package com.kakao.talk.kakaopay.cert;

import android.os.SystemClock;
import android.text.TextUtils;
import com.iap.ac.android.lb.j;
import com.kakao.talk.application.App;
import com.kakao.talk.constant.Config;
import com.kakao.talk.kakaopay.util.Kinsight;
import com.kakao.talk.kakaopay.util.KpCertUtil;
import com.kakao.talk.log.noncrash.PayNonCrashException;
import com.kakao.talk.reporter.CrashReporter;
import com.kakao.talk.util.KakaoFileUtils;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.raonsecure.oms.bioserver.oms_a;
import java.io.ByteArrayInputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import net.daum.mf.report.CrashReportFilePersister;
import org.json.JSONException;
import org.json.JSONObject;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.macs.HMac;
import org.spongycastle.crypto.prng.SP800SecureRandomBuilder;
import org.spongycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes3.dex */
public class KakaoPayCert {
    public static BouncyCastleProvider d;
    public static volatile KakaoPayCert e;
    public KeyPairGenerator a;
    public ECPublicKey b;
    public ECPrivateKey c;

    /* loaded from: classes3.dex */
    public class EncryptedData {
        public byte[] a;
        public byte[] b;
        public byte[] c;

        public EncryptedData(KakaoPayCert kakaoPayCert) {
        }

        public byte[] d() {
            return this.c;
        }

        public byte[] e() {
            return this.b;
        }

        public byte[] f() {
            return this.a;
        }
    }

    static {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        d = bouncyCastleProvider;
        Security.addProvider(bouncyCastleProvider);
    }

    public static String e(String str) {
        return str.replace("-----BEGIN CERTIFICATE-----\n", "").replace("\n-----END CERTIFICATE-----", "").replace(CrashReportFilePersister.LINE_SEPARATOR, "");
    }

    public static KakaoPayCert i() {
        if (e == null) {
            synchronized (KakaoPayCert.class) {
                if (e == null) {
                    e = new KakaoPayCert();
                }
            }
        }
        return e;
    }

    public static JSONObject j(String str) {
        try {
            SignedJWT m107parse = SignedJWT.m107parse(str);
            if (q(m107parse)) {
                return new JSONObject(m107parse.getPayload().toString());
            }
            u("_GET_JWT_PAYLOAD", "SIGNED_JWT_VERIFY_FAILED");
            return null;
        } catch (ParseException e2) {
            CrashReporter.e.l(e2);
            u("_GET_JWT_PAYLOAD", "GET_JWT_PAYLOAD_FAIL");
            return null;
        } catch (JSONException e3) {
            CrashReporter.e.l(e3);
            u("_GET_JWT_PAYLOAD", "GET_JWT_PAYLOAD_FAIL");
            return null;
        }
    }

    public static boolean q(SignedJWT signedJWT) {
        try {
            if (signedJWT.verify(new ECDSAVerifier((ECPublicKey) x(KakaoFileUtils.w(App.d(), Config.DeployFlavor.getCurrent() == Config.DeployFlavor.Sandbox ? "KakaoPayCertSandbox.pem" : "KakaoPayCert.pem")).getPublicKey()))) {
                return true;
            }
        } catch (JOSEException e2) {
            CrashReporter.e.l(e2);
        }
        u("_JWT_VERIFY", "SIGNED_JWT_FAILED");
        return false;
    }

    public static void u(String str, String str2) {
        Kinsight.e().i(TextUtils.concat("TAG_KAKAOPAY_CERT", str).toString(), str2);
    }

    public static X509Certificate x(String str) {
        if (j.B(str)) {
            return null;
        }
        String e2 = e(str);
        if (e2 == null) {
            u("_TO_X509_CERTIFICATE_BASE64_URL", "DEM_CERTIFICATE_IS_EMPTY");
            return null;
        }
        byte[] decode = new Base64URL(e2).decode();
        if (decode != null) {
            return y(decode);
        }
        u("_TO_X509_CERTIFICATE_BASE64_URL", "BINARY_CERTIFICATE_IS_NULL");
        return null;
    }

