package co.omise.android.threeds.crypto;

import a.a.a.a.a;
import a.a.a.a.g.b;
import co.omise.android.threeds.errors.SDKRuntimeException;
import co.omise.android.threeds.parameters.EphemPubKey;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
import com.nimbusds.jose.crypto.impl.ConcatKDF;
import com.nimbusds.jose.crypto.impl.ECDH;
import com.nimbusds.jose.jca.JCAContext;
import com.nimbusds.jose.jwk.AsymmetricJWK;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.X509CertUtils;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.crypto.SecretKey;
import kotlin.Metadata;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.IntIterator;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.Intrinsics;
import kotlin.ranges.CharRange;
import kotlin.ranges.IntRange;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.pqc.math.linearalgebra.Matrix;

/* compiled from: EncryptionUtils.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000X\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\bÀ\u0002\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u001f\u0010 J\u0017\u0010\u0005\u001a\u00020\u00042\u0006\u0010\u0003\u001a\u00020\u0002H\u0007¢\u0006\u0004\b\u0005\u0010\u0006J\u0017\u0010\n\u001a\u00020\t2\u0006\u0010\b\u001a\u00020\u0007H\u0007¢\u0006\u0004\b\n\u0010\u000bJ\u0015\u0010\u000e\u001a\u00020\r2\u0006\u0010\f\u001a\u00020\u0002¢\u0006\u0004\b\u000e\u0010\u000fJ\u000f\u0010\u000e\u001a\u00020\u0010H\u0000¢\u0006\u0004\b\u000e\u0010\u0011J'\u0010\u000e\u001a\u00020\u00162\u0006\u0010\u0012\u001a\u00020\u00072\u0006\u0010\u0014\u001a\u00020\u00132\u0006\u0010\u0015\u001a\u00020\u0002H\u0000¢\u0006\u0004\b\u000e\u0010\u0017J\u0017\u0010\u000e\u001a\u00020\u00022\u0006\u0010\u0019\u001a\u00020\u0018H\u0000¢\u0006\u0004\b\u000e\u0010\u001aJ\u0017\u0010\u000e\u001a\u00020\u001d2\u0006\u0010\u001c\u001a\u00020\u001bH\u0002¢\u0006\u0004\b\u000e\u0010\u001e¨\u0006!"}, d2 = {"Lco/omise/android/threeds/crypto/EncryptionUtils;", "", "", "pemEncodedKey", "Ljava/security/PublicKey;", "parsePemEncoded", "(Ljava/lang/String;)Ljava/security/PublicKey;", "Ljava/security/interfaces/ECPublicKey;", "ecPublicKey", "Lco/omise/android/threeds/parameters/EphemPubKey;", "parseECPublicKeyToEphemPubKey", "(Ljava/security/interfaces/ECPublicKey;)Lco/omise/android/threeds/parameters/EphemPubKey;", "jws", "La/a/a/a/g/b;", "a", "(Ljava/lang/String;)La/a/a/a/g/b;", "Ljava/security/KeyPair;", "()Ljava/security/KeyPair;", "publicKey", "Ljava/security/interfaces/ECPrivateKey;", "privateKey", "apv", "Ljavax/crypto/SecretKey;", "(Ljava/security/interfaces/ECPublicKey;Ljava/security/interfaces/ECPrivateKey;Ljava/lang/String;)Ljavax/crypto/SecretKey;", "", "size", "(I)Ljava/lang/String;", "Lcom/nimbusds/jose/JWSObject;", "jwsObject", "Lcom/nimbusds/jose/jwk/ECKey;", "(Lcom/nimbusds/jose/JWSObject;)Lcom/nimbusds/jose/jwk/ECKey;", "<init>", "()V", "threeds_release"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes.dex */
public final class EncryptionUtils {

    /* renamed from: a, reason: collision with root package name */
    public static final EncryptionUtils f159a = new EncryptionUtils();

    static {
        Security.addProvider(BouncyCastleProviderSingleton.getInstance());
    }

