package com.booking.identity.session.internal;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.booking.hotelmanager.InjectKt$$ExternalSyntheticLambda1;
import com.booking.hotelmanager.InjectKt$$ExternalSyntheticLambda4;
import com.booking.identity.squeak.SqueaksKt;
import com.google.protobuf.MapFieldSchemaLite$$ExternalSyntheticOutline0;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.UUID;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.Unit;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import org.json.JSONObject;

/* loaded from: classes.dex */
public final class DPoPEncryptor {
    public static final /* synthetic */ int $r8$clinit = 0;
    public final JWK jwk;
    public final KeyPair keyPair;

    /* loaded from: classes.dex */
    public static final class Builder {
        public final String alias;
        public final Function2 errorListener;
        public final String provider;

        public Builder() {
            this(null, null, null, 7, null);
        }

        public Builder(String provider, String alias, Function2<? super String, ? super Throwable, Unit> errorListener) {
            Intrinsics.checkNotNullParameter(provider, "provider");
            Intrinsics.checkNotNullParameter(alias, "alias");
            Intrinsics.checkNotNullParameter(errorListener, "errorListener");
            this.provider = provider;
            this.alias = alias;
            this.errorListener = errorListener;
        }

        public /* synthetic */ Builder(String str, String str2, Function2 function2, int i, DefaultConstructorMarker defaultConstructorMarker) {
            this((i & 1) != 0 ? "AndroidKeyStore" : str, (i & 2) != 0 ? "DPoPKey" : str2, (i & 4) != 0 ? new InjectKt$$ExternalSyntheticLambda4(5) : function2);
        }

        public final DPoPEncryptor createEncryptor(KeyPair keyPair) {
            Object createFailure;
            try {
                int i = Result.$r8$clinit;
                createFailure = new DPoPEncryptor(keyPair);
            } catch (Throwable th) {
                int i2 = Result.$r8$clinit;
                createFailure = ResultKt.createFailure(th);
            }
            Throwable m1052exceptionOrNullimpl = Result.m1052exceptionOrNullimpl(createFailure);
            if (m1052exceptionOrNullimpl != null) {
                MapFieldSchemaLite$$ExternalSyntheticOutline0.m("dpop_encryptor_create_encryptor_error", m1052exceptionOrNullimpl);
                this.errorListener.invoke("Identity Encryptor can not be created", m1052exceptionOrNullimpl);
            }
            if (createFailure instanceof Result.Failure) {
                createFailure = null;
            }
            return (DPoPEncryptor) createFailure;
        }

        public final DPoPEncryptor doBuild() {
            Object obj;
            Object createFailure;
            KeyPair recreateKeyPair;
            String str = this.alias;
            try {
                int i = Result.$r8$clinit;
                KeyStore keyStore = KeyStore.getInstance(this.provider);
                keyStore.load(null, null);
                boolean containsAlias = keyStore.containsAlias(str);
                obj = keyStore;
                if (!containsAlias) {
                    generateKeyPair();
                    obj = keyStore;
                }
            } catch (Throwable th) {
                int i2 = Result.$r8$clinit;
                obj = ResultKt.createFailure(th);
            }
            Throwable m1052exceptionOrNullimpl = Result.m1052exceptionOrNullimpl(obj);
            Function2 function2 = this.errorListener;
            if (m1052exceptionOrNullimpl != null) {
                SqueaksKt.idpWarning("dpop_encryptor_load_keystore_error", m1052exceptionOrNullimpl, new InjectKt$$ExternalSyntheticLambda1(18));
                function2.invoke("Error while loading key store", m1052exceptionOrNullimpl);
            }
            boolean z = obj instanceof Result.Failure;
            Object obj2 = obj;
            if (z) {
                obj2 = null;
            }
            KeyStore keyStore2 = (KeyStore) obj2;
            if (keyStore2 == null) {
                return null;
            }
            try {
                PublicKey publicKey = keyStore2.getCertificate(str).getPublicKey();
                Key key = keyStore2.getKey(str, null);
                Intrinsics.checkNotNull(key, "null cannot be cast to non-null type java.security.PrivateKey");
                createFailure = new KeyPair(publicKey, (PrivateKey) key);
            } catch (Throwable th2) {
                int i3 = Result.$r8$clinit;
                createFailure = ResultKt.createFailure(th2);
            }
            Throwable m1052exceptionOrNullimpl2 = Result.m1052exceptionOrNullimpl(createFailure);
            if (m1052exceptionOrNullimpl2 != null) {
                SqueaksKt.idpEvent("dpop_encryptor_load_public_key_error", m1052exceptionOrNullimpl2, new InjectKt$$ExternalSyntheticLambda1(20));
                function2.invoke("Error while loading public key", m1052exceptionOrNullimpl2);
            }
            if (Result.m1052exceptionOrNullimpl(createFailure) != null) {
                createFailure = recreateKeyPair(keyStore2);
            }
            KeyPair keyPair = (KeyPair) createFailure;
            if (keyPair == null) {
                return null;
            }
            DPoPEncryptor createEncryptor = createEncryptor(keyPair);
            if ((createEncryptor == null || !verifyEncryptor(createEncryptor)) && ((recreateKeyPair = recreateKeyPair(keyStore2)) == null || (createEncryptor = createEncryptor(recreateKeyPair)) == null || !verifyEncryptor(createEncryptor))) {
                return null;
            }
            return createEncryptor;
        }

