package com.kbstar.kbsign.android;

import com.kbstar.kbbank.starshot.StarShotConstant;
import com.kbstar.kbsign.DerivedPinCipher;
import com.kbstar.kbsign.DerivedPinGenerator;
import com.kbstar.kbsign.android.pinsign.IPINsignSecret;
import com.kbstar.kbsign.util.BytesUtil;
import com.kbstar.kbsign.util.CryptoUtil;
import com.kbstar.kbsign.util.Hex;
import com.wizvera.wcrypto.WHex;
import com.wizvera.wcrypto.jose4j.json.JsonUtil;
import com.wizvera.wcrypto.jose4j.lang.ByteUtil;
import com.wizvera.wcrypto.jose4j.lang.JoseException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;

/* loaded from: classes4.dex */
public class PINsignPin implements IPINsignSecret {
    private static String LOG_TAG = "libKBSign >> PINsignPin";
    private static SecureRandom random = new SecureRandom();
    private String deviceId;
    private String hashPin;
    private byte[] pinNonce;
    private String secretPin;
    private String sharedPin;
    private final String INFOKEY_HASHPIN = StarShotConstant.BundleKeys.ROM_INFO_HASH;
    private final String INFOKEY_SECRETPIN = "secret";
    private byte[] kbSignSecret = null;

    public PINsignPin(String str, String str2) throws AndroidKBsignException {
        try {
            Map<String, Object> parseJson = JsonUtil.parseJson(str);
            if (!parseJson.containsKey(StarShotConstant.BundleKeys.ROM_INFO_HASH) || !parseJson.containsKey("secret")) {
                throw new AndroidKBsignException(AndroidKBsignException.E_InvalidHashedPinInfo, "hashedPin 값이 올바르지 않습니다 ,키가 없음");
            }
            this.hashPin = (String) parseJson.get(StarShotConstant.BundleKeys.ROM_INFO_HASH);
            this.secretPin = (String) parseJson.get("secret");
            this.sharedPin = DerivedPinGenerator.generateSharedPin(this.hashPin);
            this.deviceId = str2;
        } catch (JoseException e) {
            throw new AndroidKBsignException(AndroidKBsignException.E_InvalidHashedPinInfo, "hashedPin 값이 올바르지 않습니다.\n" + e.getMessage());
        }
    }

    public PINsignPin(String str, String str2, String str3) {
        this.deviceId = str3;
        this.hashPin = str;
        this.secretPin = str2;
        this.sharedPin = DerivedPinGenerator.generateSharedPin(str);
    }

    public PINsignPin(char[] cArr, String str) {
        this.deviceId = str;
        String generateHashPin = DerivedPinGenerator.generateHashPin(cArr, str);
        this.hashPin = generateHashPin;
        this.sharedPin = DerivedPinGenerator.generateSharedPin(generateHashPin);
        this.secretPin = DerivedPinGenerator.generateSecretPin(cArr);
    }

    public void clearKbSignSecret() {
        byte[] bArr = this.kbSignSecret;
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
            this.kbSignSecret = null;
        }
    }

    @Override // com.kbstar.kbsign.android.pinsign.IPINsignSecret
    public String generateNonceMac(String str) {
        return CryptoUtil.hmacSHA256Base64Url(this.sharedPin.getBytes(), str.getBytes());
    }

    public String generatePinSecret() throws GeneralSecurityException {
        byte[] bArr = new byte[32];
        random.nextBytes(bArr);
        return generatePinSecret(bArr);
    }

    public String generatePinSecret(byte[] bArr) throws GeneralSecurityException {
        DerivedPinCipher derivedPinCipher = new DerivedPinCipher(this.sharedPin);
        DerivedPinCipher derivedPinCipher2 = new DerivedPinCipher(this.secretPin);
        this.pinNonce = BytesUtil.copy(bArr);
        return derivedPinCipher.encryptBase64Url(derivedPinCipher2.encryptBase64Url(bArr));
    }

    public String getDeviceId() {
        return this.deviceId;
    }

    public String getHashPin() {
        Hex.encode(this.hashPin.getBytes());
        return this.hashPin;
    }

    public String getHashedPinInfo() {
        HashMap hashMap = new HashMap();
        hashMap.put(StarShotConstant.BundleKeys.ROM_INFO_HASH, this.hashPin);
        hashMap.put("secret", this.secretPin);
        return JsonUtil.toJson(hashMap);
    }

    @Override // com.kbstar.kbsign.android.pinsign.IPINsignSecret
    public String getHashedSecret() {
        return getHashPin();
    }

    public byte[] getKbSignSecret() {
        return BytesUtil.copy(this.kbSignSecret);
    }

    public byte[] getPinNonce() {
        return BytesUtil.copy(this.pinNonce);
    }

    public String getSecretPin() {
        return this.secretPin;
    }

    public void makeMasterSecret(String str, String str2) {
        byte[] digestSHA256 = CryptoUtil.digestSHA256(128, ("PINsign30" + this.hashPin + str + getDeviceId()).getBytes(StandardCharsets.UTF_8));
        StringBuilder sb = new StringBuilder();
        sb.append("PINsign30");
        sb.append(str2);
        sb.append(getDeviceId());
        setKbSignSecret(((String) Objects.requireNonNull(WHex.encode(CryptoUtil.digestSHA256(384, ByteUtil.concat(CryptoUtil.digestSHA256(256, sb.toString().getBytes(StandardCharsets.UTF_8)), digestSHA256))))).getBytes());
    }

    public void setKbSignSecret(byte[] bArr) {
        this.kbSignSecret = BytesUtil.copy(bArr);
    }
}
