package com.alignet.securekey.tdscore.tdssdk.utils;

import com.alignet.securekey.tdscore.tdssdk.classes.exceptions.SDKRuntimeException;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWECryptoParts;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.DirectDecrypter;
import com.nimbusds.jose.crypto.DirectEncrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.impl.ConcatKDF;
import com.nimbusds.jose.crypto.impl.ContentCryptoProvider;
import com.nimbusds.jose.crypto.impl.ECDH;
import com.nimbusds.jose.jca.JWEJCAContext;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWTClaimsSet;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECGenParameterSpec;
import javax.crypto.SecretKey;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* compiled from: TDSCrypto.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u00008\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0000\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u0016\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\u0004J\u001e\u0010\b\u001a\u00020\u00042\u0006\u0010\t\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\n\u001a\u00020\u0004J\u001e\u0010\u000b\u001a\u00020\u00062\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u0004J\u0006\u0010\u0011\u001a\u00020\u0012J\u000e\u0010\u0013\u001a\u00020\u00042\u0006\u0010\u0014\u001a\u00020\u0012J*\u0010\u0015\u001a\u0004\u0018\u00010\u00042\u0006\u0010\u0016\u001a\u00020\u00042\u0006\u0010\u0017\u001a\u00020\r2\u0006\u0010\u0018\u001a\u00020\u00042\b\u0010\u0019\u001a\u0004\u0018\u00010\u0004J\"\u0010\u001a\u001a\u0004\u0018\u00010\u00042\u0006\u0010\u0016\u001a\u00020\u00042\u0006\u0010\u0017\u001a\u00020\u001b2\b\u0010\u0019\u001a\u0004\u0018\u00010\u0004J\u000e\u0010\u001c\u001a\u00020\u00042\u0006\u0010\u001d\u001a\u00020\u0004¨\u0006\u001e"}, d2 = {"Lcom/alignet/securekey/tdscore/tdssdk/utils/TDSCrypto;", "", "()V", "decryptCRes", "", "secretKey", "Ljavax/crypto/SecretKey;", "cRes", "encryptCReq", "kid", "cReq", "generateECDHSecret", "pub", "Ljava/security/interfaces/ECPublicKey;", "priv", "Ljava/security/interfaces/ECPrivateKey;", "sdkReferenceId", "generateEphemeralKeyPair", "Ljava/security/KeyPair;", "getSDKEphemeralPublicKey", "keyPair", "jweEncryptUsingEC", "data", "publicKey", "dsId", "kidID", "jweEncryptUsingRSA", "Ljava/security/interfaces/RSAPublicKey;", "jwsValidateSignatureAndReturnBody", "jws", "SecureKey3DS_release"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes.dex */
public final class TDSCrypto {
    public final String decryptCRes(SecretKey secretKey, String cRes) throws SDKRuntimeException {
        Intrinsics.checkNotNullParameter(secretKey, "secretKey");
        Intrinsics.checkNotNullParameter(cRes, "cRes");
        try {
            DirectDecrypter directDecrypter = new DirectDecrypter(secretKey);
            JWEObject jweObject = JWEObject.parse(cRes);
            Intrinsics.checkNotNullExpressionValue(jweObject, "jweObject");
            for (Base64URL base64URL : jweObject.getParsedParts()) {
                String base64URL2 = base64URL.toString();
                Intrinsics.checkNotNullExpressionValue(base64URL2, "parsePart.toString()");
                if (!UtilsExtensionKt.isValidBase64Url(base64URL2)) {
                    throw new SDKRuntimeException("Error to decrypt CRes", null, null, 6, null);
                }
            }
            jweObject.decrypt(directDecrypter);
            String payload = jweObject.getPayload().toString();
            Intrinsics.checkNotNullExpressionValue(payload, "jweObject.payload.toString()");
            return payload;
        } catch (Exception unused) {
            throw new SDKRuntimeException("Error to decrypt CRes", null, null, 6, null);
        }
    }

