package com.kakao.talk.kakaopay.cert;

import android.os.SystemClock;
import android.text.TextUtils;
import com.e.a.a.f;
import com.e.a.a.g;
import com.e.a.d;
import com.e.a.i;
import com.e.b.c;
import com.kakao.talk.application.App;
import com.kakao.talk.e.c;
import com.kakao.talk.e.j;
import com.kakao.talk.kakaopay.e.e;
import com.kakao.talk.util.ag;
import java.io.ByteArrayInputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONException;
import org.json.JSONObject;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.macs.HMac;
import org.spongycastle.crypto.prng.SP800SecureRandomBuilder;
import org.spongycastle.jce.provider.BouncyCastleProvider;

/* compiled from: KakaoPayCert.java */
/* loaded from: classes2.dex */
public class b {

    /* renamed from: d, reason: collision with root package name */
    private static final String f19598d = j.UO;

    /* renamed from: e, reason: collision with root package name */
    private static final String f19599e = j.Ds;

    /* renamed from: f, reason: collision with root package name */
    private static final String f19600f = j.UK;

    /* renamed from: g, reason: collision with root package name */
    private static final String f19601g = j.UL;

    /* renamed from: h, reason: collision with root package name */
    private static final String f19602h = j.UM;

    /* renamed from: i, reason: collision with root package name */
    private static final String f19603i = j.UN;

    /* renamed from: j, reason: collision with root package name */
    private static final String f19604j = j.oh;
    private static final String k = j.Y;
    private static BouncyCastleProvider l;
    private static volatile b m;

    /* renamed from: a, reason: collision with root package name */
    KeyPairGenerator f19605a;

    /* renamed from: b, reason: collision with root package name */
    ECPublicKey f19606b;

    /* renamed from: c, reason: collision with root package name */
    public ECPrivateKey f19607c;

    /* compiled from: KakaoPayCert.java */
    /* loaded from: classes2.dex */
    public class a {

        /* renamed from: a, reason: collision with root package name */
        public byte[] f19608a;

        /* renamed from: b, reason: collision with root package name */
        public byte[] f19609b;

        /* renamed from: c, reason: collision with root package name */
        public byte[] f19610c;

        public a() {
        }
    }

    static {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        l = bouncyCastleProvider;
        Security.addProvider(bouncyCastleProvider);
    }

    private b() {
    }

    public static b a() {
        if (m == null) {
            synchronized (b.class) {
                if (m == null) {
                    m = new b();
                }
            }
        }
        return m;
    }

    public static String a(String str) {
        return str.replace("-----BEGIN CERTIFICATE-----\n", "").replace("\n-----END CERTIFICATE-----", "").replace("\n", "");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String a(ECPrivateKey eCPrivateKey, i iVar, com.e.b.b bVar) {
        try {
            f fVar = new f(eCPrivateKey);
            c cVar = new c(iVar, bVar);
            fVar.b().f4131a = l;
            fVar.b().f4132b = b();
            cVar.a(fVar);
            return cVar.b();
        } catch (d e2) {
            a("_JWT_SIGN", "GET_JWT_SIGN_FAIL");
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(String str, String str2) {
        e.a();
        e.b(TextUtils.concat("TAG_KAKAOPAY_CERT", str).toString(), str2);
    }

    private static boolean a(c cVar) {
        try {
            if (cVar.a(new g((ECPublicKey) b(ag.a(App.b(), com.kakao.talk.e.c.f15993a == c.a.Sandbox ? "KakaoPayCertSandbox.pem" : "KakaoPayCert.pem")).getPublicKey()))) {
                return true;
            }
        } catch (d e2) {
        }
        a("_JWT_VERIFY", "SIGNED_JWT_FAILED");
        return false;
    }

    public static byte[] a(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return a(str, bArr, bArr2, bArr3, false);
    }

    private static byte[] a(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, boolean z) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance(f19601g).generateSecret(new PBEKeySpec(str.toCharArray(), bArr2, 10000, 256)).getEncoded(), k);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(z ? 1 : 2, secretKeySpec, new IvParameterSpec(bArr3));
            byte[] doFinal = cipher.doFinal(bArr);
            new StringBuilder("output:").append(com.e.a.d.a.a(doFinal).toString());
            return doFinal;
        } catch (Exception e2) {
            a("_AES_DO_FINAL", "AES_DO_FINAL_FAIL");
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecureRandom b() {
        return new SP800SecureRandomBuilder().buildHMAC(new HMac(new SHA256Digest()), Long.toString(SystemClock.uptimeMillis()).getBytes(), false);
    }

