package es.gob.jmulticard.crypto;

import es.gob.jmulticard.CryptoHelper;
import es.gob.jmulticard.DigestAlgorithm;
import es.gob.jmulticard.apdu.iso7816four.pace.PaceChat;
import es.gob.jmulticard.asn1.icao.CardAccess;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECField;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
import java.util.ArrayList;
import java.util.logging.Logger;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.crypto.BufferedBlockCipher;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.DefaultBufferedBlockCipher;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.MultiBlockCipher;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.digests.SHA384Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.engines.DESEngine;
import org.bouncycastle.crypto.engines.DESedeEngine;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.macs.CMac;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.BlockCipherPadding;
import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.prng.DigestRandomGenerator;
import org.bouncycastle.jcajce.provider.asymmetric.ec.KeyPairGeneratorSpi;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec;
import org.bouncycastle.math.ec.ECCurve;
import org.bouncycastle.math.ec.ECFieldElement;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;

/* loaded from: classes.dex */
public final class BcCryptoHelper extends CryptoHelper {
    private static final Logger LOGGER = Logger.getLogger(BcCryptoHelper.class.getName());
    private CryptoHelper.PaceChannelHelper paceChannelHelper = null;

    /* renamed from: es.gob.jmulticard.crypto.BcCryptoHelper$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$es$gob$jmulticard$CryptoHelper$Padding;
        static final /* synthetic */ int[] $SwitchMap$es$gob$jmulticard$DigestAlgorithm;

        static {
            int[] iArr = new int[CryptoHelper.Padding.values().length];
            $SwitchMap$es$gob$jmulticard$CryptoHelper$Padding = iArr;
            try {
                iArr[CryptoHelper.Padding.NOPADDING.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$es$gob$jmulticard$CryptoHelper$Padding[CryptoHelper.Padding.ISO7816_4PADDING.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[DigestAlgorithm.values().length];
            $SwitchMap$es$gob$jmulticard$DigestAlgorithm = iArr2;
            try {
                iArr2[DigestAlgorithm.SHA512.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$es$gob$jmulticard$DigestAlgorithm[DigestAlgorithm.SHA384.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$es$gob$jmulticard$DigestAlgorithm[DigestAlgorithm.SHA256.ordinal()] = 3;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$es$gob$jmulticard$DigestAlgorithm[DigestAlgorithm.SHA1.ordinal()] = 4;
            } catch (NoSuchFieldError unused6) {
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class CertHolderBySignerIdSelector implements Selector<X509CertificateHolder> {
        private final SignerId signerId;

        public CertHolderBySignerIdSelector(SignerId signerId) {
            if (signerId == null) {
                throw new IllegalArgumentException("El ID del firmante no puede ser nulo");
            }
            this.signerId = signerId;
        }

        @Override // org.bouncycastle.util.Selector
        public Object clone() {
            throw new UnsupportedOperationException();
        }

        @Override // org.bouncycastle.util.Selector
        public boolean match(X509CertificateHolder x509CertificateHolder) {
            return this.signerId.getSerialNumber().equals(x509CertificateHolder.getSerialNumber());
        }
    }

    /* loaded from: classes.dex */
    public static class CustomRsaPublicKey implements RSAPublicKey {
        private static final long serialVersionUID = -1691684007756690866L;
        private final BigInteger exponent;
        private final byte[] keyBytes;
        private final BigInteger modulus;

        public CustomRsaPublicKey(byte[] bArr) throws IOException {
            if (bArr == null) {
                throw new IllegalArgumentException("La codificacion de la clave publica RSA no puede ser nula");
            }
            this.keyBytes = (byte[]) bArr.clone();
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(ASN1Primitive.fromByteArray(((DERBitString) ASN1Sequence.getInstance(ASN1Primitive.fromByteArray(bArr)).getObjectAt(1)).getBytes()));
            byte[] byteArray = ((ASN1Integer) aSN1Sequence.getObjectAt(0)).getValue().toByteArray();
            if (byteArray == null || byteArray.length < 128) {
                throw new IOException("El modulo obtenido es menor de 128 octetos (1024 bits)");
            }
            byte[] byteArray2 = ((ASN1Integer) aSN1Sequence.getObjectAt(1)).getValue().toByteArray();
            if (byteArray2 == null || byteArray2.length < 3) {
                throw new IOException("El exponente obtenido es menor de 3 octetos");
            }
            this.modulus = new BigInteger(1, byteArray);
            this.exponent = new BigInteger(1, byteArray2);
        }

