package com.wibmo.threeds2.sdk.util.crypto;

import android.app.Activity;
import android.content.Context;
import android.util.Log;
import ch.qos.logback.core.net.ssl.SSL;
import com.google.gson.JsonParseException;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.DirectEncrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.X509CertUtils;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.wibmo.threeds2.sdk.R;
import com.wibmo.threeds2.sdk.ThreeDS2Constants;
import com.wibmo.threeds2.sdk.cfg.ConfigParameters;
import com.wibmo.threeds2.sdk.error.SDKRuntimeException;
import com.wibmo.threeds2.sdk.pojo.CReq;
import com.wibmo.threeds2.sdk.util.JsonHelper;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Enumeration;
import java.util.List;
import java.util.TimeZone;
import javax.crypto.SecretKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.keys.AesKey;
import org.jose4j.keys.EllipticCurves;
import org.jose4j.lang.JoseException;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes5.dex */
public class b {
    private static MessageDigest a;
    private static PublicKey b;

    static {
        try {
            a = MessageDigest.getInstance("sha256");
        } catch (Exception e) {
            Log.e("wibmo.3dssdk.CryptoUtil", "Error: " + e, e);
        }
        "0123456789ABCDEF".toCharArray();
    }

    public static String a(Context context, ConfigParameters configParameters, String str, PublicKey publicKey, String str2) throws Exception {
        String str3 = "jwe publicKey Algorithm: " + publicKey.getAlgorithm();
        Activity activity = (Activity) context;
        com.wibmo.threeds2.sdk.util.c.a(activity, configParameters, ThreeDS2Constants.KIBANA_ECDH_CHECK, "publicKey_getAlgorithm : " + publicKey.getAlgorithm());
        if ("EC".equals(publicKey.getAlgorithm())) {
            com.wibmo.threeds2.sdk.util.c.a(activity, configParameters, ThreeDS2Constants.KIBANA_ECDH_CHECK, "publicKey_getAlgorithm_Under_EC_Condition : " + publicKey.getAlgorithm());
            return b(str, publicKey, str2);
        }
        com.wibmo.threeds2.sdk.util.c.a(activity, configParameters, ThreeDS2Constants.KIBANA_ECDH_CHECK, "publicKey_getAlgorithm_Under_RSA_Condition : " + publicKey.getAlgorithm());
        return a(str, publicKey, str2);
    }

    public static String a(CReq cReq, SecretKey secretKey, Activity activity, ConfigParameters configParameters) throws Exception {
        try {
            String json = JsonHelper.makeGson().toJson(cReq);
            com.wibmo.threeds2.sdk.util.c.a(activity, configParameters, ThreeDS2Constants.KIBANA_CHALLENGE_API_REQUEST, "CReqDetails: " + json);
            String str = "cReqJson: " + json;
            String str2 = "jwe CReq secretKey: " + secretKey;
            String str3 = "isGcm: false";
            JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
            jsonWebEncryption.setKey(secretKey);
            jsonWebEncryption.setKeyIdHeaderValue(cReq.getAcsTransID());
            jsonWebEncryption.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.DIRECT);
            SecureRandom secureRandom = SecureRandom.getInstance(SSL.DEFAULT_SECURE_RANDOM_ALGORITHM);
            jsonWebEncryption.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256);
            jsonWebEncryption.setIv(secureRandom.generateSeed(16));
            jsonWebEncryption.setPayload(json);
            String compactSerialization = jsonWebEncryption.getCompactSerialization();
            String str4 = "jwe Encrypted: " + compactSerialization;
            String str5 = "sha256 of Enc CRrq: " + b(compactSerialization);
            return compactSerialization;
        } catch (Exception e) {
            Log.e("wibmo.3dssdk.CryptoUtil", "JWE Error: " + e, e);
            throw new RuntimeException("JWE encryption failed.", e);
        }
    }

    public static String a(String str, PublicKey publicKey, String str2) throws Exception {
        try {
            JWTClaimsSet parse = JWTClaimsSet.parse(str);
            JWEHeader.Builder builder = new JWEHeader.Builder(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A128GCM);
            if (str2.equalsIgnoreCase("A000000004")) {
                builder.keyID("7c4debe3f4af7f9d1569a2ffea4343c2566826ee");
            }
            EncryptedJWT encryptedJWT = new EncryptedJWT(builder.build(), parse);
            encryptedJWT.encrypt(new RSAEncrypter((RSAPublicKey) publicKey));
            return encryptedJWT.serialize();
        } catch (Exception e) {
            try {
                Log.e("wibmo.3dssdk.CryptoUtil", "JWE Error: " + e, e);
                throw new RuntimeException("JWE encryption failed.", e);
            } catch (Exception e2) {
                Log.e("wibmo.3dssdk.CryptoUtil", "JWE Error: " + e2, e2);
                throw new RuntimeException("JWE encryption failed.", e2);
            }
        }
    }

