package ir.co.pki.dastinelib;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.util.Log;
import com.RNRSA.RSA;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Enumeration;
import java.util.List;
import java.util.Locale;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.asn1.x509.Certificate;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaCertStore;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSProcessableByteArray;
import org.spongycastle.cms.CMSSignedDataGenerator;
import org.spongycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.spongycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import org.spongycastle.util.encoders.Base64;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class CryptoUtils {
    public static final String MASTER_ALIAS = "RSA_MASTER";

    private byte[] createSignMessage(String str, String str2) throws NoSuchAlgorithmException {
        byte[] convertFromBase64 = Common.convertFromBase64(str);
        byte[] bArr = {48, 33, 48, 9, 6, 5, 43, 14, 3, 2, 26, 5, 0, 4, 20};
        byte[] bArr2 = {48, 49, 48, 13, 6, 9, 96, -122, 72, 1, 101, 3, 4, 2, 1, 5, 0, 4, 32};
        byte[] bArr3 = {48, 65, 48, 13, 6, 9, 96, -122, 72, 1, 101, 3, 4, 2, 2, 5, 0, 4, 48};
        byte[] bArr4 = {48, 81, 48, 13, 6, 9, 96, -122, 72, 1, 101, 3, 4, 2, 3, 5, 0, 4, 64};
        str2.hashCode();
        char c = 65535;
        switch (str2.hashCode()) {
            case -1850268089:
                if (str2.equals("SHA256")) {
                    c = 0;
                    break;
                }
                break;
            case -1850267037:
                if (str2.equals("SHA384")) {
                    c = 1;
                    break;
                }
                break;
            case -1850265334:
                if (str2.equals("SHA512")) {
                    c = 2;
                    break;
                }
                break;
            case 2543909:
                if (str2.equals("SHA1")) {
                    c = 3;
                    break;
                }
                break;
        }
        switch (c) {
            case 0:
                MessageDigest messageDigest = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA256);
                messageDigest.update(convertFromBase64, 0, convertFromBase64.length);
                return Common.concatByteArray(bArr2, messageDigest.digest());
            case 1:
                MessageDigest messageDigest2 = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA384);
                messageDigest2.update(convertFromBase64, 0, convertFromBase64.length);
                return Common.concatByteArray(bArr3, messageDigest2.digest());
            case 2:
                MessageDigest messageDigest3 = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA512);
                messageDigest3.update(convertFromBase64, 0, convertFromBase64.length);
                return Common.concatByteArray(bArr4, messageDigest3.digest());
            case 3:
                MessageDigest messageDigest4 = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA1);
                messageDigest4.update(convertFromBase64, 0, convertFromBase64.length);
                return Common.concatByteArray(bArr, messageDigest4.digest());
            default:
                return null;
        }
    }

    private static byte[] decryptRSA(PrivateKey privateKey, byte[] bArr) throws Exception {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, privateKey);
        return cipher.doFinal(bArr);
    }

    private static byte[] encryptRSA(PublicKey publicKey, byte[] bArr) throws Exception {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, publicKey);
        return cipher.doFinal(bArr);
    }

    public String cmsSign(Context context, String str, PrivateKey privateKey, X509Certificate x509Certificate, String str2, boolean z) throws IOException {
        str2.hashCode();
        char c = 65535;
        switch (str2.hashCode()) {
            case -1850268089:
                if (str2.equals("SHA256")) {
                    c = 0;
                    break;
                }
                break;
            case -1850267037:
                if (str2.equals("SHA384")) {
                    c = 1;
                    break;
                }
                break;
            case -1850265334:
                if (str2.equals("SHA512")) {
                    c = 2;
                    break;
                }
                break;
            case 2543909:
                if (str2.equals("SHA1")) {
                    c = 3;
                    break;
                }
                break;
        }
        String str3 = "SHA1WithRSA";
        switch (c) {
            case 0:
                str3 = "SHA256WithRSA";
                break;
            case 1:
                str3 = "SHA384WithRSA";
                break;
            case 2:
                str3 = "SHA512WithRSA";
                break;
        }
        Locale locale = Locale.getDefault();
        try {
            Common.setLocale(Locale.ENGLISH, context);
            ArrayList arrayList = new ArrayList();
            arrayList.add(x509Certificate);
            JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            Certificate certificate = Certificate.getInstance(x509Certificate.getEncoded());
            cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(new JcaContentSignerBuilder(str3).build(privateKey), new X509CertificateHolder(certificate)));
            cMSSignedDataGenerator.addCertificates(jcaCertStore);
            String base64String = Base64.toBase64String(cMSSignedDataGenerator.generate(new CMSProcessableByteArray(Base64.decode(str)), z).getEncoded());
            Common.setLocale(locale, context);
            return base64String;
        } catch (GeneralSecurityException | CMSException | OperatorCreationException e) {
            Common.setLocale(locale, context);
            throw new IOException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String decryptWithAppKey(String str) {
        try {
            return Common.convertToBase64(decryptRSA(getPrivateKey(MASTER_ALIAS), Common.convertFromBase64(str)));
        } catch (Exception unused) {
            return "";
        }
    }

