package com.isprint.e2eea.client.util;

import com.citi.privatebank.inview.data.fundtransfer.backend.FundsTransferCurrenciesParserKt;
import com.isprint.e2eea.client.AxMxE2EEClient;
import com.isprint.e2eea.client.util.CipherParamBuilder;
import com.isprint.e2eea.client.util.E2EEAException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import runtime.Strings.StringIndexer;

/* loaded from: classes5.dex */
public class PayShieldUtil {
    public static final String PARAM_PIN_HASH_MODE = "HASH_MODE";
    private static final String PARAM_passwordQualityPolicy = "param_other_passwordQualityPolicy";
    private static final String PARAM_userId = "param_other_userId";
    private static final CipherParamBuilder.CipherParam CIPHERPARAMS_ENCRYPT_HASH_NONE_SHORT_3DES_CBC_16_TYPE_10 = CipherParamBuilder.newInstance().enablePINHash(AxMxE2EEClient.PIN_BLOCK_FORMAT_HASH_MODE_NONE_SHORT).enableSymmetricEncryption("DES-CBC", 16).enableMessageType(10).build();
    private static final CipherParamBuilder.CipherParam CIPHERPARAMS_CHANGE_HASH_NONE_SHORT_3DES_CBC_16_TYPE_11 = CipherParamBuilder.newInstance().enablePINHash(AxMxE2EEClient.PIN_BLOCK_FORMAT_HASH_MODE_NONE_SHORT).enableSymmetricEncryption("DES-CBC", 16).enableMessageType(11).build();

    private byte[][] deriveKey(byte[] bArr, int i, int... iArr) throws E2EEAException {
        try {
            if (bArr == null) {
                throw new E2EEAException.InvalidMasterKey();
            }
            if (bArr.length == 0) {
                throw new E2EEAException.InvalidMasterKeyLength();
            }
            int i2 = 0;
            for (int i3 : iArr) {
                i2 += i3;
            }
            if (i != i2) {
                throw new E2EEAException.InvalidMasterKey("Invalid Key Derivation Length");
            }
            byte[] bArr2 = new byte[i];
            byte b = 65;
            int i4 = 0;
            while (i4 < i) {
                int i5 = (b - 65) + 1;
                byte[] bArr3 = new byte[bArr.length + i5];
                for (int i6 = 0; i6 < i5; i6++) {
                    bArr3[i6] = b;
                }
                System.arraycopy(bArr, 0, bArr3, i5, bArr.length);
                byte[] sha1Digest = CryptoUtil.sha1Digest(bArr3);
                System.arraycopy(sha1Digest, 0, bArr2, i4, sha1Digest.length);
                b = (byte) (b + 1);
                i4 += sha1Digest.length;
            }
            byte[][] subBytesMultiple = BinUtil.subBytesMultiple(bArr2, 0, iArr);
            if (iArr.length == subBytesMultiple.length) {
                return subBytesMultiple;
            }
            throw new E2EEAException.InvalidMasterKey("Invalid Key Partition Length");
        } catch (Throwable th) {
            throw new E2EEAException.OtherError("Invalid Key Derivation - " + th.getMessage());
        }
    }

    private byte[] encryptAlphaPin(CipherParamBuilder.CipherParam cipherParam, byte[] bArr, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException {
        try {
            byte[] bArr4 = new byte[16];
            System.arraycopy(bArr3, 0, bArr4, 0, bArr3.length);
            for (int length = bArr3.length; length < 16; length++) {
                bArr4[length] = 32;
            }
            return CryptoUtil.encrypt(CryptoUtil.desEdeTemplateToKey(bArr, null), bArr4, "DESede/CBC/NoPadding", null, bArr2, false);
        } catch (GeneralSecurityException e) {
            throw new E2EEAException.InvalidPINMessage("Invalid HEANPB - " + e.getMessage());
        } catch (Throwable th) {
            throw new E2EEAException.InvalidPINBlock("Invalid PIN String - " + th.getMessage());
        }
    }

    private byte[] encryptMasterKey(Key key, byte[] bArr) throws GeneralSecurityException {
        try {
            return EncodingUtil.hexBinEncode(CryptoUtil.encrypt(key, bArr, "RSA", null, null, false));
        } catch (InvalidKeyException unused) {
            throw new E2EEAException.InvalidRSAKey();
        }
    }

