package com.judopay.judo3ds2.security;

import com.facebook.share.internal.MessengerShareContentUtility;
import com.google.gson.reflect.TypeToken;
import com.judopay.judo3ds2.ConstantsKt;
import com.judopay.judo3ds2.ValidationFunctionsKt;
import com.judopay.judo3ds2.api.JsonParser;
import com.judopay.judo3ds2.api.model.CRes;
import com.judopay.judo3ds2.exception.CounterException;
import com.judopay.judo3ds2.exception.SDKRuntimeException;
import com.judopay.judo3ds2.security.Crypto;
import com.judopay.judo3ds2.ui.challenge.model.ChallengeExtra;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.DirectDecrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWTClaimsSet;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.SecretKey;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.jvm.internal.StringCompanionObject;
import kotlin.text.Charsets;
import kotlin.text.StringsKt__StringsKt;
import org.apache.commons.beanutils.PropertyUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.json.JSONObject;

@Metadata(d1 = {"\u0000^\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u0005\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010$\n\u0000\n\u0002\u0010\u0002\n\u0000\b\u0000\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u0016\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rJ \u0010\u000e\u001a\u00020\u000b2\u0006\u0010\u000f\u001a\u00020\u000b2\b\u0010\u0010\u001a\u0004\u0018\u00010\u00112\u0006\u0010\u0012\u001a\u00020\u000bJ\u0016\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u000b2\u0006\u0010\u0010\u001a\u00020\u0016J \u0010\u0017\u001a\u00020\u000b2\u0006\u0010\u000f\u001a\u00020\u000b2\u0006\u0010\u0010\u001a\u00020\u00162\u0006\u0010\u0018\u001a\u00020\u000bH\u0002J\u0018\u0010\u0019\u001a\u00020\u000b2\u0006\u0010\u000f\u001a\u00020\u000b2\u0006\u0010\u0010\u001a\u00020\u001aH\u0002J\u0010\u0010\u001b\u001a\u00020\u001c2\b\u0010\u001d\u001a\u0004\u0018\u00010\u000bJ\u001a\u0010\u001e\u001a\u00020\u00162\u0012\u0010\u0010\u001a\u000e\u0012\u0004\u0012\u00020\u000b\u0012\u0004\u0012\u00020\u00010\u001fJ\u000e\u0010 \u001a\u00020!2\u0006\u0010\n\u001a\u00020\u000bR\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082.¢\u0006\u0002\n\u0000¨\u0006\""}, d2 = {"Lcom/judopay/judo3ds2/security/EncryptionService;", "", "()V", "sdkCounterAtoS", "", "sdkCounterStoA", "secret", "Ljavax/crypto/SecretKey;", "decryptCRes", "Lcom/judopay/judo3ds2/api/model/CRes;", "message", "", "challengeExtra", "Lcom/judopay/judo3ds2/ui/challenge/model/ChallengeExtra;", "encrypt", "deviceData", "publicKey", "Ljava/security/PublicKey;", "directoryServerId", "encryptPayload", "", MessengerShareContentUtility.ATTACHMENT_PAYLOAD, "Ljava/security/interfaces/ECPublicKey;", "jweEncryptEC", "dsId", "jweEncryptRSA", "Ljava/security/interfaces/RSAPublicKey;", "jwsValidateSignature", "Lcom/judopay/judo3ds2/api/model/AcsContent;", "jws", "parseKey", "", "validateCRes", "", "Judo3DS2_release"}, k = 1, mv = {1, 8, 0}, xi = 48)
@SourceDebugExtension({"SMAP\nEncryptionService.kt\nKotlin\n*S Kotlin\n*F\n+ 1 EncryptionService.kt\ncom/judopay/judo3ds2/security/EncryptionService\n+ 2 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n+ 3 JsonParser.kt\ncom/judopay/judo3ds2/api/JsonParser\n*L\n1#1,241:1\n1855#2,2:242\n1855#2,2:246\n14#3,2:244\n14#3,2:248\n*S KotlinDebug\n*F\n+ 1 EncryptionService.kt\ncom/judopay/judo3ds2/security/EncryptionService\n*L\n89#1:242,2\n154#1:246,2\n114#1:244,2\n173#1:248,2\n*E\n"})
/* loaded from: classes3.dex */
public final class EncryptionService {
    private byte sdkCounterAtoS;
    private byte sdkCounterStoA;
    private SecretKey secret;

