package com.connection.jauthentication.crypt;

import atws.shared.ui.component.RangeSeekBar;
import com.connection.auth2.m0;
import com.connection.connect.f;
import com.connection.ssl.SslCertificateValidity;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.TimeZone;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import n8.h;
import n8.l;
import utils.v;

/* loaded from: classes2.dex */
public class CipherAlgorithm implements d {

    /* renamed from: m, reason: collision with root package name */
    public static final BigInteger f12302m = new BigInteger("167609434410335061345139523764350090260135525329813904557420930309800865859473551531551523800013916573891864789934747039010546328480848979516637673776605610374669426214776197828492691384519453218253702788022233205683635831626913357154941914129985489522629902540768368409482248290641036967659389658897350067939");

    /* renamed from: n, reason: collision with root package name */
    public static final BigInteger f12303n = new BigInteger("2");

    /* renamed from: a, reason: collision with root package name */
    public final BigInteger f12304a = e();

    /* renamed from: b, reason: collision with root package name */
    public final BigInteger f12305b;

    /* renamed from: c, reason: collision with root package name */
    public final BigInteger f12306c;

    /* renamed from: d, reason: collision with root package name */
    public byte[] f12307d;

    /* renamed from: e, reason: collision with root package name */
    public byte[] f12308e;

    /* renamed from: f, reason: collision with root package name */
    public byte[] f12309f;

    /* renamed from: g, reason: collision with root package name */
    public byte[] f12310g;

    /* renamed from: h, reason: collision with root package name */
    public byte[] f12311h;

    /* renamed from: i, reason: collision with root package name */
    public byte[] f12312i;

    /* renamed from: j, reason: collision with root package name */
    public c f12313j;

    /* renamed from: k, reason: collision with root package name */
    public final f f12314k;

    /* renamed from: l, reason: collision with root package name */
    public final h f12315l;

    /* loaded from: classes2.dex */
    public enum CertificateType {
        PROD { // from class: com.connection.jauthentication.crypt.CipherAlgorithm.CertificateType.1
            @Override // com.connection.jauthentication.crypt.CipherAlgorithm.CertificateType
            public String certificateName() {
                return "CN=prod.ckg.ibllc.com,";
            }

            @Override // com.connection.jauthentication.crypt.CipherAlgorithm.CertificateType
            public String displayName() {
                return "PROD";
            }

            @Override // com.connection.jauthentication.crypt.CipherAlgorithm.CertificateType
            public String subjectName() {
                return "CN=tws.ibllc.com,";
            }
        },
        TEST { // from class: com.connection.jauthentication.crypt.CipherAlgorithm.CertificateType.2
            @Override // com.connection.jauthentication.crypt.CipherAlgorithm.CertificateType
            public String certificateName() {
                return "CN=test.ckg.ibllc.com,";
            }

            @Override // com.connection.jauthentication.crypt.CipherAlgorithm.CertificateType
            public String displayName() {
                return "TEST";
            }

            @Override // com.connection.jauthentication.crypt.CipherAlgorithm.CertificateType
            public String subjectName() {
                return "CN=tws.ibllc.com,";
            }
        };

        /* synthetic */ CertificateType(a aVar) {
            this();
        }

        public abstract String certificateName();

        public abstract String displayName();

        public abstract String subjectName();
    }

    /* loaded from: classes2.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f12316a;

        static {
            int[] iArr = new int[SslCertificateValidity.values().length];
            f12316a = iArr;
            try {
                iArr[SslCertificateValidity.NOT_YET_VALID.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f12316a[SslCertificateValidity.EXPIRED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    public CipherAlgorithm(f fVar, h hVar) {
        this.f12314k = fVar;
        this.f12315l = hVar;
        BigInteger bigInteger = new BigInteger(256, m0.f12097a);
        this.f12305b = bigInteger;
        this.f12306c = f12303n.modPow(bigInteger, f12302m);
    }