    private String encryptPasswordAndGenerateMac(CipherParamBuilder.CipherParam cipherParam, Key key, byte[] bArr, String str, String str2, Map<String, String> map) throws E2EEAException {
        return encryptPasswordAndGenerateMac(cipherParam, key, bArr, EncodingUtil.hexBinEncode(CryptoUtil.getSecureRandomBytes(8)), str, str2, map);
    }

    private String encryptPasswordAndGenerateMac(CipherParamBuilder.CipherParam cipherParam, Key key, byte[] bArr, byte[] bArr2, String str, String str2, Map<String, String> map) throws E2EEAException {
        try {
            byte[][] deriveKey = deriveKey(bArr, 40, 16, 8, 16);
            byte[] bArr3 = deriveKey[0];
            byte[] bArr4 = deriveKey[1];
            byte[] bArr5 = deriveKey[2];
            byte[] encryptMasterKey = encryptMasterKey(key, bArr);
            byte[] bArr6 = new byte[0];
            if (str != null) {
                bArr6 = EncodingUtil.hexBinEncode(encryptAlphaPin(cipherParam, bArr3, bArr4, EncodingUtil.toBytes(str)));
            }
            byte[] bArr7 = new byte[0];
            if (str2 != null) {
                bArr7 = EncodingUtil.hexBinEncode(encryptAlphaPin(cipherParam, bArr3, bArr4, EncodingUtil.toBytes(str2)));
            }
            byte[] join = BinUtil.join(cipherParam.getMessageVersion(), cipherParam.getMessageType(), encryptMasterKey, cipherParam.getHashMode(), cipherParam.getEncryptionMode(), bArr6, bArr7);
            return EncodingUtil.toString(BinUtil.join(join, generateMacISO9797Alg3(bArr5, join)));
        } catch (GeneralSecurityException e) {
            throw new E2EEAException.InvalidPINMessage("Invalid PIN Message - " + e.getMessage());
        }
    }

    private byte[] generateMacISO9797Alg3(byte[] bArr, byte[] bArr2) throws E2EEAException {
        try {
            if (bArr == null) {
                throw new E2EEAException.InvalidMACKey();
            }
            int length = bArr.length;
            if (length != 16 && length != 24) {
                throw new E2EEAException.InvalidMACKeyLength();
            }
            return BinUtil.subBytes(EncodingUtil.hexBinEncode(CryptoUtil.iso9797Alg3MAC(bArr, bArr2)), 0, 8);
        } catch (GeneralSecurityException e) {
            throw new E2EEAException.InvalidPINMessage("Invalid MAC - " + e.getMessage());
        }
    }

    private byte[] generateMasterKey(byte b, byte b2, int i) {
        try {
            return BinUtil.join(new byte[]{b, b2}, CryptoUtil.getSecureRandomBytes(i));
        } catch (Throwable th) {
            throw new E2EEAException.InvalidMasterKey("Invalid Master Key - " + th.getMessage());
        }
    }

    private Key getRSAPublicKey(String str) {
        try {
            return CryptoUtil.getRSAPublicKey(str);
        } catch (ArrayIndexOutOfBoundsException e) {
            throw new E2EEAException.InvalidRSAKey(e.getMessage());
        } catch (GeneralSecurityException e2) {
            throw new E2EEAException.InvalidRSAKey(e2.getMessage());
        }
    }

    private E2EEAResult handleErrorAndGetResult(E2EEAException e2EEAException) {
        System.out.println("Error no : " + e2EEAException.getCode() + " - " + (e2EEAException.getMessage() != null ? e2EEAException.getMessage() : StringIndexer._getString("7308")));
        if ("true".equals(System.getProperty(getClass().getSimpleName() + "Debug"))) {
            e2EEAException.printStackTrace();
        }
        return E2EEAResult.forError(e2EEAException);
    }

    private void validateChangeInput(CipherParamBuilder.CipherParam cipherParam, String str, String str2, String str3, String str4, Properties properties) {
        validatePIN(str4);
        validatePasswordPolicy(str4, properties);
        if (cipherParam.getHashMode()[0] == 48 && str4.length() > 16) {
            throw new E2EEAException.InvalidPINLength("PIN length exceeded for Hash Mode 0");
        }
        validateInput(cipherParam, str, str2, str3, properties);
    }

