package com.android.identity.crypto;

import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Date;
import java.util.List;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.datetime.Instant;
import kotlinx.io.bytestring.ByteString;
import kotlinx.io.bytestring.ByteStringBuilder;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.cms.CMSAttributeTableGenerator;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.agreement.X25519Agreement;
import org.bouncycastle.crypto.agreement.X448Agreement;
import org.bouncycastle.crypto.generators.Ed25519KeyPairGenerator;
import org.bouncycastle.crypto.generators.Ed448KeyPairGenerator;
import org.bouncycastle.crypto.generators.X25519KeyPairGenerator;
import org.bouncycastle.crypto.generators.X448KeyPairGenerator;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.Ed25519KeyGenerationParameters;
import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
import org.bouncycastle.crypto.params.Ed448KeyGenerationParameters;
import org.bouncycastle.crypto.params.Ed448PrivateKeyParameters;
import org.bouncycastle.crypto.params.Ed448PublicKeyParameters;
import org.bouncycastle.crypto.params.X25519KeyGenerationParameters;
import org.bouncycastle.crypto.params.X25519PrivateKeyParameters;
import org.bouncycastle.crypto.params.X25519PublicKeyParameters;
import org.bouncycastle.crypto.params.X448KeyGenerationParameters;
import org.bouncycastle.crypto.params.X448PrivateKeyParameters;
import org.bouncycastle.crypto.params.X448PublicKeyParameters;
import org.bouncycastle.crypto.signers.Ed25519Signer;
import org.bouncycastle.crypto.signers.Ed448Signer;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.spec.EdDSAParameterSpec;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import org.bouncycastle.util.BigIntegers;

/* compiled from: Crypto.kt */
@Metadata(d1 = {"\u0000h\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\"\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\f\n\u0002\u0010\b\n\u0002\b\u0005\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J(\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\bH\u0007J\u0010\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000fH\u0007Jn\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0012\u001a\u00020\r2\b\u0010\u0013\u001a\u0004\u0018\u00010\u00112\u0006\u0010\u0014\u001a\u00020\n2\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u00162\u0006\u0010\u0018\u001a\u00020\u00162\u0006\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u001a2\f\u0010\u001c\u001a\b\u0012\u0004\u0012\u00020\u001e0\u001d2\f\u0010\u001f\u001a\b\u0012\u0004\u0012\u00020!0 H\u0007J(\u0010\"\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010#\u001a\u00020\b2\u0006\u0010$\u001a\u00020\b2\u0006\u0010%\u001a\u00020\bH\u0007J\u0018\u0010&\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u0007\u001a\u00020\bH\u0007J(\u0010'\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010#\u001a\u00020\b2\u0006\u0010$\u001a\u00020\b2\u0006\u0010(\u001a\u00020\bH\u0007J4\u0010)\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010*\u001a\u00020\b2\b\u0010+\u001a\u0004\u0018\u00010\b2\b\u0010,\u001a\u0004\u0018\u00010\b2\u0006\u0010-\u001a\u00020.H\u0007J\u0018\u0010/\u001a\u00020\b2\u0006\u0010#\u001a\u00020\r2\u0006\u00100\u001a\u00020\u0006H\u0007J \u00101\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010#\u001a\u00020\b2\u0006\u0010\u0007\u001a\u00020\bH\u0007J \u00102\u001a\u00020\b2\u0006\u0010#\u001a\u00020\r2\u0006\u0010\u0014\u001a\u00020\n2\u0006\u0010\u0007\u001a\u00020\bH\u0007¨\u00063"}, d2 = {"Lcom/android/identity/crypto/Crypto;", "", "()V", "checkSignature", "", "publicKey", "Lcom/android/identity/crypto/EcPublicKey;", "message", "", "algorithm", "Lcom/android/identity/crypto/Algorithm;", "signature", "createEcPrivateKey", "Lcom/android/identity/crypto/EcPrivateKey;", "curve", "Lcom/android/identity/crypto/EcCurve;", "createX509v3Certificate", "Lcom/android/identity/crypto/Certificate;", "signingKey", "signingKeyCertificate", "signatureAlgorithm", "serial", "", "subject", "issuer", "validFrom", "Lkotlinx/datetime/Instant;", "validUntil", "options", "", "Lcom/android/identity/crypto/CreateCertificateOption;", "additionalExtensions", "", "Lcom/android/identity/crypto/X509v3Extension;", "decrypt", "key", "nonce", "messageCiphertext", CMSAttributeTableGenerator.DIGEST, "encrypt", "messagePlaintext", "hkdf", "ikm", "salt", "info", "size", "", "keyAgreement", "otherKey", "mac", "sign", "identity"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes5.dex */
public final class Crypto {
    public static final Crypto INSTANCE = new Crypto();

