package com.judopay.judo3ds2.security;

import com.fasterxml.jackson.core.JsonPointer;
import com.google.gson.reflect.TypeToken;
import com.judopay.judo3ds2.ConstantsKt;
import com.judopay.judo3ds2.ValidationFunctionsKt;
import com.judopay.judo3ds2.api.JsonParser;
import com.judopay.judo3ds2.api.model.AcsContent;
import com.judopay.judo3ds2.api.model.CRes;
import com.judopay.judo3ds2.exception.CounterException;
import com.judopay.judo3ds2.exception.SDKRuntimeException;
import com.judopay.judo3ds2.security.Crypto;
import com.judopay.judo3ds2.ui.challenge.model.ChallengeExtra;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.DirectDecrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
import com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory;
import com.nimbusds.jose.jca.JCAContext;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.X509CertUtils;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWTClaimsSet;
import java.nio.charset.Charset;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKey;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.StringCompanionObject;
import kotlin.text.Charsets;
import kotlin.text.StringsKt;
import org.json.JSONObject;

/* compiled from: EncryptionService.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000^\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u0005\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0000\b\u0000\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u0016\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rJ \u0010\u000e\u001a\u00020\u000b2\u0006\u0010\u000f\u001a\u00020\u000b2\b\u0010\u0010\u001a\u0004\u0018\u00010\u00112\u0006\u0010\u0012\u001a\u00020\u000bJ\u0016\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u000b2\u0006\u0010\u0010\u001a\u00020\u0016J \u0010\u0017\u001a\u00020\u000b2\u0006\u0010\u000f\u001a\u00020\u000b2\u0006\u0010\u0010\u001a\u00020\u00162\u0006\u0010\u0018\u001a\u00020\u000bH\u0002J\u0018\u0010\u0019\u001a\u00020\u000b2\u0006\u0010\u000f\u001a\u00020\u000b2\u0006\u0010\u0010\u001a\u00020\u001aH\u0002J\u0010\u0010\u001b\u001a\u00020\u001c2\b\u0010\u001d\u001a\u0004\u0018\u00010\u000bJ\u000e\u0010\u001e\u001a\u00020\u00162\u0006\u0010\u0010\u001a\u00020\u001fJ\u000e\u0010 \u001a\u00020!2\u0006\u0010\n\u001a\u00020\u000bR\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082.¢\u0006\u0002\n\u0000¨\u0006\""}, d2 = {"Lcom/judopay/judo3ds2/security/EncryptionService;", "", "()V", "sdkCounterAtoS", "", "sdkCounterStoA", "secret", "Ljavax/crypto/SecretKey;", "decryptCRes", "Lcom/judopay/judo3ds2/api/model/CRes;", "message", "", "challengeExtra", "Lcom/judopay/judo3ds2/ui/challenge/model/ChallengeExtra;", "encrypt", "deviceData", "publicKey", "Ljava/security/PublicKey;", "directoryServerId", "encryptPayload", "", "payload", "Ljava/security/interfaces/ECPublicKey;", "jweEncryptEC", "dsId", "jweEncryptRSA", "Ljava/security/interfaces/RSAPublicKey;", "jwsValidateSignature", "Lcom/judopay/judo3ds2/api/model/AcsContent;", "jws", "parseKey", "Lnet/minidev/json/JSONObject;", "validateCRes", "", "Judo3DS2_release"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes2.dex */
public final class EncryptionService {
    private byte sdkCounterAtoS;
    private byte sdkCounterStoA;
    private SecretKey secret;