    public static String a(String str, X509Certificate x509Certificate) {
        try {
            if (x509Certificate != null) {
                String str2 = "dsRoot: " + x509Certificate.getSubjectDN();
            } else {
                Log.w("wibmo.3dssdk.CryptoUtil", "dsRoot was null!");
            }
            try {
                JWSObject parse = JWSObject.parse(str);
                List x509CertChain = parse.getHeader().getX509CertChain();
                if (x509Certificate != null) {
                    try {
                        a(x509Certificate, (List<Base64>) x509CertChain);
                    } catch (Exception e) {
                        Log.e("wibmo.3dssdk.CryptoUtil", "validateCertChain Error: " + e, e);
                    }
                } else {
                    Log.w("wibmo.3dssdk.CryptoUtil", "Skipping DSRoot validation of chain..");
                }
                X509Certificate parse2 = X509CertUtils.parse(((Base64) x509CertChain.get(0)).decode());
                String str3 = "acsCert: " + (parse2 == null ? null : parse2.getSubjectDN());
                JsonWebSignature jsonWebSignature = new JsonWebSignature();
                jsonWebSignature.setAlgorithmHeaderValue(parse.getHeader().getAlgorithm().getName());
                jsonWebSignature.setAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, AlgorithmIdentifiers.RSA_PSS_USING_SHA256, AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256));
                jsonWebSignature.setCompactSerialization(str);
                jsonWebSignature.setKey(parse2.getPublicKey());
                boolean verifySignature = jsonWebSignature.verifySignature();
                String str4 = "signatureValid: " + verifySignature;
                if (!verifySignature) {
                    return null;
                }
                String payload = jsonWebSignature.getPayload();
                String str5 = "payload:" + payload;
                return payload;
            } catch (ParseException e2) {
                Log.e("wibmo.3dssdk.CryptoUtil", "ParseException Error: " + e2, e2);
                throw new SDKRuntimeException("JWS parsing failed" + e2, "2", e2);
            }
        } catch (Exception e3) {
            throw new SDKRuntimeException("jwsValidateSignature failed", "2", e3);
        }
    }

    public static String a(String str, SecretKey secretKey, Activity activity, ConfigParameters configParameters) throws Exception {
        try {
            String str2 = "jweDecryptUsingJose4jForCRes: " + secretKey;
            String str3 = "sha256 of Dec CRrs: " + b(str);
            JWEObject parse = JWEObject.parse(str);
            JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
            EncryptionMethod encryptionMethod = parse.getHeader().getEncryptionMethod();
            String str4 = "jweMethod: " + encryptionMethod;
            if (encryptionMethod == EncryptionMethod.A128GCM) {
                byte[] encoded = secretKey.getEncoded();
                jsonWebEncryption.setKey(new AesKey(Arrays.copyOfRange(encoded, encoded.length - 16, encoded.length)));
            } else {
                jsonWebEncryption.setKey(secretKey);
            }
            jsonWebEncryption.setAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, KeyManagementAlgorithmIdentifiers.DIRECT));
            jsonWebEncryption.setContentEncryptionAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256, ContentEncryptionAlgorithmIdentifiers.AES_128_GCM));
            jsonWebEncryption.setCompactSerialization(str);
            String plaintextString = jsonWebEncryption.getPlaintextString();
            com.wibmo.threeds2.sdk.util.c.a(activity, configParameters, ThreeDS2Constants.KIBANA_CHALLENGE_API_RESPONSE, "CResDetails: " + plaintextString);
            String str5 = "jwe plaintext: " + plaintextString;
            if (str.equalsIgnoreCase(jsonWebEncryption.getCompactSerialization())) {
                return plaintextString;
            }
            throw new JsonParseException("JWE encryption failed.");
        } catch (Exception e) {
            Log.e("wibmo.3dssdk.CryptoUtil", "JWE Error: " + e, e);
            throw new JsonParseException("JWE encryption failed.", e);
        }
    }

    public static KeyPair a() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(EllipticCurves.P_256);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDH", bouncyCastleProvider);
        keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static PublicKey a(Context context, ConfigParameters configParameters, String str) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, InvalidKeySpecException {
        String[] split = str.split("\\.");
        String str2 = split[0];
        if (split[1].equalsIgnoreCase("RSA")) {
            Activity activity = (Activity) context;
            com.wibmo.threeds2.sdk.util.c.a(activity, configParameters, ThreeDS2Constants.KIBANA_ECDH_CHECK, "pubKey_Under_RSA_Condition");
            b = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(com.wibmo.threeds2.sdk.util.b.a(str2.toCharArray())));
            com.wibmo.threeds2.sdk.util.c.a(activity, configParameters, ThreeDS2Constants.KIBANA_ECDH_CHECK, "merchantPublicKey_getAlgorithm_Under_RSA_Condition : " + b.getAlgorithm());
        } else {
            Activity activity2 = (Activity) context;
            com.wibmo.threeds2.sdk.util.c.a(activity2, configParameters, ThreeDS2Constants.KIBANA_ECDH_CHECK, "pubKey_Under_EC_Condition");
            b = KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(com.wibmo.threeds2.sdk.util.b.a(str2.toCharArray())));
            com.wibmo.threeds2.sdk.util.c.a(activity2, configParameters, ThreeDS2Constants.KIBANA_ECDH_CHECK, "merchantPublicKey_getAlgorithm_Under_EC_Condition : " + b.getAlgorithm());
        }
        return b;
    }

