package ru.rtln.tds.sdk.crypto;

import defpackage.s;
import defpackage.t;
import fc.d;
import fc.f;
import fc.i;
import fc.m;
import fc.n;
import fc.r;
import fc.v;
import hc.a;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.text.ParseException;
import java.util.Arrays;
import javax.crypto.SecretKey;
import lc.ECKey;
import lc.c;
import mc.o;
import nc.b;
import t4.k;
import t4.p;

/* loaded from: classes2.dex */
public class Crypto {
    static {
        Security.removeProvider("BC");
        Security.addProvider(a.a());
    }

    public static void checkAcsCertificate(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws p {
        try {
            x509Certificate.checkValidity();
            try {
                x509Certificate.verify(x509Certificate2.getPublicKey());
            } catch (Exception e10) {
                t.g(k.a.ERROR, "ACS certificate verification failed", "Crypto", "checkAcsCertificate", 110, e10);
                throw new p("ACS certificate verification failed");
            }
        } catch (CertificateExpiredException e11) {
            t.g(k.a.ERROR, "ACS certificate expired", "Crypto", "checkAcsCertificate", 100, e11);
            throw new p("ACS certificate expired");
        } catch (CertificateNotYetValidException e12) {
            t.g(k.a.ERROR, "ACS certificate not yet valid", "Crypto", "checkAcsCertificate", 103, e12);
            throw new p("ACS certificate not yet valid");
        }
    }

    public static c convertKeyPairEcToJwk(KeyPair keyPair) throws p {
        try {
            return new ECKey.a(lc.a.f26697d, (ECPublicKey) keyPair.getPublic()).b((ECPrivateKey) keyPair.getPrivate()).a();
        } catch (Exception e10) {
            t.g(k.a.ERROR, "Unable to convert key pair to JWK", "Crypto", "convertKeyPairEcToJwk", 202, e10);
            throw new p("Unable to convert key pair to JWK", e10);
        }
    }

    public static String decryptJwe(String str, SecretKey secretKey) {
        try {
            n q10 = n.q(str);
            q10.f(new gc.a(secretKey));
            return q10.b().toString();
        } catch (f | ParseException e10) {
            t.g(k.a.ERROR, "Error on parse JWE object", "Crypto", "decryptJwe", 142, e10);
            throw new p("Error on parse JWE object");
        }
    }

    public static String encryptJwe(String str, String str2, SecretKey secretKey, byte b10) {
        try {
            n nVar = new n(new m.a(i.f21363j, d.f21335e).m(str2).d(), new v(str));
            nVar.g(new s(Arrays.copyOfRange(secretKey.getEncoded(), 0, 32), b10));
            return nVar.r();
        } catch (f e10) {
            t.g(k.a.ERROR, "Error on parse JWE object", "Crypto", "encryptJwe", 131, e10);
            throw new p("Error on parse JWE object");
        }
    }

    public static SecretKey generateECDHSecret(ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey, String str) {
        try {
            return new ic.k("SHA-256").j(ic.p.a(eCPublicKey, eCPrivateKey, null), 256, ic.k.o(null), ic.k.k(null), ic.k.k(mc.c.e(str)), ic.k.m(256), ic.k.n());
        } catch (Exception e10) {
            throw new p("Unable to generate ECDH secret", e10);
        }
    }

    public static KeyPair generateEphemeralKeyPairEc() throws p {
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(lc.a.f26697d.d());
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e10) {
            t.g(k.a.ERROR, "Unable to generate ephemeral key pair", "Crypto", "generateEphemeralKeyPairEc", 191, e10);
            throw new p("Unable to generate ephemeral key pair", e10);
        }
    }

    public static byte[] getGcmIv(byte b10, byte b11) {
        byte[] bArr = new byte[16];
        Arrays.fill(bArr, b10);
        bArr[15] = b11;
        return bArr;
    }

    public static byte[] getGcmIvAtoS(byte b10) {
        return getGcmIv((byte) -1, b10);
    }

    public static byte[] getGcmIvStoA(byte b10) {
        return getGcmIv((byte) 0, b10);
    }

