package ru.rbs.mobile.payment.sdk.threeds.impl.utils;

import com.huawei.hms.aaid.constant.AaidIdConstant;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.DirectDecrypter;
import com.nimbusds.jose.crypto.DirectEncrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.impl.ConcatKDF;
import com.nimbusds.jose.crypto.impl.ECDH;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.X509CertUtils;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWTClaimsSet;
import java.io.StringReader;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import javax.crypto.SecretKey;
import org.spongycastle.cert.jcajce.JcaX509CertificateHolder;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.util.io.pem.PemReader;
import ru.rbs.mobile.payment.sdk.threeds.spec.InvalidInputException;
import ru.rbs.mobile.payment.sdk.threeds.spec.SDKRuntimeException;

/* loaded from: classes4.dex */
public final class Crypto {
    public static final String EC = "EC";
    public static final String RSA = "RSA";
    private static final HashMap<String, DsCertPair> dsCertPairs;

    /* loaded from: classes4.dex */
    public static final class DsCertPair {
        private final String alg;
        private final String id;
        private final String publicKey;

        public DsCertPair(String str, String str2, String str3) {
            this.id = str;
            this.publicKey = str2;
            this.alg = str3;
        }

        public String getAlg() {
            return this.alg;
        }

        public String getId() {
            return this.id;
        }

        String getPublicKey() {
            return this.publicKey;
        }
    }

    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        HashMap<String, DsCertPair> hashMap = new HashMap<>();
        dsCertPairs = hashMap;
        hashMap.put("F000000000", new DsCertPair("F000000000", "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/O0BfXWngO9OJDBsqdR5U2h28jrX6Y+LlblTBaYeT2tW7+ca3YzTFXA8duVUwdlWxl3JZCOOeL1feVP6g0TNOHVCkCnirVDLkcozod4aSkNvx+929aDr1ithqhruf0skBc2sMZGBBCNpso6XGzyAf2uZ2+9DvXoKIUYgcr7PQmL2Y0awyQN7KCRcusaotYNz2mOPrL/hAv6hTexkNrQKzFcPwCuc6kN6aNjD+p2CJ51/5p02SNS70nPOmwmg63j6f3n7xVykQ56kNc1l5B5xOpeHJmqk3+hyF1dF/47rQmMFicN41QSvZ5AZJKgWlIn2VQROMkEHkF9ZBRLx1nFTwIDAQAB", RSA));
        hashMap.put("F000000001", new DsCertPair("F000000001", "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYktbLuAv0v52erE5LPscomKaOmQsvevxzOyn9k4sF1hqpBc5kUygzxA9Jl0R/2dTuk8ka7UCujk36xeUsLVpWA==", EC));
    }

    static void checkCertificateChain(List<Base64> list, String str) {
        AssertUtils.assertStr("dsRoot ", str);
        if (list == null || list.isEmpty()) {
            throw new SDKRuntimeException("JWS certificate chain must not be null or empty");
        }
        if (!str.contains("CERTIFICATE")) {
            str = "-----BEGIN CERTIFICATE-----" + str + "-----END CERTIFICATE-----";
        }
        X509Certificate parse = X509CertUtils.parse(str);
        ArrayList arrayList = new ArrayList();
        Iterator<Base64> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(X509CertUtils.parse(it.next().decode()));
        }
        Iterator it2 = arrayList.iterator();
        X509Certificate x509Certificate = (X509Certificate) it2.next();
        while (!x509Certificate.equals(parse) && !signBy(x509Certificate, parse)) {
            if (it2.hasNext()) {
                X509Certificate x509Certificate2 = (X509Certificate) it2.next();
                if (signBy(x509Certificate, x509Certificate2) && x509Certificate2 != null) {
                    x509Certificate = x509Certificate2;
                }
            }
            throw new SDKRuntimeException("Certificate chaining is not valid");
        }
    }

    public static JWK createJWK(KeyPair keyPair) {
        ECPublicKey eCPublicKey = (ECPublicKey) keyPair.getPublic();
        return new ECKey.Builder(Curve.P_256, eCPublicKey).privateKey((ECPrivateKey) keyPair.getPrivate()).build();
    }

    public static byte[] decrypt(byte[] bArr, String str) throws SDKRuntimeException {
        JWEObject parse = JWEObject.parse(str);
        parse.decrypt(new DirectDecrypter(bArr));
        return parse.getPayload().toString().getBytes();
    }

