package payselection.payments.sdk.crypto;

import android.util.Base64;
import defpackage.ar2;
import defpackage.cz0;
import defpackage.gj;
import defpackage.i11;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.interfaces.ECPrivateKey;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: classes3.dex */
public final class CryptoModule {
    public static final CryptoModule INSTANCE = new CryptoModule();
    private static final SecureRandom random = new SecureRandom();
    private static final ECNamedCurveParameterSpec ecCurve = ECNamedCurveTable.getParameterSpec("secp256k1");
    private static final BouncyCastleProvider provider = new BouncyCastleProvider();

    private CryptoModule() {
    }

    private final byte[] derivePublicKey(ECPrivateKey eCPrivateKey) {
        byte[] encoded = ecCurve.getG().multiply(eCPrivateKey.getD()).getEncoded(false);
        cz0.e(encoded, "ecCurve.g.multiply(pkey.d).getEncoded(false)");
        return encoded;
    }

    private final byte[] deriveSharedKey(Key key, PublicKey publicKey) {
        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", provider);
        keyAgreement.init(key);
        keyAgreement.doPhase(publicKey, true);
        byte[] generateSecret = keyAgreement.generateSecret();
        cz0.e(generateSecret, "keyAgreement.generateSecret()");
        return generateSecret;
    }

    private final EncryptedData encrypt(String str, String str2) {
        BouncyCastleProvider bouncyCastleProvider = provider;
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", bouncyCastleProvider);
        cz0.e(cipher, "cipher");
        byte[] randomIv = randomIv(cipher);
        byte[] decode = Hex.decode(str);
        cz0.e(decode, "decode(key)");
        ECPublicKey publicKey = getPublicKey(decode);
        ECPrivateKey randomEphemeralKey = randomEphemeralKey();
        byte[] derivePublicKey = derivePublicKey(randomEphemeralKey);
        byte[] digest = MessageDigest.getInstance("SHA512", bouncyCastleProvider).digest(deriveSharedKey(randomEphemeralKey, publicKey));
        cipher.init(1, new SecretKeySpec(Arrays.copyOfRange(digest, 0, 32), cipher.getAlgorithm()), new IvParameterSpec(randomIv));
        Charset charset = StandardCharsets.UTF_8;
        cz0.e(charset, "UTF_8");
        byte[] bytes = str2.getBytes(charset);
        cz0.e(bytes, "this as java.lang.String).getBytes(charset)");
        byte[] doFinal = cipher.doFinal(bytes);
        Mac mac = Mac.getInstance("HMAC/SHA256", bouncyCastleProvider);
        mac.init(new SecretKeySpec(Arrays.copyOfRange(digest, 32, 64), mac.getAlgorithm()));
        mac.update(randomIv);
        mac.update(derivePublicKey);
        cz0.e(doFinal, "cipherMsg");
        byte[] doFinal2 = mac.doFinal(doFinal);
        cz0.e(doFinal2, "macGenerator.doFinal(cipherMsg)");
        return new EncryptedData(doFinal, derivePublicKey, randomIv, doFinal2);
    }

    private final ECPublicKey getPublicKey(byte[] bArr) {
        ECNamedCurveParameterSpec eCNamedCurveParameterSpec = ecCurve;
        PublicKey generatePublic = KeyFactory.getInstance("EC", provider).generatePublic(new ECPublicKeySpec(eCNamedCurveParameterSpec.getCurve().decodePoint(bArr), eCNamedCurveParameterSpec));
        cz0.d(generatePublic, "null cannot be cast to non-null type org.bouncycastle.jce.interfaces.ECPublicKey");
        return (ECPublicKey) generatePublic;
    }

    private final ECPrivateKey randomEphemeralKey() {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", provider);
        keyPairGenerator.initialize(ecCurve, random);
        PrivateKey privateKey = keyPairGenerator.generateKeyPair().getPrivate();
        cz0.d(privateKey, "null cannot be cast to non-null type org.bouncycastle.jce.interfaces.ECPrivateKey");
        return (ECPrivateKey) privateKey;
    }

    private final byte[] randomIv(Cipher cipher) {
        byte[] bArr = new byte[cipher.getBlockSize()];
        random.nextBytes(bArr);
        return bArr;
    }

    private final String toString(byte[] bArr) {
        String encodeToString = Base64.encodeToString(bArr, 2);
        cz0.e(encodeToString, "encodeToString(bytes, Base64.NO_WRAP)");
        return encodeToString;
    }

    public final String createCryptogram(String str, String str2) {
        cz0.f(str, "paymentData");
        cz0.f(str2, "publicKey");
        EncryptedData encrypt = encrypt(str2, str);
        i11 i11Var = new i11();
        i11 i11Var2 = new i11();
        CryptoModule cryptoModule = INSTANCE;
        i11Var2.u("encryptedMessage", cryptoModule.toString(encrypt.getEncrypted()));
        i11Var2.u("ephemeralPublicKey", cryptoModule.toString(encrypt.getKey()));
        ar2 ar2Var = ar2.a;
        i11Var.u("signedMessage", i11Var2.toString());
        i11Var.u("iv", toString(encrypt.getIv()));
        i11Var.u("tag", toString(encrypt.getTag()));
        String obj = i11Var.toString();
        cz0.e(obj, "sendData.toString()");
        byte[] bytes = obj.getBytes(gj.b);
        cz0.e(bytes, "this as java.lang.String).getBytes(charset)");
        return toString(bytes);
    }
}