    public static String jweEncrypt(String str, ECPublicKey eCPublicKey, String str2) throws p {
        try {
            b.e(str);
            KeyPair generateEphemeralKeyPairEc = generateEphemeralKeyPairEc();
            SecretKey generateECDHSecret = generateECDHSecret(eCPublicKey, (ECPrivateKey) generateEphemeralKeyPairEc.getPrivate(), str2);
            n nVar = new n(new m.a(i.f21363j, d.f21335e).i(ECKey.w(new ECKey.a(lc.a.f26697d, (ECPublicKey) generateEphemeralKeyPairEc.getPublic()).a().b())).d(), new v(str));
            nVar.g(new gc.b(generateECDHSecret));
            return nVar.r();
        } catch (Exception e10) {
            t.g(k.a.ERROR, "Unable to encrypt data", "Crypto", "jweEncrypt", 178, e10);
            throw new p("Unable to encrypt data", e10);
        }
    }

    public static String jweEncrypt(String str, RSAPublicKey rSAPublicKey) throws p {
        try {
            nc.a aVar = new nc.a(new m(i.f21359f, d.f21335e), b.e(str));
            aVar.g(new gc.d(rSAPublicKey));
            return aVar.r();
        } catch (Exception e10) {
            t.g(k.a.ERROR, "Unable to encrypt data", "Crypto", "jweEncrypt", 156, e10);
            throw new p("Unable to encrypt data", e10);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x0094  */
    /* JADX WARN: Removed duplicated region for block: B:15:0x009d A[Catch: f -> 0x00b3, TRY_ENTER, TRY_LEAVE, TryCatch #0 {f -> 0x00b3, blocks: (B:2:0x0000, B:4:0x0019, B:7:0x0022, B:9:0x002a, B:10:0x0083, B:15:0x009d, B:17:0x00a8, B:18:0x00b2, B:19:0x0044, B:21:0x005f, B:22:0x0069, B:23:0x006a), top: B:1:0x0000 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.lang.String jwsValidateSignatureAndReturnBody(fc.r r6) {
        /*
            fc.q r0 = r6.h()     // Catch: fc.f -> Lb3
            fc.p r0 = r0.h()     // Catch: fc.f -> Lb3
            fc.q r1 = r6.h()     // Catch: fc.f -> Lb3
            java.util.List r1 = r1.g()     // Catch: fc.f -> Lb3
            fc.p r2 = fc.p.f21427n     // Catch: fc.f -> Lb3
            boolean r2 = r0.equals(r2)     // Catch: fc.f -> Lb3
            r3 = 0
            if (r2 != 0) goto L6a
            fc.p r2 = fc.p.f21420g     // Catch: fc.f -> Lb3
            boolean r2 = r0.equals(r2)     // Catch: fc.f -> Lb3
            if (r2 == 0) goto L22
            goto L6a
        L22:
            fc.p r2 = fc.p.f21423j     // Catch: fc.f -> Lb3
            boolean r2 = r0.equals(r2)     // Catch: fc.f -> Lb3
            if (r2 == 0) goto L44
            gc.c r0 = new gc.c     // Catch: fc.f -> Lb3
            java.lang.Object r1 = r1.get(r3)     // Catch: fc.f -> Lb3
            mc.a r1 = (mc.a) r1     // Catch: fc.f -> Lb3
            byte[] r1 = r1.a()     // Catch: fc.f -> Lb3
            java.security.cert.X509Certificate r1 = mc.o.a(r1)     // Catch: fc.f -> Lb3
            java.security.PublicKey r1 = r1.getPublicKey()     // Catch: fc.f -> Lb3
            java.security.interfaces.ECPublicKey r1 = (java.security.interfaces.ECPublicKey) r1     // Catch: fc.f -> Lb3
            r0.<init>(r1)     // Catch: fc.f -> Lb3
            goto L83
        L44:
            t4.k$a r6 = t4.k.a.ERROR     // Catch: fc.f -> Lb3
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: fc.f -> Lb3
            r1.<init>()     // Catch: fc.f -> Lb3
            java.lang.String r2 = "Unsupported algorithm: "
            r1.append(r2)     // Catch: fc.f -> Lb3