    /* compiled from: Crypto.kt */
    @Metadata(k = 3, mv = {1, 8, 0}, xi = 48)
    /* loaded from: classes5.dex */
    public /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0;
        public static final /* synthetic */ int[] $EnumSwitchMapping$1;

        static {
            int[] iArr = new int[Algorithm.values().length];
            try {
                iArr[Algorithm.SHA256.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                iArr[Algorithm.SHA384.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                iArr[Algorithm.SHA512.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                iArr[Algorithm.HMAC_SHA256.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                iArr[Algorithm.HMAC_SHA384.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                iArr[Algorithm.HMAC_SHA512.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                iArr[Algorithm.A128GCM.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                iArr[Algorithm.A192GCM.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                iArr[Algorithm.A256GCM.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                iArr[Algorithm.UNSET.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                iArr[Algorithm.ES256.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            try {
                iArr[Algorithm.ES384.ordinal()] = 12;
            } catch (NoSuchFieldError e12) {
            }
            try {
                iArr[Algorithm.ES512.ordinal()] = 13;
            } catch (NoSuchFieldError e13) {
            }
            try {
                iArr[Algorithm.EDDSA.ordinal()] = 14;
            } catch (NoSuchFieldError e14) {
            }
            $EnumSwitchMapping$0 = iArr;
            int[] iArr2 = new int[EcCurve.values().length];
            try {
                iArr2[EcCurve.ED25519.ordinal()] = 1;
            } catch (NoSuchFieldError e15) {
            }
            try {
                iArr2[EcCurve.ED448.ordinal()] = 2;
            } catch (NoSuchFieldError e16) {
            }
            try {
                iArr2[EcCurve.P256.ordinal()] = 3;
            } catch (NoSuchFieldError e17) {
            }
            try {
                iArr2[EcCurve.P384.ordinal()] = 4;
            } catch (NoSuchFieldError e18) {
            }
            try {
                iArr2[EcCurve.P521.ordinal()] = 5;
            } catch (NoSuchFieldError e19) {
            }
            try {
                iArr2[EcCurve.BRAINPOOLP256R1.ordinal()] = 6;
            } catch (NoSuchFieldError e20) {
            }
            try {
                iArr2[EcCurve.BRAINPOOLP320R1.ordinal()] = 7;
            } catch (NoSuchFieldError e21) {
            }
            try {
                iArr2[EcCurve.BRAINPOOLP384R1.ordinal()] = 8;
            } catch (NoSuchFieldError e22) {
            }
            try {
                iArr2[EcCurve.BRAINPOOLP512R1.ordinal()] = 9;
            } catch (NoSuchFieldError e23) {
            }
            try {
                iArr2[EcCurve.X25519.ordinal()] = 10;
            } catch (NoSuchFieldError e24) {
            }
            try {
                iArr2[EcCurve.X448.ordinal()] = 11;
            } catch (NoSuchFieldError e25) {
            }
            $EnumSwitchMapping$1 = iArr2;
        }
    }

    private Crypto() {
    }

    @JvmStatic
    public static final boolean checkSignature(EcPublicKey publicKey, byte[] message, Algorithm algorithm, byte[] signature) {
        String str;
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        Intrinsics.checkNotNullParameter(message, "message");
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(signature, "signature");
        switch (WhenMappings.$EnumSwitchMapping$0[algorithm.ordinal()]) {
            case 10:
                throw new IllegalArgumentException("Algorithm not set");
            case 11:
                str = "SHA256withECDSA";
                break;
            case 12:
                str = "SHA384withECDSA";
                break;
            case 13:
                str = "SHA512withECDSA";
                break;
            case 14:
                switch (WhenMappings.$EnumSwitchMapping$1[publicKey.getCurve().ordinal()]) {
                    case 1:
                        str = EdDSAParameterSpec.Ed25519;
                        break;
                    case 2:
                        str = EdDSAParameterSpec.Ed448;
                        break;
                    default:
                        throw new IllegalArgumentException("Algorithm " + algorithm + " incompatible with curve " + publicKey.getCurve());
                }
            default:
                throw new IllegalArgumentException("Unsupported algorithm " + algorithm);
        }
        try {
            Signature signature2 = Signature.getInstance(str);
            signature2.initVerify(EcPublicKeyKt.getJavaPublicKey(publicKey));
            signature2.update(message);
            return signature2.verify(signature);
        } catch (Exception e) {
            throw new IllegalStateException("Error verifying signature", e);
        }
    }

