package com.visa.dmpd.token;

import com.visa.cbp.sdk.d.b.C0056;
import com.visa.dmpd.encryption.GenericEncryptionUtility;
import com.visa.dmpd.encryption.exception.ExceptionType;
import com.visa.dmpd.encryption.exception.TokenException;
import com.visa.dmpd.enums.KeyType;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import o.dde;
import o.ffm;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public final class XToken {
    public static final String BLOW_FISH_PREFIX = "enc.";
    private static final Provider bcProvider = new BouncyCastleProvider();
    private static final Logger LOG = LoggerFactory.getLogger(XToken.class);

    /* loaded from: classes.dex */
    public enum Validation {
        SUCCESS,
        FAILURE,
        EXPIRED,
        CONTENT_SHA2_MATCH_FAIL,
        HEADERS_SHA2_MATCH_FAIL,
        XTOKEN_SIGNATURE_MATCH_FAIL
    }

    public static final Validation ValidateForMultiValueParameters(String str, String str2, Map<String, String[]> map, String str3, String str4, Long l) throws TokenException {
        return validate(str, str2, convertMultiValueParamsToSingleValue(map), str3, str4, l);
    }

    private static String addParameters(Map<String, String> map) throws UnsupportedEncodingException {
        TreeMap treeMap = new TreeMap();
        treeMap.putAll(map);
        StringBuilder sb = new StringBuilder();
        for (Map.Entry entry : treeMap.entrySet()) {
            String str = (String) entry.getKey();
            if (!"token".equalsIgnoreCase(str) && !str.startsWith(BLOW_FISH_PREFIX)) {
                if (sb.length() > 0) {
                    sb.append("&");
                }
                sb.append(urlEncode((String) entry.getKey(), false));
                sb.append("=");
                sb.append(urlEncode((String) entry.getValue(), false));
            }
        }
        return sb.toString();
    }

    private static String computeHash(String str) throws SignatureException {
        return sha256Digest(str);
    }

    private static String computeHmacSHA256(String str, String str2) throws NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException {
        return GenericEncryptionUtility.computeHmacBase16("HmacSHA256", str, str2);
    }

    private static Map<String, String> convertMultiValueParamsToSingleValue(Map<String, String[]> map) {
        HashMap hashMap = new HashMap();
        if (map == null || map.isEmpty()) {
            return hashMap;
        }
        for (String str : map.keySet()) {
            String[] strArr = map.get(str);
            if (strArr == null || strArr.length == 0) {
                hashMap.put(str, null);
            } else if (strArr.length <= 1) {
                hashMap.put(str, strArr[0]);
            } else {
                StringBuilder sb = new StringBuilder();
                for (String str2 : strArr) {
                    sb.append(str2).append(",");
                }
                hashMap.put(str, sb.toString());
            }
        }
        return hashMap;
    }

    public static PrivateKey convertStringToRSAPrivateKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        PrivateKey generatePrivate = KeyFactory.getInstance("RSA", bcProvider).generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(str.replace("-----BEGIN RSA PRIVATE KEY-----", "").replace("-----END RSA PRIVATE KEY-----", "").replace(dde.f13810, "").replace("\r", ""))));
        if (LOG.isTraceEnabled()) {
            LOG.trace("Converted String to RSA private key");
        }
        return generatePrivate;
    }

    public static final String generate(String str, Long l, String str2, Map<String, String> map, String str3) throws TokenException {
        LOG.trace("Generating xToken for api[{}] and with timestamp[{}]", str2, l);
        try {
            validateAndThrowException("authenticationSecret", str);
            validateAndThrowException("apiName", str2);
            validateAndThrowException(C0056.C0057.C0058.f860, l);
            StringBuilder sb = new StringBuilder(str);
            sb.append(l);
            sb.append(str2);
            sb.append(signParameters0(map));
            if (str3 != null && !"".equals(str3)) {
                sb.append(str3);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("String to Sign: " + ((Object) sb));
            }
            String computeHash = computeHash(sb.toString());
            if (LOG.isDebugEnabled()) {
                LOG.debug("Computed hash: " + computeHash);
            }
            StringBuilder sb2 = new StringBuilder("x:");
            sb2.append(l).append(":").append(computeHash);
            String sb3 = sb2.toString();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Generated xToken for api[{}] and with timestamp[{}] as xToken: {}", new Object[]{str2, l, sb3});
            }
            return sb3;
        } catch (TokenException e) {
            throw e;
        } catch (UnsupportedEncodingException e2) {
            LOG.error("Error generating xToken: UnsupportedEncodingException.", (Throwable) e2);
            throw new TokenException("Error generating xToken: UnsupportedEncodingException.", ExceptionType.SYSTEM_ERROR, e2);
        } catch (SignatureException e3) {
            LOG.error("Error generating xToken: SignatureException.", (Throwable) e3);
            throw new TokenException("Error generating xToken: SignatureException.", ExceptionType.SYSTEM_ERROR, e3);
        }
    }

