package com.gemalto.gmcc.richclient.internal.i;

import android.util.Log;
import com.gemalto.gmcc.richclient.internal.a.d;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLException;
import org.apache.http.conn.ssl.StrictHostnameVerifier;
import org.spongycastle.crypto.DataLengthException;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.engines.AESEngine;
import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.spongycastle.crypto.modes.CBCBlockCipher;
import org.spongycastle.crypto.paddings.ISO7816d4Padding;
import org.spongycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.crypto.params.ParametersWithIV;
import org.spongycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes.dex */
public final class a {
    private static final String a = a.class.getSimpleName();
    private static final String[] b;
    private static /* synthetic */ int[] c;

    /* renamed from: com.gemalto.gmcc.richclient.internal.i.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public enum EnumC0006a {
        ECDSA,
        RSA;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static EnumC0006a[] valuesCustom() {
            EnumC0006a[] enumC0006aArr = new EnumC0006a[2];
            System.arraycopy(values(), 0, enumC0006aArr, 0, 2);
            return enumC0006aArr;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        b = new String[]{"-----BEGIN CERTIFICATE-----\r\nMIIEJzCCAw+gAwIBAgIMR3MEC+g+qrTwpBFtMA0GCSqGSIb3DQEBCwUAMGoxCzAJ\r\nBgNVBAYTAkZSMQ4wDAYDVQQHDAVUb3VyczEQMA4GA1UECgwHR2VtYWx0bzE5MDcG\r\nA1UEAwwwR2VtYWx0byBCdXNpbmVzcyBTb2x1dGlvbnMgQ2VydGlmaWNhdGUgQXV0\r\naG9yaXR5MB4XDTE1MDEyODEyNTQxNFoXDTI1MDEyNzEyNTUxNFowbDELMAkGA1UE\r\nBhMCU0cxEDAOBgNVBAoMB0dlbWFsdG8xGTAXBgNVBAsMEE1vYmlsZSBNYXJrZXRp\r\nbmcxMDAuBgNVBAMMJ0dNQ0MgR2VtYWx0byBTQUFTIENlcnRpZmljYXRlIEF1dGhv\r\ncml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIZfnP+ZNVY86eNi\r\ng1zIaAbMiA1Z38pMEGxCyMDZzjGIj1Cbx/lmQkAiU8nmWY4OIKnu4I0/NPv1EClU\r\nmn4dCDOU8rEN57K85MoDuXr+rVm/sUz99SE6AEDeoYgMJ97XClKvlRKXRxuuoklO\r\n4gnm6L8DJKyCVsFyVsr8+JHK6cawbhzIien3lmMJs5JBGR8liNpI69zuOg6yJw2H\r\nUmz3YpaysLQTNt9leT6bla2PeTaQc70N586HX3Bk3IOsMTNV2Y/7oWrViIMf3agP\r\n9PCTg0cYtKd4xE5d1aBbKPO1i4qLQgzuzwMuthzvVp6MJONdGuMyxqbbqBt7PFRv\r\ndg0hsE0CAwEAAaOByjCBxzASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTj\r\nhjj/l+RqOvAqDe/G+hMz8oGpIjAfBgNVHSMEGDAWgBR3VfWnLWVDUohSlYrzg23y\r\nYaA2bjAOBgNVHQ8BAf8EBAMCAQYwYQYDVR0fBFowWDBWoFSgUoZQaHR0cDovL2Ny\r\nbC1icGtpLmdlbWFsdG8uY29tL0NSTC9HZW1hbHRvQnVzaW5lc3NTb2x1dGlvbnND\r\nZXJ0aWZpY2F0ZUF1dGhvcml0eS5jcmwwDQYJKoZIhvcNAQELBQADggEBAIEL8DDO\r\nCsZzR9304H/NlYi3h/lHBCIadHK/XjS2K9o4bNcV7MLxF7ux8rdE40DzoYwSN1d4\r\n+ePDiPYjwR9AJFXOSHPu19nK318OFtgJ+fLhS84+f2GlcJFiO9Ec7gn3Dg+ONvGV\r\n+voUKs1JX36sxnlhVqjsbEsQ1UaCeBJpY0bvl8KZZSywAnz5D/txoxhVWsij+b4j\r\nIsowJl1JDhcHi6t6PwsyELzzXhpDDgauVq0RSeq10x+Lkqaec/KMiQzxOWcgknAP\r\nGOdVrRRFxYWxUGCOEiH2LJeMG1hBPxrd7TA2/dsxOKw1VT80cthdUCSGypefamt+\r\nGk3aCwn2PSZKHRQ=\r\n-----END CERTIFICATE-----"};
    }

    private a() {
    }

    public static String a(String str, byte[] bArr) {
        return d.a(b(b(str).getPublicKey().getEncoded(), bArr), "");
    }

    public static SecretKey a() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "SC");
            keyGenerator.init(128, new SecureRandom());
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new b(e.getMessage(), e);
        } catch (NoSuchProviderException e2) {
            throw new b(e2.getMessage(), e2);
        }
    }