    private final String jweEncryptEC(String deviceData, ECPublicKey publicKey, String dsId) {
        try {
            Crypto.Companion companion = Crypto.INSTANCE;
            KeyPair generateEphemeralKeyPair = companion.generateEphemeralKeyPair();
            PrivateKey privateKey = generateEphemeralKeyPair.getPrivate();
            Intrinsics.checkNotNullExpressionValue(privateKey, "sdkEphemeralKeyPair.private");
            companion.setPrivateKey(privateKey);
            PublicKey publicKey2 = generateEphemeralKeyPair.getPublic();
            Intrinsics.checkNotNullExpressionValue(publicKey2, "sdkEphemeralKeyPair.public");
            companion.setPublicKey(publicKey2);
            JWTClaimsSet parse = JWTClaimsSet.parse(deviceData);
            PrivateKey privateKey2 = companion.getPrivateKey();
            Intrinsics.checkNotNull(privateKey2, "null cannot be cast to non-null type java.security.interfaces.ECPrivateKey");
            SecretKey generateECDHSecret = companion.generateECDHSecret(publicKey, (ECPrivateKey) privateKey2, dsId);
            Curve curve = Curve.P_256;
            PublicKey publicKey3 = companion.getPublicKey();
            Intrinsics.checkNotNull(publicKey3, "null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
            EncryptedJWT encryptedJWT = new EncryptedJWT(new JWEHeader.Builder(JWEAlgorithm.ECDH_ES, EncryptionMethod.A128CBC_HS256).ephemeralPublicKey(ECKey.parse(new ECKey.Builder(curve, (ECPublicKey) publicKey3).build().toJSONString())).build(), parse);
            encryptedJWT.encrypt(new TransactionEncrypter(generateECDHSecret, publicKey));
            String serialize = encryptedJWT.serialize();
            Intrinsics.checkNotNullExpressionValue(serialize, "{\n        val sdkEphemer…    jwt.serialize()\n    }");
            return serialize;
        } catch (Exception e2) {
            throw new SDKRuntimeException(ConstantsKt.EC_ENCRYPTION_FAILED, null, e2, 2, null);
        }
    }

    private final String jweEncryptRSA(String deviceData, RSAPublicKey publicKey) {
        try {
            Crypto.Companion companion = Crypto.INSTANCE;
            KeyPair generateEphemeralKeyPair = companion.generateEphemeralKeyPair();
            PrivateKey privateKey = generateEphemeralKeyPair.getPrivate();
            Intrinsics.checkNotNullExpressionValue(privateKey, "sdkEphemeralKeyPair.private");
            companion.setPrivateKey(privateKey);
            PublicKey publicKey2 = generateEphemeralKeyPair.getPublic();
            Intrinsics.checkNotNullExpressionValue(publicKey2, "sdkEphemeralKeyPair.public");
            companion.setPublicKey(publicKey2);
            EncryptedJWT encryptedJWT = new EncryptedJWT(new JWEHeader(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A128CBC_HS256), JWTClaimsSet.parse(deviceData));
            encryptedJWT.encrypt(new RSAEncrypter(publicKey));
            String serialize = encryptedJWT.serialize();
            Intrinsics.checkNotNullExpressionValue(serialize, "{\n        val sdkEphemer…    jwt.serialize()\n    }");
            return serialize;
        } catch (Exception e2) {
            throw new SDKRuntimeException(ConstantsKt.RSA_ENCRYPTION_FAILED, null, e2, 2, null);
        }
    }