    public static final String generateForMultiValueParameters(String str, Long l, String str2, Map<String, String[]> map, String str3) throws TokenException {
        return generate(str, l, str2, convertMultiValueParamsToSingleValue(map), str3);
    }

    public static final String generateV2(String str, Long l, String str2, Map<String, String> map, String str3) throws TokenException {
        LOG.trace("Generating xToken for api[{}] and with timestamp[{}]", str2, l);
        try {
            validateAndThrowException("authenticationSecret", str);
            validateAndThrowException("apiName", str2);
            validateAndThrowException(C0056.C0057.C0058.f860, l);
            StringBuilder sb = new StringBuilder(Long.toString(l.longValue()));
            sb.append(str2);
            sb.append(signParameters0(map));
            if (str3 != null && !"".equals(str3)) {
                sb.append(str3);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("String to Sign: " + ((Object) sb));
            }
            String computeHmacSHA256 = computeHmacSHA256(str, sb.toString());
            if (LOG.isDebugEnabled()) {
                LOG.debug("Computed hmac: " + computeHmacSHA256);
            }
            StringBuilder sb2 = new StringBuilder("xv2:");
            sb2.append(l).append(":").append(computeHmacSHA256);
            String sb3 = sb2.toString();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Generated xToken V2 for api[{}] and with timestamp[{}] as xToken: {}", new Object[]{str2, l, sb3});
            }
            return sb3;
        } catch (TokenException e) {
            throw e;
        } catch (UnsupportedEncodingException e2) {
            LOG.error("Error generating xToken: UnsupportedEncodingException.", (Throwable) e2);
            throw new TokenException("Error generating xToken: UnsupportedEncodingException.", ExceptionType.SYSTEM_ERROR, e2);
        } catch (InvalidKeyException e3) {
            LOG.error("Error generating xToken: InvalidKeyException.", (Throwable) e3);
            throw new TokenException("Error generating xToken: InvalidKeyException.", ExceptionType.SYSTEM_ERROR, e3);
        } catch (NoSuchAlgorithmException e4) {
            LOG.error("Error generating xToken: NoSuchAlgorithmException.", (Throwable) e4);
            throw new TokenException("Error generating xToken: NoSuchAlgorithmException.", ExceptionType.SYSTEM_ERROR, e4);
        }
    }

    public static final String generateV2ForMultiValueParameters(String str, Long l, String str2, Map<String, String[]> map, String str3) throws TokenException {
        return generateV2(str, l, str2, convertMultiValueParamsToSingleValue(map), str3);
    }