    public static boolean d(MessageDigest messageDigest, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) {
        if (messageDigest != null) {
            try {
                if (!n8.d.r(bArr5)) {
                    int digestLength = messageDigest.getDigestLength();
                    int length = bArr5.length;
                    Mac k10 = k(messageDigest, bArr);
                    k(messageDigest, bArr);
                    k10.update(bArr2);
                    k10.update(bArr3);
                    k10.update(bArr4);
                    byte[] doFinal = k10.doFinal();
                    int length2 = doFinal.length;
                    int i10 = 0;
                    while (true) {
                        Mac k11 = k(messageDigest, bArr);
                        k11.update(doFinal, 0, length2);
                        Mac k12 = k(messageDigest, bArr);
                        k12.update(doFinal, 0, length2);
                        k11.update(bArr2);
                        k11.update(bArr3);
                        k11.update(bArr4);
                        if (length <= digestLength) {
                            byte[] doFinal2 = k11.doFinal();
                            int length3 = doFinal2.length;
                            System.arraycopy(doFinal2, 0, bArr5, i10, length);
                            return true;
                        }
                        byte[] doFinal3 = k11.doFinal();
                        int length4 = doFinal3.length;
                        System.arraycopy(doFinal3, 0, bArr5, i10, length4);
                        i10 += length4;
                        length -= length4;
                        doFinal = k12.doFinal();
                        length2 = doFinal.length;
                    }
                }
            } catch (Exception unused) {
            }
        }
        return false;
    }

    public static BigInteger e() {
        byte[] bArr = new byte[32];
        int currentTimeMillis = (int) (System.currentTimeMillis() / 1000);
        int i10 = 24;
        int i11 = 0;
        while (i11 < 4) {
            bArr[i11] = (byte) ((currentTimeMillis >> i10) & RangeSeekBar.INVALID_POINTER_ID);
            i11++;
            i10 -= 8;
        }
        System.arraycopy(n8.d.D(m0.e(new BigInteger(224, m0.f12097a).toByteArray()), 28), 0, bArr, 4, 28);
        return new BigInteger(bArr);
    }

    public static String i(Date date) {
        SimpleDateFormat c10 = v.c();
        Calendar calendar = Calendar.getInstance();
        TimeZone timeZone = TimeZone.getTimeZone("Europe/London");
        calendar.setTimeZone(timeZone);
        calendar.setTime(date);
        return c10.format(calendar.getTime()) + "(" + timeZone.getID() + ")";
    }

    public static Mac k(MessageDigest messageDigest, byte[] bArr) {
        Mac mac;
        if ("MD5".equals(messageDigest.getAlgorithm())) {
            mac = Mac.getInstance("HMACMD5");
        } else {
            if (!"SHA1".equals(messageDigest.getAlgorithm())) {
                throw new Exception("Unexected digest algorithm:" + messageDigest.getAlgorithm());
            }
            mac = Mac.getInstance("HMACSHA1");
        }
        mac.init(new SecretKeySpec(bArr, mac.getAlgorithm()));
        return mac;
    }

    public static boolean n(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) {
        MessageDigest[] messageDigestArr = new MessageDigest[2];
        try {
            messageDigestArr[0] = MessageDigest.getInstance("MD5");
            messageDigestArr[1] = MessageDigest.getInstance("SHA1");
            int length = bArr.length / 2;
            byte[] bArr6 = new byte[bArr5.length];
            for (int i10 = 0; i10 < 2; i10++) {
                int length2 = (bArr.length & 1) + length;
                byte[] bArr7 = new byte[length2];
                System.arraycopy(bArr, i10 * length, bArr7, 0, length2);
                if (!d(messageDigestArr[i10], bArr7, bArr2, bArr3, bArr4, bArr6)) {
                    return false;
                }
                for (int i11 = 0; i11 < bArr5.length; i11++) {
                    bArr5[i11] = (byte) (bArr5[i11] ^ bArr6[i11]);
                }
            }
            return true;
        } catch (NoSuchAlgorithmException unused) {
            return false;
        }
    }

