package ee.cyber.tse.v11.cryptolib.internal.impl;

import android.text.TextUtils;
import android.util.Pair;
import com.iproov.sdk.bridge.OptionsBridge;
import defpackage.C0233fc;
import defpackage.C0237fg;
import defpackage.C0239fi;
import defpackage.C0242fk;
import defpackage.C0243fl;
import defpackage.C0245fn;
import defpackage.C0246fo;
import defpackage.C0395lb;
import defpackage.C0400lj;
import defpackage.JSONObjectUtils1;
import defpackage.ReadIDData;
import defpackage.getAccessControlErrorCountui_core_release;
import defpackage.getDocumentInfoui_core_release;
import defpackage.pL;
import ee.cyber.tse.v11.cryptolib.internal.inter.CryptoOpInternal;
import ee.cyber.tse.v11.cryptolib.internal.inter.EncodingOpInternal;
import ee.cyber.tse.v11.cryptolib.internal.util.ValidationUtil;
import ee.cyber.tse.v11.inter.cryptolib.CryptoLib;
import ee.cyber.tse.v11.inter.cryptolib.dto.CryptoRuntimeException;
import ee.cyber.tse.v11.inter.dto.CompositeModulusValidationFailedException;
import ee.cyber.tse.v11.internal.dto.ClientShare;
import ee.cyber.tse.v11.internal.dto.ClientShareHmacAlgorithm;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.text.ParseException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.cert.X509Certificate;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.crypto.util.DigestFactory;
import org.bouncycastle.util.encoders.Base64;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public final class CryptoOpImpl implements CryptoOpInternal {
    private final EncodingOpInternal i;
    private static C0242fk e = C0242fk.d;
    private static C0233fc d = C0233fc.d;

    /* renamed from: c, reason: collision with root package name */
    private final byte[] f2487c = {0};
    private final int a = 128;
    private final int b = 1;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: ee.cyber.tse.v11.cryptolib.internal.impl.CryptoOpImpl$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] e;

        static {
            int[] iArr = new int[ClientShareHmacAlgorithm.values().length];
            e = iArr;
            try {
                iArr[ClientShareHmacAlgorithm.HMAC_SHA256.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                e[ClientShareHmacAlgorithm.HMAC_SHA1.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    public CryptoOpImpl(EncodingOpInternal encodingOpInternal) {
        this.i = encodingOpInternal;
    }

    private static C0243fl a(String str) {
        ValidationUtil.throwIfEmpty(str, "The \"jwsString\" parameter can't be empty or null!");
        try {
            return C0243fl.d(str);
        } catch (ParseException unused) {
            throw new CryptoRuntimeException(120, "Unable to parse the \"jwsString\".");
        }
    }

    private byte[] a(byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2, ClientShareHmacAlgorithm clientShareHmacAlgorithm) {
        int i3 = AnonymousClass1.e[clientShareHmacAlgorithm.ordinal()];
        Digest createSHA1 = i3 != 1 ? i3 != 2 ? null : DigestFactory.createSHA1() : DigestFactory.createSHA256();
        if (createSHA1 == null) {
            throw new CryptoRuntimeException(120, "Unknown HMAC algorithm value!");
        }
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(createSHA1);
        pKCS5S2ParametersGenerator.init(bArr, bArr2, 1);
        ParametersWithIV parametersWithIV = (ParametersWithIV) pKCS5S2ParametersGenerator.generateDerivedParameters(128, 128);
        byte[] key = ((KeyParameter) parametersWithIV.getParameters()).getKey();
        byte[] iv = parametersWithIV.getIV();
        SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
        IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
        if (i == 1) {
            return c(i, secretKeySpec, ivParameterSpec, this.i.padToSize(this.i.encodePositiveBigIntegerAsBytes(new BigInteger(bArr3)), i2));
        }
        if (i == 2) {
            return c(i, secretKeySpec, ivParameterSpec, bArr3);
        }
        throw new CryptoRuntimeException(105, "Illegal Cipher mode!");
    }