    public static final String generateV3(KeyType keyType, String str, Long l, String str2, Map<String, String> map, String str3, String str4) throws TokenException {
        LOG.trace("Generating xToken with timestamp[{}]", l);
        try {
            validateAndThrowException("privateKeyInfo", str);
            validateAndThrowException(ffm.f19530, str2);
            validateAndThrowException(C0056.C0057.C0058.f860, l);
            validateAndThrowException("httpVerb", str4);
            if (keyType == null) {
                LOG.error("Key Type is null.");
                throw new TokenException("Key Type is null.", ExceptionType.INPUT_ERROR);
            }
            if (!keyType.equals(KeyType.RSA_KEY)) {
                LOG.error("Key Type is unsupported. Key Type : " + keyType.toString());
                throw new TokenException("Key Type is unsupported. Key Type : " + keyType.toString(), ExceptionType.INPUT_ERROR);
            }
            if (map != null && !map.isEmpty()) {
                String httpHeadersString = getHttpHeadersString(map);
                r6 = httpHeadersString.trim().isEmpty() ? null : computeHash(httpHeadersString);
                LOG.trace("HTTP header string {}", httpHeadersString);
                LOG.trace("Computed Xvisa headers {}", r6);
            }
            StringBuilder sb = new StringBuilder(Long.toString(l.longValue()));
            sb.append('.');
            if (null != str3 && !"".equals(str3)) {
                sb.append(computeHash(str3));
            }
            sb.append('.');
            if (r6 != null) {
                sb.append(r6);
            }
            sb.append('.');
            sb.append(str2);
            sb.append('.');
            sb.append(str4.toUpperCase());
            LOG.trace("generateV3:stringtosign: {}", sb);
            PrivateKey convertStringToRSAPrivateKey = convertStringToRSAPrivateKey(str);
            Signature signature = Signature.getInstance("SHA256withRSA", bcProvider);
            signature.initSign(convertStringToRSAPrivateKey);
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(sb.toString().getBytes(GenericEncryptionUtility.utf8)));
            byte[] bArr = new byte[1024];
            while (bufferedInputStream.available() != 0) {
                signature.update(bArr, 0, bufferedInputStream.read(bArr));
            }
            bufferedInputStream.close();
            String hexEncode = hexEncode(signature.sign());
            LOG.debug("Computed signature: {} ", hexEncode);
            StringBuilder sb2 = new StringBuilder("xv3:");
            sb2.append(l).append(":").append(hexEncode);
            String sb3 = sb2.toString();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Generated xToken V3 with timestamp[{}] as xToken: {}", new Object[]{l, sb3});
            }
            return sb3;
        } catch (TokenException e) {
            throw e;
        } catch (IOException e2) {
            LOG.error("Error generating xToken: IOException.", (Throwable) e2);
            throw new TokenException("Error generating xToken : IOException.", ExceptionType.SYSTEM_ERROR, e2);
        } catch (InvalidKeyException e3) {
            LOG.error("Error generating xToken: InvalidKeyException.", (Throwable) e3);
            throw new TokenException("Error generating xToken : InvalidKeyException.", ExceptionType.SYSTEM_ERROR, e3);
        } catch (NoSuchAlgorithmException e4) {
            LOG.error("Error generating xToken: NoSuchAlgorithmException.", (Throwable) e4);
            throw new TokenException("Error generating xToken : NoSuchAlgorithmException.", ExceptionType.SYSTEM_ERROR, e4);
        } catch (SignatureException e5) {
            LOG.error("Error generating xToken: SignatureException.", (Throwable) e5);
            throw new TokenException("Error generating xToken : SignatureException.", ExceptionType.SYSTEM_ERROR, e5);
        } catch (Exception e6) {
            LOG.error("Error generating xToken: Exception.", (Throwable) e6);
            throw new TokenException("Error generating xToken : Exception.", ExceptionType.SYSTEM_ERROR, e6);
        }
    }

    private static String getDigest(String str, String str2) throws SignatureException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(str2.getBytes(GenericEncryptionUtility.utf8));
            return new String(Hex.encode(messageDigest.digest()), GenericEncryptionUtility.utf8).toLowerCase();
        } catch (Exception e) {
            throw new SignatureException(e);
        }
    }

    private static String getHttpHeadersString(Map<String, String> map) {
        StringBuilder sb = new StringBuilder("");
        TreeMap treeMap = new TreeMap();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String lowerCase = entry.getKey().toLowerCase();
            String trim = entry.getValue().toLowerCase().trim();
            if (lowerCase.startsWith("x-visa") && !"x-visa-header-sha2".equals(lowerCase) && !"x-visa-content-sha2".equals(lowerCase)) {
                treeMap.put(lowerCase, trim);
            }
        }
        for (Map.Entry entry2 : treeMap.entrySet()) {
            String str = (String) entry2.getKey();
            String str2 = (String) entry2.getValue();
            sb.append(".");
            sb.append(str).append(":").append(str2);
        }
        return sb.toString();
    }

    public static PublicKey getPublicKeyFromString(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(str.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replace(dde.f13810, "").replace("\r", ""))));
    }

    private static String handleExceptionChars(String str, boolean z) {
        StringBuilder sb = new StringBuilder(str.length() + 100);
        int length = str.length();
        int i = 0;
        while (i < length) {
            switch (str.charAt(i)) {
                case '%':
                    if (i + 2 < length) {
                        if (str.charAt(i + 1) != '7' || str.charAt(i + 2) != 'E') {
                            if (z && str.charAt(i + 1) == '2' && str.charAt(i + 2) == 'F') {
                                sb.append('/');
                                i += 2;
                                break;
                            }
                        } else {
                            sb.append('~');
                            i += 2;
                            break;
                        }
                    }
                    sb.append(str.charAt(i));
                    break;
                case '*':
                    sb.append("%2A");
                    break;
                case '+':
                    sb.append("%20");
                    break;
                default:
                    sb.append(str.charAt(i));
                    break;
            }
            i++;
        }
        return sb.toString();
    }

    private static byte[] hexDecode(String str) {
        return Hex.decode(str.getBytes(GenericEncryptionUtility.utf8));
    }

