package org.esteid;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

/* loaded from: input_file:org/esteid/EstEIDSelfTests.class */
public class EstEIDSelfTests {
    final X509Certificate authcert;
    final X509Certificate signcert;
    final EstEID esteid;
    final CallbackHandler cb;
    final SecureRandom rnd = SecureRandom.getInstance("SHA1PRNG");

    public EstEIDSelfTests(EstEID estEID, CallbackHandler callbackHandler) throws IOException, NoSuchAlgorithmException {
        this.esteid = estEID;
        this.authcert = estEID.getAuthenticationCertificate();
        this.signcert = estEID.getSigningCertificate();
        this.cb = callbackHandler;
    }

    public void crypto_tests() throws WrongPINException, EstEIDException, IOException, UnsupportedCallbackException {
        System.out.println("Testing certificates and crypto ...");
        try {
            System.out.println("Auth cert: " + this.authcert.getSubjectDN());
            if (this.authcert.getPublicKey().getAlgorithm().equals("EC")) {
                Signature signature = Signature.getInstance("NONEwithECDSA", "BC");
                byte[] bArr = new byte[48];
                this.rnd.nextBytes(bArr);
                signature.initVerify(this.authcert.getPublicKey());
                signature.update(bArr);
                if (!signature.verify(BaseEstEID.rs2der(this.esteid.authenticate(bArr, this.cb)))) {
                    throw new EstEIDException("Card and auth key don't match on authentication!");
                }
                System.out.println("AUTHENTICATE: OK");
                KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
                keyPairGenerator.initialize(new ECGenParameterSpec("secp384r1"));
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                keyAgreement.init(generateKeyPair.getPrivate());
                keyAgreement.doPhase(this.authcert.getPublicKey(), true);
                if (!Arrays.equals(this.esteid.dh((ECPublicKey) generateKeyPair.getPublic(), this.cb), keyAgreement.generateSecret())) {
                }
            } else if (this.authcert.getPublicKey().getAlgorithm().equals("RSA")) {
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                byte[] bArr2 = new byte[20];
                this.rnd.nextBytes(bArr2);
                cipher.init(2, this.authcert.getPublicKey());
                if (!Arrays.equals(bArr2, cipher.doFinal(this.esteid.authenticate(bArr2, this.cb)))) {
                    throw new EstEIDException("Card and auth key don't match!");
                }
                System.out.println("ENCRYPT: OK");
                this.rnd.nextBytes(bArr2);
                cipher.init(1, this.authcert.getPublicKey());
                if (!Arrays.equals(bArr2, this.esteid.decrypt(cipher.doFinal(bArr2), this.cb))) {
                    throw new EstEIDException("Card and auth key don't match on decryption!");
                }
                System.out.println("DECRYPT: OK");
            }
            System.out.println("Sign cert: " + this.signcert.getSubjectDN());
            if (this.signcert.getPublicKey().getAlgorithm().equals("EC")) {
                Signature signature2 = Signature.getInstance("NONEwithECDSA", "BC");
                byte[] bArr3 = new byte[48];
                this.rnd.nextBytes(bArr3);
                signature2.initVerify(this.signcert.getPublicKey());
                signature2.update(bArr3);
                if (!signature2.verify(BaseEstEID.rs2der(this.esteid.sign(bArr3, this.cb)))) {
                    throw new EstEIDException("Card and sign key don't match on signing!");
                }
                System.out.println("SIGN: OK");
            } else if (this.signcert.getPublicKey().getAlgorithm().equals("RSA")) {
                Cipher cipher2 = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                byte[] bArr4 = new byte[20];
                this.rnd.nextBytes(bArr4);
                cipher2.init(2, this.signcert.getPublicKey());
                if (!Arrays.equals(bArr4, cipher2.doFinal(this.esteid.sign(bArr4, this.cb)))) {
                    throw new EstEIDException("Card and sign key don't match on signing!");
                }
                System.out.println("SIGN: OK");
            }
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
            System.out.println("FAILURE");
        }
    }
}