    @NotNull
    public final CRes decryptCRes(@NotNull String message, @NotNull ChallengeExtra challengeExtra) {
        Intrinsics.checkNotNullParameter(message, "message");
        Intrinsics.checkNotNullParameter(challengeExtra, "challengeExtra");
        SecretKey secretKey = this.secret;
        if (secretKey == null) {
            Intrinsics.throwUninitializedPropertyAccessException("secret");
            secretKey = null;
        }
        byte[] encoded = secretKey.getEncoded();
        JWEObject parse = JWEObject.parse(message);
        if (Intrinsics.areEqual(parse.getHeader().getEncryptionMethod(), EncryptionMethod.A128GCM)) {
            encoded = Arrays.copyOfRange(encoded, encoded.length - 16, encoded.length);
        }
        parse.decrypt(new DirectDecrypter(encoded));
        JsonParser jsonParser = JsonParser.INSTANCE;
        String payload = parse.getPayload().toString();
        Intrinsics.checkNotNullExpressionValue(payload, "jweObject.payload.toString()");
        CRes cRes = (CRes) jsonParser.getGson().fromJson(payload, new TypeToken<CRes>() { // from class: com.judopay.judo3ds2.security.EncryptionService$decryptCRes$$inlined$fromJson$1
        }.getType());
        cRes.validate(challengeExtra);
        byte parseByte = Byte.parseByte(cRes.getAcsCounterAtoS());
        byte b2 = this.sdkCounterAtoS;
        if (b2 == parseByte) {
            byte b3 = (byte) (b2 + 1);
            this.sdkCounterAtoS = b3;
            if (Intrinsics.compare((int) b3, 0) != 0) {
                return cRes;
            }
            throw new RuntimeException(ConstantsKt.SDK_COUNTER_A_TO_S_ZERO);
        }
        throw new CounterException(null, null, null, "counters (" + ((int) this.sdkCounterAtoS) + '/' + ((int) parseByte) + PropertyUtils.MAPPED_DELIM2, 7, null);
    }

    @NotNull
    public final String encrypt(@NotNull String deviceData, @Nullable PublicKey publicKey, @NotNull String directoryServerId) {
        Intrinsics.checkNotNullParameter(deviceData, "deviceData");
        Intrinsics.checkNotNullParameter(directoryServerId, "directoryServerId");
        if (publicKey instanceof RSAPublicKey) {
            return jweEncryptRSA(deviceData, (RSAPublicKey) publicKey);
        }
        if (publicKey instanceof ECPublicKey) {
            return jweEncryptEC(deviceData, (ECPublicKey) publicKey, directoryServerId);
        }
        throw new SDKRuntimeException(ConstantsKt.UNSUPPORTED_ALGORITHM, null, null, 6, null);
    }

    @NotNull
    public final byte[] encryptPayload(@NotNull String payload, @NotNull ECPublicKey publicKey) {
        Intrinsics.checkNotNullParameter(payload, "payload");
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        try {
            Crypto.Companion companion = Crypto.INSTANCE;
            PrivateKey privateKey = companion.getPrivateKey();
            Intrinsics.checkNotNull(privateKey, "null cannot be cast to non-null type java.security.interfaces.ECPrivateKey");
            this.secret = companion.generateECDHSecret(publicKey, (ECPrivateKey) privateKey, ConstantsKt.SDK_REFERENCE_NUMBER);
            JSONObject jSONObject = new JSONObject(payload);
            JWEHeader build = new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A128CBC_HS256).keyID(jSONObject.getString("acsTransID")).build();
            StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
            String format = String.format("%03d", Arrays.copyOf(new Object[]{Byte.valueOf(this.sdkCounterStoA)}, 1));
            Intrinsics.checkNotNullExpressionValue(format, "format(format, *args)");
            jSONObject.put("sdkCounterStoA", format);
            JWEObject jWEObject = new JWEObject(build, new Payload(jSONObject.toString()));
            SecretKey secretKey = this.secret;
            if (secretKey == null) {
                Intrinsics.throwUninitializedPropertyAccessException("secret");
                secretKey = null;
            }
            jWEObject.encrypt(new CReqTransactionEncrypter(secretKey));
            String encryptedPayload = jWEObject.serialize();
            byte b2 = (byte) (this.sdkCounterStoA + 1);
            this.sdkCounterStoA = b2;
            if (Intrinsics.compare((int) b2, 0) == 0) {
                throw new RuntimeException(ConstantsKt.SDK_COUNTER_S_TO_A_ZERO);
            }
            Intrinsics.checkNotNullExpressionValue(encryptedPayload, "encryptedPayload");
            byte[] bytes = encryptedPayload.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
            return bytes;
        } catch (Exception unused) {
            byte[] bytes2 = payload.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes2, "this as java.lang.String).getBytes(charset)");
            return bytes2;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:3:0x0004, code lost:
    