    private RSAPublicKey c(String str, String str2) {
        ValidationUtil.throwIfEmpty(str, "The \"base64EncodedModulus\" parameter can't be null!");
        ValidationUtil.throwIfEmpty(str2, "The \"base64EncodedExponent\" parameter can't be null!");
        try {
            PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(this.i.decodeDecimalFromBase64(str), this.i.decodeDecimalFromBase64(str2)));
            if (generatePublic instanceof RSAPublicKey) {
                return (RSAPublicKey) generatePublic;
            }
            StringBuilder sb = new StringBuilder("Invalid public key type \"");
            sb.append(generatePublic != null ? generatePublic.getAlgorithm() : OptionsBridge.NULL_VALUE);
            sb.append("\"!");
            throw new CryptoRuntimeException(116, sb.toString());
        } catch (NoSuchAlgorithmException e2) {
            throw new CryptoRuntimeException(116, e2.getMessage());
        } catch (InvalidKeySpecException e3) {
            throw new CryptoRuntimeException(116, e3.getMessage());
        } catch (Throwable th) {
            if (th instanceof CryptoRuntimeException) {
                throw th;
            }
            throw new CryptoRuntimeException(116, th.getMessage());
        }
    }

    private static byte[] c(int i, SecretKeySpec secretKeySpec, IvParameterSpec ivParameterSpec, byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            cipher.init(i, secretKeySpec, ivParameterSpec);
            return cipher.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e2) {
            throw new CryptoRuntimeException(104, e2.getMessage());
        }
    }

    private RSAPublicKey e(String str) {
        ValidationUtil.throwIfEmpty(str, "base64EncodedKey parameter can't be null!");
        try {
            return (RSAPublicKey) X509Certificate.getInstance(this.i.decodeBytesFromBase64(str)).getPublicKey();
        } catch (Throwable th) {
            throw new CryptoRuntimeException(116, th.getMessage());
        }
    }

    protected final Object clone() {
        throw new CloneNotSupportedException();
    }

    @Override // ee.cyber.tse.v11.cryptolib.internal.inter.CryptoOpInternal
    public final C0245fn decryptFromTEKEncryptedJWE(String str, byte[] bArr, String str2, String str3, String str4) {
        ValidationUtil.throwIfEmpty(str, "The \"encryptedJWEString\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(bArr, "The \"keyMaterial\" parameter can't be null!");
        ValidationUtil.throwIfEmpty(str4, "The \"audience\" parameter can't be null!");
        try {
            C0245fn b = C0245fn.b(str);
            C0237fg c0237fg = b.f2613c;
            if (c0237fg == null) {
                throw new CryptoRuntimeException(120, "Illegal \"encryptedJWEString\" value supplied, the header is missing!");
            }
            String str5 = "NULL";
            if (c0237fg.f() == null || !c0237fg.f().equals(e)) {
                StringBuilder sb = new StringBuilder("Encryption algorithm \"");
                String str6 = str5;
                if (c0237fg.f() != null) {
                    str6 = c0237fg.f().f4215c;
                }
                sb.append(str6);
                sb.append("\" not supported!");
                throw new CryptoRuntimeException(128, sb.toString());
            }
            if (c0237fg.f2588c == null || !c0237fg.f2588c.equals(d)) {
                StringBuilder sb2 = new StringBuilder("Encryption method \"");
                String str7 = str5;
                if (c0237fg.f2588c != null) {
                    str7 = c0237fg.f2588c.f4215c;
                }
                sb2.append(str7);
                sb2.append("\" not supported!");
                throw new CryptoRuntimeException(127, sb2.toString());
            }
            if (!TextUtils.isEmpty(str2) && !TextUtils.equals(readKeyIdFromJOSEJWE(b), str2)) {
                StringBuilder sb3 = new StringBuilder("Encryption key id \"");
                sb3.append(c0237fg.d());
                sb3.append("\" does not match the required value \"");
                sb3.append(str2);
                sb3.append("\"");
                throw new CryptoRuntimeException(129, sb3.toString());
            }
            if (!TextUtils.isEmpty(str3) && (!(c0237fg.a.get("keyUUID") instanceof String) || !TextUtils.equals((String) c0237fg.a.get("keyUUID"), str3))) {
                StringBuilder sb4 = new StringBuilder("Encryption key UUID \"");
                sb4.append(c0237fg.a.get("keyUUID"));
                sb4.append("\" does not match the required value \"");
                sb4.append(str3);
                sb4.append("\"");
                throw new CryptoRuntimeException(129, sb4.toString());
            }
            if ((c0237fg.a.get("aud") instanceof String) && TextUtils.equals((String) c0237fg.a.get("aud"), str4)) {
                try {
                    b.c(new ReadIDData(bArr));
                    return b;
                } catch (pL e2) {
                    throw new CryptoRuntimeException(104, e2.getMessage());
                } catch (Throwable th) {
                    throw new CryptoRuntimeException(104, th.getMessage());
                }
            }
            StringBuilder sb5 = new StringBuilder("Encryption audience \"");
            Object obj = str5;
            if (c0237fg.a.get("aud") != null) {
                obj = c0237fg.a.get("aud");
            }
            sb5.append(obj);
            sb5.append("\" not allowed!");
            throw new CryptoRuntimeException(130, sb5.toString());
        } catch (ParseException e3) {
            throw new CryptoRuntimeException(120, e3.getMessage());
        } catch (Throwable th2) {
            throw new CryptoRuntimeException(120, th2.getMessage());
        }
    }

