package com.samsung.android.authfw.pass.net.samsungpass;

import a0.e;
import android.text.TextUtils;
import android.util.Base64;
import com.samsung.android.authfw.pass.logger.PSLog;
import com.samsung.android.authfw.pass.storage.SettingStorage;
import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class SessionCrypto {
    private static final String AES_CIPHER_TRANSFORMATION = "AES/CBC/PKCS7Padding";
    private static final String KEY_ALGORITHM = "AES";
    private static final String PREFERENCE_PASS_SERVER_CERTIFICATION = SessionCrypto.class.getName().concat(".PASS_SERVER_CERTIFICATION");
    private static final String PREFERENCE_PASS_SERVICE_ROOT_CERTIFICATION = SessionCrypto.class.getName().concat(".PASS_SERVICE_ROOT_CERTIFICATION");
    private static final String TAG = "SessionCrypto";
    private final IvParameterSpec mIvParameterSpec;
    private final byte[] mKey;
    private final PublicKey mPublicKey;
    private final byte[] mSessionKey;

    public SessionCrypto(String str) throws NoSuchAlgorithmException, CertificateException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_ALGORITHM);
        keyGenerator.init(256, SecureRandom.getInstance("SHA1PRNG"));
        byte[] bytes = keyGenerator.generateKey().toString().substring(0, 32).getBytes(StandardCharsets.UTF_8);
        this.mKey = bytes;
        IvParameterSpec ivParameterSpec = new IvParameterSpec(new byte[16]);
        this.mIvParameterSpec = ivParameterSpec;
        byte[] iv = ivParameterSpec.getIV();
        byte[] bArr = new byte[bytes.length + iv.length];
        this.mSessionKey = bArr;
        System.arraycopy(bytes, 0, bArr, 0, bytes.length);
        System.arraycopy(iv, 0, bArr, bytes.length, iv.length);
        this.mPublicKey = getPublicKeyFromPemCert(str);
    }

    private PublicKey getPublicKeyFromPemCert(String str) throws CertificateException {
        PSLog.d(TAG, "getPublicKeyFromPemCert");
        return ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(("-----BEGIN CERTIFICATE-----\n" + str + "\n-----END CERTIFICATE-----").getBytes(StandardCharsets.UTF_8)))).getPublicKey();
    }

    public static String getServerCert() {
        return SettingStorage.getStringSettings(PREFERENCE_PASS_SERVER_CERTIFICATION);
    }

    public static String getServiceRootCert() {
        return SettingStorage.getStringSettings(PREFERENCE_PASS_SERVICE_ROOT_CERTIFICATION);
    }

    public static void setServerCert(String str) {
        SettingStorage.setSettings(PREFERENCE_PASS_SERVER_CERTIFICATION, str);
    }

    public static void setServiceRootCert(String str) {
        SettingStorage.setSettings(PREFERENCE_PASS_SERVICE_ROOT_CERTIFICATION, str);
    }

    public String decryptByAES(String str) {
        byte[] bArr;
        if (TextUtils.isEmpty(str)) {
            PSLog.w(TAG, "input is null");
            return "";
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.mKey, KEY_ALGORITHM);
            Cipher cipher = Cipher.getInstance(AES_CIPHER_TRANSFORMATION);
            cipher.init(2, secretKeySpec, this.mIvParameterSpec);
            bArr = cipher.doFinal(Base64.decode(str, 0));
        } catch (IllegalArgumentException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e2) {
            String str2 = TAG;
            PSLog.e(str2, "decryptByAES input: " + str);
            e.z(e2, new StringBuilder("decryptByAES - "), str2);
            bArr = null;
        }
        return bArr == null ? "" : new String(bArr, StandardCharsets.UTF_8);
    }

    public String encryptByAES(String str) {
        byte[] bArr;
        if (TextUtils.isEmpty(str)) {
            PSLog.w(TAG, "input is null");
            return "";
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.mKey, KEY_ALGORITHM);
            Cipher cipher = Cipher.getInstance(AES_CIPHER_TRANSFORMATION);
            cipher.init(1, secretKeySpec, this.mIvParameterSpec);
            bArr = cipher.doFinal(str.getBytes(StandardCharsets.UTF_8));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e2) {
            String str2 = TAG;
            PSLog.e(str2, "encryptByAES input: " + str);
            PSLog.e(str2, "encryptByAES - " + e2.getMessage());
            bArr = null;
        }
        return bArr == null ? "" : new String(Base64.encode(bArr, 2), StandardCharsets.UTF_8);
    }

    public String getEncryptedSessionKey() {
        byte[] bArr;
        try {
            Cipher cipher = Cipher.getInstance("RSA/NONE/OAEPWithSHA1AndMGF1Padding");
            cipher.init(1, this.mPublicKey);
            bArr = cipher.doFinal(this.mSessionKey);
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e2) {
            String str = TAG;
            PSLog.e(str, "encryptedSessionKeyByRSA input : " + Arrays.toString(this.mSessionKey));
            PSLog.e(str, "encryptedSessionKeyByRSA - " + e2.getMessage());
            bArr = null;
        }
        return bArr == null ? "" : new String(Base64.encode(bArr, 2), StandardCharsets.UTF_8);
    }
}