    private static String hexEncode(byte[] bArr) {
        return new String(Hex.encode(bArr), GenericEncryptionUtility.utf8).toLowerCase();
    }

    private static String sha256Digest(String str) throws SignatureException {
        return getDigest("SHA-256", str);
    }

    private static String signParameters0(Map<String, String> map) throws UnsupportedEncodingException {
        return (map == null || map.isEmpty()) ? "" : addParameters(map);
    }

    private static String urlEncode(String str, boolean z) throws UnsupportedEncodingException {
        return str == null ? "" : handleExceptionChars(URLEncoder.encode(str, "UTF-8"), z);
    }

    public static final Validation validate(String str, String str2, Map<String, String> map, String str3, String str4, Long l) throws TokenException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Validating xToken for api[{}] and with value[{}]", str2, str4);
        }
        try {
            validateAndThrowException("xToken", str4);
            validateAndThrowException("TimeToLive", l);
            String lowerCase = str4.toLowerCase();
            String[] split = lowerCase.split(":");
            if (split.length == 3) {
                if (split[1] != null) {
                    try {
                        long longValue = Long.valueOf(split[1]).longValue();
                        long currentTimeMillis = System.currentTimeMillis() / 1000;
                        long abs = Math.abs(currentTimeMillis - longValue);
                        if (abs > l.longValue()) {
                            LOG.error("XToken: timestamp outside of acceptable window: window={}, diff={}, current={}, token-timestamp={}", new Object[]{l, Long.valueOf(abs), Long.valueOf(currentTimeMillis), Long.valueOf(longValue)});
                            return Validation.EXPIRED;
                        }
                        String str5 = null;
                        if ("x".equalsIgnoreCase(split[0])) {
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("Input Hash: " + split[2]);
                            }
                            str5 = generate(str, Long.valueOf(longValue), str2, map, str3);
                        } else if ("xv2".equalsIgnoreCase(split[0])) {
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("Input Hmac: " + split[2]);
                            }
                            str5 = generateV2(str, Long.valueOf(longValue), str2, map, str3);
                        }
                        if (lowerCase.equals(str5)) {
                            LOG.trace("Token validation passed for xToken: {}", lowerCase);
                            return Validation.SUCCESS;
                        }
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("The Input token and the computed token did not match.");
                        }
                    } catch (NumberFormatException e) {
                        LOG.error("XToken: invalid timestamp format in xtoken: " + lowerCase, (Throwable) e);
                        throw new TokenException("XToken: invalid timestamp format in xtoken: " + lowerCase, ExceptionType.INPUT_ERROR);
                    }
                }
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("The input xToken is not in valid format.");
            }
            return Validation.FAILURE;
        } catch (TokenException e2) {
            throw e2;
        } catch (Exception e3) {
            LOG.error("Error validating xToken.", (Throwable) e3);
            throw new TokenException("Error validating xToken.", ExceptionType.SYSTEM_ERROR, e3);
        }
    }

    private static void validateAndThrowException(String str, Long l) throws TokenException {
        if (l == null || l.equals(0L)) {
            LOG.error("Incorrect " + str + " passed, either null or empty.");
            throw new TokenException("The " + str + " can not be null or empty. Please provide valid value.", ExceptionType.INPUT_ERROR);
        }
    }

    private static void validateAndThrowException(String str, String str2) throws TokenException {
        if (str2 == null || "".equals(str2)) {
            LOG.error("Incorrect " + str + " passed, either null or empty.");
            throw new TokenException("The " + str + " can not be null or empty. Please provide valid value.", ExceptionType.INPUT_ERROR);
        }
    }

