package com.izettle.payments.android.readers.vendors.datecs;

import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import javax.crypto.KeyAgreement;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.jvm.functions.Function0;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.engines.AESEngine;
import org.spongycastle.crypto.generators.HKDFBytesGenerator;
import org.spongycastle.crypto.macs.CMac;
import org.spongycastle.crypto.params.HKDFParameters;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.jce.ECNamedCurveTable;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.jce.spec.ECNamedCurveParameterSpec;
import org.spongycastle.jce.spec.ECPublicKeySpec;
import y5.r;

/* loaded from: classes2.dex */
public final class DatecsSecretGeneratorImpl implements r {

    /* renamed from: a, reason: collision with root package name */
    @Nullable
    public byte[] f5625a;

    /* renamed from: b, reason: collision with root package name */
    @Nullable
    public byte[] f5626b;

    /* renamed from: c, reason: collision with root package name */
    @Nullable
    public byte[] f5627c;

    /* renamed from: d, reason: collision with root package name */
    @Nullable
    public byte[] f5628d;

    /* renamed from: e, reason: collision with root package name */
    @NotNull
    public final Lazy<KeyPair> f5629e;

    /* renamed from: f, reason: collision with root package name */
    @NotNull
    public final Lazy<byte[]> f5630f;

    /* renamed from: g, reason: collision with root package name */
    @NotNull
    public final Lazy<byte[]> f5631g;

    public DatecsSecretGeneratorImpl() {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        this.f5629e = LazyKt.lazy(new Function0<KeyPair>() { // from class: com.izettle.payments.android.readers.vendors.datecs.DatecsSecretGeneratorImpl$keyPair$1
            @Override // kotlin.jvm.functions.Function0
            public final KeyPair invoke() {
                try {
                    ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("prime256v1");
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
                    keyPairGenerator.initialize(parameterSpec);
                    return keyPairGenerator.generateKeyPair();
                } catch (ClassCastException unused) {
                    throw new AssertionError("Unexpected public key type");
                }
            }
        });
        this.f5630f = LazyKt.lazy(new Function0<byte[]>() { // from class: com.izettle.payments.android.readers.vendors.datecs.DatecsSecretGeneratorImpl$ourNonce$1
            @Override // kotlin.jvm.functions.Function0
            @NotNull
            public final byte[] invoke() {
                byte[] bArr = new byte[16];
                new SecureRandom().nextBytes(bArr);
                return bArr;
            }
        });
        this.f5631g = LazyKt.lazy(new Function0<byte[]>() { // from class: com.izettle.payments.android.readers.vendors.datecs.DatecsSecretGeneratorImpl$aesKey$1
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            @NotNull
            public final byte[] invoke() {
                byte[] bArr = DatecsSecretGeneratorImpl.this.f5628d;
                if (bArr == null) {
                    throw new IllegalStateException("Secret must be generated first");
                }
                HKDFBytesGenerator hKDFBytesGenerator = new HKDFBytesGenerator(new SHA256Digest());
                hKDFBytesGenerator.init(new HKDFParameters(bArr, new byte[0], new byte[]{69, 78, 67}));
                byte[] bArr2 = new byte[32];
                hKDFBytesGenerator.generateBytes(bArr2, 0, 32);
                return bArr2;
            }
        });
    }

    public static byte[] b(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        CMac cMac = new CMac(new AESEngine());
        cMac.init(new KeyParameter(bArr3));
        cMac.update(bArr, 0, bArr.length);
        cMac.update(bArr2, 0, bArr2.length);
        cMac.update((byte) 0);
        byte[] bArr4 = new byte[16];
        cMac.doFinal(bArr4, 0);
        return bArr4;
    }

    public final byte[] a(byte[] bArr) {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("prime256v1");
        ECPublicKeySpec eCPublicKeySpec = new ECPublicKeySpec(parameterSpec.getCurve().decodePoint(bArr), parameterSpec);
        KeyFactory keyFactory = KeyFactory.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
        keyAgreement.init(this.f5629e.getValue().getPrivate());
        keyAgreement.doPhase(keyFactory.generatePublic(eCPublicKeySpec), true);
        return keyAgreement.generateSecret();
    }
}