            r1.append(r0)     // Catch: fc.f -> Lb3
            java.lang.String r1 = r1.toString()     // Catch: fc.f -> Lb3
            java.lang.String r2 = "Crypto"
            java.lang.String r3 = "jwsValidateSignatureAndReturnBody"
            r4 = 240(0xf0, float:3.36E-43)
            r5 = 0
            r0 = r6
            defpackage.t.g(r0, r1, r2, r3, r4, r5)     // Catch: fc.f -> Lb3
            t4.p r6 = new t4.p     // Catch: fc.f -> Lb3
            java.lang.String r0 = "Unsupported algorithm"
            r6.<init>(r0)     // Catch: fc.f -> Lb3
            throw r6     // Catch: fc.f -> Lb3
        L6a:
            gc.e r0 = new gc.e     // Catch: fc.f -> Lb3
            java.lang.Object r1 = r1.get(r3)     // Catch: fc.f -> Lb3
            mc.a r1 = (mc.a) r1     // Catch: fc.f -> Lb3
            byte[] r1 = r1.a()     // Catch: fc.f -> Lb3
            java.security.cert.X509Certificate r1 = mc.o.a(r1)     // Catch: fc.f -> Lb3
            java.security.PublicKey r1 = r1.getPublicKey()     // Catch: fc.f -> Lb3
            java.security.interfaces.RSAPublicKey r1 = (java.security.interfaces.RSAPublicKey) r1     // Catch: fc.f -> Lb3
            r0.<init>(r1)     // Catch: fc.f -> Lb3
        L83:
            kc.b r1 = r0.e()     // Catch: fc.f -> Lb3
            org.bouncycastle.jce.provider.BouncyCastleProvider r2 = hc.a.a()     // Catch: fc.f -> Lb3
            r1.c(r2)     // Catch: fc.f -> Lb3
            boolean r0 = r6.n(r0)     // Catch: fc.f -> Lb3
            if (r0 == 0) goto L9d
            fc.v r6 = r6.b()
            java.lang.String r6 = r6.toString()
            return r6
        L9d:
            t4.k$a r0 = t4.k.a.ERROR     // Catch: fc.f -> Lb3
            java.lang.String r1 = "JWS validation failed"
            java.lang.String r2 = "Crypto"
            java.lang.String r3 = "jwsValidateSignatureAndReturnBody"
            r4 = 246(0xf6, float:3.45E-43)
            r5 = 0
            defpackage.t.g(r0, r1, r2, r3, r4, r5)     // Catch: fc.f -> Lb3
            t4.p r6 = new t4.p     // Catch: fc.f -> Lb3
            java.lang.String r0 = "JWS validation failed"
            r6.<init>(r0)     // Catch: fc.f -> Lb3
            throw r6     // Catch: fc.f -> Lb3
        Lb3:
            r6 = move-exception
            r5 = r6
            t4.k$a r0 = t4.k.a.ERROR
            java.lang.String r1 = "JWS validation error"
            java.lang.String r2 = "Crypto"
            java.lang.String r3 = "jwsValidateSignatureAndReturnBody"
            r4 = 250(0xfa, float:3.5E-43)
            defpackage.t.g(r0, r1, r2, r3, r4, r5)
            t4.p r6 = new t4.p
            java.lang.String r0 = "JWS validation error"
            r6.<init>(r0)
            throw r6
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.rtln.tds.sdk.crypto.Crypto.jwsValidateSignatureAndReturnBody(fc.r):java.lang.String");
    }

    public static String parseJws(String str, X509Certificate x509Certificate) throws p {
        try {
            r k10 = r.k(str);
            checkAcsCertificate(o.a(((mc.a) k10.h().g().get(r0.size() - 1)).a()), x509Certificate);
            return jwsValidateSignatureAndReturnBody(k10);
        } catch (ParseException e10) {
            t.g(k.a.ERROR, "JWS parse error", "Crypto", "parseJws", 72, e10);
            throw new p("JWS parsing failed");
        }
    }
}