    public static byte[] encrypt(String str, ECKey eCKey, byte[] bArr, String str2) throws SDKRuntimeException {
        if (bArr == null) {
            throw new SDKRuntimeException("SecretKey is empty. JWE failed");
        }
        try {
            JWEObject jWEObject = new JWEObject(new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A128CBC_HS256).keyID(str2).ephemeralPublicKey(eCKey).build(), new Payload(str));
            jWEObject.encrypt(new DirectEncrypter(bArr));
            return jWEObject.serialize().getBytes();
        } catch (Throwable th) {
            throw new SDKRuntimeException("JWE failed", th);
        }
    }

    public static DsCertPair findDsCertPair(String str) throws InvalidInputException {
        HashMap<String, DsCertPair> hashMap = dsCertPairs;
        if (!hashMap.containsKey(str)) {
            throw new InvalidInputException("Invalid directory server id or public key.");
        }
        DsCertPair dsCertPair = hashMap.get(str);
        if (dsCertPair != null) {
            return dsCertPair;
        }
        throw new InvalidInputException("Invalid directory server id or public key.");
    }

    public static SecretKey generateECDHSecret(ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey, String str) throws SDKRuntimeException {
        try {
            return new ConcatKDF(AaidIdConstant.SIGNATURE_SHA256).deriveKey(ECDH.deriveSharedSecret(eCPublicKey, eCPrivateKey, null), 256, ConcatKDF.encodeStringData(null), ConcatKDF.encodeDataWithLength((Base64URL) null), ConcatKDF.encodeDataWithLength(Base64URL.encode(str)), ConcatKDF.encodeIntData(256), ConcatKDF.encodeNoData());
        } catch (JOSEException unused) {
            throw new SDKRuntimeException("Error generating shared secret.");
        }
    }

    public static KeyPair generateEphemeralKeyPair() throws SDKRuntimeException {
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec("P-256");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
        keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static PublicKey getPublicKeyFromDs(DsCertPair dsCertPair) throws InvalidInputException {
        return KeyFactory.getInstance(dsCertPair.getAlg(), BouncyCastleProvider.PROVIDER_NAME).generatePublic(new X509EncodedKeySpec(new PemReader(new StringReader(String.format("-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----", dsCertPair.getPublicKey()))).readPemObject().getContent()));
    }

    public static String getRandomUUID() {
        return UUID.randomUUID().toString();
    }

    public static String jweEncrypt(String str, ECPublicKey eCPublicKey, String str2) throws SDKRuntimeException {
        try {
            KeyPair generateEphemeralKeyPair = generateEphemeralKeyPair();
            ECPrivateKey eCPrivateKey = (ECPrivateKey) generateEphemeralKeyPair.getPrivate();
            ECPublicKey eCPublicKey2 = (ECPublicKey) generateEphemeralKeyPair.getPublic();
            SecretKey generateECDHSecret = generateECDHSecret(eCPublicKey, eCPrivateKey, str2);
            JWEObject jWEObject = new JWEObject(new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A128CBC_HS256).ephemeralPublicKey(new ECKey.Builder(Curve.P_256, eCPublicKey2).build()).build(), new Payload(str));
            jWEObject.encrypt(new DirectEncrypter(generateECDHSecret));
            return jWEObject.serialize();
        } catch (JOSEException unused) {
            throw new SDKRuntimeException("Error encrypting device information.");
        }
    }

    public static String jweEncrypt(String str, RSAPublicKey rSAPublicKey) throws SDKRuntimeException {
        EncryptedJWT encryptedJWT = new EncryptedJWT(new JWEHeader(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A128CBC_HS256), JWTClaimsSet.parse(str));
        encryptedJWT.encrypt(new RSAEncrypter(rSAPublicKey));
        return encryptedJWT.serialize();
    }

