package com.wibmo.threeds2.sdk.util.crypto;

import android.app.Activity;
import android.content.Context;
import androidx.appcompat.app.AppCompatActivity;
import ch.qos.logback.core.net.ssl.SSL;
import com.google.gson.JsonParseException;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.DirectEncrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.ByteUtils;
import com.nimbusds.jose.util.IntegerUtils;
import com.nimbusds.jose.util.X509CertUtils;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.wibmo.threeds2.sdk.R$raw;
import com.wibmo.threeds2.sdk.cfg.ConfigParameters;
import com.wibmo.threeds2.sdk.pojo.CReq;
import com.wibmo.threeds2.sdk.util.JsonHelper;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.List;
import java.util.Objects;
import java.util.TimeZone;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jwk.EllipticCurveJsonWebKey;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwx.Headers;
import org.jose4j.keys.AesKey;
import org.jose4j.lang.StringUtil;
import org.json.JSONObject;

/* loaded from: classes4.dex */
public abstract class b {

    /* renamed from: a, reason: collision with root package name */
    public static final MessageDigest f10710a;
    public static PublicKey b;

    static {
        try {
            f10710a = MessageDigest.getInstance("sha256");
        } catch (Exception e) {
            e.toString();
        }
        "0123456789ABCDEF".toCharArray();
    }

    public static String a(Context context, ConfigParameters configParameters, String str, PublicKey publicKey, String str2) {
        publicKey.getAlgorithm();
        Activity activity = (Activity) context;
        com.wibmo.threeds2.sdk.util.c.a(activity, configParameters, "ECDH_check", "publicKey_getAlgorithm : " + publicKey.getAlgorithm());
        if (EllipticCurveJsonWebKey.KEY_TYPE.equals(publicKey.getAlgorithm())) {
            com.wibmo.threeds2.sdk.util.c.a(activity, configParameters, "ECDH_check", "publicKey_getAlgorithm_Under_EC_Condition : " + publicKey.getAlgorithm());
            try {
                JWTClaimsSet.parse(str);
                KeyPair d = d();
                SecretKeySpec f = f((ECPublicKey) publicKey, (ECPrivateKey) d.getPrivate(), str2);
                ECKey a2 = new ECKey.Builder(Curve.P_256, (ECPublicKey) d.getPublic()).a();
                JWEHeader.Builder builder = new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A128CBC_HS256);
                builder.m = ECKey.parse(a2.toJSONString());
                JWEObject jWEObject = new JWEObject(builder.a(), new Payload(str));
                jWEObject.encrypt(new DirectEncrypter(f));
                return jWEObject.serialize();
            } catch (Exception e) {
                e.toString();
                throw new RuntimeException("JWE encryption failed.", e);
            }
        }
        com.wibmo.threeds2.sdk.util.c.a(activity, configParameters, "ECDH_check", "publicKey_getAlgorithm_Under_RSA_Condition : " + publicKey.getAlgorithm());
        try {
            JWTClaimsSet parse = JWTClaimsSet.parse(str);
            JWEHeader.Builder builder2 = new JWEHeader.Builder(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A128GCM);
            if (str2.equalsIgnoreCase("A000000004")) {
                builder2.l = "7c4debe3f4af7f9d1569a2ffea4343c2566826ee";
            }
            EncryptedJWT encryptedJWT = new EncryptedJWT(builder2.a(), parse);
            encryptedJWT.encrypt(new RSAEncrypter((RSAPublicKey) publicKey));
            return encryptedJWT.serialize();
        } catch (Exception e2) {
            try {
                e2.toString();
                throw new RuntimeException("JWE encryption failed.", e2);
            } catch (Exception e3) {
                e3.toString();
                throw new RuntimeException("JWE encryption failed.", e3);
            }
        }
    }

    public static String b(CReq cReq, SecretKey secretKey, Activity activity, ConfigParameters configParameters) {
        try {
            String l = JsonHelper.f10705a.l(cReq);
            com.wibmo.threeds2.sdk.util.c.a(activity, configParameters, "challenge_api_request", "CReqDetails: " + l);
            Objects.toString(secretKey);
            JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
            Headers headers = jsonWebEncryption.b;
            jsonWebEncryption.i(secretKey);
            headers.b(cReq.getAcsTransID(), JsonWebKey.KEY_ID_PARAMETER);
            headers.b("dir", JsonWebKey.ALGORITHM_PARAMETER);
            SecureRandom secureRandom = SecureRandom.getInstance(SSL.DEFAULT_SECURE_RANDOM_ALGORITHM);
            headers.b("A128CBC-HS256", "enc");
            jsonWebEncryption.o = secureRandom.generateSeed(16);
            jsonWebEncryption.m = StringUtil.a(l, jsonWebEncryption.l);
            String j = jsonWebEncryption.j();
            try {
                new String(com.wibmo.threeds2.sdk.util.b.b(f10710a.digest(j.getBytes("utf-8"))));
            } catch (Exception e) {
                e.toString();
            }
            return j;
        } catch (Exception e2) {
            e2.toString();
            throw new RuntimeException("JWE encryption failed.", e2);
        }
    }