    @JvmStatic
    public static final EcPrivateKey createEcPrivateKey(EcCurve curve) {
        Intrinsics.checkNotNullParameter(curve, "curve");
        switch (WhenMappings.$EnumSwitchMapping$1[curve.ordinal()]) {
            case 1:
                Ed25519KeyPairGenerator ed25519KeyPairGenerator = new Ed25519KeyPairGenerator();
                ed25519KeyPairGenerator.init(new Ed25519KeyGenerationParameters(new SecureRandom()));
                AsymmetricCipherKeyPair generateKeyPair = ed25519KeyPairGenerator.generateKeyPair();
                AsymmetricKeyParameter asymmetricKeyParameter = generateKeyPair.getPrivate();
                Intrinsics.checkNotNull(asymmetricKeyParameter, "null cannot be cast to non-null type org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters");
                AsymmetricKeyParameter asymmetricKeyParameter2 = generateKeyPair.getPublic();
                Intrinsics.checkNotNull(asymmetricKeyParameter2, "null cannot be cast to non-null type org.bouncycastle.crypto.params.Ed25519PublicKeyParameters");
                byte[] encoded = ((Ed25519PrivateKeyParameters) asymmetricKeyParameter).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded, "privateKey.encoded");
                byte[] encoded2 = ((Ed25519PublicKeyParameters) asymmetricKeyParameter2).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded2, "publicKey.encoded");
                return new EcPrivateKeyOkp(curve, encoded, encoded2);
            case 2:
                Ed448KeyPairGenerator ed448KeyPairGenerator = new Ed448KeyPairGenerator();
                ed448KeyPairGenerator.init(new Ed448KeyGenerationParameters(new SecureRandom()));
                AsymmetricCipherKeyPair generateKeyPair2 = ed448KeyPairGenerator.generateKeyPair();
                AsymmetricKeyParameter asymmetricKeyParameter3 = generateKeyPair2.getPrivate();
                Intrinsics.checkNotNull(asymmetricKeyParameter3, "null cannot be cast to non-null type org.bouncycastle.crypto.params.Ed448PrivateKeyParameters");
                AsymmetricKeyParameter asymmetricKeyParameter4 = generateKeyPair2.getPublic();
                Intrinsics.checkNotNull(asymmetricKeyParameter4, "null cannot be cast to non-null type org.bouncycastle.crypto.params.Ed448PublicKeyParameters");
                byte[] encoded3 = ((Ed448PrivateKeyParameters) asymmetricKeyParameter3).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded3, "privateKey.encoded");
                byte[] encoded4 = ((Ed448PublicKeyParameters) asymmetricKeyParameter4).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded4, "publicKey.encoded");
                return new EcPrivateKeyOkp(curve, encoded3, encoded4);
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
                keyPairGenerator.initialize(new ECGenParameterSpec(curve.getSECGName()));
                KeyPair generateKeyPair3 = keyPairGenerator.generateKeyPair();
                PublicKey publicKey = generateKeyPair3.getPublic();
                Intrinsics.checkNotNullExpressionValue(publicKey, "keyPair.public");
                EcPublicKey ecPublicKey = EcPublicKeyKt.toEcPublicKey(publicKey, curve);
                if (!(ecPublicKey instanceof EcPublicKeyDoubleCoordinate)) {
                    throw new IllegalStateException("Check failed.".toString());
                }
                PrivateKey privateKey = generateKeyPair3.getPrivate();
                Intrinsics.checkNotNull(privateKey, "null cannot be cast to non-null type org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey");
                byte[] d = ((BCECPrivateKey) privateKey).getD().toByteArray();
                Intrinsics.checkNotNullExpressionValue(d, "d");
                return new EcPrivateKeyDoubleCoordinate(curve, d, ((EcPublicKeyDoubleCoordinate) ecPublicKey).getX(), ((EcPublicKeyDoubleCoordinate) ecPublicKey).getY());
            case 10:
                X25519KeyPairGenerator x25519KeyPairGenerator = new X25519KeyPairGenerator();
                x25519KeyPairGenerator.init(new X25519KeyGenerationParameters(new SecureRandom()));
                AsymmetricCipherKeyPair generateKeyPair4 = x25519KeyPairGenerator.generateKeyPair();
                AsymmetricKeyParameter asymmetricKeyParameter5 = generateKeyPair4.getPrivate();
                Intrinsics.checkNotNull(asymmetricKeyParameter5, "null cannot be cast to non-null type org.bouncycastle.crypto.params.X25519PrivateKeyParameters");
                AsymmetricKeyParameter asymmetricKeyParameter6 = generateKeyPair4.getPublic();
                Intrinsics.checkNotNull(asymmetricKeyParameter6, "null cannot be cast to non-null type org.bouncycastle.crypto.params.X25519PublicKeyParameters");
                byte[] encoded5 = ((X25519PrivateKeyParameters) asymmetricKeyParameter5).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded5, "privateKey.encoded");
                byte[] encoded6 = ((X25519PublicKeyParameters) asymmetricKeyParameter6).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded6, "publicKey.encoded");
                return new EcPrivateKeyOkp(curve, encoded5, encoded6);
            case 11:
                X448KeyPairGenerator x448KeyPairGenerator = new X448KeyPairGenerator();
                x448KeyPairGenerator.init(new X448KeyGenerationParameters(new SecureRandom()));
                AsymmetricCipherKeyPair generateKeyPair5 = x448KeyPairGenerator.generateKeyPair();
                AsymmetricKeyParameter asymmetricKeyParameter7 = generateKeyPair5.getPrivate();
                Intrinsics.checkNotNull(asymmetricKeyParameter7, "null cannot be cast to non-null type org.bouncycastle.crypto.params.X448PrivateKeyParameters");
                AsymmetricKeyParameter asymmetricKeyParameter8 = generateKeyPair5.getPublic();
                Intrinsics.checkNotNull(asymmetricKeyParameter8, "null cannot be cast to non-null type org.bouncycastle.crypto.params.X448PublicKeyParameters");
                byte[] encoded7 = ((X448PrivateKeyParameters) asymmetricKeyParameter7).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded7, "privateKey.encoded");
                byte[] encoded8 = ((X448PublicKeyParameters) asymmetricKeyParameter8).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded8, "publicKey.encoded");
                return new EcPrivateKeyOkp(curve, encoded7, encoded8);
            default:
                throw new NoWhenBranchMatchedException();
        }
    }