    public static boolean a(String str) {
        try {
            EnumC0006a enumC0006a = EnumC0006a.RSA;
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            String[] strArr = b;
            for (int i = 0; i <= 0; i++) {
                Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(strArr[0].getBytes()));
                Log.d(a, "Verifying received certificate...");
                Log.v(a, "--------------------------------------------");
                Log.v(a, "Pinned Certificate for verification: ");
                Log.v(a, new StringBuilder().append(((X509Certificate) generateCertificate).getSubjectDN()).toString());
                Log.v(a, "Type       : " + ((X509Certificate) generateCertificate).getType());
                Log.v(a, "Not Before : " + ((X509Certificate) generateCertificate).getNotBefore());
                Log.v(a, "Not after  : " + ((X509Certificate) generateCertificate).getNotAfter());
                Log.v(a, "Public Key :" + generateCertificate.getPublicKey());
                Log.v(a, "--------------------------------------------");
                boolean a2 = a(generateCertificate.getPublicKey().getEncoded(), d.b(str), enumC0006a);
                Log.d(a, "Certificate verification : " + a2);
                Log.v(a, "--------------------------------------------");
                if (a2) {
                    return a2;
                }
            }
            return false;
        } catch (CertificateException e) {
            throw new b(e.getMessage(), e);
        }
    }

    public static boolean a(String str, String str2) {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "SC").generateCertificate(new ByteArrayInputStream(d.b(str2)));
            Log.d(a, "Verifying hostname <" + str + "> ...");
            new StrictHostnameVerifier().verify(str, x509Certificate);
            Log.d(a, "Host name verification: true");
            return true;
        } catch (GeneralSecurityException e) {
            Log.v(a, "Unable to generate certificate from hexa string");
            return false;
        } catch (SSLException e2) {
            Log.v(a, "Hostname verification failed");
            return false;
        }
    }

    private static boolean a(byte[] bArr, byte[] bArr2, EnumC0006a enumC0006a) {
        String str;
        if (d.b(bArr) || d.b(bArr2)) {
            Log.e(a, "Public key or certificate data should not be null or empty.");
            throw new IllegalArgumentException("Public key or certificate data should not be null or empty.");
        }
        try {
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(bArr);
            switch (b()[enumC0006a.ordinal()]) {
                case 1:
                    str = "ECDSA";
                    break;
                case 2:
                    str = "RSA";
                    break;
                default:
                    throw new b("CertificateAlgorithm " + enumC0006a + " not supported");
            }
            PublicKey generatePublic = KeyFactory.getInstance(str, "SC").generatePublic(x509EncodedKeySpec);
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "SC").generateCertificate(new ByteArrayInputStream(bArr2));
            Log.d(a, "--------------------------------------------");
            Log.d(a, "Received certificate");
            Log.d(a, "DN         : " + x509Certificate.getSubjectDN());
            Log.d(a, "Issuer     : " + x509Certificate.getIssuerDN());
            Log.d(a, "Type       : " + x509Certificate.getType());
            Log.d(a, "Not Before : " + x509Certificate.getNotBefore());
            Log.d(a, "Not After  : " + x509Certificate.getNotAfter());
            Log.d(a, "Public Key : " + x509Certificate.getPublicKey());
            Log.d(a, "--------------------------------------------");
            x509Certificate.verify(generatePublic);
            x509Certificate.checkValidity();
            return true;
        } catch (GeneralSecurityException e) {
            Log.e(a, "Certificate verification fail", e);
            return false;
        }
    }

    public static byte[] a(byte[] bArr) {
        if (d.b(bArr)) {
            Log.e(a, "Data should not be null or empty.");
            throw new IllegalArgumentException("Data should not be null or empty.");
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256", "SC");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            Log.e(a, String.valueOf(e.getClass().getName()) + " : Unable to generate SHA256 data.");
            throw new b("Unable to generate SHA256 data.");
        } catch (NoSuchProviderException e2) {
            Log.e(a, String.valueOf(e2.getClass().getName()) + " : Unable to generate SHA256 data.");
            throw new b("Unable to generate SHA256 data.");
        }
    }

    public static byte[] a(byte[] bArr, byte[] bArr2) {
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SHA256Digest());
        pKCS5S2ParametersGenerator.init(bArr, bArr2, 100);
        return ((KeyParameter) pKCS5S2ParametersGenerator.generateDerivedMacParameters(128)).getKey();
    }

    public static byte[] a(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return b(bArr, bArr2, bArr3, 2);
    }

