package io.getlime.security.powerauth.crypto.lib.util;

import io.getlime.security.powerauth.crypto.lib.config.PowerAuthConfiguration;
import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException;
import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/getlime/security/powerauth/crypto/lib/util/KeyConvertor.class */
public class KeyConvertor {
    private static final Logger logger = LoggerFactory.getLogger(KeyConvertor.class);
    private final PublicKeyValidator publicKeyValidator = new PublicKeyValidator();

    public byte[] convertPublicKeyToBytes(PublicKey publicKey) throws CryptoProviderException {
        ECPoint w = ((ECPublicKey) publicKey).getW();
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("secp256r1");
        if (parameterSpec == null) {
            throw new CryptoProviderException("Crypto provider does not support the secp256r1 curve");
        }
        return parameterSpec.getCurve().createPoint(w.getAffineX(), w.getAffineY()).getEncoded(false);
    }

    public PublicKey convertBytesToPublicKey(byte[] bArr) throws InvalidKeySpecException, CryptoProviderException, GenericCryptoException {
        try {
            ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("secp256r1");
            if (parameterSpec == null) {
                throw new CryptoProviderException("Crypto provider does not support the secp256r1 curve");
            }
            org.bouncycastle.math.ec.ECPoint decodePoint = parameterSpec.getCurve().decodePoint(bArr);
            this.publicKeyValidator.validate(parameterSpec.getCurve(), decodePoint);
            BigInteger bigInteger = decodePoint.getAffineXCoord().toBigInteger();
            BigInteger bigInteger2 = decodePoint.getAffineYCoord().toBigInteger();
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC", PowerAuthConfiguration.CRYPTO_PROVIDER_NAME);
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC", PowerAuthConfiguration.CRYPTO_PROVIDER_NAME).generatePublic(new ECPublicKeySpec(new ECPoint(bigInteger, bigInteger2), (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        } catch (IllegalArgumentException e) {
            logger.warn(e.getMessage(), e);
            throw new GenericCryptoException(e.getMessage(), e);
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidParameterSpecException e2) {
            logger.warn(e2.getMessage(), e2);
            throw new CryptoProviderException(e2.getMessage(), e2);
        }
    }

    public byte[] convertPrivateKeyToBytes(PrivateKey privateKey) {
        return ((ECPrivateKey) privateKey).getS().toByteArray();
    }

    public PrivateKey convertBytesToPrivateKey(byte[] bArr) throws InvalidKeySpecException, CryptoProviderException {
        try {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC", PowerAuthConfiguration.CRYPTO_PROVIDER_NAME);
            algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
            return KeyFactory.getInstance("EC", PowerAuthConfiguration.CRYPTO_PROVIDER_NAME).generatePrivate(new ECPrivateKeySpec(new BigInteger(bArr), (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidParameterSpecException e) {
            logger.warn(e.getMessage(), e);
            throw new CryptoProviderException(e.getMessage(), e);
        }
    }

    public byte[] convertSharedSecretKeyToBytes(SecretKey secretKey) {
        return secretKey.getEncoded();
    }

    public SecretKey convertBytesToSharedSecretKey(byte[] bArr) {
        return new SecretKeySpec(bArr, "AES");
    }
}