    @JvmStatic
    public static final Certificate createX509v3Certificate(EcPublicKey publicKey, EcPrivateKey signingKey, Certificate signingKeyCertificate, Algorithm signatureAlgorithm, String serial, String subject, String issuer, Instant validFrom, Instant validUntil, Set<? extends CreateCertificateOption> options, List<X509v3Extension> additionalExtensions) {
        String str;
        PublicKey publicKey2;
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        Intrinsics.checkNotNullParameter(signingKey, "signingKey");
        Intrinsics.checkNotNullParameter(signatureAlgorithm, "signatureAlgorithm");
        Intrinsics.checkNotNullParameter(serial, "serial");
        Intrinsics.checkNotNullParameter(subject, "subject");
        Intrinsics.checkNotNullParameter(issuer, "issuer");
        Intrinsics.checkNotNullParameter(validFrom, "validFrom");
        Intrinsics.checkNotNullParameter(validUntil, "validUntil");
        Intrinsics.checkNotNullParameter(options, "options");
        Intrinsics.checkNotNullParameter(additionalExtensions, "additionalExtensions");
        switch (WhenMappings.$EnumSwitchMapping$0[signatureAlgorithm.ordinal()]) {
            case 11:
                str = "SHA256withECDSA";
                break;
            case 12:
                str = "SHA384withECDSA";
                break;
            case 13:
                str = "SHA512withECDSA";
                break;
            case 14:
                switch (WhenMappings.$EnumSwitchMapping$1[signingKey.getCurve().ordinal()]) {
                    case 1:
                        str = EdDSAParameterSpec.Ed25519;
                        break;
                    case 2:
                        str = EdDSAParameterSpec.Ed448;
                        break;
                    default:
                        throw new IllegalArgumentException("ALGORITHM_EDDSA can only be used with Ed25519 and Ed448");
                }
            default:
                throw new IllegalArgumentException("Algorithm cannot be used for signing");
        }
        PrivateKey javaPrivateKey = EcPrivateKeyKt.getJavaPrivateKey(signingKey);
        PublicKey javaPublicKey = EcPublicKeyKt.getJavaPublicKey(publicKey);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X500Name(issuer), new BigInteger(serial), new Date(validFrom.toEpochMilliseconds()), new Date(validUntil.toEpochMilliseconds()), new X500Name(subject), javaPublicKey);
        if (options.contains(CreateCertificateOption.INCLUDE_SUBJECT_KEY_IDENTIFIER)) {
            publicKey2 = javaPublicKey;
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey2));
        } else {
            publicKey2 = javaPublicKey;
        }
        if (options.contains(CreateCertificateOption.INCLUDE_AUTHORITY_KEY_IDENTIFIER_AS_SUBJECT_KEY_IDENTIFIER)) {
            jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(publicKey2));
        }
        if (options.contains(CreateCertificateOption.INCLUDE_AUTHORITY_KEY_IDENTIFIER_FROM_SIGNING_KEY_CERTIFICATE)) {
            if (!(signingKeyCertificate != null)) {
                throw new IllegalStateException("Check failed.".toString());
            }
            jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) new AuthorityKeyIdentifier(SubjectKeyIdentifier.getInstance(ASN1OctetString.getInstance(CertificateKt.getJavaX509Certificate(signingKeyCertificate).getExtensionValue(Extension.subjectKeyIdentifier.toString())).getOctets()).getKeyIdentifier()));
        }
        List<X509v3Extension> list = additionalExtensions;
        for (X509v3Extension x509v3Extension : list) {
            jcaX509v3CertificateBuilder.addExtension(new ASN1ObjectIdentifier(x509v3Extension.getOid()), x509v3Extension.isCritical(), x509v3Extension.getPayload());
            list = list;
        }
        byte[] encoded = jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(str).build(javaPrivateKey)).getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "certBuilder.build(signer).getEncoded()");
        java.security.cert.Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(encoded));
        Intrinsics.checkNotNull(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
        byte[] encoded2 = ((X509Certificate) generateCertificate).getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded2, "x509cert.encoded");
        return new Certificate(encoded2);
    }