    @Override // ee.cyber.tse.v11.cryptolib.internal.inter.CryptoOpInternal
    public final BigInteger decryptKey(ClientShare clientShare, String str) {
        ValidationUtil.throwIfNull((Serializable) clientShare, "The \"clientShare\" can't be null!");
        ValidationUtil.throwIfNull((Serializable) str, "The \"pin\" can't be null!");
        ClientShareHmacAlgorithm hmacAlgorithm = clientShare.getHmacAlgorithm();
        return new BigInteger(1, a(str.getBytes(CryptoLib.INSTANCE.getDefaultEncoding()), this.f2487c, Base64.decode(clientShare.getKeyShare()), 2, clientShare.getKeySize(), hmacAlgorithm));
    }

    @Override // ee.cyber.tse.v11.cryptolib.internal.inter.CryptoOpInternal
    public final ClientShare encryptKey(BigInteger bigInteger, String str, int i) {
        ValidationUtil.throwIfNull((Serializable) str, "Pin parameter can't be null!");
        ValidationUtil.throwIfNull((Serializable) bigInteger, "Key parameter can't be null!");
        ClientShareHmacAlgorithm clientShareHmacAlgorithm = ClientShareHmacAlgorithm.HMAC_SHA256;
        try {
            return new ClientShare(Base64.toBase64String(a(str.getBytes("UTF-8"), this.f2487c, bigInteger.toByteArray(), 1, i, clientShareHmacAlgorithm)), i, clientShareHmacAlgorithm);
        } catch (UnsupportedEncodingException unused) {
            throw new CryptoRuntimeException(115, "Unsupported encoding");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // ee.cyber.tse.v11.cryptolib.internal.inter.CryptoOpInternal
    public final String encryptToKTKEncryptedJWE(byte[] bArr, String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        ValidationUtil.throwIfNull((Serializable) bArr, "The \"payload\" parameter can't be null!");
        ValidationUtil.throwIfEmpty(str, "The \"base64EncodedModulus\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str2, "The \"base64EncodedExponent\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str4, "The \"algorithmName\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str5, "The \"encodingName\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str3, "The \"keyId\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str6, "The \"audience\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str7, "The \"purpose\" parameter can't be empty or null!");
        try {
            RSAPublicKey c2 = c(str, str2);
            try {
                C0237fg.IconCompatParcelizer iconCompatParcelizer = new C0237fg.IconCompatParcelizer(C0242fk.a(str4), C0233fc.b(str5));
                iconCompatParcelizer.j = str3;
                C0245fn c0245fn = new C0245fn(iconCompatParcelizer.a("aud", str6).a("purpose", str7).c(), new C0400lj(bArr));
                c0245fn.c(new getDocumentInfoui_core_release(c2));
                return c0245fn.c();
            } catch (CryptoRuntimeException e2) {
                throw e2;
            } catch (pL e3) {
                throw new CryptoRuntimeException(104, e3.getMessage());
            } catch (Exception e4) {
                throw new CryptoRuntimeException(104, e4.getMessage());
            }
        } catch (Exception e5) {
            throw new CryptoRuntimeException(116, e5.getMessage());
        }
    }