    public final String encryptCReq(String kid, SecretKey secretKey, String cReq) throws SDKRuntimeException {
        Intrinsics.checkNotNullParameter(kid, "kid");
        Intrinsics.checkNotNullParameter(secretKey, "secretKey");
        Intrinsics.checkNotNullParameter(cReq, "cReq");
        try {
            JWEHeader build = new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A128CBC_HS256).keyID(kid).build();
            Payload payload = new Payload(cReq);
            DirectEncrypter directEncrypter = new DirectEncrypter(secretKey);
            JWEObject jWEObject = new JWEObject(build, payload);
            jWEObject.encrypt(directEncrypter);
            String serialize = jWEObject.serialize();
            Intrinsics.checkNotNullExpressionValue(serialize, "jweObject.serialize()");
            return serialize;
        } catch (Exception unused) {
            throw new SDKRuntimeException("Error to encrypt CReq", null, null, 6, null);
        }
    }

    public final SecretKey generateECDHSecret(ECPublicKey pub, ECPrivateKey priv, String sdkReferenceId) throws SDKRuntimeException {
        Intrinsics.checkNotNullParameter(pub, "pub");
        Intrinsics.checkNotNullParameter(priv, "priv");
        Intrinsics.checkNotNullParameter(sdkReferenceId, "sdkReferenceId");
        try {
            SecretKey deriveSharedSecret = ECDH.deriveSharedSecret(pub, priv, null);
            SecretKey deriveKey = new ConcatKDF(McElieceCCA2KeyGenParameterSpec.SHA256).deriveKey(deriveSharedSecret, 256, ConcatKDF.encodeStringData(null), ConcatKDF.encodeDataWithLength((Base64URL) null), ConcatKDF.encodeDataWithLength(Base64URL.encode(sdkReferenceId)), ConcatKDF.encodeIntData(256), ConcatKDF.encodeNoData());
            Intrinsics.checkNotNullExpressionValue(deriveKey, "kdf.deriveKey(\n         …odeNoData()\n            )");
            return deriveKey;
        } catch (Exception unused) {
            throw new SDKRuntimeException("Error to generate SecretKey", null, null, 6, null);
        }
    }

    public final KeyPair generateEphemeralKeyPair() throws SDKRuntimeException {
        try {
            BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
            ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec("P-256");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDH", bouncyCastleProvider);
            keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Intrinsics.checkNotNullExpressionValue(generateKeyPair, "g.generateKeyPair()");
            return generateKeyPair;
        } catch (InvalidAlgorithmParameterException unused) {
            throw new SDKRuntimeException("Invalid algorithm to generate EphemeralKeyPai", null, null, 6, null);
        } catch (NoSuchAlgorithmException unused2) {
            throw new SDKRuntimeException("No such algorithm to generate EphemeralKeyPai", null, null, 6, null);
        } catch (Exception unused3) {
            throw new SDKRuntimeException("An error occurred while generating EphemeralKeyPair", null, null, 6, null);
        }
    }

    public final String getSDKEphemeralPublicKey(KeyPair keyPair) throws SDKRuntimeException {
        Intrinsics.checkNotNullParameter(keyPair, "keyPair");
        try {
            Curve curve = Curve.P_256;
            PublicKey publicKey = keyPair.getPublic();
            if (publicKey == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
            }
            ECKey.Builder builder = new ECKey.Builder(curve, (ECPublicKey) publicKey);
            PrivateKey privateKey = keyPair.getPrivate();
            if (privateKey == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.ECPrivateKey");
            }
            String jSONString = builder.privateKey((ECPrivateKey) privateKey).build().toJSONString();
            Intrinsics.checkNotNullExpressionValue(jSONString, "jwk.toJSONString()");
            return jSONString;
        } catch (Exception unused) {
            throw new SDKRuntimeException("Error to generate SDKEphemeralPublicKey", null, null, 6, null);
        }
    }