    @JvmStatic
    public static final EphemPubKey parseECPublicKeyToEphemPubKey(ECPublicKey ecPublicKey) throws SDKRuntimeException {
        Intrinsics.checkNotNullParameter(ecPublicKey, "ecPublicKey");
        return a.a(ecPublicKey);
    }

    @JvmStatic
    public static final PublicKey parsePemEncoded(String pemEncodedKey) throws SDKRuntimeException {
        Intrinsics.checkNotNullParameter(pemEncodedKey, "pemEncodedKey");
        try {
            Object parseFromPEMEncodedObjects = JWK.parseFromPEMEncodedObjects(pemEncodedKey);
            if (parseFromPEMEncodedObjects == null) {
                throw new NullPointerException("null cannot be cast to non-null type com.nimbusds.jose.jwk.AsymmetricJWK");
            }
            PublicKey publicKey = ((AsymmetricJWK) parseFromPEMEncodedObjects).toPublicKey();
            Intrinsics.checkNotNullExpressionValue(publicKey, "jwk.toPublicKey()");
            return publicKey;
        } catch (Exception e) {
            throw new SDKRuntimeException("Can not parse PEM encoded to public key.", e);
        }
    }

    public final b a(String jws) throws SDKRuntimeException {
        JWSVerifier eCDSAVerifier;
        Intrinsics.checkNotNullParameter(jws, "jws");
        try {
            JWSObject jwsObject = JWSObject.parse(jws);
            Intrinsics.checkNotNullExpressionValue(jwsObject, "jwsObject");
            JWSHeader header = jwsObject.getHeader();
            Intrinsics.checkNotNullExpressionValue(header, "jwsObject.header");
            JWSAlgorithm algorithm = header.getAlgorithm();
            if (CollectionsKt.listOf((Object[]) new JWSAlgorithm[]{JWSAlgorithm.PS256, JWSAlgorithm.RS256}).contains(algorithm)) {
                JWSHeader header2 = jwsObject.getHeader();
                Intrinsics.checkNotNullExpressionValue(header2, "jwsObject.header");
                X509Certificate parse = X509CertUtils.parse(((Base64) header2.getX509CertChain().get(0)).decode());
                Intrinsics.checkNotNullExpressionValue(parse, "X509CertUtils.parse(x509CertChain[0].decode())");
                PublicKey publicKey = parse.getPublicKey();
                Objects.requireNonNull(publicKey, "null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
                eCDSAVerifier = new RSASSAVerifier((RSAPublicKey) publicKey);
            } else {
                if (!Intrinsics.areEqual(algorithm, JWSAlgorithm.ES256)) {
                    throw new SDKRuntimeException("Algorithm mismatched", null, 2, null);
                }
                eCDSAVerifier = new ECDSAVerifier(a(jwsObject));
            }
            JCAContext jCAContext = eCDSAVerifier.getJCAContext();
            Intrinsics.checkNotNullExpressionValue(jCAContext, "verifier.jcaContext");
            jCAContext.setProvider(BouncyCastleProviderSingleton.getInstance());
            try {
                if (!jwsObject.verify(eCDSAVerifier)) {
                    throw new SDKRuntimeException("Can not verified JWS.", null, 2, null);
                }
                JWSHeader header3 = jwsObject.getHeader();
                Intrinsics.checkNotNullExpressionValue(header3, "jwsObject.header");
                JWSAlgorithm algorithm2 = header3.getAlgorithm();
                if (CollectionsKt.listOf((Object[]) new JWSAlgorithm[]{JWSAlgorithm.PS256, JWSAlgorithm.RS256}).contains(algorithm2)) {
                    return b.RSA;
                }
                if (Intrinsics.areEqual(algorithm2, JWSAlgorithm.ES256)) {
                    return b.EC;
                }
                throw new SDKRuntimeException("Algorithm mismatched", null, 2, null);
            } catch (SDKRuntimeException e) {
                throw e;
            } catch (Exception e2) {
                throw new SDKRuntimeException("Invalid JWS", e2);
            }
        } catch (ParseException e3) {
            throw new SDKRuntimeException("JWS parsing failed", e3);
        }
    }