    public static String p(List<X509Certificate> list, CertificateType certificateType) {
        X509Certificate x509Certificate = list.get(0);
        String name = x509Certificate.getIssuerDN().getName();
        String certificateName = certificateType.certificateName();
        if (!name.startsWith(certificateName)) {
            return String.format("the first cert '%s' is NOT %s cert", name, certificateType.displayName());
        }
        CertificateType certificateType2 = CertificateType.TEST;
        if (certificateType == certificateType2) {
            String name2 = x509Certificate.getSubjectDN().getName();
            String subjectName = certificateType.subjectName();
            if (name2 != null && subjectName != null && !name2.startsWith(subjectName)) {
                return String.format("the first '%s' cert(Subj DN)='%s' is invalid ", certificateType.displayName(), name2);
            }
        }
        String name3 = list.get(1).getSubjectDN().getName();
        if (name3.startsWith(certificateName)) {
            return null;
        }
        return name3.startsWith(certificateType == certificateType2 ? CertificateType.PROD.certificateName() : certificateType2.certificateName()) ? String.format("the second cert '%s' is invalid (NOT %s): test and production mixed", name3, certificateType.displayName()) : String.format("the second cert '%s' is invalid (NOT %s)", name3, certificateType.displayName());
    }

    @Override // com.connection.jauthentication.crypt.d
    public BigInteger a() {
        return this.f12306c;
    }

    @Override // com.connection.jauthentication.crypt.d
    public BigInteger b() {
        return this.f12304a;
    }

    @Override // com.connection.jauthentication.crypt.d
    public c c(String str) {
        this.f12313j = c.f12326b;
        try {
            c j10 = j(str);
            this.f12313j = j10;
            if (j10.c()) {
                this.f12315l.log("CipherContext initialization successed.");
            } else {
                this.f12315l.log("CipherContext initialization failed.");
            }
            return this.f12313j;
        } catch (Throwable th) {
            if (this.f12313j.c()) {
                this.f12315l.log("CipherContext initialization successed.");
            } else {
                this.f12315l.log("CipherContext initialization failed.");
            }
            throw th;
        }
    }

    public final boolean f(byte[] bArr) {
        return n(this.f12311h, "key expansion".getBytes(), n8.d.D(m0.e(this.f12304a.toByteArray()), 32), n8.d.D(this.f12307d, 32), bArr);
    }

    public final boolean g(byte[] bArr) {
        return n(this.f12310g, "master secret".getBytes(), n8.d.D(m0.e(this.f12304a.toByteArray()), 32), n8.d.D(this.f12307d, 32), bArr);
    }

    public final boolean h() {
        this.f12310g = m0.e(new BigInteger(l.b(this.f12308e), 16).modPow(this.f12305b, f12302m).toByteArray());
        return true;
    }

    public final c j(String str) {
        try {
            StringTokenizer stringTokenizer = new StringTokenizer(str, m8.f.f18715d);
            this.f12307d = n8.d.d(stringTokenizer.nextToken());
            this.f12308e = n8.d.d(stringTokenizer.nextToken());
            this.f12309f = n8.d.d(stringTokenizer.nextToken());
            int parseInt = Integer.parseInt(stringTokenizer.nextToken());
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ArrayList arrayList = new ArrayList(parseInt);
            for (int i10 = 0; i10 < parseInt; i10++) {
                arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(n8.d.d(stringTokenizer.nextToken()))));
            }
            c o10 = o(arrayList);
            if (!o10.c()) {
                return o10;
            }
            if (!h()) {
                this.f12315l.warning("CipherContext error while initialization from msg: generatePreMasterSecret");
                return c.f12327c;
            }
            byte[] bArr = new byte[48];
            this.f12311h = bArr;
            if (!g(bArr)) {
                this.f12315l.warning("CipherContext error while initialization from msg: generateMasterSecret");
                return c.f12327c;
            }
            byte[] bArr2 = new byte[104];
            this.f12312i = bArr2;
            if (f(bArr2)) {
                return c.f12325a;
            }
            this.f12315l.warning("CipherContext error while initialization from msg: generateKeyBlock");
            return c.f12327c;
        } catch (Exception e10) {
            this.f12315l.err("CipherContext error while initialization from msg: " + e10.getMessage());
            return c.f12327c;
        }
    }

