package com.google.android.libraries.access.security;

import com.google.android.libraries.access.common.logwrapper.Logger;
import com.google.android.libraries.access.security.tss.TpmAsymCaContents;
import com.google.android.libraries.access.security.tss.TpmPubkey;
import com.google.android.libraries.access.security.tss.TpmSymCaAttestation;
import defpackage.ym;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;

/* compiled from: PG */
/* loaded from: classes.dex */
public class EncryptedIdentityCredentialBuilder {
    public static final String ASYM_CIPHER_TRANSFORMATION = "RSA/ECB/OAEPWithSHA1AndMGF1Padding";
    public static final String OAEP_MD = "SHA-1";
    public static final String OAEP_MGF = "MGF1";
    public static final AlgorithmParameterSpec OAEP_MGF_SPEC = MGF1ParameterSpec.SHA1;
    public static final byte[] OAEP_P = {84, 67, 80, 65};
    public static final int SESSION_KEY_SIZE = 256;
    public static final int SYM_ALGORITHM_ID = 9;
    public static final String SYM_CIPHER_ALGORITHM = "AES";
    public static final String SYM_CIPHER_TRANSFORMATION = "AES/CBC/PKCS5Padding";
    public static final short SYM_ENC_SCHEME = 255;
    public final AlgorithmParameterSpec asymCipherParams = new OAEPParameterSpec("SHA-1", OAEP_MGF, OAEP_MGF_SPEC, new PSource.PSpecified(OAEP_P));

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] concat(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    private Cipher createAsymCipher(RSAPublicKey rSAPublicKey) {
        try {
            Cipher cipher = Cipher.getInstance(ASYM_CIPHER_TRANSFORMATION);
            cipher.init(1, rSAPublicKey, this.asymCipherParams);
            return cipher;
        } catch (GeneralSecurityException e) {
            throw new EncryptedIdentityCredentialBuilderException("Cannot create asymmetric cipher", e);
        }
    }

    private SecretKey createSessionKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            return keyGenerator.generateKey();
        } catch (GeneralSecurityException e) {
            throw new EncryptedIdentityCredentialBuilderException("Cannot create session key", e);
        }
    }

    private Cipher createSymCipher(SecretKey secretKey) {
        try {
            Cipher cipher = Cipher.getInstance(SYM_CIPHER_TRANSFORMATION);
            cipher.init(1, secretKey);
            return cipher;
        } catch (GeneralSecurityException e) {
            throw new EncryptedIdentityCredentialBuilderException("Cannot create symmetric cipher", e);
        }
    }

    private byte[] encryptTpmAsymCaContents(Cipher cipher, TpmAsymCaContents tpmAsymCaContents) {
        try {
            return cipher.doFinal(tpmAsymCaContents.toByteArray());
        } catch (IOException e) {
            throw new EncryptedIdentityCredentialBuilderException("cannot convert TpmAsymCaContents to a byte array", e);
        } catch (GeneralSecurityException e2) {
            throw new EncryptedIdentityCredentialBuilderException("Cannot encrypt TpmAsymCaContents", e2);
        }
    }

    public ym build(RSAPublicKey rSAPublicKey, byte[] bArr, TpmPubkey tpmPubkey) {
        TpmSymCaAttestation tpmSymCaAttestation = new TpmSymCaAttestation();
        tpmSymCaAttestation.getAlgorithm().setAlgorithmId(0).setEncScheme((short) 0).setSigScheme((short) 0).setParms(new byte[0]);
        SecretKey createSessionKey = createSessionKey();
        Cipher createSymCipher = createSymCipher(createSessionKey);
        try {
            tpmSymCaAttestation.setCredential(concat(createSymCipher.getIV(), createSymCipher.doFinal(bArr)));
            TpmAsymCaContents tpmAsymCaContents = new TpmAsymCaContents();
            tpmAsymCaContents.getSessionKey().setAlgId(9).setEncScheme((short) 255).setData(createSessionKey.getEncoded());
            try {
                tpmAsymCaContents.getIdDigest().setDigest(MessageDigest.getInstance("SHA-1").digest(tpmPubkey.toByteArray()));
            } catch (NoSuchAlgorithmException e) {
                Logger.w("NoSuchAlgorithmException", e);
            }
            Cipher createAsymCipher = createAsymCipher(rSAPublicKey);
            ym ymVar = new ym();
            ymVar.a = encryptTpmAsymCaContents(createAsymCipher, tpmAsymCaContents);
            ymVar.b = tpmSymCaAttestation.toByteArray();
            return ymVar;
        } catch (IOException e2) {
            throw new EncryptedIdentityCredentialBuilderException("Cannot build TpmAsymCaContents", e2);
        } catch (GeneralSecurityException e3) {
            throw new EncryptedIdentityCredentialBuilderException("cannot encrypt identity credential", e3);
        }
    }
}