    @JvmStatic
    public static final byte[] decrypt(Algorithm algorithm, byte[] key, byte[] nonce, byte[] messageCiphertext) {
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(nonce, "nonce");
        Intrinsics.checkNotNullParameter(messageCiphertext, "messageCiphertext");
        switch (WhenMappings.$EnumSwitchMapping$0[algorithm.ordinal()]) {
            case 7:
            case 8:
            case 9:
                try {
                    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                    cipher.init(2, new SecretKeySpec(key, "AES"), new GCMParameterSpec(128, nonce));
                    byte[] doFinal = cipher.doFinal(messageCiphertext);
                    Intrinsics.checkNotNullExpressionValue(doFinal, "{\n            Cipher.get…)\n            }\n        }");
                    return doFinal;
                } catch (Exception e) {
                    throw new IllegalStateException("Error decrypting", e);
                }
            default:
                throw new IllegalArgumentException("Unsupported algorithm " + algorithm);
        }
    }

    @JvmStatic
    public static final byte[] digest(Algorithm algorithm, byte[] message) {
        String str;
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(message, "message");
        switch (WhenMappings.$EnumSwitchMapping$0[algorithm.ordinal()]) {
            case 1:
                str = "SHA-256";
                break;
            case 2:
                str = McElieceCCA2KeyGenParameterSpec.SHA384;
                break;
            case 3:
                str = "SHA-512";
                break;
            default:
                throw new IllegalArgumentException("Unsupported algorithm " + algorithm);
        }
        byte[] digest = MessageDigest.getInstance(str).digest(message);
        Intrinsics.checkNotNullExpressionValue(digest, "getInstance(algName).digest(message)");
        return digest;
    }