        @Override // java.security.Key
        public String getAlgorithm() {
            return "RSA";
        }

        @Override // java.security.Key
        public byte[] getEncoded() {
            return (byte[]) this.keyBytes.clone();
        }

        @Override // java.security.Key
        public String getFormat() {
            return "X.509";
        }

        @Override // java.security.interfaces.RSAKey
        public BigInteger getModulus() {
            return this.modulus;
        }

        @Override // java.security.interfaces.RSAPublicKey
        public BigInteger getPublicExponent() {
            return this.exponent;
        }
    }

    private static ECPoint add(ECPoint eCPoint, ECPoint eCPoint2, ECParameterSpec eCParameterSpec) {
        return fromBouncyCastleECPoint(toBouncyCastleECPoint(eCPoint, eCParameterSpec).add(toBouncyCastleECPoint(eCPoint2, eCParameterSpec)));
    }

    private static byte[] aesEncryptSingleBlock(byte[] bArr, byte[] bArr2) {
        KeyParameter keyParameter = new KeyParameter(bArr);
        MultiBlockCipher newInstance = AESEngine.newInstance();
        newInstance.init(true, keyParameter);
        byte[] bArr3 = new byte[newInstance.getBlockSize()];
        newInstance.processBlock(bArr2, 0, bArr3, 0);
        return bArr3;
    }

    private static BigInteger computeAffineY(BigInteger bigInteger, ECParameterSpec eCParameterSpec) {
        ECCurve bouncyCastleECCurve = toBouncyCastleECCurve(eCParameterSpec);
        ECFieldElement a10 = bouncyCastleECCurve.getA();
        ECFieldElement b10 = bouncyCastleECCurve.getB();
        ECFieldElement fromBigInteger = bouncyCastleECCurve.fromBigInteger(bigInteger);
        return fromBigInteger.multiply(fromBigInteger).add(a10).multiply(fromBigInteger).add(b10).sqrt().toBigInteger();
    }

    private static byte[] doAes(byte[] bArr, byte[] bArr2, byte[] bArr3, BlockCipherPadding blockCipherPadding, boolean z10) throws IOException, InvalidCipherTextException {
        MultiBlockCipher newInstance = AESEngine.newInstance();
        if (bArr2 == null) {
            bArr2 = null;
        } else if (bArr2.length == 0) {
            LOGGER.warning("Se usara un vector de inicializacion AES vacio");
            bArr2 = new byte[newInstance.getBlockSize()];
        }
        ParametersWithIV parametersWithIV = new ParametersWithIV(new KeyParameter(bArr3), bArr2);
        BufferedBlockCipher paddedBufferedBlockCipher = blockCipherPadding != null ? new PaddedBufferedBlockCipher(CBCBlockCipher.newInstance(AESEngine.newInstance()), blockCipherPadding) : new DefaultBufferedBlockCipher(CBCBlockCipher.newInstance(newInstance));
        paddedBufferedBlockCipher.init(z10, parametersWithIV);
        byte[] bArr4 = new byte[16];
        byte[] bArr5 = new byte[512];
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (true) {
                try {
                    int read = byteArrayInputStream.read(bArr4);
                    if (read < 0) {
                        byteArrayOutputStream.write(bArr5, 0, paddedBufferedBlockCipher.doFinal(bArr5, 0));
                        byteArrayOutputStream.flush();
                        byte[] byteArray = byteArrayOutputStream.toByteArray();
                        byteArrayOutputStream.close();
                        byteArrayInputStream.close();
                        return byteArray;
                    }
                    byteArrayOutputStream.write(bArr5, 0, paddedBufferedBlockCipher.processBytes(bArr4, 0, read, bArr5, 0));
                } finally {
                }
            }
        } catch (Throwable th2) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th3) {
                th2.addSuppressed(th3);
            }
            throw th2;
        }
    }