    public static String c(String str, SecretKey secretKey, Activity activity, ConfigParameters configParameters) {
        try {
            Objects.toString(secretKey);
            try {
                new String(com.wibmo.threeds2.sdk.util.b.b(f10710a.digest(str.getBytes("utf-8"))));
            } catch (Exception e) {
                e.toString();
            }
            JWEObject parse = JWEObject.parse(str);
            JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
            EncryptionMethod encryptionMethod = parse.getHeader().getEncryptionMethod();
            Objects.toString(encryptionMethod);
            if (encryptionMethod == EncryptionMethod.A128GCM) {
                byte[] encoded = secretKey.getEncoded();
                jsonWebEncryption.i(new AesKey(Arrays.copyOfRange(encoded, encoded.length - 16, encoded.length)));
            } else {
                jsonWebEncryption.i(secretKey);
            }
            AlgorithmConstraints.ConstraintType constraintType = AlgorithmConstraints.ConstraintType.WHITELIST;
            jsonWebEncryption.g = new AlgorithmConstraints(constraintType, "dir");
            jsonWebEncryption.r = new AlgorithmConstraints(constraintType, "A128CBC-HS256", "A128GCM");
            jsonWebEncryption.f(str);
            String m = jsonWebEncryption.m();
            com.wibmo.threeds2.sdk.util.c.a(activity, configParameters, "challenge_api_response", "CResDetails: " + m);
            if (str.equalsIgnoreCase(jsonWebEncryption.j())) {
                return m;
            }
            throw new JsonParseException("JWE encryption failed.");
        } catch (Exception e2) {
            e2.toString();
            throw new JsonParseException("JWE encryption failed.", e2);
        }
    }

    public static KeyPair d() {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec("P-256");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDH", bouncyCastleProvider);
        keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static PublicKey e(Context context, ConfigParameters configParameters, String str) {
        String[] split = str.split("\\.");
        String str2 = split[0];
        if (split[1].equalsIgnoreCase(RsaJsonWebKey.KEY_TYPE)) {
            Activity activity = (Activity) context;
            com.wibmo.threeds2.sdk.util.c.a(activity, configParameters, "ECDH_check", "pubKey_Under_RSA_Condition");
            b = KeyFactory.getInstance(RsaJsonWebKey.KEY_TYPE).generatePublic(new X509EncodedKeySpec(com.wibmo.threeds2.sdk.util.b.a(str2.toCharArray())));
            com.wibmo.threeds2.sdk.util.c.a(activity, configParameters, "ECDH_check", "merchantPublicKey_getAlgorithm_Under_RSA_Condition : " + b.getAlgorithm());
        } else {
            Activity activity2 = (Activity) context;
            com.wibmo.threeds2.sdk.util.c.a(activity2, configParameters, "ECDH_check", "pubKey_Under_EC_Condition");
            b = KeyFactory.getInstance(EllipticCurveJsonWebKey.KEY_TYPE).generatePublic(new X509EncodedKeySpec(com.wibmo.threeds2.sdk.util.b.a(str2.toCharArray())));
            com.wibmo.threeds2.sdk.util.c.a(activity2, configParameters, "ECDH_check", "merchantPublicKey_getAlgorithm_Under_EC_Condition : " + b.getAlgorithm());
        }
        return b;
    }

    public static SecretKeySpec f(ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey, String str) {
        try {
            return new a("SHA-256").a(c.a(eCPublicKey, eCPrivateKey), ByteUtils.a(IntegerUtils.a(0), new byte[0]), a.b(null), a.b(Base64URL.encode(str)), IntegerUtils.a(256), new byte[0]);
        } catch (Exception unused) {
            throw new RuntimeException();
        }
    }

    public static boolean g(AppCompatActivity appCompatActivity, String str) {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(appCompatActivity.getResources().openRawResource(R$raw.wibmo_staging_sdk_license));
        PublicKey publicKey = x509Certificate.getPublicKey();
        JWSObject parse = JWSObject.parse(str);
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.b.b("PS256", JsonWebKey.ALGORITHM_PARAMETER);
        jsonWebSignature.g = new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, "PS256", "ES256");
        jsonWebSignature.f(str);
        jsonWebSignature.i(publicKey);
        boolean k = jsonWebSignature.k();
        String j = jsonWebSignature.j();
        if (!h(x509Certificate, parse.getHeader().getX509CertChain()) || !k) {
            return false;
        }
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd");
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        simpleDateFormat.parse(simpleDateFormat.format(Calendar.getInstance().getTime()));
        JSONObject jSONObject = new JSONObject(j);
        new SimpleDateFormat("yyyy-MM-dd").setTimeZone(TimeZone.getTimeZone("UTC"));
        return jSONObject.getString("issuer").equals("www.wibmo.com");
    }

    public static boolean h(X509Certificate x509Certificate, List list) {
        ArrayList arrayList = new ArrayList(list.size());
        for (int i = 0; i < list.size(); i++) {
            X509Certificate a2 = X509CertUtils.a(((Base64) list.get(i)).decode());
            arrayList.add(a2);
            a2.checkValidity();
        }
        for (int i2 = 0; i2 < arrayList.size(); i2++) {
            if (i2 < arrayList.size() - 1) {
                ((X509Certificate) arrayList.get(i2)).verify(((X509Certificate) arrayList.get(i2 + 1)).getPublicKey());
            }
        }
        return com.wibmo.threeds2.sdk.util.location.a.a(0, x509Certificate.getSignature()).equals(com.wibmo.threeds2.sdk.util.location.a.a(0, ((X509Certificate) arrayList.get(0)).getSignature()));
    }
}