        r1 = kotlin.text.StringsKt__StringsKt.split$default((java.lang.CharSequence) r9, new java.lang.String[]{"."}, false, 0, 6, (java.lang.Object) null);
     */
    @org.jetbrains.annotations.NotNull
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final com.judopay.judo3ds2.api.model.AcsContent jwsValidateSignature(@org.jetbrains.annotations.Nullable java.lang.String r9) {
        /*
            r8 = this;
            java.lang.String r0 = "JWS validation failed."
            if (r9 == 0) goto L15
            java.lang.String r1 = "."
            java.lang.String[] r3 = new java.lang.String[]{r1}
            r4 = 0
            r5 = 0
            r6 = 6
            r7 = 0
            r2 = r9
            java.util.List r1 = kotlin.text.StringsKt.split$default(r2, r3, r4, r5, r6, r7)
            if (r1 != 0) goto L19
        L15:
            java.util.List r1 = kotlin.collections.CollectionsKt.emptyList()
        L19:
            int r2 = r1.size()
            r3 = 3
            java.lang.String r4 = "JWS parsing failed"
            if (r2 != r3) goto Lba
            java.lang.Iterable r1 = (java.lang.Iterable) r1
            java.util.Iterator r1 = r1.iterator()
        L28:
            boolean r2 = r1.hasNext()
            if (r2 == 0) goto L3a
            java.lang.Object r2 = r1.next()
            java.lang.String r2 = (java.lang.String) r2
            java.lang.String r3 = "acsSignedContent"
            com.judopay.judo3ds2.ValidationFunctionsKt.validateJSONBase64URLEncodedString(r2, r3)
            goto L28
        L3a:
            com.nimbusds.jose.JWSObject r9 = com.nimbusds.jose.JWSObject.parse(r9)     // Catch: java.text.ParseException -> Lb4
            com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory r1 = new com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory     // Catch: java.lang.Exception -> Lae
            r1.<init>()     // Catch: java.lang.Exception -> Lae
            com.nimbusds.jose.jca.JCAContext r2 = r1.getJCAContext()     // Catch: java.lang.Exception -> Lae
            org.bouncycastle.jce.provider.BouncyCastleProvider r3 = com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton.getInstance()     // Catch: java.lang.Exception -> Lae
            r2.setProvider(r3)     // Catch: java.lang.Exception -> Lae
            com.nimbusds.jose.JWSHeader$Builder r2 = new com.nimbusds.jose.JWSHeader$Builder     // Catch: java.lang.Exception -> Lae
            com.nimbusds.jose.JWSHeader r3 = r9.getHeader()     // Catch: java.lang.Exception -> Lae
            r2.<init>(r3)     // Catch: java.lang.Exception -> Lae
            r3 = 0
            com.nimbusds.jose.JWSHeader$Builder r2 = r2.jwk(r3)     // Catch: java.lang.Exception -> Lae
            com.nimbusds.jose.JWSHeader r2 = r2.build()     // Catch: java.lang.Exception -> Lae
            java.util.List r3 = r2.getX509CertChain()     // Catch: java.lang.Exception -> Lae
            java.lang.String r4 = "jwsHeader.x509CertChain"
            kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r3, r4)     // Catch: java.lang.Exception -> Lae
            java.lang.Object r3 = kotlin.collections.CollectionsKt.first(r3)     // Catch: java.lang.Exception -> Lae
            com.nimbusds.jose.util.Base64 r3 = (com.nimbusds.jose.util.Base64) r3     // Catch: java.lang.Exception -> Lae