    public static ECPublicKey a(String str) throws ParseException, JOSEException {
        return ECKey.parse(str).toECPublicKey();
    }

    public static SecretKey a(ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey, String str) {
        try {
            return new a("SHA-256").a(c.a(eCPublicKey, eCPrivateKey), 256, a.a((String) null), a.a((Base64URL) null), a.a(Base64URL.encode(str)), a.a(256), a.a());
        } catch (Exception e) {
            Log.e("wibmo.3dssdk.CryptoUtil", "failed to decrypt", e);
            throw new RuntimeException();
        }
    }

    public static boolean a(Context context, String str) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException, ParseException, JoseException, CertificateException, InvalidKeyException, NoSuchProviderException, SignatureException, JSONException {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(context.getResources().openRawResource(R.raw.wibmo_staging_sdk_license));
        PublicKey publicKey = x509Certificate.getPublicKey();
        JWSObject parse = JWSObject.parse(str);
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_PSS_USING_SHA256);
        jsonWebSignature.setAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, AlgorithmIdentifiers.RSA_PSS_USING_SHA256, AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256));
        jsonWebSignature.setCompactSerialization(str);
        jsonWebSignature.setKey(publicKey);
        boolean verifySignature = jsonWebSignature.verifySignature();
        String str2 = "signatureValid: " + verifySignature;
        String payload = jsonWebSignature.getPayload();
        if (!a(x509Certificate, (List<Base64>) parse.getHeader().getX509CertChain()) || !verifySignature) {
            return false;
        }
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd");
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        simpleDateFormat.parse(simpleDateFormat.format(Calendar.getInstance().getTime()));
        JSONObject jSONObject = new JSONObject(payload);
        new SimpleDateFormat("yyyy-MM-dd").setTimeZone(TimeZone.getTimeZone("UTC"));
        return jSONObject.getString("issuer").equals("www.wibmo.com");
    }

    public static boolean a(X509Certificate x509Certificate, List<Base64> list) throws CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        ArrayList arrayList = new ArrayList(list.size());
        for (int i = 0; i < list.size(); i++) {
            X509Certificate parse = X509CertUtils.parse(list.get(i).decode());
            arrayList.add(parse);
            parse.checkValidity();
        }
        for (int i2 = 0; i2 < arrayList.size(); i2++) {
            if (i2 < arrayList.size() - 1) {
                ((X509Certificate) arrayList.get(i2)).verify(((X509Certificate) arrayList.get(i2 + 1)).getPublicKey());
            }
        }
        return com.wibmo.threeds2.sdk.util.location.a.a(x509Certificate.getSignature()).equals(com.wibmo.threeds2.sdk.util.location.a.a(((X509Certificate) arrayList.get(0)).getSignature()));
    }

    public static String b(String str) {
        try {
            return new String(com.wibmo.threeds2.sdk.util.b.a(a.digest(str.getBytes("utf-8"))));
        } catch (Exception e) {
            Log.e("wibmo.3dssdk.CryptoUtil", "Error: " + e, e);
            return null;
        }
    }

    public static String b(String str, PublicKey publicKey, String str2) throws Exception {
        try {
            JWTClaimsSet.parse(str);
            KeyPair a2 = a();
            SecretKey a3 = a((ECPublicKey) publicKey, (ECPrivateKey) a2.getPrivate(), str2);
            JWEObject jWEObject = new JWEObject(new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A128CBC_HS256).ephemeralPublicKey(ECKey.parse(new ECKey.Builder(Curve.P_256, (ECPublicKey) a2.getPublic()).build().toJSONString())).build(), new Payload(str));
            jWEObject.encrypt(new DirectEncrypter(a3));
            return jWEObject.serialize();
        } catch (Exception e) {
            Log.e("wibmo.3dssdk.CryptoUtil", "JWE Error: " + e, e);
            throw new RuntimeException("JWE encryption failed.", e);
        }
    }

    public static Certificate b(Context context, String str) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        String str2 = "id: " + str;
        InputStream inputStream = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("BKS");
            InputStream openRawResource = context.getResources().openRawResource(R.raw.ds_public_key_bks);
            try {
                keyStore.load(openRawResource, "password".toCharArray());
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String str3 = "alias: " + aliases.nextElement();
                }
                Certificate certificate = keyStore.getCertificate("ds_" + str.toLowerCase());
                if (certificate == null) {
                    if (openRawResource != null) {
                        openRawResource.close();
                    }
                    return null;
                }
                if (openRawResource != null) {
                    openRawResource.close();
                }
                return certificate;
            } catch (Throwable th) {
                th = th;
                inputStream = openRawResource;
                if (inputStream != null) {
                    inputStream.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }
}