    @Override // ee.cyber.tse.v11.cryptolib.internal.inter.CryptoOpInternal
    public final String encryptToTEKEncryptedJWE(String str, byte[] bArr, String str2, String str3, String str4) {
        ValidationUtil.throwIfEmpty(str, "The \"contentString\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(bArr, "The \"keyMaterial\" parameter can't be null!");
        ValidationUtil.throwIfEmpty(str2, "The \"keyId\" parameter can't be null!");
        ValidationUtil.throwIfEmpty(str3, "The \"keyUUID\" parameter can't be null!");
        ValidationUtil.throwIfEmpty(str4, "The \"audience\" parameter can't be null!");
        C0237fg.IconCompatParcelizer iconCompatParcelizer = new C0237fg.IconCompatParcelizer(e, d);
        iconCompatParcelizer.j = str2;
        iconCompatParcelizer.a("keyUUID", str3);
        iconCompatParcelizer.a("aud", str4);
        try {
            C0245fn c0245fn = new C0245fn(iconCompatParcelizer.c(), new C0400lj(str));
            try {
                c0245fn.c(new getAccessControlErrorCountui_core_release(bArr));
                return c0245fn.c();
            } catch (C0395lb e2) {
                throw new CryptoRuntimeException(104, e2.getMessage());
            } catch (pL e3) {
                throw new CryptoRuntimeException(104, e3.getMessage());
            } catch (Throwable th) {
                throw new CryptoRuntimeException(104, th.getMessage());
            }
        } catch (IllegalArgumentException e4) {
            throw new CryptoRuntimeException(120, e4.getMessage());
        } catch (Throwable th2) {
            throw new CryptoRuntimeException(120, th2.getMessage());
        }
    }

    @Override // ee.cyber.tse.v11.inter.cryptolib.CryptoOp
    public final String parseRSAPublicKeyModulusFromCertificate(String str) {
        ValidationUtil.throwIfEmpty(str, "Parameter certificateBase64 can't be empty or null!");
        try {
            return this.i.encodeDecimalToBase64(e(str).getModulus());
        } catch (Throwable th) {
            throw new CryptoRuntimeException(116, th.getMessage());
        }
    }

    @Override // ee.cyber.tse.v11.cryptolib.internal.inter.CryptoOpInternal
    public final String readKeyIdFromJOSEJWE(C0245fn c0245fn) {
        ValidationUtil.throwIfNull((Serializable) c0245fn, "The \"jweObject\" parameter can't be null!");
        if (c0245fn.f2613c != null) {
            return c0245fn.f2613c.d();
        }
        return null;
    }

    @Override // ee.cyber.tse.v11.cryptolib.internal.inter.CryptoOpInternal
    public final String readKeyIdFromJOSEJWS(String str) {
        ValidationUtil.throwIfNull((Serializable) str, "The \"signedJWSString\" parameter can't be null!");
        try {
            C0239fi c0239fi = C0243fl.d(str).f2607c;
            if (c0239fi != null) {
                return c0239fi.d();
            }
            throw new CryptoRuntimeException(120, "JWS header is missing!");
        } catch (ParseException e2) {
            throw new CryptoRuntimeException(120, e2.getMessage());
        } catch (Throwable th) {
            throw new CryptoRuntimeException(120, th.getMessage());
        }
    }