    private static byte[] doDes(byte[] bArr, byte[] bArr2, boolean z10) throws IOException {
        DefaultBufferedBlockCipher defaultBufferedBlockCipher = new DefaultBufferedBlockCipher(new DESEngine());
        defaultBufferedBlockCipher.init(z10, new KeyParameter(bArr2));
        byte[] bArr3 = new byte[defaultBufferedBlockCipher.getOutputSize(bArr.length)];
        try {
            defaultBufferedBlockCipher.doFinal(bArr3, defaultBufferedBlockCipher.processBytes(bArr, 0, bArr.length, bArr3, 0));
            return bArr3;
        } catch (IllegalStateException | DataLengthException | InvalidCipherTextException e10) {
            throw new IOException("Error el el cifrado / descifrado DES", e10);
        }
    }

    private static byte[] doDesede(byte[] bArr, byte[] bArr2, boolean z10) throws IOException {
        DefaultBufferedBlockCipher defaultBufferedBlockCipher = new DefaultBufferedBlockCipher(CBCBlockCipher.newInstance(new DESedeEngine()));
        defaultBufferedBlockCipher.init(z10, new KeyParameter(prepareDesedeKey(bArr2)));
        byte[] bArr3 = new byte[defaultBufferedBlockCipher.getOutputSize(bArr.length)];
        try {
            defaultBufferedBlockCipher.doFinal(bArr3, defaultBufferedBlockCipher.processBytes(bArr, 0, bArr.length, bArr3, 0));
            return bArr3;
        } catch (IllegalStateException | DataLengthException | InvalidCipherTextException e10) {
            throw new IOException("Error en el cifrado o descifrado 3DES", e10);
        }
    }

    private static byte[] doRsa(byte[] bArr, RSAKey rSAKey, boolean z10) throws IOException {
        boolean z11 = rSAKey instanceof RSAPrivateKey;
        RSAKeyParameters rSAKeyParameters = new RSAKeyParameters(z11, rSAKey.getModulus(), z11 ? ((RSAPrivateKey) rSAKey).getPrivateExponent() : ((RSAPublicKey) rSAKey).getPublicExponent());
        RSAEngine rSAEngine = new RSAEngine();
        rSAEngine.init(z10, rSAKeyParameters);
        try {
            return rSAEngine.processBlock(bArr, 0, bArr.length);
        } catch (InvalidCipherTextException e10) {
            throw new IOException("Error en el cifrado/descifrado RSA", e10);
        }
    }

    private static ECPoint fromBouncyCastleECPoint(org.bouncycastle.math.ec.ECPoint eCPoint) {
        org.bouncycastle.math.ec.ECPoint normalize = eCPoint.normalize();
        if (!normalize.isValid()) {
            LOGGER.warning("Se ha proporcionado un punto invalido");
        }
        return new ECPoint(normalize.getAffineXCoord().toBigInteger(), normalize.getAffineYCoord().toBigInteger());
    }

    private static BigInteger getPrime(ECParameterSpec eCParameterSpec) {
        if (eCParameterSpec == null) {
            throw new IllegalArgumentException("Los parametros no pueden ser nulos");
        }
        ECField field = eCParameterSpec.getCurve().getField();
        if (field instanceof ECFieldFp) {
            return ((ECFieldFp) field).getP();
        }
        throw new IllegalStateException("Solo se soporta 'ECFieldFp' y se proporciono  " + field.getClass().getCanonicalName());
    }

