package com.kakao.talk.kakaopay.cert;

import android.os.SystemClock;
import com.iap.ac.android.oe.j;
import com.kakao.talk.application.App;
import com.kakao.talk.constant.Config;
import com.kakao.talk.kakaopay.log.PayNonCrashException;
import com.kakao.talk.kakaopay.util.KpCertUtil;
import com.kakao.talk.reporter.CrashReporter;
import com.kakao.talk.util.KakaoFileUtils;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.ByteArrayInputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONException;
import org.json.JSONObject;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.macs.HMac;
import org.spongycastle.crypto.prng.SP800SecureRandomBuilder;
import org.spongycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes4.dex */
public class KakaoPayCert {
    public static BouncyCastleProvider d;
    public static volatile KakaoPayCert e;
    public KeyPairGenerator a;
    public ECPublicKey b;
    public ECPrivateKey c;

    /* loaded from: classes4.dex */
    public class EncryptedData {
        public byte[] a;
        public byte[] b;
        public byte[] c;

        public EncryptedData(KakaoPayCert kakaoPayCert) {
        }

        public byte[] d() {
            return this.c;
        }

        public byte[] e() {
            return this.b;
        }

        public byte[] f() {
            return this.a;
        }
    }

    static {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        d = bouncyCastleProvider;
        Security.addProvider(bouncyCastleProvider);
    }

    public static String e(String str) {
        return str.replace("-----BEGIN CERTIFICATE-----\n", "").replace("\n-----END CERTIFICATE-----", "").replace("\n", "");
    }

    public static KakaoPayCert i() {
        if (e == null) {
            synchronized (KakaoPayCert.class) {
                if (e == null) {
                    e = new KakaoPayCert();
                }
            }
        }
        return e;
    }

    public static JSONObject j(String str) {
        try {
            SignedJWT m102parse = SignedJWT.m102parse(str);
            if (q(m102parse)) {
                return new JSONObject(m102parse.getPayload().toString());
            }
            return null;
        } catch (ParseException e2) {
            CrashReporter.e.k(e2);
            return null;
        } catch (JSONException e3) {
            CrashReporter.e.k(e3);
            return null;
        }
    }

    public static boolean q(SignedJWT signedJWT) {
        try {
            return signedJWT.verify(new ECDSAVerifier((ECPublicKey) w(KakaoFileUtils.w(App.d(), Config.DeployFlavor.getCurrent() == Config.DeployFlavor.Sandbox ? "KakaoPayCertSandbox.pem" : "KakaoPayCert.pem")).getPublicKey()));
        } catch (JOSEException e2) {
            CrashReporter.e.k(e2);
            return false;
        }
    }

    public static X509Certificate w(String str) {
        String e2;
        byte[] decode;
        if (j.A(str) || (e2 = e(str)) == null || (decode = new Base64URL(e2).decode()) == null) {
            return null;
        }
        return x(decode);
    }

    public static X509Certificate x(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X509", "SC").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (NoSuchProviderException e2) {
            CrashReporter.e.k(e2);
            return null;
        } catch (CertificateException e3) {
            CrashReporter.e.k(e3);
            return null;
        }
    }

    public byte[] a(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return b(str, bArr, bArr2, bArr3, false);
    }

    public final synchronized byte[] b(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, boolean z) {
        byte[] doFinal;
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str.toCharArray(), bArr2, 10000, 256)).getEncoded(), "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(z ? 1 : 2, secretKeySpec, new IvParameterSpec(bArr3));
            doFinal = cipher.doFinal(bArr);
            String str2 = "output:" + Base64.encode(doFinal).toString();
        } catch (Exception e2) {
            CrashReporter crashReporter = CrashReporter.e;
            crashReporter.k(e2);
            crashReporter.k(PayNonCrashException.newInstance(String.format(Locale.US, "msg:%d, salt:%d, iv:%d", Integer.valueOf(bArr.length), Integer.valueOf(bArr2.length), Integer.valueOf(bArr3.length))));
            return null;
        }
        return doFinal;
    }

    public synchronized EncryptedData c(String str, byte[] bArr, byte[] bArr2) {
        SecureRandom l = l();
        try {
            byte[] bArr3 = new byte[Cipher.getInstance("AES/CBC/PKCS5Padding").getBlockSize()];
            l.nextBytes(bArr3);
            return d(str, bArr, bArr2, bArr3);
        } catch (NoSuchAlgorithmException e2) {
            CrashReporter.e.k(e2);
            return null;
        } catch (NoSuchPaddingException e3) {
            CrashReporter.e.k(e3);
            return null;
        }
    }

