package de.governikus.autent.eudiwallet.mdl;

import com.authlete.cbor.CBORItem;
import com.authlete.cbor.CBORItemList;
import com.authlete.cbor.CBORString;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
import org.bouncycastle.crypto.params.HKDFParameters;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/governikus/autent/eudiwallet/mdl/MdocHelper.class */
public class MdocHelper {
    private static final Logger log = LoggerFactory.getLogger(MdocHelper.class);
    private static final String E_MAC_KEY_INFO = "EMacKey";
    private static final int E_MAC_KEY_LENGTH = 32;

    public static byte[] hkdf(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) {
        HKDFBytesGenerator hKDFBytesGenerator = new HKDFBytesGenerator(new SHA256Digest());
        hKDFBytesGenerator.init(new HKDFParameters(bArr, bArr2, bArr3));
        byte[] bArr4 = new byte[i];
        hKDFBytesGenerator.generateBytes(bArr4, 0, i);
        return bArr4;
    }

    public static byte[] computeMac(byte[] bArr, CBORItem cBORItem, String str) {
        return calculateMac(generateEMacKey(bArr, str), new CBORItemList(new CBORItem[]{new CBORString(str), new CBORString(MdocConstants.EUDI_DOC_TYPE), cBORItem}).encode());
    }

    private static byte[] generateEMacKey(byte[] bArr, String str) {
        return hkdf(bArr, toSha265(str.getBytes(StandardCharsets.UTF_8)), E_MAC_KEY_INFO.getBytes(StandardCharsets.UTF_8), E_MAC_KEY_LENGTH);
    }

    private static byte[] calculateMac(byte[] bArr, byte[] bArr2) {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HmacSHA256");
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            return mac.doFinal(bArr2);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new IllegalStateException("Failed to calculate mac", e);
        }
    }

    public static byte[] toSha265(byte[] bArr) {
        try {
            return MessageDigest.getInstance("SHA-256").digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("SHA-256 algorithm is not supported for MessageDigest", e);
        }
    }

    private MdocHelper() {
    }
}