    private final String jweEncryptEC(String deviceData, ECPublicKey publicKey, String dsId) {
        try {
            KeyPair generateEphemeralKeyPair = Crypto.INSTANCE.generateEphemeralKeyPair();
            Crypto.Companion companion = Crypto.INSTANCE;
            PrivateKey privateKey = generateEphemeralKeyPair.getPrivate();
            Intrinsics.checkNotNullExpressionValue(privateKey, "sdkEphemeralKeyPair.private");
            companion.setPrivateKey(privateKey);
            Crypto.Companion companion2 = Crypto.INSTANCE;
            PublicKey publicKey2 = generateEphemeralKeyPair.getPublic();
            Intrinsics.checkNotNullExpressionValue(publicKey2, "sdkEphemeralKeyPair.public");
            companion2.setPublicKey(publicKey2);
            JWTClaimsSet parse = JWTClaimsSet.parse(deviceData);
            Crypto.Companion companion3 = Crypto.INSTANCE;
            PrivateKey privateKey2 = Crypto.INSTANCE.getPrivateKey();
            if (privateKey2 == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.ECPrivateKey");
            }
            SecretKey generateECDHSecret = companion3.generateECDHSecret(publicKey, (ECPrivateKey) privateKey2, dsId);
            Curve curve = Curve.P_256;
            PublicKey publicKey3 = Crypto.INSTANCE.getPublicKey();
            if (publicKey3 == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
            }
            EncryptedJWT encryptedJWT = new EncryptedJWT(new JWEHeader.Builder(JWEAlgorithm.ECDH_ES, EncryptionMethod.A128CBC_HS256).ephemeralPublicKey(ECKey.parse(new ECKey.Builder(curve, (ECPublicKey) publicKey3).build().toJSONString())).build(), parse);
            encryptedJWT.encrypt(new TransactionEncrypter(generateECDHSecret, publicKey));
            String serialize = encryptedJWT.serialize();
            Intrinsics.checkNotNullExpressionValue(serialize, "jwt.serialize()");
            return serialize;
        } catch (Exception e) {
            throw new SDKRuntimeException(ConstantsKt.EC_ENCRYPTION_FAILED, null, e, 2, null);
        }
    }

    private final String jweEncryptRSA(String deviceData, RSAPublicKey publicKey) {
        try {
            KeyPair generateEphemeralKeyPair = Crypto.INSTANCE.generateEphemeralKeyPair();
            Crypto.Companion companion = Crypto.INSTANCE;
            PrivateKey privateKey = generateEphemeralKeyPair.getPrivate();
            Intrinsics.checkNotNullExpressionValue(privateKey, "sdkEphemeralKeyPair.private");
            companion.setPrivateKey(privateKey);
            Crypto.Companion companion2 = Crypto.INSTANCE;
            PublicKey publicKey2 = generateEphemeralKeyPair.getPublic();
            Intrinsics.checkNotNullExpressionValue(publicKey2, "sdkEphemeralKeyPair.public");
            companion2.setPublicKey(publicKey2);
            EncryptedJWT encryptedJWT = new EncryptedJWT(new JWEHeader(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A128CBC_HS256), JWTClaimsSet.parse(deviceData));
            encryptedJWT.encrypt(new RSAEncrypter(publicKey));
            String serialize = encryptedJWT.serialize();
            Intrinsics.checkNotNullExpressionValue(serialize, "jwt.serialize()");
            return serialize;
        } catch (Exception e) {
            throw new SDKRuntimeException(ConstantsKt.RSA_ENCRYPTION_FAILED, null, e, 2, null);
        }
    }