    public synchronized EncryptedData d(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        EncryptedData encryptedData;
        byte[] b = b(str, bArr, bArr2, bArr3, true);
        encryptedData = new EncryptedData(this);
        encryptedData.b = bArr3;
        encryptedData.a = bArr2;
        encryptedData.c = b;
        return encryptedData;
    }

    public final boolean f() {
        KeyPair generateKeyPair;
        if (!m() || (generateKeyPair = this.a.generateKeyPair()) == null) {
            return false;
        }
        this.b = (ECPublicKey) generateKeyPair.getPublic();
        this.c = (ECPrivateKey) generateKeyPair.getPrivate();
        return true;
    }

    public byte[] g() {
        byte[] bArr = new byte[32];
        l().nextBytes(bArr);
        return bArr;
    }

    public KeyPair h() {
        if (m()) {
            return this.a.generateKeyPair();
        }
        return null;
    }

    public ECPrivateKey k() {
        return this.c;
    }

    public final SecureRandom l() {
        return new SP800SecureRandomBuilder().buildHMAC(new HMac(new SHA256Digest()), Long.toString(SystemClock.uptimeMillis()).getBytes(), false);
    }

    public boolean m() {
        if (this.a != null) {
            return true;
        }
        try {
            this.a = KeyPairGenerator.getInstance("EC", "SC");
            this.a.initialize(new ECGenParameterSpec("secp256r1"), l());
            return true;
        } catch (InvalidAlgorithmParameterException e2) {
            CrashReporter.e.k(e2);
            return false;
        } catch (NoSuchAlgorithmException e3) {
            CrashReporter.e.k(e3);
            return false;
        } catch (NoSuchProviderException e4) {
            CrashReporter.e.k(e4);
            return false;
        }
    }

    public boolean n(byte[] bArr) {
        try {
            this.c = (ECPrivateKey) t(bArr);
            this.b = KpCertUtil.t();
            return true;
        } catch (Exception e2) {
            CrashReporter.e.k(e2);
            return false;
        }
    }

    public final String o(JWSHeader jWSHeader, JWTClaimsSet jWTClaimsSet) {
        return p(this.b, this.c, jWSHeader, jWTClaimsSet);
    }

    public final String p(ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey, JWSHeader jWSHeader, JWTClaimsSet jWTClaimsSet) {
        try {
            ECDSASigner eCDSASigner = new ECDSASigner(eCPrivateKey);
            SignedJWT signedJWT = new SignedJWT(jWSHeader, jWTClaimsSet);
            eCDSASigner.d().c(d);
            eCDSASigner.d().d(l());
            signedJWT.sign(eCDSASigner);
            return signedJWT.serialize();
        } catch (JOSEException e2) {
            CrashReporter.e.k(e2);
            return null;
        }
    }

    public boolean r() {
        return f();
    }

    public String s(String str) {
        if (this.b == null || this.c == null || str == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Base64(e(str)));
        JWSHeader.Builder builder = new JWSHeader.Builder(JWSAlgorithm.ES256);
        builder.j(arrayList);
        return o(builder.a(), new JWTClaimsSet.Builder().b());
    }

    public synchronized PrivateKey t(byte[] bArr) throws Exception {
        return KeyFactory.getInstance("EC", "SC").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public String u(String str) {
        byte[] v;
        byte[] decode = new Base64URL(str).decode();
        if (decode == null || (v = v(decode)) == null) {
            return null;
        }
        return Base64URL.m101encode(v).toString();
    }

    public byte[] v(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA", "SC");
            signature.initSign(this.c);
            signature.update(bArr);
            byte[] sign = signature.sign();
            signature.initVerify(this.b);
            signature.update(bArr);
            if (signature.verify(sign)) {
                return sign;
            }
            return null;
        } catch (InvalidKeyException e2) {
            CrashReporter.e.k(e2);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            CrashReporter.e.k(e3);
            return null;
        } catch (NoSuchProviderException e4) {
            CrashReporter.e.k(e4);
            return null;
        } catch (SignatureException e5) {
            CrashReporter.e.k(e5);
            return null;
        }
    }
}