    @Override // ee.cyber.tse.v11.cryptolib.internal.inter.CryptoOpInternal
    public final boolean verifyKTKSignedJWS(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        ValidationUtil.throwIfEmpty(str, "The \"jwsString\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str2, "The \"base64EncodedModulus\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str3, "The \"base64EncodedExponent\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str4, "The \"ktkKeyId\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str5, "The \"keyUUID\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str6, "The \"audience\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str7, "The \"purpose\" parameter can't be empty or null!");
        C0243fl a = a(str);
        C0239fi c0239fi = a.f2607c;
        if (c0239fi == null) {
            throw new CryptoRuntimeException(120, "JWS header is missing!");
        }
        if (c0239fi.b() == null || !(c0239fi.b().equals(C0246fo.j) || c0239fi.b().equals(C0246fo.h) || c0239fi.b().equals(C0246fo.i))) {
            StringBuilder sb = new StringBuilder("Signature algorithm \"");
            sb.append(c0239fi.b() != null ? c0239fi.b().f4215c : "NULL");
            sb.append("\" not allowed!");
            throw new CryptoRuntimeException(126, sb.toString());
        }
        if (!TextUtils.equals(c0239fi.d(), str4)) {
            StringBuilder sb2 = new StringBuilder("Signature ktkKeyId header value \"");
            sb2.append(c0239fi.d());
            sb2.append("\" does not match the required value \"");
            sb2.append(str4);
            sb2.append("\"");
            throw new CryptoRuntimeException(129, sb2.toString());
        }
        if (!(c0239fi.a.get("keyUUID") instanceof String) || !TextUtils.equals((String) c0239fi.a.get("keyUUID"), str5)) {
            StringBuilder sb3 = new StringBuilder("Signature keyUUID header value \"");
            sb3.append(c0239fi.a.get("keyUUID"));
            sb3.append("\" does not match the required value \"");
            sb3.append(str5);
            sb3.append("\"");
            throw new CryptoRuntimeException(129, sb3.toString());
        }
        if (!(c0239fi.a.get("aud") instanceof String) || !TextUtils.equals((String) c0239fi.a.get("aud"), str6)) {
            StringBuilder sb4 = new StringBuilder("Signature audience header value \"");
            sb4.append(c0239fi.a.get("aud"));
            sb4.append("\" does not match the required value \"");
            sb4.append(str6);
            sb4.append("\"");
            throw new CryptoRuntimeException(130, sb4.toString());
        }
        if (!(c0239fi.a.get("purpose") instanceof String) || !TextUtils.equals((String) c0239fi.a.get("purpose"), str7)) {
            StringBuilder sb5 = new StringBuilder("Signature purpose header value \"");
            sb5.append(c0239fi.a.get("purpose"));
            sb5.append("\" does not match the required value \"");
            sb5.append(str7);
            sb5.append("\"");
            throw new CryptoRuntimeException(133, sb5.toString());
        }
        try {
            try {
                return a.e(new JSONObjectUtils1(c(str2, str3)));
            } catch (pL e2) {
                throw new CryptoRuntimeException(104, e2.getMessage());
            } catch (Throwable th) {
                throw new CryptoRuntimeException(104, th.getMessage());
            }
        } catch (CryptoRuntimeException e3) {
            throw new CryptoRuntimeException(116, e3.getMessage());
        }
    }

    @Override // ee.cyber.tse.v11.cryptolib.internal.inter.CryptoOpInternal
    public final boolean verifyKTKSignedJWSAndCheckForRequiredContentValues(String str, String str2, String str3, String str4, String str5, String str6, String str7, Pair<String, String>[] pairArr) {
        ValidationUtil.throwIfEmpty(str, "The \"jwsString\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str2, "The \"base64EncodedModulus\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str3, "The \"base64EncodedExponent\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str4, "The \"keyId\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str5, "The \"keyUUID\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str6, "The \"audience\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(str7, "The \"purpose\" parameter can't be empty or null!");
        ValidationUtil.throwIfEmpty(pairArr, "The \"requiredContent\" parameter can't be empty or null!");
        if (!verifyKTKSignedJWS(str, str2, str3, str4, str5, str6, str7)) {
            return false;
        }
        try {
            JSONObject jSONObject = new JSONObject(a(str).d.toString());
            boolean z = true;
            for (Pair<String, String> pair : pairArr) {
                if (pair == null || TextUtils.isEmpty((CharSequence) pair.first)) {
                    throw new CryptoRuntimeException(120, "Invalid key and/or value inside the \"requiredContent\" array! Please check that all keys and values are non-NULL.");
                }
                z = TextUtils.equals(jSONObject.optString((String) pair.first, null), (CharSequence) pair.second) && z;
            }
            return z;
        } catch (JSONException unused) {
            throw new CryptoRuntimeException(120, "Unable to parse the JWS payload to a JSON object");
        }
    }

    @Override // ee.cyber.tse.v11.cryptolib.internal.inter.CryptoOpInternal
    public final boolean verifyKeyCompositeModulusAgainstClientModulus(String str, String str2) {
        if (str == null || TextUtils.isEmpty(str)) {
            throw new CompositeModulusValidationFailedException("Composite modulus validation failed. Composite modulus value can't be null or empty!", null);
        }
        try {
            return this.i.decodeDecimalFromBase64(str).mod(this.i.decodeDecimalFromBase64(str2)).equals(BigInteger.ZERO);
        } catch (Throwable th) {
            throw new CompositeModulusValidationFailedException("Composite modulus validation failed. See the stacktrace.", th);
        }
    }
}
