package com.usdk.android;

import android.util.Log;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.impl.ECDH;
import fg.m;
import java.io.ByteArrayInputStream;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import javax.crypto.SecretKey;
import kg.b;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public final class p0 {

    /* renamed from: a, reason: collision with root package name */
    private static final vl.a f23440a = new vl.a();

    /* renamed from: b, reason: collision with root package name */
    private static final u0 f23441b = new u0(j0.class);

    /* renamed from: c, reason: collision with root package name */
    private static final fg.d f23442c = fg.d.f26354j;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class a extends RuntimeException {
        a(String str) {
            super(str);
        }

        a(String str, Throwable th2) {
            super(str, th2);
        }
    }

    private X509Certificate f(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            throw new RuntimeException("Failed to parse certificate!");
        }
        for (Provider provider : Security.getProviders()) {
            try {
                Certificate generateCertificate = CertificateFactory.getInstance("X.509", provider.getName()).generateCertificate(new ByteArrayInputStream(bArr));
                if ((generateCertificate instanceof X509Certificate) && generateCertificate.getPublicKey() != null) {
                    return (X509Certificate) generateCertificate;
                }
            } catch (Exception unused) {
            }
        }
        throw new a("Neither of security providers were able to parse certificate!");
    }

    private SecretKey g(ECPrivateKey eCPrivateKey, ECPublicKey eCPublicKey, String str) {
        jg.o oVar = new jg.o("SHA-256");
        SecretKey secretKey = null;
        for (Provider provider : Security.getProviders()) {
            try {
                secretKey = ECDH.d(eCPublicKey, eCPrivateKey, provider);
            } catch (Exception unused) {
            }
        }
        if (secretKey == null) {
            throw new RuntimeException("Neither of security providers were able to generate ECDHSecret!");
        }
        return oVar.f(secretKey, 256, jg.o.j(null), jg.o.i(null), jg.o.i(hg.c.e(str)), jg.o.h(256), jg.o.g());
    }

    private KeyPair i() {
        Provider[] providers = Security.getProviders();
        int length = providers.length;
        for (int i10 = 0; i10 < length; i10++) {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", providers[i10]);
                keyPairGenerator.initialize(new ECGenParameterSpec("secp256r1"));
                return keyPairGenerator.generateKeyPair();
            } catch (Exception unused) {
            }
        }
        throw new RuntimeException("Neither of security providers were able to generate ephemeral key!");
    }

    private PublicKey k(String str) {
        kg.d a10;
        try {
            a10 = kg.d.a(str);
        } catch (Exception e10) {
            Log.d("MSJWE", "DS Public Key is not in JWK format", e10);
        }
        if (a10 instanceof kg.k) {
            return ((kg.k) a10).p();
        }
        if (a10 instanceof kg.b) {
            return ((kg.b) a10).A();
        }
        byte[] a11 = new hg.a(m(str)).a();
        try {
            return f(a11).getPublicKey();
        } catch (Exception e11) {
            Log.d("MSJWE", "DS Public Key is not in X509 format", e11);
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(a11);
            try {
                return KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec);
            } catch (Exception e12) {
                Log.d("MSJWE", "DS Public Key is not RSA key or is not in PEM format", e12);
                try {
                    return KeyFactory.getInstance("EC").generatePublic(x509EncodedKeySpec);
                } catch (Exception e13) {
                    Log.d("MSJWE", "DS Public Key is not EC key or is not in PEM format", e13);
                    throw new RuntimeException("Can not parse directory server public key");
                }
            }
        }
    }

    private void l() {
        Security.insertProviderAt(f23440a, 1);
    }

    private String m(String str) {
        int indexOf = str.indexOf("-----BEGIN");
        return indexOf == -1 ? str : str.substring(str.indexOf("\n", indexOf), str.indexOf("-----END"));
    }