    @JvmStatic
    public static final byte[] encrypt(Algorithm algorithm, byte[] key, byte[] nonce, byte[] messagePlaintext) {
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(nonce, "nonce");
        Intrinsics.checkNotNullParameter(messagePlaintext, "messagePlaintext");
        switch (WhenMappings.$EnumSwitchMapping$0[algorithm.ordinal()]) {
            case 7:
            case 8:
            case 9:
                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                cipher.init(1, new SecretKeySpec(key, "AES"), new GCMParameterSpec(128, nonce));
                byte[] doFinal = cipher.doFinal(messagePlaintext);
                Intrinsics.checkNotNullExpressionValue(doFinal, "getInstance(\"AES/GCM/NoP…ssagePlaintext)\n        }");
                return doFinal;
            default:
                throw new IllegalArgumentException("Unsupported algorithm " + algorithm);
        }
    }

    @JvmStatic
    public static final byte[] hkdf(Algorithm algorithm, byte[] ikm, byte[] salt, byte[] info, int size) {
        int i;
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(ikm, "ikm");
        switch (WhenMappings.$EnumSwitchMapping$0[algorithm.ordinal()]) {
            case 4:
                i = 32;
                break;
            case 5:
                i = 48;
                break;
            case 6:
                i = 64;
                break;
            default:
                throw new IllegalArgumentException("Unsupported algorithm " + algorithm);
        }
        int i2 = 1;
        if (!(size <= i * 255)) {
            throw new IllegalArgumentException("size too large".toString());
        }
        byte[] mac = mac(algorithm, (salt == null || salt.length == 0) ? new byte[i] : salt, ikm);
        byte[] bArr = new byte[size];
        int i3 = 1;
        int i4 = 0;
        byte[] bArr2 = new byte[0];
        while (true) {
            ByteStringBuilder byteStringBuilder = new ByteStringBuilder(0, i2, null);
            byteStringBuilder.append(bArr2, 0, bArr2.length);
            if (info != null) {
                byteStringBuilder.append(info, 0, info.length);
            }
            byteStringBuilder.append((byte) i3);
            bArr2 = mac(algorithm, mac, ByteString.toByteArray$default(byteStringBuilder.toByteString(), 0, 0, 3, null));
            if (bArr2.length + i4 >= size) {
                System.arraycopy(bArr2, 0, bArr, i4, size - i4);
                return bArr;
            }
            System.arraycopy(bArr2, 0, bArr, i4, bArr2.length);
            i4 += bArr2.length;
            i3++;
            i2 = 1;
        }
    }

    @JvmStatic
    public static final byte[] keyAgreement(EcPrivateKey key, EcPublicKey otherKey) {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(otherKey, "otherKey");
        switch (WhenMappings.$EnumSwitchMapping$1[key.getCurve().ordinal()]) {
            case 1:
            case 2:
                throw new IllegalStateException("Key with curve " + key.getCurve() + " does not support key-agreement");
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
                PrivateKey generatePrivate = KeyFactory.getInstance("EC").generatePrivate(new ECPrivateKeySpec(BigIntegers.fromUnsignedByteArray(key.getD()), ECNamedCurveTable.getParameterSpec(key.getCurve().getSECGName())));
                try {
                    KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
                    keyAgreement.init(generatePrivate);
                    keyAgreement.doPhase(EcPublicKeyKt.getJavaPublicKey(otherKey), true);
                    byte[] generateSecret = keyAgreement.generateSecret();
                    Intrinsics.checkNotNullExpressionValue(generateSecret, "{\n                ECPriv…          }\n            }");
                    return generateSecret;
                } catch (Exception e) {
                    throw new IllegalStateException("Unexpected Exception", e);
                }
            case 10:
                if (!(otherKey instanceof EcPublicKeyOkp)) {
                    throw new IllegalStateException("Check failed.".toString());
                }
                X25519PublicKeyParameters x25519PublicKeyParameters = new X25519PublicKeyParameters(((EcPublicKeyOkp) otherKey).getX(), 0);
                X25519PrivateKeyParameters x25519PrivateKeyParameters = new X25519PrivateKeyParameters(key.getD(), 0);
                X25519Agreement x25519Agreement = new X25519Agreement();
                x25519Agreement.init(x25519PrivateKeyParameters);
                byte[] bArr = new byte[x25519Agreement.getAgreementSize()];
                x25519Agreement.calculateAgreement(x25519PublicKeyParameters, bArr, 0);
                return bArr;
            case 11:
                if (!(otherKey instanceof EcPublicKeyOkp)) {
                    throw new IllegalStateException("Check failed.".toString());
                }
                X448PublicKeyParameters x448PublicKeyParameters = new X448PublicKeyParameters(((EcPublicKeyOkp) otherKey).getX(), 0);
                X448PrivateKeyParameters x448PrivateKeyParameters = new X448PrivateKeyParameters(key.getD(), 0);
                X448Agreement x448Agreement = new X448Agreement();
                x448Agreement.init(x448PrivateKeyParameters);
                byte[] bArr2 = new byte[x448Agreement.getAgreementSize()];
                x448Agreement.calculateAgreement(x448PublicKeyParameters, bArr2, 0);
                return bArr2;
            default:
                throw new NoWhenBranchMatchedException();
        }
    }