    private static ECParameterSpec mapNonceGmWithEcdh(BigInteger bigInteger, ECPoint eCPoint, ECParameterSpec eCParameterSpec) {
        ECPoint generator = eCParameterSpec.getGenerator();
        EllipticCurve curve = eCParameterSpec.getCurve();
        BigInteger a10 = curve.getA();
        BigInteger b10 = curve.getB();
        BigInteger p9 = ((ECFieldFp) curve.getField()).getP();
        BigInteger order = eCParameterSpec.getOrder();
        int cofactor = eCParameterSpec.getCofactor();
        ECPoint add = add(multiply(bigInteger, generator, eCParameterSpec), eCPoint, eCParameterSpec);
        if (!toBouncyCastleECPoint(add, eCParameterSpec).isValid()) {
            LOGGER.warning("Se ha generado un punto invalido");
        }
        return new ECParameterSpec(new EllipticCurve(new ECFieldFp(p9), a10, b10), add, order, cofactor);
    }

    private static ECPoint multiply(BigInteger bigInteger, ECPoint eCPoint, ECParameterSpec eCParameterSpec) {
        return fromBouncyCastleECPoint(toBouncyCastleECPoint(eCPoint, eCParameterSpec).multiply(bigInteger));
    }

    private static BigInteger os2i(byte[] bArr) {
        if (bArr != null) {
            return os2i(bArr, 0, bArr.length);
        }
        throw new IllegalArgumentException();
    }

    private static BigInteger os2i(byte[] bArr, int i10, int i11) {
        if (bArr == null) {
            throw new IllegalArgumentException("El Octet String no puede ser nulo");
        }
        BigInteger bigInteger = BigInteger.ZERO;
        BigInteger valueOf = BigInteger.valueOf(256L);
        for (int i12 = i10; i12 < i10 + i11; i12++) {
            bigInteger = bigInteger.multiply(valueOf).add(BigInteger.valueOf(bArr[i12] & 255));
        }
        return bigInteger;
    }

    private static byte[] prepareDesedeKey(byte[] bArr) {
        if (bArr == null) {
            throw new IllegalArgumentException("La clave 3DES no puede ser nula");
        }
        if (bArr.length == 24) {
            return bArr;
        }
        if (bArr.length != 16) {
            throw new IllegalArgumentException("Longitud de clave invalida, se esperaba 16 o 24, pero se indico " + bArr.length);
        }
        byte[] bArr2 = new byte[24];
        System.arraycopy(bArr, 0, bArr2, 0, 16);
        System.arraycopy(bArr, 0, bArr2, 16, 8);
        return bArr2;
    }

    private static ECCurve toBouncyCastleECCurve(ECParameterSpec eCParameterSpec) {
        EllipticCurve curve = eCParameterSpec.getCurve();
        ECField field = curve.getField();
        if (!(field instanceof ECFieldFp)) {
            throw new IllegalArgumentException("Solo se soporta 'ECFieldFp' y se proporciono '" + field.getClass().getCanonicalName() + "'");
        }
        int cofactor = eCParameterSpec.getCofactor();
        return new ECCurve.Fp(getPrime(eCParameterSpec), curve.getA(), curve.getB(), eCParameterSpec.getOrder(), BigInteger.valueOf(cofactor));
    }