        public final KeyPair generateKeyPair() {
            Object createFailure;
            long nanoTime = System.nanoTime();
            try {
                int i = Result.$r8$clinit;
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", this.provider);
                keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(this.alias, 4).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests("SHA-256").setUserAuthenticationRequired(false).build());
                createFailure = keyPairGenerator.generateKeyPair();
                SqueaksKt.idpTimeKpi$default(nanoTime, "dpop_encryptor_key_pair_generation_success");
            } catch (Throwable th) {
                int i2 = Result.$r8$clinit;
                createFailure = ResultKt.createFailure(th);
            }
            Throwable m1052exceptionOrNullimpl = Result.m1052exceptionOrNullimpl(createFailure);
            if (m1052exceptionOrNullimpl != null) {
                SqueaksKt.idpWarning("dpop_encryptor_key_pair_generation_error", m1052exceptionOrNullimpl, new InjectKt$$ExternalSyntheticLambda1(18));
                SqueaksKt.idpTimeKpi$default(nanoTime, "dpop_encryptor_key_pair_generation_error");
                this.errorListener.invoke("Error while generating key pair", m1052exceptionOrNullimpl);
            }
            if (createFailure instanceof Result.Failure) {
                createFailure = null;
            }
            return (KeyPair) createFailure;
        }

        public final KeyPair recreateKeyPair(KeyStore keyStore) {
            Object createFailure;
            String str = this.alias;
            try {
                int i = Result.$r8$clinit;
                if (keyStore.containsAlias(str)) {
                    keyStore.deleteEntry(str);
                }
                createFailure = generateKeyPair();
            } catch (Throwable th) {
                int i2 = Result.$r8$clinit;
                createFailure = ResultKt.createFailure(th);
            }
            Throwable m1052exceptionOrNullimpl = Result.m1052exceptionOrNullimpl(createFailure);
            if (m1052exceptionOrNullimpl != null) {
                MapFieldSchemaLite$$ExternalSyntheticOutline0.m("dpop_encryptor_key_pair_recreate_error", m1052exceptionOrNullimpl);
                this.errorListener.invoke("KeyPair can't be recreated", m1052exceptionOrNullimpl);
            }
            if (createFailure instanceof Result.Failure) {
                createFailure = null;
            }
            return (KeyPair) createFailure;
        }