    public boolean deleteKey(String str) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        keyStore.deleteEntry(str);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String encryptWithAppKey(String str) {
        try {
            return Common.convertToBase64(encryptRSA(getPublicKey(MASTER_ALIAS), Common.convertFromBase64(str)));
        } catch (Exception unused) {
            return "";
        }
    }

    public void generateAppKey(Context context) throws Exception {
        if (generateKey(context, MASTER_ALIAS, KeyAlgorithm.RSA, 1024) == null) {
            throw new Exception("generating keypair was failed");
        }
    }

    public KeyPair generateKey(Context context, String str, KeyAlgorithm keyAlgorithm, int i) {
        Locale locale = Locale.getDefault();
        try {
            Common.setLocale(Locale.ENGLISH, context);
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Enumeration<String> aliases = keyStore.aliases();
            boolean z = false;
            while (aliases.hasMoreElements()) {
                Log.wtf("PKI", "Aliases has elements");
                String nextElement = aliases.nextElement();
                Log.wtf("PKI", "Alias: " + nextElement);
                if (nextElement.equals(str)) {
                    Log.wtf("PKI", "Aliases are matched");
                    KeyStore.Entry entry = keyStore.getEntry(str, null);
                    if (entry instanceof KeyStore.PrivateKeyEntry) {
                        return new KeyPair(((KeyStore.PrivateKeyEntry) entry).getCertificate().getPublicKey(), ((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
                    }
                    Log.w("PKI", "Not an instance of a PrivateKeyEntry");
                    z = true;
                }
            }
            if (z) {
                return null;
            }
            Log.wtf("PKI", "Creating new master key");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA.ALGORITHM, "AndroidKeyStore");
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 1);
            keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(context).setAlias(str).setKeySize(i).setSubject(new X500Principal("CN=" + str)).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Common.setLocale(locale, context);
            return generateKeyPair;
        } catch (Exception e) {
            Common.setLocale(locale, context);
            Log.wtf("PKI", e.toString());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivateKey getPrivateKey(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Log.wtf("PKI", "Alias: " + nextElement);
                if (nextElement.equals(str)) {
                    Log.wtf("PKI", "Aliases are matched");
                    KeyStore.Entry entry = keyStore.getEntry(str, null);
                    if (entry instanceof KeyStore.PrivateKeyEntry) {
                        return ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                    }
                    Log.w("PKI", "Not an instance of a PrivateKeyEntry");
                }
            }
        } catch (Exception unused) {
        }
        return null;
    }

    PublicKey getPublicKey(String str) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableEntryException {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Log.wtf("PKI", "Alias: " + nextElement);
                if (nextElement.equals(str)) {
                    Log.wtf("PKI", "Aliases are matched");
                    return ((KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null)).getCertificate().getPublicKey();
                }
            }
        } catch (Exception unused) {
        }
        return null;
    }

    public List<String> listPrivateKeyNames() throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException, CertificateException, IOException {
        ArrayList arrayList = new ArrayList();
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Log.wtf("PKI", "Alias: " + nextElement);
            Log.wtf("PKI", "Aliases are matched");
            if (keyStore.getEntry(nextElement, null) instanceof KeyStore.PrivateKeyEntry) {
                arrayList.add(nextElement);
            } else {
                Log.w("PKI", "Not an instance of a PrivateKeyEntry");
            }
        }
        return arrayList;
    }

    public String sign(Context context, String str, String str2, String str3, String str4) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        try {
            if (new PINManagement().verifyPin(str4, context) != 0) {
                return String.valueOf(DastineErrorCode.E_WRONG_PIN.getValue());
            }
            PrivateKey privateKey = getPrivateKey(str2);
            if (privateKey == null) {
                return String.valueOf(DastineErrorCode.E_NO_PRIVATEKEY.getValue());
            }
            Locale locale = Locale.getDefault();
            Common.setLocale(Locale.ENGLISH, context);
            byte[] createSignMessage = createSignMessage(str, str3);
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, privateKey);
            byte[] doFinal = cipher.doFinal(createSignMessage, 0, createSignMessage.length);
            Common.setLocale(locale, context);
            return Common.convertToBase64(doFinal);
        } catch (Exception unused) {
            return String.valueOf(DastineErrorCode.E_WRONG_PIN.getValue());
        }
    }

    public String sign(Context context, String str, PrivateKey privateKey, String str2) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Locale locale = Locale.getDefault();
        Common.setLocale(Locale.ENGLISH, context);
        byte[] createSignMessage = createSignMessage(str, str2);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, privateKey);
        byte[] doFinal = cipher.doFinal(createSignMessage, 0, createSignMessage.length);
        Common.setLocale(locale, context);
        return Common.convertToBase64(doFinal);
    }
}