    public final CRes decryptCRes(String message, ChallengeExtra challengeExtra) {
        Intrinsics.checkNotNullParameter(message, "message");
        Intrinsics.checkNotNullParameter(challengeExtra, "challengeExtra");
        SecretKey secretKey = this.secret;
        if (secretKey == null) {
            Intrinsics.throwUninitializedPropertyAccessException("secret");
        }
        byte[] encoded = secretKey.getEncoded();
        JWEObject jweObject = JWEObject.parse(message);
        Intrinsics.checkNotNullExpressionValue(jweObject, "jweObject");
        JWEHeader header = jweObject.getHeader();
        Intrinsics.checkNotNullExpressionValue(header, "jweObject.header");
        if (Intrinsics.areEqual(header.getEncryptionMethod(), EncryptionMethod.A128GCM)) {
            encoded = Arrays.copyOfRange(encoded, encoded.length - 16, encoded.length);
        }
        jweObject.decrypt(new DirectDecrypter(encoded));
        JsonParser jsonParser = JsonParser.INSTANCE;
        String payload = jweObject.getPayload().toString();
        Intrinsics.checkNotNullExpressionValue(payload, "jweObject.payload.toString()");
        CRes cRes = (CRes) jsonParser.getGson().fromJson(payload, new TypeToken<CRes>() { // from class: com.judopay.judo3ds2.security.EncryptionService$decryptCRes$$inlined$fromJson$1
        }.getType());
        cRes.validate(challengeExtra);
        byte parseByte = Byte.parseByte(cRes.getAcsCounterAtoS());
        byte b = this.sdkCounterAtoS;
        if (b == parseByte) {
            byte b2 = (byte) (b + 1);
            this.sdkCounterAtoS = b2;
            if (Intrinsics.compare((int) b2, 0) != 0) {
                return cRes;
            }
            throw new RuntimeException(ConstantsKt.SDK_COUNTER_A_TO_S_ZERO);
        }
        throw new CounterException(null, null, null, "counters (" + ((int) this.sdkCounterAtoS) + JsonPointer.SEPARATOR + ((int) parseByte) + ')', 7, null);
    }

    public final String encrypt(String deviceData, PublicKey publicKey, String directoryServerId) {
        Intrinsics.checkNotNullParameter(deviceData, "deviceData");
        Intrinsics.checkNotNullParameter(directoryServerId, "directoryServerId");
        if (publicKey instanceof RSAPublicKey) {
            return jweEncryptRSA(deviceData, (RSAPublicKey) publicKey);
        }
        if (publicKey instanceof ECPublicKey) {
            return jweEncryptEC(deviceData, (ECPublicKey) publicKey, directoryServerId);
        }
        throw new SDKRuntimeException(ConstantsKt.UNSUPPORTED_ALGORITHM, null, null, 6, null);
    }

    public final byte[] encryptPayload(String payload, ECPublicKey publicKey) {
        Intrinsics.checkNotNullParameter(payload, "payload");
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        try {
            Crypto.Companion companion = Crypto.INSTANCE;
            PrivateKey privateKey = Crypto.INSTANCE.getPrivateKey();
            if (privateKey == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.ECPrivateKey");
            }
            this.secret = companion.generateECDHSecret(publicKey, (ECPrivateKey) privateKey, ConstantsKt.SDK_REFERENCE_NUMBER);
            JSONObject jSONObject = new JSONObject(payload);
            JWEHeader build = new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A128CBC_HS256).keyID(jSONObject.getString("acsTransID")).build();
            StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
            String format = String.format("%03d", Arrays.copyOf(new Object[]{Byte.valueOf(this.sdkCounterStoA)}, 1));
            Intrinsics.checkNotNullExpressionValue(format, "java.lang.String.format(format, *args)");
            jSONObject.put("sdkCounterStoA", format);
            JWEObject jWEObject = new JWEObject(build, new Payload(jSONObject.toString()));
            SecretKey secretKey = this.secret;
            if (secretKey == null) {
                Intrinsics.throwUninitializedPropertyAccessException("secret");
            }
            jWEObject.encrypt(new CReqTransactionEncrypter(secretKey));
            String encryptedPayload = jWEObject.serialize();
            byte b = (byte) (this.sdkCounterStoA + 1);
            this.sdkCounterStoA = b;
            if (Intrinsics.compare((int) b, 0) == 0) {
                throw new RuntimeException(ConstantsKt.SDK_COUNTER_S_TO_A_ZERO);
            }
            Intrinsics.checkNotNullExpressionValue(encryptedPayload, "encryptedPayload");
            Charset charset = Charsets.UTF_8;
            if (encryptedPayload == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
            }
            byte[] bytes = encryptedPayload.getBytes(charset);
            Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
            return bytes;
        } catch (Exception unused) {
            byte[] bytes2 = payload.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes2, "(this as java.lang.String).getBytes(charset)");
            return bytes2;
        }
    }

