.zettle.sdk.feature.cardreader.readers.vendors.datecs.DatecsSecretGenerator
    public byte[] getNonce() {
        if (this.remotePublicKey != null) {
            return (byte[]) this.ourNonce.getValue();
        }
        throw new IllegalStateException("Pair public key value must be specified first");
    }

    @Override // com.zettle.sdk.feature.cardreader.readers.vendors.datecs.DatecsSecretGenerator
    public byte[] getPublicKey() {
        byte last;
        PublicKey publicKey = ((KeyPair) this.keyPair.getValue()).getPublic();
        Intrinsics.checkNotNull(publicKey, "null cannot be cast to non-null type org.spongycastle.jce.interfaces.ECPublicKey");
        ECPoint q = ((ECPublicKey) publicKey).getQ();
        byte[] bArr = new byte[33];
        last = ArraysKt___ArraysKt.last(q.getAffineYCoord().getEncoded());
        byte b = last % 2 != 0 ? (byte) 3 : (byte) 2;
        bArr[0] = b;
        int i = 0;
        for (byte b2 : q.getAffineXCoord().getEncoded()) {
            i++;
            bArr[i] = b2;
        }
        return bArr;
    }

    public final byte[] kcv(byte[] bArr) {
        byte[] bArr2;
        List take;
        byte[] byteArray;
        if (bArr.length != 32) {
            throw new IllegalArgumentException("Invalid key size. Must be 256 bits");
        }
        byte[] bArr3 = new byte[16];
        AESEngine aESEngine = new AESEngine();
        aESEngine.init(true, new KeyParameter(bArr));
        bArr2 = Reader_v2_secret_generatorKt.KCV_INPUT;
        aESEngine.processBlock(bArr2, 0, bArr3, 0);
        take = ArraysKt___ArraysKt.take(bArr3, 3);
        byteArray = CollectionsKt___CollectionsKt.toByteArray(take);
        return byteArray;
    }

    @Override // com.zettle.sdk.feature.cardreader.readers.vendors.datecs.DatecsSecretGenerator
    public void remoteConfirmValue(byte[] bArr) {
        this.remoteConfirmValue = bArr;
    }

    @Override // com.zettle.sdk.feature.cardreader.readers.vendors.datecs.DatecsSecretGenerator
    public boolean remotePublicKey(byte[] bArr) {
        List drop;
        byte[] byteArray;
        try {
            this.secret = createSharedSecret(bArr);
            drop = ArraysKt___ArraysKt.drop(bArr, 1);
            byteArray = CollectionsKt___CollectionsKt.toByteArray(drop);
            this.remotePublicKey = byteArray;
            return true;
        } catch (IllegalArgumentException e) {
            DatecsReaderV2Kt.getDatecsReaderV2(Log.Companion).e("Invalid public key from the unit", e);
            return false;
        }
    }

    @Override // com.zettle.sdk.feature.cardreader.readers.vendors.datecs.DatecsSecretGenerator
    public byte[] secret() {
        return (byte[]) this.aesKey.getValue();
    }

    @Override // com.zettle.sdk.feature.cardreader.readers.vendors.datecs.DatecsSecretGenerator
    public byte[] secretKCV() {
        return kcv((byte[]) this.aesKey.getValue());
    }

    @Override // com.zettle.sdk.feature.cardreader.readers.vendors.datecs.DatecsSecretGenerator
    public boolean validate(byte[] bArr) {
        byte[] bArr2 = this.remotePublicKey;
        if (bArr2 == null) {
            throw new IllegalStateException("Remote public key value must be specified first");
        }
        PublicKey publicKey = ((KeyPair) this.keyPair.getValue()).getPublic();
        Intrinsics.checkNotNull(publicKey, "null cannot be cast to non-null type org.spongycastle.jce.interfaces.ECPublicKey");
        byte[] f4 = f4(bArr2, ((ECPublicKey) publicKey).getQ().getRawXCoord().getEncoded(), bArr);
        byte[] bArr3 = this.remoteConfirmValue;
        if (bArr3 == null || !Arrays.equals(bArr3, f4)) {
            return false;
        }
        this.remoteNonce = bArr;
        return true;
    }
}