    private static org.bouncycastle.math.ec.ECPoint toBouncyCastleECPoint(ECPoint eCPoint, ECParameterSpec eCParameterSpec) {
        return toBouncyCastleECCurve(eCParameterSpec).createPoint(eCPoint.getAffineX(), eCPoint.getAffineY());
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] aesDecrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, CryptoHelper.BlockMode blockMode, CryptoHelper.Padding padding) throws IOException {
        ISO7816d4Padding iSO7816d4Padding;
        if (bArr == null) {
            throw new IllegalArgumentException("Los datos a cifrar no pueden ser nulos");
        }
        if (bArr3 == null) {
            throw new IllegalArgumentException("La clave de cifrado no puede ser nula");
        }
        int i10 = AnonymousClass1.$SwitchMap$es$gob$jmulticard$CryptoHelper$Padding[padding.ordinal()];
        if (i10 == 1) {
            iSO7816d4Padding = null;
        } else {
            if (i10 != 2) {
                throw new IOException("Algoritmo de relleno no soportado para AES: " + padding);
            }
            iSO7816d4Padding = new ISO7816d4Padding();
        }
        try {
            return doAes(bArr, bArr2, bArr3, iSO7816d4Padding, false);
        } catch (IllegalStateException | DataLengthException | InvalidCipherTextException e10) {
            throw new IOException("Error en el descifrado AES", e10);
        }
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] aesEncrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, CryptoHelper.BlockMode blockMode, CryptoHelper.Padding padding) throws IOException {
        ISO7816d4Padding iSO7816d4Padding;
        if (bArr == null) {
            throw new IllegalArgumentException("Los datos a cifrar no pueden ser nulos");
        }
        if (bArr3 == null) {
            throw new IllegalArgumentException("La clave de cifrado no puede ser nula");
        }
        if (CryptoHelper.BlockMode.ECB.equals(blockMode) && CryptoHelper.Padding.NOPADDING.equals(padding) && bArr.length == 16) {
            return aesEncryptSingleBlock(bArr3, bArr);
        }
        int i10 = AnonymousClass1.$SwitchMap$es$gob$jmulticard$CryptoHelper$Padding[padding.ordinal()];
        if (i10 == 1) {
            iSO7816d4Padding = null;
        } else {
            if (i10 != 2) {
                throw new IOException("Algoritmo de relleno no soportado para AES: " + padding);
            }
            iSO7816d4Padding = new ISO7816d4Padding();
        }
        try {
            return doAes(bArr, bArr2, bArr3, iSO7816d4Padding, true);
        } catch (IOException | IllegalStateException | DataLengthException | InvalidCipherTextException e10) {
            throw new IOException("Error en el cifrado AES", e10);
        }
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] desDecrypt(byte[] bArr, byte[] bArr2) throws IOException {
        return doDes(bArr, bArr2, false);
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] desEncrypt(byte[] bArr, byte[] bArr2) throws IOException {
        return doDes(bArr, bArr2, true);
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] desedeDecrypt(byte[] bArr, byte[] bArr2) throws IOException {
        return doDesede(bArr, bArr2, false);
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] desedeEncrypt(byte[] bArr, byte[] bArr2) throws IOException {
        return doDesede(bArr, bArr2, true);
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] digest(DigestAlgorithm digestAlgorithm, byte[] bArr) throws IOException {
        if (digestAlgorithm == null) {
            throw new IllegalArgumentException("El algoritmo de huella digital no puede ser nulo");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("Los datos para realizar la huella digital no pueden ser nulos");
        }
        int i10 = AnonymousClass1.$SwitchMap$es$gob$jmulticard$DigestAlgorithm[digestAlgorithm.ordinal()];
        if (i10 == 1) {
            SHA512Digest sHA512Digest = new SHA512Digest();
            sHA512Digest.update(bArr, 0, bArr.length);
            byte[] bArr2 = new byte[sHA512Digest.getDigestSize()];
            sHA512Digest.doFinal(bArr2, 0);
            return bArr2;
        }
        if (i10 == 2) {
            SHA384Digest sHA384Digest = new SHA384Digest();
            sHA384Digest.update(bArr, 0, bArr.length);
            byte[] bArr3 = new byte[sHA384Digest.getDigestSize()];
            sHA384Digest.doFinal(bArr3, 0);
            return bArr3;
        }
        if (i10 == 3) {
            SHA256Digest sHA256Digest = new SHA256Digest();
            sHA256Digest.update(bArr, 0, bArr.length);
            byte[] bArr4 = new byte[sHA256Digest.getDigestSize()];
            sHA256Digest.doFinal(bArr4, 0);
            return bArr4;
        }
        if (i10 != 4) {
            throw new IOException("No se soporta el algoritmo de huella digital indicado: " + digestAlgorithm);
        }
        SHA1Digest sHA1Digest = new SHA1Digest();
        sHA1Digest.update(bArr, 0, bArr.length);
        byte[] bArr5 = new byte[sHA1Digest.getDigestSize()];
        sHA1Digest.doFinal(bArr5, 0);
        return bArr5;
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] doAesCmac(byte[] bArr, byte[] bArr2) {
        CMac cMac = new CMac(AESEngine.newInstance(), 64);
        cMac.init(new KeyParameter(bArr2));
        cMac.update(bArr, 0, bArr.length);
        byte[] bArr3 = new byte[cMac.getMacSize()];
        cMac.doFinal(bArr3, 0);
        return bArr3;
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public KeyPair generateEcKeyPair(CryptoHelper.EcCurve ecCurve) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyPairGeneratorSpi.ECDH ecdh = new KeyPairGeneratorSpi.ECDH();
        ecdh.initialize(new ECNamedCurveGenParameterSpec(ecCurve.toString()));
        return ecdh.generateKeyPair();
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] generateRandomBytes(int i10) {
        byte[] bArr = new byte[i10];
        new DigestRandomGenerator(new SHA1Digest()).nextBytes(bArr);
        return bArr;
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] getCmsSignatureSignedContent(byte[] bArr) throws IOException {
        try {
            return (byte[]) new CMSSignedData(bArr).getSignedContent().getContent();
        } catch (CMSException e10) {
            throw new IOException("Los datos no son un SignedData de PKCS#7/CMS", e10);
        }
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public AlgorithmParameterSpec getEcPoint(byte[] bArr, byte[] bArr2, CryptoHelper.EcCurve ecCurve) {
        Object parameterSpec = ECNamedCurveTable.getParameterSpec(ecCurve.toString());
        BigInteger os2i = os2i(bArr2);
        ECParameterSpec eCParameterSpec = (ECParameterSpec) parameterSpec;
        return mapNonceGmWithEcdh(os2i(bArr), new ECPoint(os2i, computeAffineY(os2i, eCParameterSpec)), eCParameterSpec);
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public CryptoHelper.PaceChannelHelper getPaceChannelHelper(CardAccess cardAccess, PaceChat paceChat) {
        if (this.paceChannelHelper == null) {
            this.paceChannelHelper = new BcPaceChannelHelper(this, cardAccess, paceChat);
        }
        return this.paceChannelHelper;
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public RSAPublicKey getRsaPublicKey(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("El certificado del cual extraer la clave publica no puede ser nulo");
        }
        try {
            return new CustomRsaPublicKey(x509Certificate.getPublicKey().getEncoded());
        } catch (IOException e10) {
            throw new IllegalArgumentException("No se ha podido crear la clave publica a partir del certificado", e10);
        }
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] rsaDecrypt(byte[] bArr, RSAKey rSAKey) throws IOException {
        return doRsa(bArr, rSAKey, false);
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public byte[] rsaEncrypt(byte[] bArr, RSAKey rSAKey) throws IOException {
        return doRsa(bArr, rSAKey, true);
    }