    public final AcsContent jwsValidateSignature(String jws) {
        List emptyList;
        if (jws == null || (emptyList = StringsKt.split$default((CharSequence) jws, new String[]{"."}, false, 0, 6, (Object) null)) == null) {
            emptyList = CollectionsKt.emptyList();
        }
        if (emptyList.size() != 3) {
            throw new RuntimeException(ConstantsKt.JWS_PARSING_FAILED);
        }
        Iterator it = emptyList.iterator();
        while (it.hasNext()) {
            ValidationFunctionsKt.validateJSONBase64URLEncodedString((String) it.next(), "acsSignedContent");
        }
        try {
            JWSObject jwsObject = JWSObject.parse(jws);
            try {
                DefaultJWSVerifierFactory defaultJWSVerifierFactory = new DefaultJWSVerifierFactory();
                JCAContext jcaContext = defaultJWSVerifierFactory.getJCAContext();
                Intrinsics.checkNotNullExpressionValue(jcaContext, "jcaContext");
                jcaContext.setProvider(BouncyCastleProviderSingleton.getInstance());
                Intrinsics.checkNotNullExpressionValue(jwsObject, "jwsObject");
                JWSHeader jwsHeader = new JWSHeader.Builder(jwsObject.getHeader()).jwk(null).build();
                Intrinsics.checkNotNullExpressionValue(jwsHeader, "jwsHeader");
                List x509CertChain = jwsHeader.getX509CertChain();
                Intrinsics.checkNotNullExpressionValue(x509CertChain, "jwsHeader.x509CertChain");
                X509Certificate parseWithException = X509CertUtils.parseWithException(((Base64) CollectionsKt.first(x509CertChain)).decode());
                Intrinsics.checkNotNullExpressionValue(parseWithException, "X509CertUtils.parseWithException(certAsBase64)");
                if (!jwsObject.verify(defaultJWSVerifierFactory.createJWSVerifier(jwsHeader, parseWithException.getPublicKey()))) {
                    throw new RuntimeException(ConstantsKt.JWS_VALIDATION_FAILED);
                }
                JsonParser jsonParser = JsonParser.INSTANCE;
                String payload = jwsObject.getPayload().toString();
                Intrinsics.checkNotNullExpressionValue(payload, "jwsObject.payload.toString()");
                return (AcsContent) jsonParser.getGson().fromJson(payload, new TypeToken<AcsContent>() { // from class: com.judopay.judo3ds2.security.EncryptionService$jwsValidateSignature$$inlined$fromJson$1
                }.getType());
            } catch (Exception unused) {
                throw new RuntimeException(ConstantsKt.JWS_VALIDATION_FAILED);
            }
        } catch (ParseException unused2) {
            throw new RuntimeException(ConstantsKt.JWS_PARSING_FAILED);
        }
    }

    public final ECPublicKey parseKey(net.minidev.json.JSONObject publicKey) {
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        ECPublicKey eCPublicKey = ECKey.parse(publicKey).toECPublicKey();
        Intrinsics.checkNotNullExpressionValue(eCPublicKey, "ECKey.parse(publicKey).toECPublicKey()");
        return eCPublicKey;
    }

    public final void validateCRes(String message) {
        Intrinsics.checkNotNullParameter(message, "message");
        List split$default = StringsKt.split$default((CharSequence) message, new String[]{"."}, false, 0, 6, (Object) null);
        if (split$default.size() != 5) {
            throw new RuntimeException(ConstantsKt.JWE_PARSING_FAILED);
        }
        Iterator it = split$default.iterator();
        while (it.hasNext()) {
            ValidationFunctionsKt.validateJSONBase64URLEncodedString((String) it.next(), "cRes");
        }
    }
}
