package com.allawn.cryptography.digitalenvelope;

import com.allawn.cryptography.core.j;
import com.allawn.cryptography.entity.n;
import com.allawn.cryptography.entity.p;
import com.allawn.cryptography.entity.q;
import com.allawn.cryptography.util.i;
import com.allawn.cryptography.util.k;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import javax.crypto.SecretKey;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class d {

    /* renamed from: a, reason: collision with root package name */
    public static final String f18484a = "tmpPublicKey";

    /* renamed from: b, reason: collision with root package name */
    public static final String f18485b = "salt";

    /* renamed from: c, reason: collision with root package name */
    public static final String f18486c = "info";

    /* renamed from: d, reason: collision with root package name */
    private static final String f18487d = "EciesDigitalEnvelopeUtil";

    /* renamed from: e, reason: collision with root package name */
    private static final Object f18488e = new Object();

    /* JADX INFO: Access modifiers changed from: package-private */
    public static com.allawn.cryptography.digitalenvelope.entity.g a(j jVar, String str, p pVar, n nVar) throws m1.d, NoSuchAlgorithmException, InvalidKeySpecException, InvalidAlgorithmParameterException, InvalidKeyException, com.allawn.cryptography.d {
        PublicKey publicKey = null;
        long j7 = 0;
        if (!jVar.E(str)) {
            try {
                if (jVar.l(str)) {
                    o1.d h7 = jVar.u().g(str).h();
                    publicKey = h7.d().getPublicKey();
                    j7 = h7.f();
                }
            } catch (m1.a unused) {
                com.allawn.cryptography.util.j.a(f18487d, "createAndSaveSceneData no valid domain name set");
            }
            if (publicKey == null) {
                com.allawn.cryptography.util.j.a(f18487d, "createAndSaveSceneData missing " + str + " online certificate");
            }
        }
        if (publicKey == null) {
            com.allawn.cryptography.entity.a c7 = jVar.u().c(str);
            if (c7 != null && c7.a() != null) {
                publicKey = i.b(com.allawn.cryptography.util.a.a(c7.a()), i.f20040c);
                j7 = c7.c();
            }
            if (publicKey == null) {
                com.allawn.cryptography.util.j.a(f18487d, "createAndSaveSceneData missing " + str + " hardcoded public key");
            }
        }
        if (nVar != null && !(nVar instanceof com.allawn.cryptography.digitalenvelope.entity.f)) {
            throw new m1.d("Negotiation parameters only support type EciesNegotiationParam");
        }
        com.allawn.cryptography.digitalenvelope.entity.g b7 = b(pVar, (com.allawn.cryptography.digitalenvelope.entity.f) nVar, publicKey, j7);
        com.allawn.cryptography.util.j.a(f18487d, "createAndSaveSceneData negotiate a latest secret key");
        if (pVar.h()) {
            synchronized (f18488e) {
                q A = jVar.A(str, pVar.f());
                if (A != null && !A.g() && (A instanceof com.allawn.cryptography.digitalenvelope.entity.g)) {
                    b7 = (com.allawn.cryptography.digitalenvelope.entity.g) A;
                }
                jVar.S(str, b7);
                com.allawn.cryptography.util.j.a(f18487d, "createAndSaveSceneData adopt and save to cryptoCore");
            }
        }
        return b7;
    }

    private static com.allawn.cryptography.digitalenvelope.entity.g b(p pVar, com.allawn.cryptography.digitalenvelope.entity.f fVar, PublicKey publicKey, long j7) throws NoSuchAlgorithmException, m1.d, InvalidKeyException, InvalidAlgorithmParameterException, com.allawn.cryptography.d {
        if (publicKey == null) {
            throw new InvalidKeyException("Missing biz public key.");
        }
        if (!publicKey.getAlgorithm().equals(i.f20040c)) {
            throw new InvalidKeyException("Current scene only supports EC key, not " + publicKey.getAlgorithm() + ". Please specify the correct biz or biz public key.");
        }
        com.allawn.cryptography.digitalenvelope.entity.g gVar = new com.allawn.cryptography.digitalenvelope.entity.g();
        k.p(pVar, gVar);
        com.allawn.cryptography.digitalenvelope.entity.e eVar = new com.allawn.cryptography.digitalenvelope.entity.e();
        gVar.r(h(com.allawn.cryptography.digitalenvelope.entity.c.NIST_P, com.allawn.cryptography.digitalenvelope.entity.d.HKDF256, publicKey, fVar, pVar.a().c() / 8, eVar));
        gVar.s(eVar);
        gVar.q(j7);
        return gVar;
    }

    private static byte[] c(com.allawn.cryptography.digitalenvelope.entity.c cVar, PrivateKey privateKey, PublicKey publicKey) throws InvalidAlgorithmParameterException, com.allawn.cryptography.d {
        if (cVar == com.allawn.cryptography.digitalenvelope.entity.c.NIST_P) {
            return com.allawn.cryptography.algorithm.c.a(privateKey, publicKey);
        }
        throw new InvalidAlgorithmParameterException("Unsupported " + cVar);
    }