    public static X509Certificate y(byte[] bArr) {
        if (bArr == null) {
            u("_TO_X509_CERTIFICATE", "BINARY_CERTIFICATE_IS_NULL");
            return null;
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X509", "SC").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (NoSuchProviderException e2) {
            CrashReporter.e.l(e2);
            u("_TO_X509_CERTIFICATE", "TO_X509_CERTIFICATE_FAIL");
            return null;
        } catch (CertificateException e3) {
            CrashReporter.e.l(e3);
            u("_TO_X509_CERTIFICATE", "TO_X509_CERTIFICATE_FAIL");
            return null;
        }
    }

    public byte[] a(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return b(str, bArr, bArr2, bArr3, false);
    }

    public final synchronized byte[] b(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, boolean z) {
        byte[] doFinal;
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str.toCharArray(), bArr2, 10000, 256)).getEncoded(), "AES");
            Cipher cipher = Cipher.getInstance(oms_a.e);
            cipher.init(z ? 1 : 2, secretKeySpec, new IvParameterSpec(bArr3));
            doFinal = cipher.doFinal(bArr);
            String str2 = "output:" + Base64.encode(doFinal).toString();
        } catch (Exception e2) {
            CrashReporter.e.l(e2);
            CrashReporter.e.l(PayNonCrashException.newInstance(String.format(Locale.US, "msg:%d, salt:%d, iv:%d", Integer.valueOf(bArr.length), Integer.valueOf(bArr2.length), Integer.valueOf(bArr3.length))));
            u("_AES_DO_FINAL", "AES_DO_FINAL_FAIL");
            return null;
        }
        return doFinal;
    }

    public synchronized EncryptedData c(String str, byte[] bArr, byte[] bArr2) {
        SecureRandom l = l();
        try {
            byte[] bArr3 = new byte[Cipher.getInstance(oms_a.e).getBlockSize()];
            l.nextBytes(bArr3);
            return d(str, bArr, bArr2, bArr3);
        } catch (NoSuchAlgorithmException e2) {
            CrashReporter.e.l(e2);
            u("_AES_ENCRYPT", "AES_ENCTYPT_FAIL");
            return null;
        } catch (NoSuchPaddingException e3) {
            CrashReporter.e.l(e3);
            u("_AES_ENCRYPT", "AES_ENCTYPT_FAIL");
            return null;
        }
    }

    public synchronized EncryptedData d(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        EncryptedData encryptedData;
        byte[] b = b(str, bArr, bArr2, bArr3, true);
        encryptedData = new EncryptedData(this);
        encryptedData.b = bArr3;
        encryptedData.a = bArr2;
        encryptedData.c = b;
        return encryptedData;
    }

    public final boolean f() {
        if (!m()) {
            u("_GENERATOR_KEYPAIR", "GENERATED_KEY_PAIR_INIT_FAIL");
            return false;
        }
        KeyPair generateKeyPair = this.a.generateKeyPair();
        if (generateKeyPair == null) {
            u("_GENERATOR_KEYPAIR", "GENERATED_KEY_PAIR_IS_NULL");
            return false;
        }
        this.b = (ECPublicKey) generateKeyPair.getPublic();
        this.c = (ECPrivateKey) generateKeyPair.getPrivate();
        return true;
    }

    public byte[] g() {
        byte[] bArr = new byte[32];
        l().nextBytes(bArr);
        return bArr;
    }

    public KeyPair h() {
        if (m()) {
            return this.a.generateKeyPair();
        }
        u("_GET_GENERATORED_KEYPAIR", "GENERATED_KEY_PAIR_INIT_FAIL");
        return null;
    }

    public ECPrivateKey k() {
        return this.c;
    }

    public final SecureRandom l() {
        return new SP800SecureRandomBuilder().buildHMAC(new HMac(new SHA256Digest()), Long.toString(SystemClock.uptimeMillis()).getBytes(), false);
    }

