package com.assaabloy.seos.access.crypto;

import com.assaabloy.seos.access.domain.KeyNumber;
import com.assaabloy.seos.access.domain.Oid;
import com.assaabloy.seos.access.domain.SelectionResult;
import com.assaabloy.seos.access.internal.util.DataValidator;
import com.assaabloy.seos.access.internal.util.FluentOutputStream;
import com.assaabloy.seos.access.util.SeosConstants;
import java.util.Arrays;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.util.Strings;

/* loaded from: classes6.dex */
public final class SeosPinKeyDeriver {
    private static final int ITERATION_COUNT = 4096;
    private static final byte SEPARATOR = 0;
    private final EncryptionAlgorithm encryptionAlgorithm;
    private final HashAlgorithm hashAlgorithm;
    private final KeyNumber keyNumber;
    private final byte[] oid;

    public SeosPinKeyDeriver(KeyNumber keyNumber, Oid oid, EncryptionAlgorithm encryptionAlgorithm, HashAlgorithm hashAlgorithm) {
        DataValidator.notNull(keyNumber, "keyNumber");
        DataValidator.notNull(oid, "oid");
        DataValidator.notNull(encryptionAlgorithm, "encryptionAlgorithm");
        DataValidator.notNull(hashAlgorithm, "hashAlgorithm");
        this.keyNumber = keyNumber;
        this.oid = oid.seosData();
        this.encryptionAlgorithm = encryptionAlgorithm;
        this.hashAlgorithm = hashAlgorithm;
    }

    public SeosPinKeyDeriver(KeyNumber keyNumber, SelectionResult selectionResult) {
        DataValidator.notNull(keyNumber, "keyNumber");
        DataValidator.notNull(selectionResult, "selectionResult");
        this.keyNumber = keyNumber;
        this.oid = selectionResult.selectedAdf().seosData();
        this.encryptionAlgorithm = selectionResult.encryptionAlgorithm();
        this.hashAlgorithm = selectionResult.hashAlgorithm();
    }

    public KeyDerivationResult deriveFromPin(byte[] bArr) {
        DataValidator.notNull(bArr, "selectionResult");
        byte[] byteArray = new FluentOutputStream().write(SeosConstants.getSeosRootOid()).write((byte) 0).write(this.encryptionAlgorithm.algorithmId()).write(this.hashAlgorithm.algorithmId()).write(this.keyNumber.keyReference(false)).write(this.oid).toByteArray();
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator();
        pKCS5S2ParametersGenerator.init(bArr, byteArray, 4096);
        int keySize = this.encryptionAlgorithm.keySize();
        byte[] key = ((KeyParameter) pKCS5S2ParametersGenerator.generateDerivedMacParameters(keySize * 16)).getKey();
        return new KeyDerivationResult(new SymmetricKeyBc(this.encryptionAlgorithm, Arrays.copyOf(key, keySize)), new SymmetricKeyBc(this.encryptionAlgorithm, Arrays.copyOfRange(key, keySize, keySize * 2)));
    }

    public KeyDerivationResult deriveFromPin(char[] cArr) {
        return deriveFromPin(Strings.toUTF8ByteArray(cArr));
    }
}