    private static byte[] a(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) {
        if (d.b(bArr) || d.b(bArr3)) {
            throw new IllegalArgumentException("Key or data should not be null or empty!");
        }
        if (bArr.length != 16 && bArr.length != 24 && bArr.length != 32) {
            throw new IllegalArgumentException("Key length has to be either 16, 24, or 32!");
        }
        if (bArr2 == null) {
            throw new IllegalArgumentException("iv can't be null");
        }
        if (bArr2.length != 16) {
            throw new IllegalArgumentException("iv length has to be 16!");
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "SC");
            cipher.init(i, secretKeySpec, new IvParameterSpec(bArr2));
            return cipher.doFinal(bArr3);
        } catch (GeneralSecurityException e) {
            Log.e(a, String.valueOf(e.getClass().getName()) + " : Error in AESGCMNoPadding algorithm.", e);
            throw new b("Error in AESGCMNoPadding algorithm.");
        }
    }

    private static X509Certificate b(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "SC").generateCertificate(new BufferedInputStream(new ByteArrayInputStream(d.b(str))));
        } catch (NoSuchProviderException e) {
            throw new b(e.getMessage(), e);
        } catch (CertificateException e2) {
            throw new b(e2.getMessage(), e2);
        }
    }

    private static byte[] b(byte[] bArr, byte[] bArr2) {
        if (d.b(bArr) || d.b(bArr2)) {
            Log.e(a, "Private key or data should not be null or empty.");
            throw new IllegalArgumentException("Private key or data should not be null or empty.");
        }
        try {
            PublicKey generatePublic = KeyFactory.getInstance("RSA", "SC").generatePublic(new X509EncodedKeySpec(bArr));
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, generatePublic);
            return cipher.doFinal(bArr2);
        } catch (GeneralSecurityException e) {
            Log.e(a, String.valueOf(e.getClass().getName()) + " : Unable to decrypt!", e);
            throw new b("Unable to decrypt!");
        }
    }

    public static byte[] b(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return a(bArr, bArr2, bArr3, 1);
    }

    private static byte[] b(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) {
        if (d.b(bArr) || d.b(bArr3)) {
            throw new IllegalArgumentException("Key or data should not be null or empty!");
        }
        if (bArr.length != 16 && bArr.length != 24 && bArr.length != 32) {
            throw new IllegalArgumentException("Key length has to be either 16, 24, or 32!");
        }
        if (bArr2 == null) {
            throw new IllegalArgumentException("iv can't be null");
        }
        if (bArr2.length != 16) {
            throw new IllegalArgumentException("iv length has to be 16!");
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "SC");
            cipher.init(2, secretKeySpec, new IvParameterSpec(bArr2));
            return cipher.doFinal(bArr3);
        } catch (GeneralSecurityException e) {
            Log.e(a, String.valueOf(e.getClass().getName()) + " : Error in AESCBCPKCS5Padding algorithm.", e);
            throw new b("Error in AESCBCPKCS5Padding algorithm.");
        }
    }

    private static /* synthetic */ int[] b() {
        int[] iArr = c;
        if (iArr == null) {
            iArr = new int[EnumC0006a.valuesCustom().length];
            try {
                iArr[EnumC0006a.ECDSA.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                iArr[EnumC0006a.RSA.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            c = iArr;
        }
        return iArr;
    }

    public static byte[] c(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return a(bArr, bArr2, bArr3, 2);
    }

    private static byte[] c(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) {
        if (d.b(bArr) || d.b(bArr3)) {
            throw new IllegalArgumentException("Key or data should not be null or empty!");
        }
        if (bArr.length != 16 && bArr.length != 24 && bArr.length != 32) {
            throw new IllegalArgumentException("Key length has to be either 16, 24, or 32!");
        }
        if (bArr2 == null) {
            throw new IllegalArgumentException("iv can't be null");
        }
        if (bArr2.length != 16) {
            throw new IllegalArgumentException("iv length has to be 16!");
        }
        PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new ISO7816d4Padding());
        paddedBufferedBlockCipher.init(false, new ParametersWithIV(new KeyParameter(bArr), bArr2));
        byte[] bArr4 = new byte[paddedBufferedBlockCipher.getOutputSize(bArr3.length)];
        int processBytes = paddedBufferedBlockCipher.processBytes(bArr3, 0, bArr3.length, bArr4, 0);
        try {
            return Arrays.copyOfRange(bArr4, 0, paddedBufferedBlockCipher.doFinal(bArr4, processBytes) + processBytes);
        } catch (IllegalStateException e) {
            Log.e(a, String.valueOf(e.getClass().getName()) + " : Error in AESCBCISO7816D4Padding algorithm.", e);
            throw new b("Error in AESCBCISO7816D4Padding algorithm.");
        } catch (DataLengthException e2) {
            Log.e(a, String.valueOf(e2.getClass().getName()) + " : Error in AESCBCISO7816D4Padding algorithm.", e2);
            throw new b("Error in AESCBCISO7816D4Padding algorithm.");
        } catch (InvalidCipherTextException e3) {
            Log.e(a, String.valueOf(e3.getClass().getName()) + " : Error in AESCBCISO7816D4Padding algorithm.", e3);
            throw new b("Error in AESCBCISO7816D4Padding algorithm.");
        }
    }

    public static byte[] d(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return c(bArr, bArr2, bArr3, 2);
    }
}