    public static final Validation validateV3(KeyType keyType, String str, String str2, Long l, String str3, Map<String, String> map, String str4, String str5) throws TokenException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Validating xToken with value[{}]", str2);
        }
        String str6 = null;
        try {
            validateAndThrowException("xToken", str2);
            validateAndThrowException("publicKeyinfo", str);
            validateAndThrowException("TimeToLive", l);
            validateAndThrowException(ffm.f19530, str3);
            validateAndThrowException("httpVerb", str5);
            if (keyType == null) {
                LOG.error("Key Type is null.");
                throw new TokenException("Key Type is null.", ExceptionType.INPUT_ERROR);
            }
            if (!keyType.equals(KeyType.RSA_KEY)) {
                LOG.error("Key Type is unsupported. Key Type : " + keyType.toString());
                throw new TokenException("Key Type is unsupported. Key Type : " + keyType.toString(), ExceptionType.INPUT_ERROR);
            }
            if (map != null && !map.isEmpty()) {
                String httpHeadersString = getHttpHeadersString(map);
                r6 = httpHeadersString.trim().isEmpty() ? null : computeHash(httpHeadersString);
                LOG.trace("HTTP header string {}", httpHeadersString);
                LOG.trace("Computed Xvisa headers {}", r6);
            }
            String lowerCase = str2.toLowerCase();
            String[] split = lowerCase.split(":");
            if (split.length != 3) {
                LOG.error("The input xToken is not in valid format." + lowerCase);
                throw new TokenException("The input xToken is not in valid format: " + lowerCase, ExceptionType.INPUT_ERROR);
            }
            if (split[1] == null) {
                LOG.error("The timeStamp in input xToken is null/ empty." + lowerCase);
                throw new TokenException("The timeStamp in input xToken is null/ empty." + lowerCase, ExceptionType.INPUT_ERROR);
            }
            try {
                long longValue = Long.valueOf(split[1]).longValue();
                long currentTimeMillis = System.currentTimeMillis() / 1000;
                long abs = Math.abs(currentTimeMillis - longValue);
                if (abs > l.longValue()) {
                    LOG.error("XToken: timestamp outside of acceptable window: window={}, diff={}, current={}, token-timestamp={}", new Object[]{l, Long.valueOf(abs), Long.valueOf(currentTimeMillis), Long.valueOf(longValue)});
                    return Validation.EXPIRED;
                }
                StringBuilder sb = new StringBuilder(Long.toString(longValue));
                sb.append('.');
                if (null != str4 && !"".equals(str4)) {
                    str6 = computeHash(str4);
                    sb.append(str6);
                }
                sb.append('.');
                if (r6 != null) {
                    sb.append(r6);
                }
                sb.append('.');
                sb.append(str3);
                sb.append('.');
                sb.append(str5.toUpperCase());
                LOG.trace("validateV3:stringToSign: {}", sb);
                byte[] hexDecode = hexDecode(split[2]);
                if (!"xv3".equalsIgnoreCase(split[0])) {
                    LOG.error("The input xToken is not xv3." + lowerCase);
                    throw new TokenException("The input xToken is not xv3: " + lowerCase, ExceptionType.INPUT_ERROR);
                }
                PublicKey publicKeyFromString = getPublicKeyFromString(str);
                Signature signature = Signature.getInstance("SHA256withRSA", bcProvider);
                signature.initVerify(publicKeyFromString);
                signature.update(sb.toString().getBytes(GenericEncryptionUtility.utf8));
                if (!signature.verify(hexDecode)) {
                    LOG.error("x-pay token signature verification failed.");
                    return Validation.XTOKEN_SIGNATURE_MATCH_FAIL;
                }
                String str7 = map != null ? map.get("x-visa-header-sha2") : null;
                if (str7 != null && (r6 == null || !r6.equals(str7))) {
                    LOG.error("The x-visa-header-sha2 does not match.");
                    return Validation.HEADERS_SHA2_MATCH_FAIL;
                }
                String str8 = map != null ? map.get("x-visa-content-sha2") : null;
                if (str8 == null || (str6 != null && str8.equals(str6))) {
                    return Validation.SUCCESS;
                }
                LOG.error("The x-visa-content-sha2 does not match. ");
                return Validation.CONTENT_SHA2_MATCH_FAIL;
            } catch (NumberFormatException e) {
                LOG.error("XToken: invalid timestamp format in xtoken: " + lowerCase);
                throw new TokenException("XToken: invalid timestamp format in xtoken: " + lowerCase, ExceptionType.INPUT_ERROR);
            }
        } catch (TokenException e2) {
            throw e2;
        } catch (InvalidKeyException e3) {
            LOG.error("Error validating xToken: InvalidKeyException.", (Throwable) e3);
            throw new TokenException("Error generating xToken : InvalidKeyException.", ExceptionType.SYSTEM_ERROR, e3);
        } catch (NoSuchAlgorithmException e4) {
            LOG.error("Error validating xToken: NoSuchAlgorithmException.", (Throwable) e4);
            throw new TokenException("Error generating xToken : Exception.", ExceptionType.SYSTEM_ERROR, e4);
        } catch (SignatureException e5) {
            LOG.error("Error validating xToken: SignatureException.", (Throwable) e5);
            throw new TokenException("Error generating xToken : SignatureException.", ExceptionType.SYSTEM_ERROR, e5);
        } catch (Exception e6) {
            LOG.error("Error validating xToken: Exception.", (Throwable) e6);
            throw new TokenException("Error validating xToken : Exception.", ExceptionType.SYSTEM_ERROR, e6);
        }
    }
}
