package com.visa.cbp.encryptionutils.common;

import com.visa.cbp.encryptionutils.exceptions.ErrorType;
import com.visa.cbp.encryptionutils.exceptions.InputValidationException;
import com.visa.cbp.encryptionutils.exceptions.InvalidInputException;
import com.visa.cbp.sdk.e.InterfaceC0082;
import com.visa.dmpd.encryption.GenericEncryptionUtility;
import com.visa.dmpd.token.JWTUtility;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.DecoderException;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public final class Util {
    private static final Logger LOG = LoggerFactory.getLogger(Util.class);

    public static final String createRSAPKIJwe(ByteArrayOutputStream byteArrayOutputStream, byte[] bArr, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, NoSuchProviderException, InvalidKeyException, InvalidKeySpecException {
        if (byteArrayOutputStream == null || bArr == null || bArr.length == 0) {
            throw new InvalidInputException(ErrorType.ERROR_900.getCode(), ErrorType.ERROR_900.getMessage());
        }
        byte[] generateSalt = GenericEncryptionUtility.generateSalt(12);
        byte[] generateKey = GenericEncryptionUtility.generateKey(32);
        byte[] encryptCEKWithRSAKey = encryptCEKWithRSAKey(byteArrayOutputStream, generateKey);
        if (str == null) {
            str = "";
        }
        String buildPKIJWEHeaderBase64String = JWTUtility.buildPKIJWEHeaderBase64String(str);
        try {
            StringBuilder sb = new StringBuilder();
            GenericEncryptionUtility.CipherTextData encryptData = GenericEncryptionUtility.encryptData(generateKey, generateSalt, bArr, GenericEncryptionUtility.bs64Decode(buildPKIJWEHeaderBase64String));
            return sb.append(buildPKIJWEHeaderBase64String).append(".").append(GenericEncryptionUtility.bs64Encode(encryptCEKWithRSAKey)).append(".").append(GenericEncryptionUtility.bs64Encode(generateSalt)).append(".").append(encryptData.getCipherText()).append(".").append(encryptData.getAuthTag()).toString();
        } catch (DecoderException e) {
            throw new InputValidationException(ErrorType.ERROR_933.getCode(), ErrorType.ERROR_933.getMessage());
        }
    }

    public static byte[] encryptCEKWithRSAKey(ByteArrayOutputStream byteArrayOutputStream, byte[] bArr) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        PublicKey generatePublic = KeyFactory.getInstance("RSA", "BC").generatePublic(new X509EncodedKeySpec(readKey(byteArrayOutputStream, true)));
        Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding", "BC");
        cipher.init(1, generatePublic);
        return cipher.doFinal(bArr);
    }

    public static PKCS10CertificationRequest generateCSR(KeyPair keyPair, X500Name x500Name) throws OperatorCreationException {
        return new JcaPKCS10CertificationRequestBuilder(x500Name, keyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
    }

    public static DeviceKeyPair generateDeviceKeyPair(String str, X500Name x500Name, CertMetaData certMetaData, PrivateKey privateKey) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, IOException, OperatorCreationException, CertificateException, javax.security.cert.CertificateException {
        Security.addProvider(new BouncyCastleProvider());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(2048, SecureRandom.getInstance("SHA1PRNG"));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        return new DeviceKeyPair(new String(Hex.encode(((RSAPrivateCrtKey) generateKeyPair.getPrivate()).getPrivateExponent().toByteArray())), PemConverter.convert(signCSR(generateCSR(generateKeyPair, x500Name), certMetaData, privateKey, generateKeyPair).getEncoded(), "CERTIFICATE"));
    }

    public static ByteArrayOutputStream getByteOutputStream(Class cls, String str) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        InputStream resourceAsStream = cls.getClassLoader().getResourceAsStream(str);
        while (true) {
            int read = resourceAsStream.read();
            if (read == -1) {
                return byteArrayOutputStream;
            }
            byteArrayOutputStream.write(read);
        }
    }

    public static String hashOfSHA256(String str) throws NoSuchAlgorithmException {
        return hashOfSHA256(str.getBytes(StandardCharsets.UTF_8));
    }

    public static String hashOfSHA256(byte[] bArr) throws NoSuchAlgorithmException {
        byte[] sha256 = sha256(bArr);
        StringBuffer stringBuffer = new StringBuffer();
        for (byte b : sha256) {
            String hexString = Integer.toHexString(b & InterfaceC0082.f1180);
            if (hexString.length() == 1) {
                stringBuffer.append('0');
            }
            stringBuffer.append(hexString);
        }
        return stringBuffer.toString();
    }

    public static byte[] readKey(ByteArrayOutputStream byteArrayOutputStream, boolean z) {
        String str = new String(byteArrayOutputStream.toByteArray());
        return Base64.decode(z ? str.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "") : str.replace("-----BEGIN RSA PRIVATE KEY-----", "").replace("-----END RSA PRIVATE KEY-----", ""));
    }

    public static byte[] sha256(byte[] bArr) throws NoSuchAlgorithmException {
        return MessageDigest.getInstance("SHA-256").digest(bArr);
    }

    public static X509Certificate signCSR(PKCS10CertificationRequest pKCS10CertificationRequest, CertMetaData certMetaData, PrivateKey privateKey, KeyPair keyPair) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, IOException, OperatorCreationException, javax.security.cert.CertificateException, CertificateException {
        Security.addProvider(new BouncyCastleProvider());
        AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");
        AlgorithmIdentifier find2 = new DefaultDigestAlgorithmIdentifierFinder().find(find);
        AsymmetricKeyParameter createKey = PrivateKeyFactory.createKey(privateKey.getEncoded());
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(new X509v3CertificateBuilder(certMetaData.getIssuer(), new BigInteger(certMetaData.getSerial()), new Date(certMetaData.getNotBefore()), new Date(certMetaData.getNotAfter()), pKCS10CertificationRequest.getSubject(), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())).build(new BcRSAContentSignerBuilder(find, find2).build(createKey)).toASN1Structure().getEncoded()));
    }

    public static void validateInput(String str, int i, String str2, ErrorType errorType) {
        if (errorType == null) {
            throw new InputValidationException(ErrorType.ERROR_900.getCode(), "you must provide a valid ERROR type");
        }
        if (null == str || str.trim().equalsIgnoreCase("")) {
            throw new InputValidationException(ErrorType.ERROR_900.getCode(), "you must provide a valid name");
        }
        if (null == str2 || str2.trim().equalsIgnoreCase("")) {
            throw new InputValidationException(errorType.getCode(), errorType.getMessage());
        }
        if (i > 0 && str2.trim().length() != i) {
            throw new InputValidationException(errorType.getCode(), errorType.getMessage());
        }
    }

    public static void validateInput(String str, int i, byte[] bArr, ErrorType errorType) {
        if (errorType == null) {
            throw new InputValidationException(ErrorType.ERROR_900.getCode(), "you must provide a valid ERROR type");
        }
        if (null == str || str.trim().equalsIgnoreCase("")) {
            throw new InputValidationException(ErrorType.ERROR_900.getCode(), "you must provide a valid name");
        }
        if (bArr == null || bArr.length == 0) {
            throw new InputValidationException(errorType.getCode(), errorType.getMessage());
        }
        if (i >= 0 && bArr.length != i) {
            throw new InputValidationException(errorType.getCode(), errorType.getMessage());
        }
    }

    public static void validateInput(String str, String str2, ErrorType errorType) {
        validateInput(str, -1, str2, errorType);
    }
}