    /* JADX WARN: Removed duplicated region for block: B:19:0x0083  */
    /* JADX WARN: Removed duplicated region for block: B:21:0x008c A[Catch: JOSEException -> 0x0094, TRY_ENTER, TryCatch #1 {JOSEException -> 0x0094, blocks: (B:9:0x0006, B:11:0x0022, B:14:0x002b, B:16:0x0033, B:17:0x007d, B:21:0x008c, B:22:0x0093, B:23:0x0053, B:24:0x005b, B:25:0x005c), top: B:8:0x0006 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.lang.String jwsValidateSignatureAndReturnBody(java.lang.String r2, java.lang.String r3) throws ru.rbs.mobile.payment.sdk.threeds.spec.SDKRuntimeException {
        /*
            if (r2 == 0) goto La8
            com.nimbusds.jose.JWSObject r2 = com.nimbusds.jose.JWSObject.parse(r2)     // Catch: java.text.ParseException -> L9f
            com.nimbusds.jose.JWSHeader r0 = r2.getHeader()     // Catch: com.nimbusds.jose.JOSEException -> L94
            com.nimbusds.jose.JWSAlgorithm r0 = r0.getAlgorithm()     // Catch: com.nimbusds.jose.JOSEException -> L94
            com.nimbusds.jose.JWSHeader r1 = r2.getHeader()     // Catch: com.nimbusds.jose.JOSEException -> L94
            java.util.List r1 = r1.getX509CertChain()     // Catch: com.nimbusds.jose.JOSEException -> L94
            checkCertificateChain(r1, r3)     // Catch: com.nimbusds.jose.JOSEException -> L94
            com.nimbusds.jose.JWSAlgorithm r3 = com.nimbusds.jose.JWSAlgorithm.PS256     // Catch: com.nimbusds.jose.JOSEException -> L94
            boolean r3 = r0.equals(r3)     // Catch: com.nimbusds.jose.JOSEException -> L94
            r1 = 0
            if (r3 != 0) goto L5c
            com.nimbusds.jose.JWSAlgorithm r3 = com.nimbusds.jose.JWSAlgorithm.RS256     // Catch: com.nimbusds.jose.JOSEException -> L94
            boolean r3 = r0.equals(r3)     // Catch: com.nimbusds.jose.JOSEException -> L94
            if (r3 == 0) goto L2b
            goto L5c
        L2b:
            com.nimbusds.jose.JWSAlgorithm r3 = com.nimbusds.jose.JWSAlgorithm.ES256     // Catch: com.nimbusds.jose.JOSEException -> L94
            boolean r3 = r0.equals(r3)     // Catch: com.nimbusds.jose.JOSEException -> L94
            if (r3 == 0) goto L53
            com.nimbusds.jose.JWSHeader r3 = r2.getHeader()     // Catch: com.nimbusds.jose.JOSEException -> L94
            java.util.List r3 = r3.getX509CertChain()     // Catch: com.nimbusds.jose.JOSEException -> L94
            java.lang.Object r3 = r3.get(r1)     // Catch: com.nimbusds.jose.JOSEException -> L94
            com.nimbusds.jose.util.Base64 r3 = (com.nimbusds.jose.util.Base64) r3     // Catch: com.nimbusds.jose.JOSEException -> L94
            byte[] r3 = r3.decode()     // Catch: com.nimbusds.jose.JOSEException -> L94
            java.security.cert.X509Certificate r3 = com.nimbusds.jose.util.X509CertUtils.parse(r3)     // Catch: com.nimbusds.jose.JOSEException -> L94
            com.nimbusds.jose.jwk.ECKey r3 = parseECKey(r3)     // Catch: com.nimbusds.jose.JOSEException -> L94
            com.nimbusds.jose.crypto.ECDSAVerifier r0 = new com.nimbusds.jose.crypto.ECDSAVerifier     // Catch: com.nimbusds.jose.JOSEException -> L94
            r0.<init>(r3)     // Catch: com.nimbusds.jose.JOSEException -> L94
            goto L7d
        L53:
            ru.rbs.mobile.payment.sdk.threeds.spec.SDKRuntimeException r2 = new ru.rbs.mobile.payment.sdk.threeds.spec.SDKRuntimeException     // Catch: com.nimbusds.jose.JOSEException -> L94
            java.lang.String r3 = "unsupported algorithm"
            r2.<init>(r3)     // Catch: com.nimbusds.jose.JOSEException -> L94
            throw r2     // Catch: com.nimbusds.jose.JOSEException -> L94
        L5c:
            com.nimbusds.jose.JWSHeader r3 = r2.getHeader()     // Catch: com.nimbusds.jose.JOSEException -> L94
            java.util.List r3 = r3.getX509CertChain()     // Catch: com.nimbusds.jose.JOSEException -> L94
            java.lang.Object r3 = r3.get(r1)     // Catch: com.nimbusds.jose.JOSEException -> L94
            com.nimbusds.jose.util.Base64 r3 = (com.nimbusds.jose.util.Base64) r3     // Catch: com.nimbusds.jose.JOSEException -> L94
            byte[] r3 = r3.decode()     // Catch: com.nimbusds.jose.JOSEException -> L94
            java.security.cert.X509Certificate r3 = com.nimbusds.jose.util.X509CertUtils.parse(r3)     // Catch: com.nimbusds.jose.JOSEException -> L94
            java.security.PublicKey r3 = r3.getPublicKey()     // Catch: com.nimbusds.jose.JOSEException -> L94
            java.security.interfaces.RSAPublicKey r3 = (java.security.interfaces.RSAPublicKey) r3     // Catch: com.nimbusds.jose.JOSEException -> L94
            com.nimbusds.jose.crypto.RSASSAVerifier r0 = new com.nimbusds.jose.crypto.RSASSAVerifier     // Catch: com.nimbusds.jose.JOSEException -> L94
            r0.<init>(r3)     // Catch: com.nimbusds.jose.JOSEException -> L94
        L7d:
            boolean r3 = r2.verify(r0)     // Catch: com.nimbusds.jose.JOSEException -> L94
            if (r3 == 0) goto L8c
            com.nimbusds.jose.Payload r2 = r2.getPayload()
            java.lang.String r2 = r2.toString()
            return r2
        L8c:
            ru.rbs.mobile.payment.sdk.threeds.spec.SDKRuntimeException r2 = new ru.rbs.mobile.payment.sdk.threeds.spec.SDKRuntimeException     // Catch: com.nimbusds.jose.JOSEException -> L94
            java.lang.String r3 = "JWS validation failed."
            r2.<init>(r3)     // Catch: com.nimbusds.jose.JOSEException -> L94
            throw r2     // Catch: com.nimbusds.jose.JOSEException -> L94
        L94:
            r2 = move-exception
            ru.rbs.mobile.payment.sdk.threeds.spec.SDKRuntimeException r3 = new ru.rbs.mobile.payment.sdk.threeds.spec.SDKRuntimeException
            java.lang.String r2 = r2.getMessage()
            r3.<init>(r2)
            throw r3
        L9f:
            r2 = move-exception
            ru.rbs.mobile.payment.sdk.threeds.spec.SDKRuntimeException r3 = new ru.rbs.mobile.payment.sdk.threeds.spec.SDKRuntimeException
            java.lang.String r0 = "JWS parsing failed"
            r3.<init>(r0, r2)
            throw r3
        La8:
            ru.rbs.mobile.payment.sdk.threeds.spec.SDKRuntimeException r2 = new ru.rbs.mobile.payment.sdk.threeds.spec.SDKRuntimeException
            java.lang.String r3 = "JWS is null"
            r2.<init>(r3)
            throw r2
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.rbs.mobile.payment.sdk.threeds.impl.utils.Crypto.jwsValidateSignatureAndReturnBody(java.lang.String, java.lang.String):java.lang.String");
    }