        public final boolean verifyEncryptor(DPoPEncryptor dPoPEncryptor) {
            Object createFailure;
            try {
                int i = Result.$r8$clinit;
                int i2 = DPoPEncryptor.$r8$clinit;
                createFailure = Boolean.valueOf(dPoPEncryptor.getDPoP(0L, "GET", "https://account.booking.com/settings/user-data", null).length() > 0);
            } catch (Throwable th) {
                int i3 = Result.$r8$clinit;
                createFailure = ResultKt.createFailure(th);
            }
            Throwable m1052exceptionOrNullimpl = Result.m1052exceptionOrNullimpl(createFailure);
            if (m1052exceptionOrNullimpl != null) {
                MapFieldSchemaLite$$ExternalSyntheticOutline0.m("dpop_encryptor_verify_encryptor_error", m1052exceptionOrNullimpl);
                this.errorListener.invoke("Error while verifying encryptor", m1052exceptionOrNullimpl);
            }
            if (createFailure instanceof Result.Failure) {
                createFailure = null;
            }
            Boolean bool = (Boolean) createFailure;
            if (bool != null) {
                return bool.booleanValue();
            }
            return false;
        }
    }

    /* loaded from: classes.dex */
    public static final class Companion {
        public Companion(DefaultConstructorMarker defaultConstructorMarker) {
        }
    }

    /* loaded from: classes.dex */
    public static final class JWK {
        public final String crv;
        public final String kty;
        public final String x;
        public final String y;

        public JWK(ECPublicKey publicKey, String kty, String crv) {
            Intrinsics.checkNotNullParameter(publicKey, "publicKey");
            Intrinsics.checkNotNullParameter(kty, "kty");
            Intrinsics.checkNotNullParameter(crv, "crv");
            this.kty = kty;
            this.crv = crv;
            int fieldSize = publicKey.getParams().getCurve().getField().getFieldSize();
            BigInteger affineX = publicKey.getW().getAffineX();
            Intrinsics.checkNotNullExpressionValue(affineX, "getAffineX(...)");
            this.x = encodeCoordinate(fieldSize, affineX);
            int fieldSize2 = publicKey.getParams().getCurve().getField().getFieldSize();
            BigInteger affineY = publicKey.getW().getAffineY();
            Intrinsics.checkNotNullExpressionValue(affineY, "getAffineY(...)");
            this.y = encodeCoordinate(fieldSize2, affineY);
        }

        public /* synthetic */ JWK(ECPublicKey eCPublicKey, String str, String str2, int i, DefaultConstructorMarker defaultConstructorMarker) {
            this(eCPublicKey, (i & 2) != 0 ? "EC" : str, (i & 4) != 0 ? "P-256" : str2);
        }

        public static String encodeCoordinate(int i, BigInteger bigInteger) {
            int bitLength = ((bigInteger.bitLength() + 7) >> 3) << 3;
            byte[] byteArray = bigInteger.toByteArray();
            int i2 = 1;
            if (bigInteger.bitLength() % 8 == 0 || (bigInteger.bitLength() / 8) + 1 != bitLength / 8) {
                int length = byteArray.length;
                if (bigInteger.bitLength() % 8 == 0) {
                    length--;
                } else {
                    i2 = 0;
                }
                int i3 = bitLength / 8;
                int i4 = i3 - length;
                byte[] bArr = new byte[i3];
                System.arraycopy(byteArray, i2, bArr, i4, length);
                byteArray = bArr;
            } else {
                Intrinsics.checkNotNull(byteArray);
            }
            int i5 = (i + 7) / 8;
            if (byteArray.length >= i5) {
                String encodeToString = Base64.encodeToString(byteArray, 11);
                Intrinsics.checkNotNullExpressionValue(encodeToString, "{\n            Base64.enc…teArray, flags)\n        }");
                return encodeToString;
            }
            byte[] bArr2 = new byte[i5];
            System.arraycopy(byteArray, 0, bArr2, i5 - byteArray.length, byteArray.length);
            String encodeToString2 = Base64.encodeToString(bArr2, 10);
            Intrinsics.checkNotNullExpressionValue(encodeToString2, "{\n            Base64.enc…teArray, flags)\n        }");
            return encodeToString2;
        }

        public final JSONObject toJSONObject() {
            JSONObject put = new JSONObject().put("kty", this.kty).put("crv", this.crv).put("x", this.x).put("y", this.y);
            Intrinsics.checkNotNullExpressionValue(put, "put(...)");
            return put;
        }

        public final String toString() {
            String jSONObject = toJSONObject().toString();
            Intrinsics.checkNotNullExpressionValue(jSONObject, "toString(...)");
            return jSONObject;
        }
    }