    private void validateInput(CipherParamBuilder.CipherParam cipherParam, String str, String str2, String str3, Properties properties) {
        if (str == null || "".equals(str)) {
            throw new E2EEAException.PublicKeyNotFound("Public key is not found");
        }
        String[] split = str.split(FundsTransferCurrenciesParserKt.CURRENCIES_DELIMITER, 2);
        if (str.length() == 0 || split.length < 2) {
            throw new E2EEAException.InvalidRSAKeyLength();
        }
        validatePIN(str3);
        if (cipherParam == null) {
            throw new E2EEAException.InvalidSymmetricParameters();
        }
        if (cipherParam.getHashMode() == null) {
            throw new E2EEAException.InvalidSymmetricParameters("Hash mode not found");
        }
        if (cipherParam.getEncryptionMode() == null) {
            throw new E2EEAException.InvalidSymmetricParameters("Encryption mode not found");
        }
        if (cipherParam.getMessageType() == null) {
            throw new E2EEAException.InvalidPINMessage();
        }
        if (cipherParam.getHashMode()[0] == 48 && str3.length() > 16) {
            throw new E2EEAException.InvalidPINLength("PIN length exceeded for Hash Mode 0");
        }
        int length = split[0].length() / 2;
        int length2 = split[1].length() / 2;
        if (length != length2) {
            throw new E2EEAException.InvalidRSAKeyLength("Invalid RSA key length mod=" + length + "<>" + length + " exp=" + length2 + "<>" + length);
        }
        if (cipherParam.getRawMasterKeyLength() + 2 > length) {
            throw new E2EEAException.InvalidEncodedMessageLength("input data too large for RSA encryption");
        }
    }

    private void validatePIN(String str) {
        if (str == null || str.length() == 0) {
            throw new E2EEAException.InvalidPIN("Invalid PIN String");
        }
        int length = str.length();
        if (length > 30 || length < 1) {
            throw new E2EEAException.InvalidPINLength("Invalid PIN length");
        }
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if ((charAt < '0' || charAt > '9') && ((charAt < 'A' || charAt > 'Z') && (charAt < 'a' || charAt > 'z'))) {
                throw new E2EEAException.InvalidPIN("Invalid PIN String");
            }
        }
    }

    private void validatePasswordPolicy(String str, Properties properties) {
        String property = properties.getProperty(PARAM_passwordQualityPolicy);
        if (property == null || "".equals(property)) {
            return;
        }
        new PasswordQualityChecker(property).ensurePasswordQuality(properties.getProperty(StringIndexer._getString("7309")), str);
    }

    public E2EEAResult encryptChangePassword(String str, String str2, String str3, String str4, Properties properties) {
        CipherParamBuilder.CipherParam cipherParam = CIPHERPARAMS_CHANGE_HASH_NONE_SHORT_3DES_CBC_16_TYPE_11;
        try {
            validateChangeInput(cipherParam, str, str2, str3, str4, properties);
            return E2EEAResult.forSuccess(encryptPasswordAndGenerateMac(cipherParam, getRSAPublicKey(str), generateMasterKey(cipherParam.getMasterKeyVersion(), cipherParam.getMasterKeyUsage(), cipherParam.getRawMasterKeyLength()), str3, str4, new HashMap()));
        } catch (E2EEAException e) {
            return handleErrorAndGetResult(e);
        }
    }

    public E2EEAResult encryptPassword(String str, String str2, String str3, Properties properties) {
        CipherParamBuilder.CipherParam cipherParam = CIPHERPARAMS_ENCRYPT_HASH_NONE_SHORT_3DES_CBC_16_TYPE_10;
        try {
            validateInput(cipherParam, str, str2, str3, properties);
            return E2EEAResult.forSuccess(encryptPasswordAndGenerateMac(cipherParam, getRSAPublicKey(str), generateMasterKey(cipherParam.getMasterKeyVersion(), cipherParam.getMasterKeyUsage(), cipherParam.getRawMasterKeyLength()), str3, null, new HashMap()));
        } catch (E2EEAException e) {
            return handleErrorAndGetResult(e);
        }
    }
}