    private void n() {
        Security.removeProvider("SC");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public f2 a() {
        try {
            l();
            KeyPair i10 = i();
            kg.a aVar = kg.a.f29794d;
            return new f2(new b.a(aVar, (ECPublicKey) i10.getPublic()).b().b().getBytes(), new b.a(aVar, (ECPublicKey) i10.getPublic()).a((ECPrivateKey) i10.getPrivate()).b().b().getBytes());
        } finally {
            n();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String b(String str, String str2, String str3, byte[] bArr, byte[] bArr2) {
        String str4;
        try {
            l();
            PublicKey k10 = k(new String(bArr));
            if (k10 instanceof RSAPublicKey) {
                m.a aVar = new m.a(fg.i.f26373f, f23442c);
                if (s1.i(str3)) {
                    aVar.m(str3);
                }
                JWEObject jWEObject = new JWEObject(aVar.k(), new Payload(str));
                com.nimbusds.jose.crypto.e eVar = new com.nimbusds.jose.crypto.e((RSAPublicKey) k10);
                ((gg.c) eVar.e()).d(f23440a);
                jWEObject.g(eVar);
                str4 = jWEObject.o();
            } else if (k10 instanceof ECPublicKey) {
                kg.b bVar = (kg.b) kg.d.a(new String(bArr2));
                m.a o10 = new m.a(fg.i.f26378k, f23442c).o(bVar.C());
                if (s1.i(str3)) {
                    o10.m(str3);
                }
                JWEObject jWEObject2 = new JWEObject(o10.k(), new Payload(str));
                w1 w1Var = new w1(bVar, (ECPublicKey) k10, str2);
                w1Var.e().d(f23440a);
                jWEObject2.g(w1Var);
                str4 = jWEObject2.o();
            } else {
                str4 = null;
            }
            return str4;
        } finally {
            n();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String c(String str, byte[] bArr) {
        fg.q dVar;
        f23441b.a("Entered verifySignature, acsSignedContentStr: '" + str + "', dsCaCertificatePem: '" + new String(bArr) + "'");
        try {
            try {
                l();
                JWSObject h10 = JWSObject.h(str);
                if (h10.i().g() == null || h10.i().g().size() < 1) {
                    throw new a("No x5c certificates found in AcsSignedContent");
                }
                X509Certificate f10 = f(new hg.a(m(new String(bArr))).a());
                ArrayList arrayList = new ArrayList();
                for (int i10 = 0; i10 < h10.i().g().size(); i10++) {
                    arrayList.add(f(((hg.a) h10.i().g().get(i10)).a()));
                }
                if (!arrayList.contains(f10)) {
                    arrayList.add(f10);
                }
                int i11 = 0;
                while (i11 < arrayList.size() - 1) {
                    X509Certificate x509Certificate = (X509Certificate) arrayList.get(i11);
                    i11++;
                    x509Certificate.verify(((X509Certificate) arrayList.get(i11)).getPublicKey());
                }
                PublicKey publicKey = ((X509Certificate) arrayList.get(0)).getPublicKey();
                if (publicKey instanceof RSAPublicKey) {
                    dVar = new com.nimbusds.jose.crypto.f((RSAPublicKey) publicKey);
                } else {
                    if (!(publicKey instanceof ECPublicKey)) {
                        throw new IllegalArgumentException("Public key not supported, only RSAPublicKey and ECPublicKey allowed!");
                    }
                    dVar = new com.nimbusds.jose.crypto.d((ECPublicKey) publicKey);
                }
                if (!h10.g(dVar)) {
                    throw new a("Failed to verify JWS");
                }
                Log.e("MSJWE", "Signature verified! Payload:" + h10.a().toString());
                return h10.a().toString();
            } catch (Exception e10) {
                Log.e("MSJWE", "Failed to parse/verify the signature", e10);
                throw new a("Failed to parse/verify the signature", e10);
            }
        } finally {
            n();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String d(byte[] bArr, byte[] bArr2, byte[] bArr3, String str) {
        try {
            l();
            SecretKey g10 = g(((kg.b) kg.d.a(new String(bArr3))).B(), ((kg.b) kg.d.a(new String(bArr2))).A(), str);
            byte[] c10 = hg.e.c(g10.getEncoded(), g10.getEncoded().length / 2, g10.getEncoded().length / 2);
            JWEObject h10 = JWEObject.h(new String(bArr));
            com.nimbusds.jose.crypto.a aVar = new com.nimbusds.jose.crypto.a(c10);
            aVar.e().b(f23440a);
            h10.f(aVar);
            return h10.a().toString();
        } finally {
            n();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String e(byte[] bArr, byte[] bArr2, byte[] bArr3, String str, String str2) {
        try {
            l();
            SecretKey g10 = g(((kg.b) kg.d.a(new String(bArr3))).B(), ((kg.b) kg.d.a(new String(bArr2))).A(), str2);
            byte[] c10 = hg.e.c(g10.getEncoded(), 0, g10.getEncoded().length / 2);
            JWEObject jWEObject = new JWEObject(new m.a(fg.i.f26377j, f23442c).m(str).k(), new Payload(bArr));
            com.nimbusds.jose.crypto.b bVar = new com.nimbusds.jose.crypto.b(c10);
            bVar.e().d(f23440a);
            jWEObject.g(bVar);
            return jWEObject.o();
        } finally {
            n();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void h(String str) {
        try {
            f(new hg.a(m(str)).a());
        } catch (Exception unused) {
            throw new ll.a("X509 Certificate could not be parsed: " + str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void j(String str) {
        try {
            k(str);
        } catch (Exception unused) {
            throw new ll.a("JWK public key could not be parsed: " + str);
        }
    }
}