    public boolean l() {
        return this.f12312i != null && this.f12313j.c();
    }

    public byte[] m() {
        return this.f12312i;
    }

    public final c o(List<X509Certificate> list) {
        int size = list.size();
        if (size == 0) {
            return c.f12327c;
        }
        for (int i10 = 0; i10 < size; i10++) {
            X509Certificate x509Certificate = list.get(i10);
            this.f12315l.log("cert #" + i10 + " subject:" + x509Certificate.getSubjectX500Principal().getName() + "\tissuer:" + x509Certificate.getIssuerX500Principal().getName() + "\tnotBefore:" + i(x509Certificate.getNotBefore()) + "\tnotAfter:" + i(x509Certificate.getNotAfter()));
        }
        try {
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initVerify(list.get(0).getPublicKey());
            signature.verify(this.f12309f);
            if (size < 3) {
                this.f12315l.warning("Error: too short cert chain");
                return c.f12327c;
            }
            SslCertificateValidity evaluateValidity = SslCertificateValidity.evaluateValidity(list.get(0));
            this.f12315l.log("Current time is: " + i(new Date()));
            if (evaluateValidity != SslCertificateValidity.OK) {
                int i11 = a.f12316a[evaluateValidity.ordinal()];
                if (i11 == 1) {
                    this.f12315l.warning("Error: first cert is not yet valid");
                } else if (i11 == 2) {
                    this.f12315l.warning("Error: first cert is expired");
                }
                return c.b(evaluateValidity);
            }
            StringBuilder sb2 = new StringBuilder();
            if (this.f12314k.d()) {
                this.f12315l.log("CipherAlgorithm.validateCerts: expects connect to QA-conman:" + this.f12314k.c(), true);
                String p10 = p(list, CertificateType.TEST);
                if (p10 != null) {
                    sb2.append(p10);
                }
            } else {
                String p11 = p(list, CertificateType.PROD);
                if (p11 != null) {
                    sb2.append(p11);
                    String p12 = p(list, CertificateType.TEST);
                    if (p12 != null) {
                        if (sb2.length() > 0) {
                            sb2.append(";");
                        }
                        sb2.append(p12);
                    } else {
                        sb2.setLength(0);
                    }
                }
            }
            if (sb2.length() > 0) {
                this.f12315l.warning("Error: " + ((Object) sb2));
                return c.f12327c;
            }
            try {
                list.get(0).verify(list.get(1).getPublicKey());
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    List<X509Certificate> subList = list.subList(1, size);
                    ArrayList arrayList = new ArrayList();
                    for (int size2 = subList.size() - 2; size2 >= 0; size2--) {
                        arrayList.add(subList.get(size2));
                    }
                    CertPath generateCertPath = certificateFactory.generateCertPath(arrayList);
                    PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(list.get(size - 1), null)));
                    pKIXParameters.setRevocationEnabled(false);
                    CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
                    return c.f12325a;
                } catch (Exception e10) {
                    this.f12315l.warning("Error: chain verification failed: " + e10.getMessage());
                    return c.f12327c;
                }
            } catch (Exception e11) {
                this.f12315l.warning("Error: first was not signed with second: " + e11.getMessage());
                return c.f12327c;
            }
        } catch (Exception e12) {
            this.f12315l.warning("signature verification failed: " + e12.getMessage());
            return c.f12327c;
        }
    }
}