            byte[] r3 = r3.decode()     // Catch: java.lang.Exception -> Lae
            java.security.cert.X509Certificate r3 = com.nimbusds.jose.util.X509CertUtils.parseWithException(r3)     // Catch: java.lang.Exception -> Lae
            java.security.PublicKey r3 = r3.getPublicKey()     // Catch: java.lang.Exception -> Lae
            com.nimbusds.jose.JWSVerifier r1 = r1.createJWSVerifier(r2, r3)     // Catch: java.lang.Exception -> Lae
            boolean r1 = r9.verify(r1)     // Catch: java.lang.Exception -> Lae
            if (r1 == 0) goto La8
            com.judopay.judo3ds2.api.JsonParser r0 = com.judopay.judo3ds2.api.JsonParser.INSTANCE
            com.nimbusds.jose.Payload r9 = r9.getPayload()
            java.lang.String r9 = r9.toString()
            java.lang.String r1 = "jwsObject.payload.toString()"
            kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r9, r1)
            com.judopay.judo3ds2.security.EncryptionService$jwsValidateSignature$$inlined$fromJson$1 r1 = new com.judopay.judo3ds2.security.EncryptionService$jwsValidateSignature$$inlined$fromJson$1
            r1.<init>()
            java.lang.reflect.Type r1 = r1.getType()
            com.google.gson.Gson r0 = r0.getGson()
            java.lang.Object r9 = r0.fromJson(r9, r1)
            com.judopay.judo3ds2.api.model.AcsContent r9 = (com.judopay.judo3ds2.api.model.AcsContent) r9
            return r9
        La8:
            java.lang.RuntimeException r9 = new java.lang.RuntimeException     // Catch: java.lang.Exception -> Lae
            r9.<init>(r0)     // Catch: java.lang.Exception -> Lae
            throw r9     // Catch: java.lang.Exception -> Lae
        Lae:
            java.lang.RuntimeException r9 = new java.lang.RuntimeException
            r9.<init>(r0)
            throw r9
        Lb4:
            java.lang.RuntimeException r9 = new java.lang.RuntimeException
            r9.<init>(r4)
            throw r9
        Lba:
            java.lang.RuntimeException r9 = new java.lang.RuntimeException
            r9.<init>(r4)
            throw r9
        */
        throw new UnsupportedOperationException("Method not decompiled: com.judopay.judo3ds2.security.EncryptionService.jwsValidateSignature(java.lang.String):com.judopay.judo3ds2.api.model.AcsContent");
    }

    @NotNull
    public final ECPublicKey parseKey(@NotNull Map<String, ? extends Object> publicKey) {
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        ECPublicKey eCPublicKey = ECKey.parse((Map<String, Object>) publicKey).toECPublicKey();
        Intrinsics.checkNotNullExpressionValue(eCPublicKey, "parse(publicKey).toECPublicKey()");
        return eCPublicKey;
    }

    public final void validateCRes(@NotNull String message) {
        List split$default;
        Intrinsics.checkNotNullParameter(message, "message");
        split$default = StringsKt__StringsKt.split$default((CharSequence) message, new String[]{"."}, false, 0, 6, (Object) null);
        if (split$default.size() != 5) {
            throw new RuntimeException(ConstantsKt.JWE_PARSING_FAILED);
        }
        Iterator it = split$default.iterator();
        while (it.hasNext()) {
            ValidationFunctionsKt.validateJSONBase64URLEncodedString((String) it.next(), "cRes");
        }
    }
}