    public final String jweEncryptUsingEC(String data, ECPublicKey publicKey, String dsId, String kidID) {
        Intrinsics.checkNotNullParameter(data, "data");
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        Intrinsics.checkNotNullParameter(dsId, "dsId");
        try {
            KeyPair generateEphemeralKeyPair = generateEphemeralKeyPair();
            PrivateKey privateKey = generateEphemeralKeyPair.getPrivate();
            if (privateKey == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.ECPrivateKey");
            }
            SecretKey generateECDHSecret = generateECDHSecret(publicKey, (ECPrivateKey) privateKey, dsId);
            Curve curve = Curve.P_256;
            PublicKey publicKey2 = generateEphemeralKeyPair.getPublic();
            if (publicKey2 == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
            }
            JWECryptoParts jweCryptoParts = ContentCryptoProvider.encrypt(new JWEHeader.Builder(JWEAlgorithm.ECDH_ES, EncryptionMethod.A128CBC_HS256).keyID(kidID).ephemeralPublicKey(ECKey.parse(new ECKey.Builder(curve, (ECPublicKey) publicKey2).build().toJSONString())).agreementPartyVInfo(Base64URL.encode(dsId)).build(), new Payload(data).toBytes(), generateECDHSecret, null, new JWEJCAContext());
            Intrinsics.checkNotNullExpressionValue(jweCryptoParts, "jweCryptoParts");
            return new JWEObject(jweCryptoParts.getHeader().toBase64URL(), jweCryptoParts.getEncryptedKey(), jweCryptoParts.getInitializationVector(), jweCryptoParts.getCipherText(), jweCryptoParts.getAuthenticationTag()).serialize();
        } catch (Exception unused) {
            return null;
        }
    }

    public final String jweEncryptUsingRSA(String data, RSAPublicKey publicKey, String kidID) {
        Intrinsics.checkNotNullParameter(data, "data");
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        try {
            EncryptedJWT encryptedJWT = new EncryptedJWT(new JWEHeader.Builder(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A128CBC_HS256).keyID(kidID).build(), JWTClaimsSet.parse(data));
            encryptedJWT.encrypt(new RSAEncrypter(publicKey));
            return encryptedJWT.serialize();
        } catch (Exception unused) {
            return null;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:28:0x010e A[Catch: Exception -> 0x0142, ParseException -> 0x0151, TryCatch #2 {ParseException -> 0x0151, Exception -> 0x0142, blocks: (B:3:0x0007, B:5:0x0019, B:7:0x002a, B:9:0x002d, B:10:0x003b, B:13:0x003c, B:15:0x005d, B:18:0x0072, B:21:0x007b, B:23:0x0083, B:25:0x00a7, B:26:0x0108, B:28:0x010e, B:30:0x011c, B:31:0x012a, B:32:0x00af, B:33:0x00b6, B:34:0x00b7, B:35:0x00c5, B:36:0x00c6, B:38:0x00ea, B:39:0x012b, B:40:0x0132, B:41:0x0133, B:42:0x0141), top: B:2:0x0007 }] */
    /* JADX WARN: Removed duplicated region for block: B:30:0x011c A[Catch: Exception -> 0x0142, ParseException -> 0x0151, TryCatch #2 {ParseException -> 0x0151, Exception -> 0x0142, blocks: (B:3:0x0007, B:5:0x0019, B:7:0x002a, B:9:0x002d, B:10:0x003b, B:13:0x003c, B:15:0x005d, B:18:0x0072, B:21:0x007b, B:23:0x0083, B:25:0x00a7, B:26:0x0108, B:28:0x010e, B:30:0x011c, B:31:0x012a, B:32:0x00af, B:33:0x00b6, B:34:0x00b7, B:35:0x00c5, B:36:0x00c6, B:38:0x00ea, B:39:0x012b, B:40:0x0132, B:41:0x0133, B:42:0x0141), top: B:2:0x0007 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.String jwsValidateSignatureAndReturnBody(java.lang.String r12) throws com.alignet.securekey.tdscore.tdssdk.classes.exceptions.SDKRuntimeException {
        /*
            Method dump skipped, instructions count: 352
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.alignet.securekey.tdscore.tdssdk.utils.TDSCrypto.jwsValidateSignatureAndReturnBody(java.lang.String):java.lang.String");
    }
}