    public static X509Certificate b(String str) {
        if (org.apache.commons.b.i.a((CharSequence) str)) {
            return null;
        }
        String a2 = a(str);
        if (a2 != null) {
            return d(com.e.a.d.b.a(new com.e.a.d.c(a2).f4203b));
        }
        a("_TO_X509_CERTIFICATE_BASE64_URL", "DEM_CERTIFICATE_IS_EMPTY");
        return null;
    }

    private synchronized PrivateKey c(byte[] bArr) throws Exception {
        return KeyFactory.getInstance(f19598d, f19599e).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public static JSONObject c(String str) {
        JSONObject jSONObject = null;
        try {
            com.e.b.c a2 = com.e.b.c.a(str);
            if (a(a2)) {
                jSONObject = new JSONObject(a2.f4208a.toString());
            } else {
                a("_GET_JWT_PAYLOAD", "SIGNED_JWT_VERIFY_FAILED");
            }
        } catch (ParseException | JSONException e2) {
            a("_GET_JWT_PAYLOAD", "GET_JWT_PAYLOAD_FAIL");
        }
        return jSONObject;
    }

    private static X509Certificate d(byte[] bArr) {
        if (bArr == null) {
            a("_TO_X509_CERTIFICATE", "BINARY_CERTIFICATE_IS_NULL");
            return null;
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X509", f19599e).generateCertificate(new ByteArrayInputStream(bArr));
        } catch (NoSuchProviderException | CertificateException e2) {
            a("_TO_X509_CERTIFICATE", "TO_X509_CERTIFICATE_FAIL");
            return null;
        }
    }

    public final a a(String str, byte[] bArr, byte[] bArr2) {
        SecureRandom b2 = b();
        try {
            byte[] bArr3 = new byte[Cipher.getInstance("AES/CBC/PKCS5Padding").getBlockSize()];
            b2.nextBytes(bArr3);
            byte[] a2 = a(str, bArr, bArr2, bArr3, true);
            a aVar = new a();
            aVar.f19609b = bArr3;
            aVar.f19608a = bArr2;
            aVar.f19610c = a2;
            return aVar;
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            a("_AES_ENCRYPT", "AES_ENCTYPT_FAIL");
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String a(i iVar, com.e.b.b bVar) {
        return a(this.f19607c, iVar, bVar);
    }

    public final boolean a(byte[] bArr) {
        try {
            this.f19607c = (ECPrivateKey) c(bArr);
            String c2 = com.kakao.talk.kakaopay.home.a.a().c("certificate");
            this.f19606b = TextUtils.isEmpty(c2) ? null : (ECPublicKey) b(c2).getPublicKey();
            return true;
        } catch (Exception e2) {
            a("_IS_OK_SET_PUBLIC_N_PRIVATE_KEY", "FAIL_LOAD_KEYS");
            return false;
        }
    }

    public final byte[] b(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance(f19602h, f19599e);
            new StringBuilder("sig:").append(signature.toString());
            new StringBuilder("privateKey:").append(this.f19607c);
            signature.initSign(this.f19607c);
            signature.update(bArr);
            byte[] sign = signature.sign();
            new StringBuilder("sign:").append(sign.toString());
            new StringBuilder("publicKey:").append(this.f19606b.toString());
            signature.initVerify(this.f19606b);
            signature.update(bArr);
            if (signature.verify(sign)) {
                return sign;
            }
            a("_SIGN", "SIGN_VERIFY_FAIL");
            return null;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException e2) {
            a("_SIGN", "SIGN_FAIL");
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean c() {
        if (this.f19605a != null) {
            return true;
        }
        try {
            this.f19605a = KeyPairGenerator.getInstance(f19598d, f19599e);
            this.f19605a.initialize(new ECGenParameterSpec(f19600f), b());
            return true;
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            a("_INIT_KEYPAIR_GENERATOR", "EXCEPTION");
            return false;
        }
    }
}