    @Override // es.gob.jmulticard.CryptoHelper
    public X509Certificate[] validateCmsSignature(byte[] bArr) throws SignatureException, IOException, CertificateException {
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(bArr);
            Store<X509CertificateHolder> certificates = cMSSignedData.getCertificates();
            ArrayList arrayList = new ArrayList();
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                try {
                    X509Certificate generateCertificate = CryptoHelper.generateCertificate(certificates.getMatches(new CertHolderBySignerIdSelector(signerInformation.getSID())).iterator().next().getEncoded());
                    try {
                        generateCertificate.checkValidity();
                        try {
                            if (!signerInformation.verify(new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), new JcaContentVerifierProviderBuilder().setProvider(new BouncyCastleProvider()).build(generateCertificate), new BcDigestCalculatorProvider()))) {
                                throw new SignatureException("Firma del SOD no valida");
                            }
                            arrayList.add(generateCertificate);
                        } catch (CMSException | OperatorCreationException e10) {
                            throw new SignatureException("No se ha podido comprobar la firma del SOD", e10);
                        }
                    } catch (CertificateExpiredException | CertificateNotYetValidException e11) {
                        throw new CertificateException("El SignedData contiene un certificado fuera de su periodo temporal de validez", e11);
                    }
                } catch (IOException e12) {
                    throw new CertificateException("El SignedData contiene un certificado en formato incorrecto", e12);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (CMSException e13) {
            throw new IOException("Los datos no son un SignedData de PKCS#7/CMS", e13);
        }
    }
}