    @JvmStatic
    public static final byte[] mac(Algorithm algorithm, byte[] key, byte[] message) {
        String str;
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(message, "message");
        switch (WhenMappings.$EnumSwitchMapping$0[algorithm.ordinal()]) {
            case 4:
                str = "HmacSha256";
                break;
            case 5:
                str = "HmacSha384";
                break;
            case 6:
                str = "HmacSha512";
                break;
            default:
                throw new IllegalArgumentException("Unsupported algorithm " + algorithm);
        }
        Mac mac = Mac.getInstance(str);
        mac.init(new SecretKeySpec(key, ""));
        mac.update(message);
        byte[] doFinal = mac.doFinal();
        Intrinsics.checkNotNullExpressionValue(doFinal, "getInstance(algName).run…      doFinal()\n        }");
        return doFinal;
    }

    @JvmStatic
    public static final byte[] sign(EcPrivateKey key, Algorithm signatureAlgorithm, byte[] message) {
        String str;
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(signatureAlgorithm, "signatureAlgorithm");
        Intrinsics.checkNotNullParameter(message, "message");
        switch (WhenMappings.$EnumSwitchMapping$1[key.getCurve().ordinal()]) {
            case 1:
                Ed25519PrivateKeyParameters ed25519PrivateKeyParameters = new Ed25519PrivateKeyParameters(key.getD(), 0);
                Ed25519Signer ed25519Signer = new Ed25519Signer();
                ed25519Signer.init(true, ed25519PrivateKeyParameters);
                ed25519Signer.update(message, 0, message.length);
                byte[] generateSignature = ed25519Signer.generateSignature();
                Intrinsics.checkNotNullExpressionValue(generateSignature, "{\n            val privat…)\n            }\n        }");
                return generateSignature;
            case 2:
                Ed448PrivateKeyParameters ed448PrivateKeyParameters = new Ed448PrivateKeyParameters(key.getD(), 0);
                Ed448Signer ed448Signer = new Ed448Signer(new byte[0]);
                ed448Signer.init(true, ed448PrivateKeyParameters);
                ed448Signer.update(message, 0, message.length);
                byte[] generateSignature2 = ed448Signer.generateSignature();
                Intrinsics.checkNotNullExpressionValue(generateSignature2, "{\n            val privat…)\n            }\n        }");
                return generateSignature2;
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
                switch (WhenMappings.$EnumSwitchMapping$0[signatureAlgorithm.ordinal()]) {
                    case 11:
                        str = "SHA256withECDSA";
                        break;
                    case 12:
                        str = "SHA384withECDSA";
                        break;
                    case 13:
                        str = "SHA512withECDSA";
                        break;
                    default:
                        throw new IllegalArgumentException("Unsupported signing algorithm " + signatureAlgorithm + " for curve " + key.getCurve());
                }
                PrivateKey generatePrivate = KeyFactory.getInstance("EC").generatePrivate(new ECPrivateKeySpec(BigIntegers.fromUnsignedByteArray(key.getD()), ECNamedCurveTable.getParameterSpec(key.getCurve().getSECGName())));
                try {
                    Signature signature = Signature.getInstance(str, BouncyCastleProvider.PROVIDER_NAME);
                    signature.initSign(generatePrivate);
                    signature.update(message);
                    byte[] sign = signature.sign();
                    Intrinsics.checkNotNullExpressionValue(sign, "{\n            val signat…)\n            }\n        }");
                    return sign;
                } catch (Exception e) {
                    throw new IllegalStateException("Unexpected Exception", e);
                }
            case 10:
            case 11:
                throw new IllegalStateException("Key with curve " + key.getCurve() + " does not support signing");
            default:
                throw new NoWhenBranchMatchedException();
        }
    }
}