    public boolean m() {
        if (this.a != null) {
            return true;
        }
        try {
            this.a = KeyPairGenerator.getInstance("EC", "SC");
            this.a.initialize(new ECGenParameterSpec("secp256r1"), l());
            return true;
        } catch (InvalidAlgorithmParameterException e2) {
            CrashReporter.e.l(e2);
            u("_INIT_KEYPAIR_GENERATOR", "EXCEPTION");
            return false;
        } catch (NoSuchAlgorithmException e3) {
            CrashReporter.e.l(e3);
            u("_INIT_KEYPAIR_GENERATOR", "EXCEPTION");
            return false;
        } catch (NoSuchProviderException e4) {
            CrashReporter.e.l(e4);
            u("_INIT_KEYPAIR_GENERATOR", "EXCEPTION");
            return false;
        }
    }

    public boolean n(byte[] bArr) {
        try {
            this.c = (ECPrivateKey) t(bArr);
            this.b = KpCertUtil.t();
            return true;
        } catch (Exception e2) {
            u("_IS_OK_SET_PUBLIC_N_PRIVATE_KEY", "FAIL_LOAD_KEYS");
            CrashReporter.e.l(e2);
            return false;
        }
    }

    public final String o(JWSHeader jWSHeader, JWTClaimsSet jWTClaimsSet) {
        return p(this.b, this.c, jWSHeader, jWTClaimsSet);
    }

    public final String p(ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey, JWSHeader jWSHeader, JWTClaimsSet jWTClaimsSet) {
        try {
            ECDSASigner eCDSASigner = new ECDSASigner(eCPrivateKey);
            SignedJWT signedJWT = new SignedJWT(jWSHeader, jWTClaimsSet);
            eCDSASigner.d().c(d);
            eCDSASigner.d().d(l());
            signedJWT.sign(eCDSASigner);
            return signedJWT.serialize();
        } catch (JOSEException e2) {
            CrashReporter.e.l(e2);
            u("_JWT_SIGN", "GET_JWT_SIGN_FAIL");
            return null;
        }
    }

    public boolean r() {
        return f();
    }

    public String s(String str) {
        if (this.b == null) {
            u("_MAKE_JWT_FOR_RENEW_CERTIFICATE", "PUBLIC_KEY_IS_NULL");
            return null;
        }
        if (this.c == null) {
            u("_MAKE_JWT_FOR_RENEW_CERTIFICATE", "PRIVATE_KEY_IS_NULL");
            return null;
        }
        if (str == null) {
            u("_MAKE_JWT_FOR_RENEW_CERTIFICATE", "PEM_CERTIFICATE_IS_NULL");
            return null;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Base64(e(str)));
        JWSHeader.Builder builder = new JWSHeader.Builder(JWSAlgorithm.ES256);
        builder.j(arrayList);
        return o(builder.a(), new JWTClaimsSet.Builder().b());
    }

    public synchronized PrivateKey t(byte[] bArr) throws Exception {
        return KeyFactory.getInstance("EC", "SC").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public String v(String str) {
        byte[] decode = new Base64URL(str).decode();
        if (decode == null) {
            u("_BASE64URL_SIGN", "BASE64URL_DECODING_FAILED");
            return null;
        }
        byte[] w = w(decode);
        if (w != null) {
            return Base64URL.m106encode(w).toString();
        }
        u("_BASE64URL_SIGN", "SIGNATURE_IS_EMPTY");
        return null;
    }

    public byte[] w(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA", "SC");
            signature.initSign(this.c);
            signature.update(bArr);
            byte[] sign = signature.sign();
            signature.initVerify(this.b);
            signature.update(bArr);
            if (signature.verify(sign)) {
                return sign;
            }
            u("_SIGN", "SIGN_VERIFY_FAIL");
            return null;
        } catch (InvalidKeyException e2) {
            CrashReporter.e.l(e2);
            u("_SIGN", "SIGN_FAIL");
            return null;
        } catch (NoSuchAlgorithmException e3) {
            CrashReporter.e.l(e3);
            u("_SIGN", "SIGN_FAIL");
            return null;
        } catch (NoSuchProviderException e4) {
            CrashReporter.e.l(e4);
            u("_SIGN", "SIGN_FAIL");
            return null;
        } catch (SignatureException e5) {
            CrashReporter.e.l(e5);
            u("_SIGN", "SIGN_FAIL");
            return null;
        }
    }
}