    private static KeyPair d(com.allawn.cryptography.digitalenvelope.entity.c cVar, AlgorithmParameterSpec algorithmParameterSpec) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        if (cVar == com.allawn.cryptography.digitalenvelope.entity.c.NIST_P) {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(i.f20040c);
            keyPairGenerator.initialize(algorithmParameterSpec, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        }
        throw new InvalidAlgorithmParameterException("Unsupported " + cVar);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static com.allawn.cryptography.entity.d e(JSONObject jSONObject) throws JSONException {
        return a.a(jSONObject.getJSONObject("cipherInfo").toString());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretKey f(com.allawn.cryptography.digitalenvelope.entity.c cVar, com.allawn.cryptography.digitalenvelope.entity.d dVar, PrivateKey privateKey, JSONObject jSONObject, int i7, boolean z6) throws m1.d, JSONException, InvalidKeySpecException, NoSuchAlgorithmException, com.allawn.cryptography.d, InvalidAlgorithmParameterException, com.allawn.cryptography.teesdk.e {
        byte[] b7;
        byte[] a7 = com.allawn.cryptography.util.a.a(jSONObject.getString(f18484a));
        if (dVar != com.allawn.cryptography.digitalenvelope.entity.d.HKDF256) {
            throw new InvalidAlgorithmParameterException("Unsupported " + dVar);
        }
        byte[] a8 = !jSONObject.optString(f18485b).isEmpty() ? com.allawn.cryptography.util.a.a(jSONObject.getString(f18485b)) : null;
        byte[] a9 = jSONObject.optString(f18486c).isEmpty() ? null : com.allawn.cryptography.util.a.a(jSONObject.getString(f18486c));
        if (a8 == null) {
            a8 = new byte[32];
            Arrays.fill(a8, (byte) 0);
        }
        if (a9 == null) {
            a9 = "".getBytes(StandardCharsets.UTF_8);
        }
        if (z6) {
            try {
                b7 = com.allawn.cryptography.teesdk.a.b(a7, a8, a9, i7);
            } catch (com.allawn.cryptography.teesdk.e unused) {
                throw new com.allawn.cryptography.teesdk.e("Failed to decrypt in TEE through device key.");
            }
        } else {
            b7 = com.allawn.cryptography.algorithm.e.d(c(cVar, privateKey, i.b(a7, i.f20040c)), a8, a9, i7);
        }
        return i.c(b7, i.f20038a);
    }

    private static byte[] g(byte[] bArr, com.allawn.cryptography.digitalenvelope.entity.d dVar, com.allawn.cryptography.digitalenvelope.entity.f fVar, int i7, com.allawn.cryptography.digitalenvelope.entity.e eVar) throws InvalidAlgorithmParameterException, com.allawn.cryptography.d {
        boolean z6;
        if (dVar != com.allawn.cryptography.digitalenvelope.entity.d.HKDF256) {
            throw new InvalidAlgorithmParameterException("Unsupported " + dVar);
        }
        byte[] bArr2 = null;
        if (fVar != null) {
            bArr2 = fVar.a();
            z6 = fVar.b();
        } else {
            z6 = false;
        }
        byte[] bArr3 = new byte[32];
        if (z6) {
            new SecureRandom().nextBytes(bArr3);
        } else {
            Arrays.fill(bArr3, (byte) 0);
        }
        if (eVar != null) {
            if (z6) {
                eVar.g(bArr3);
            }
            if (bArr2 != null) {
                eVar.f(bArr2);
            }
        }
        byte[] bytes = "".getBytes(StandardCharsets.UTF_8);
        if (bArr2 == null) {
            bArr2 = bytes;
        }
        return com.allawn.cryptography.algorithm.e.d(bArr, bArr3, bArr2, i7);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretKey h(com.allawn.cryptography.digitalenvelope.entity.c cVar, com.allawn.cryptography.digitalenvelope.entity.d dVar, PublicKey publicKey, com.allawn.cryptography.digitalenvelope.entity.f fVar, int i7, com.allawn.cryptography.digitalenvelope.entity.e eVar) throws NoSuchAlgorithmException, m1.d, InvalidAlgorithmParameterException, InvalidKeyException, com.allawn.cryptography.d {
        if (!(publicKey instanceof ECPublicKey)) {
            throw new InvalidKeyException("Only supports 'ECPublicKey' type, not '" + publicKey.getClass().getName());
        }
        KeyPair d7 = d(cVar, ((ECPublicKey) publicKey).getParams());
        PublicKey publicKey2 = d7.getPublic();
        PrivateKey privateKey = d7.getPrivate();
        if (eVar != null) {
            eVar.h(publicKey2.getEncoded());
        }
        return i.c(g(c(cVar, privateKey, publicKey), dVar, fVar, i7, eVar), i.f20038a);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String i(com.allawn.cryptography.digitalenvelope.entity.d dVar, com.allawn.cryptography.digitalenvelope.entity.e eVar, com.allawn.cryptography.entity.d dVar2) throws JSONException, InvalidAlgorithmParameterException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(f18484a, com.allawn.cryptography.util.a.b(eVar.d()));
        if (dVar != com.allawn.cryptography.digitalenvelope.entity.d.HKDF256) {
            throw new InvalidAlgorithmParameterException("Unsupported " + dVar);
        }
        if (eVar.c() != null) {
            jSONObject.put(f18485b, com.allawn.cryptography.util.a.b(eVar.c()));
        }
        if (eVar.b() != null) {
            jSONObject.put(f18486c, com.allawn.cryptography.util.a.b(eVar.b()));
        }
        jSONObject.put("cipherInfo", new JSONObject(a.b(dVar2)));
        return jSONObject.toString();
    }
}