    public final ECKey a(JWSObject jwsObject) throws SDKRuntimeException {
        try {
            JWSHeader header = jwsObject.getHeader();
            Intrinsics.checkNotNullExpressionValue(header, "jwsObject.header");
            if (header.getJWK() != null) {
                JWSHeader header2 = jwsObject.getHeader();
                Intrinsics.checkNotNullExpressionValue(header2, "jwsObject.header");
                ECKey parse = ECKey.parse(header2.getJWK().toJSONObject());
                Intrinsics.checkNotNullExpressionValue(parse, "ECKey.parse(jwsObject.header.jwk.toJSONObject())");
                return parse;
            }
            JWSHeader header3 = jwsObject.getHeader();
            Intrinsics.checkNotNullExpressionValue(header3, "jwsObject.header");
            Intrinsics.checkNotNullExpressionValue(header3.getX509CertChain(), "jwsObject.header.x509CertChain");
            if (!(!r3.isEmpty())) {
                throw new SDKRuntimeException("Can not parse JWS to EC key.", null, 2, null);
            }
            JWSHeader header4 = jwsObject.getHeader();
            Intrinsics.checkNotNullExpressionValue(header4, "jwsObject.header");
            List x509CertChain = header4.getX509CertChain();
            Intrinsics.checkNotNullExpressionValue(x509CertChain, "jwsObject.header.x509CertChain");
            ECKey parse2 = ECKey.parse(X509CertUtils.parse(((Base64) CollectionsKt.first(x509CertChain)).decode()));
            Intrinsics.checkNotNullExpressionValue(parse2, "ECKey.parse(\n           …      )\n                )");
            return parse2;
        } catch (Exception e) {
            throw new SDKRuntimeException("Can not parse JWS to EC key.", e);
        }
    }

    public final String a(int size) {
        byte[] bArr = new byte[size];
        new SecureRandom().nextBytes(bArr);
        List plus = CollectionsKt.plus((Collection) CollectionsKt.plus((Iterable) new CharRange('a', 'z'), (Iterable) new CharRange('A', Matrix.MATRIX_TYPE_ZERO)), (Iterable) new CharRange('0', '9'));
        IntRange indices = ArraysKt.getIndices(bArr);
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(indices, 10));
        Iterator<Integer> it2 = indices.iterator();
        while (it2.hasNext()) {
            arrayList.add(Character.valueOf(((Character) plus.get((byte) (((byte) (bArr[((IntIterator) it2).nextInt()] & ((byte) 255))) & ((byte) (plus.size() - 1))))).charValue()));
        }
        return CollectionsKt.joinToString$default(arrayList, "", null, null, 0, null, null, 62, null);
    }

    public final KeyPair a() throws SDKRuntimeException {
        try {
            BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
            ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec("P-256");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", bouncyCastleProvider);
            keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Intrinsics.checkNotNullExpressionValue(generateKeyPair, "generator.generateKeyPair()");
            return generateKeyPair;
        } catch (Exception e) {
            throw new SDKRuntimeException("Generate ephemeral key-pair failed.", e);
        }
    }

    public final SecretKey a(ECPublicKey publicKey, ECPrivateKey privateKey, String apv) throws SDKRuntimeException {
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        Intrinsics.checkNotNullParameter(privateKey, "privateKey");
        Intrinsics.checkNotNullParameter(apv, "apv");
        try {
            SecretKey deriveKey = new ConcatKDF("SHA-256").deriveKey(ECDH.deriveSharedSecret(publicKey, privateKey, null), 256, ConcatKDF.encodeStringData(null), ConcatKDF.encodeDataWithLength(Base64URL.from((String) null)), ConcatKDF.encodeDataWithLength(Base64URL.encode(apv)), ConcatKDF.encodeIntData(256), ConcatKDF.encodeNoData());
            Intrinsics.checkNotNullExpressionValue(deriveKey, "concatKDF.deriveKey(\n   …odeNoData()\n            )");
            return deriveKey;
        } catch (Exception e) {
            throw new SDKRuntimeException("Can not generate ECDH secret.", e);
        }
    }
}