    /* loaded from: classes.dex */
    public static final class JWS {
        public final String base64Header;
        public final String base64Payload;

        /* loaded from: classes.dex */
        public static final class Companion {
            public Companion(DefaultConstructorMarker defaultConstructorMarker) {
            }
        }

        static {
            new Companion(null);
        }

        public JWS(JSONObject header, JSONObject payload) {
            Intrinsics.checkNotNullParameter(header, "header");
            Intrinsics.checkNotNullParameter(payload, "payload");
            String jSONObject = header.toString();
            Intrinsics.checkNotNullExpressionValue(jSONObject, "toString(...)");
            Charset charset = Charsets.UTF_8;
            byte[] bytes = jSONObject.getBytes(charset);
            Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
            String encodeToString = Base64.encodeToString(bytes, 11);
            Intrinsics.checkNotNullExpressionValue(encodeToString, "{\n            Base64.enc…teArray, flags)\n        }");
            this.base64Header = encodeToString;
            String jSONObject2 = payload.toString();
            Intrinsics.checkNotNullExpressionValue(jSONObject2, "toString(...)");
            byte[] bytes2 = jSONObject2.getBytes(charset);
            Intrinsics.checkNotNullExpressionValue(bytes2, "getBytes(...)");
            String encodeToString2 = Base64.encodeToString(bytes2, 11);
            Intrinsics.checkNotNullExpressionValue(encodeToString2, "{\n            Base64.enc…teArray, flags)\n        }");
            this.base64Payload = encodeToString2;
        }
    }

    static {
        new Companion(null);
    }

    public DPoPEncryptor(KeyPair keyPair) {
        Intrinsics.checkNotNullParameter(keyPair, "keyPair");
        this.keyPair = keyPair;
        PublicKey publicKey = keyPair.getPublic();
        Intrinsics.checkNotNull(publicKey, "null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
        this.jwk = new JWK((ECPublicKey) publicKey, null, null, 6, null);
    }

    public final String getDPoP(long j, String htm, String htu, String str) {
        String str2;
        Intrinsics.checkNotNullParameter(htm, "htm");
        Intrinsics.checkNotNullParameter(htu, "htu");
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("typ", "dpop+jwt");
        jSONObject.put("alg", "es256");
        jSONObject.put("jwk", this.jwk.toJSONObject());
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("jti", UUID.randomUUID().toString());
        jSONObject2.put("htm", htm);
        jSONObject2.put("htu", htu);
        jSONObject2.put("iat", (System.currentTimeMillis() / 1000) + j);
        if (str != null) {
            jSONObject2.put("ath", str);
        }
        JWS jws = new JWS(jSONObject, jSONObject2);
        PrivateKey privateKey = this.keyPair.getPrivate();
        Intrinsics.checkNotNullExpressionValue(privateKey, "getPrivate(...)");
        Signature signature = Signature.getInstance("SHA256withECDSA");
        synchronized (privateKey) {
            signature.initSign(privateKey);
            byte[] bytes = (jws.base64Header + "." + jws.base64Payload).getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
            signature.update(bytes);
            byte[] sign = signature.sign();
            Intrinsics.checkNotNullExpressionValue(sign, "sign(...)");
            String encodeToString = Base64.encodeToString(sign, 11);
            Intrinsics.checkNotNullExpressionValue(encodeToString, "{\n            Base64.enc…teArray, flags)\n        }");
            str2 = jws.base64Header + "." + jws.base64Payload + "." + encodeToString;
        }
        return str2;
    }
}