    private static ECKey parseECKey(X509Certificate x509Certificate) throws JOSEException {
        if (!(x509Certificate.getPublicKey() instanceof ECPublicKey)) {
            throw new JOSEException("The public key of the X.509 certificate is not EC");
        }
        ECPublicKey eCPublicKey = (ECPublicKey) x509Certificate.getPublicKey();
        try {
            String obj = new JcaX509CertificateHolder(x509Certificate).getSubjectPublicKeyInfo().getAlgorithm().getParameters().toString();
            Curve forOID = Curve.forOID(obj);
            if (forOID != null) {
                return new ECKey.Builder(forOID, eCPublicKey).keyUse(KeyUse.from(x509Certificate)).keyID(x509Certificate.getSerialNumber().toString(10)).x509CertChain(Collections.singletonList(Base64.encode(x509Certificate.getEncoded()))).x509CertSHA256Thumbprint(Base64URL.encode(MessageDigest.getInstance(AaidIdConstant.SIGNATURE_SHA256).digest(x509Certificate.getEncoded()))).build();
            }
            throw new JOSEException("Couldn't determine EC JWK curve for OID " + obj);
        } catch (Throwable th) {
            throw new JOSEException("Couldn't encode x5c parameter: " + th.getMessage(), th);
        }
    }

    private static boolean signBy(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            x509Certificate.verify(x509Certificate2.getPublicKey());
            return x509Certificate.getIssuerDN().equals(x509Certificate2.getSubjectDN());
        } catch (Throwable unused) {
            return false;
        }
    }
}
