package koamtac.kdc.sdk;

import android.os.Build;
import android.util.Base64;
import com.itextpdf.text.pdf.security.SecurityConstants;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Random;
import java.util.concurrent.ThreadLocalRandom;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.spongycastle.apache.bzip2.BZip2Constants;

/* loaded from: classes2.dex */
public class KPOSHSM {
    public static int RCODE_CA_RSAKEY_GENERATION_FAIL = 2;
    public static int RCODE_ERROR = 1;
    public static int RCODE_HSM_RSAKEY_GENERATION_FAIL = 3;
    public static int RCODE_INVALID_PUBLIC_KEY = 4;
    public static int RCODE_SUCCESS = 0;
    public static int RCODE_VERIFICATION_FAIL = 5;
    static byte[] _hsmRN;
    static byte[] _kdcRN;
    static PublicKey[] _caPK = new PublicKey[2];
    static PrivateKey[] _caSK = new PrivateKey[2];
    static PublicKey[] _hsmPK = new PublicKey[2];
    static PrivateKey[] _hsmSK = new PrivateKey[2];
    static PublicKey[] _kdcPK = new PublicKey[2];
    private static final String[] RSA_CA_PRIVATE_KEY_PKCS8_DER = {"MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDBTPSeYxwF5NqY\nk0WbubKZoM6QLzTdouRG6xSPfRUeyq9MIQPZvTC3SHep0GsnEOHR3YwOTZ5lEI/s\nC/mZ18S61AFRcHqQPX51IGYnsrRhZ3qZkDSDE7Ylme6JzFVh1VDWXQ6EGkhCiUlj\nRJDEIa9gfC0nbHxNeUnZKPasGD6UglWrlPKFDIm8gEOlS7+76CgjxrQi5ShdCdbS\n4LdTpgOVtmPLYuCSJZqYS7Uan+1ghs7owvmnq7TDBz6Uf/xdpJEZymGD/yQ/suAL\neSsvuBofinHQHYH1CW0C2vMK8dOgBSvux0/c27Q6uZB7dYAqE11Z4lty5b5OqJwB\n+b30IHhBAgMBAAECggEAG+i235t4Xf18oPo6haZv0VtKF7/zxmsQweXf3RZ2kzCO\nfikSJkD4+gLo4XLUgG/L5azdiOnPYdDcsXx1IwTn7wBR2bv/Zji1ZnHcGK/mTV35\nx0GZOLJYN+Dxc6HgqLR6QckZIcetq+BTNpWdaplhJJwpOipMCYo74wfVaGRDvNXn\n/2Pw/yv3/mHuSxmAuqsG+crHVWFWj/1GcheN1W1uHodzKRCfaR38LPyxAnXK3udQ\n0bPdQf8x4ArTpBS0HdCwavO2PAB0y5oNMaouwNJZ8cnR/nD/UNfA7gqgqVwBg+TL\nY2raTPPiMHiN2dvkmZZkfalRrSF6pNTZMhtfO21/BQKBgQDHPds6U0qJuUhEg2p4\n/Cb3K1qLViwZWOp5RGgKDTBMLNBStpbLNgFeUaf8KsYRNOZExXZr5+WpOQyN4LIB\nyF18sl3549bcuDZ3ElURgkuraIcB5C9halPDcGlAB0BdbQfJLeNZYfwilm5xwTke\nqqXaHiYJXY8X4mfJP7N8kIvR/wKBgQD4XdZHWv1xkcWL1WuKCc9OL25kelmznd6R\nHNwmVhJ+Byl1jqg7cR3AoMMbGuZ6AaIdw/ngNNX3NuuqWyVw7uD8u1yJZcXVRFTc\nmChx3c2upCdYNvPzT5D5Mwsdui+MehS8PEe4jFPdKzHejT3tt80DbP+NIac09NIb\nH0p8HKs1vwKBgGFauT9zqW1IaqaHrEP3ubZ2qaSB88Ri7RdaNJgMv7fJAfYYn/Al\nsF98+N8/q06HEaky711kj5Szeo3s6C300LF4mnDbQobRQFPIUmbeysizp5xl+jzY\nbpuF1vfhUzMTboV/9aIcPc5MwSS2bImuiqHcr2tOGvhpuZrdlH9eRePTAoGAWRyB\n91QkPw1ITaWjUgG3CZxnBVIIwTNRWct7CZ40QFedfnpSzhEF1clYd28tZnUTj45z\nJwiOBIcGAzd0tZJf0w3+Y6XKV3yO3h8R09j7JT/shfAhkxjnMSIpSN82lDZxHiCa\nsxJWPLJ00B7pK1OZETOYdTCv54Y3pFeTx/gZTc0CgYBY9hjJ31nuEAVhlk8txRMf\nrgDJC0mrAsAiOi72G+VjApvmetiAUAaqduj28GVxZcJSlGax0c3YheYgmp6XwslI\nofPK5JvjUbapRXSkvnoQjcKoA9JCrdqNy8KfXyY3CKWi7gNd530SDG9792rDT799\nFxI2YEkGYRwIr8DwjdhVYg==\n", "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDGtMaY7aUYBFVs\nnmVxpkzw7rtWlnNZ9Xq9d251VPY1Ge+9vYAPrYpXB22k5YmLkVRbcGL4hejwHNUw\nnV3BH5xBPwHbKyo9jEmp+IBU1zYTx5XjCg17o2eFPZ593kx13jJmlrnlawPdb44r\nk8spxMShqBYgvrjPiK51kklh4dz5gHLA4KyBrZCSDbQ4h7seoYUdrbmtAAr3LsrH\n/Oo/nskVI7zbInMWa8swKzMc2uZbYb4khAUCfu2//fB0HpVtQO6HCsCWgAZZj/eW\n38BdE+UeDtZ8qVmHTNqCrMw+a9skcF7PtUjrp6sjHukQg06sQl7f9IrHTLfZGHOS\nVN/CnQO3AgMBAAECggEAFfKJrQKH+wB03wEae1RpqIL14OPP7IkXUYNg3pzPxPW5\nwTSucbeH/CzZ3h4W9HoiMydVXICN8KzT71ayWvkULTC5vRd7cZOOigjkmSUG2BBy\nFxhZJ5AuMvf8tYeu3PtPMyhFcs2V07N/+dg31xk2Dr+eEhJ+yeLIQjwyLBmNFWb6\nAnI9fW3/iAJu8lVslH2k6Cagl3WbLeufu5FQwNKzKD3j1WCbLBJVPhhpnHWk/knu\nwuGXJPieP7OBROgMuKhixPx6sIF/eh6Z8HWHEGMDI8bybyLdFxK/LmZd5a0VMV3h\nYJfW57fSUGGv5oSNcCbFTIDliGYpYKBdDZAXtLp/oQKBgQDwwlQGUWY7uxBVg4Wi\nV9yXUrzHjB2vx9LNgnGY5jTh4LCJXFBm2Tnd2CQEPzmQQdx2Y90ibyyjF61Nfj9b\n6/x+P0phvBjqwT6EsBFt29jIXoFbRKhAJ2mAijlFLiVfdFNuEzfot9ZKDoDoAPI6\nfitS5pUQV3lJc/PRAadWxboo0wKBgQDTSPMqIzwrRevRgBaNjoesX6KAjffoGTEp\ne9Qo3M33CflmNkgmSpSrK+FgNI/Kbm+lg27vi+04feiUhEcwbSP4OXFyJskwZ0xy\nyxkgK7bQfuCtaVQtQJVffoDEdPA7JD1JEBkkzcYt0Rem5RCV1EEChZQ4C4ovZJAW\nTsNSlwyrDQKBgQDO/5W0tOm8M1KQ43rTIM21gVp0CwE/MAQL07qNpmgTSNcf0rIC\nK4R4O6yDxkRcxnOhiq0HPSTYuLO1K/WXt+coOIxgSZP2yt1QwfzKQro5VB/N89Lh\nDcHE1ZL16v4Q+vf8bSOlv+HLXHryflXFetMO/Ndu7HaIc9xOeCiDD4/GJwKBgBWh\nESuOIdm4NbTjrOte3Oq7e5I3dlpvQcYiZAyu1fLlNX/OLMKmveNsAY1stA+gEJPc\nCZ5CL82prgaOKA+ADL+bec6aw9vNp1jVC8RsVTGw22VFNBXR17jH5Xy3D+SuCAwT\nts86tX/5OLegGXuNF/6fGBZIsCO74rg15e7tgaF9AoGAB8gmzGjKAvTzujDsviZF\nNbQdkOty9fRtwAdg5fweERVhvjDRyuSChmM2QNXjQxVJJp5pGMbH3/ItrgoQCJlA\nCvsBd3sVwrfp0DDX+VaWlJIkuYnk6S1uTuwN1WPldqZjVENrcL25Ohbj/qbl6fva\nd93ynleoJjEpkbcicQY0IXI=\n"};
    private static final String[] RSA_CA_PUBLIC_KEY_DER_BASE64 = {"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUz0nmMcBeTamJNFm7my\nmaDOkC803aLkRusUj30VHsqvTCED2b0wt0h3qdBrJxDh0d2MDk2eZRCP7Av5mdfE\nutQBUXB6kD1+dSBmJ7K0YWd6mZA0gxO2JZnuicxVYdVQ1l0OhBpIQolJY0SQxCGv\nYHwtJ2x8TXlJ2Sj2rBg+lIJVq5TyhQyJvIBDpUu/u+goI8a0IuUoXQnW0uC3U6YD\nlbZjy2LgkiWamEu1Gp/tYIbO6ML5p6u0wwc+lH/8XaSRGcphg/8kP7LgC3krL7ga\nH4px0B2B9QltAtrzCvHToAUr7sdP3Nu0OrmQe3WAKhNdWeJbcuW+TqicAfm99CB4\nQQIDAQAB\n", "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrTGmO2lGARVbJ5lcaZM\n8O67VpZzWfV6vXdudVT2NRnvvb2AD62KVwdtpOWJi5FUW3Bi+IXo8BzVMJ1dwR+c\nQT8B2ysqPYxJqfiAVNc2E8eV4woNe6NnhT2efd5Mdd4yZpa55WsD3W+OK5PLKcTE\noagWIL64z4iudZJJYeHc+YBywOCsga2Qkg20OIe7HqGFHa25rQAK9y7Kx/zqP57J\nFSO82yJzFmvLMCszHNrmW2G+JIQFAn7tv/3wdB6VbUDuhwrAloAGWY/3lt/AXRPl\nHg7WfKlZh0zagqzMPmvbJHBez7VI66erIx7pEINOrEJe3/SKx0y32RhzklTfwp0D\ntwIDAQAB\n"};
    static byte[] IV = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

    static int ByteToUnsignedInt(byte b) {
        return b & 255;
    }

    static String ToHexString(byte b) {
        return ToHexString(ByteToUnsignedInt(b));
    }

    static String ToHexString(int i) {
        String hexString = Integer.toHexString(i);
        if (hexString.length() % 2 <= 0) {
            return hexString;
        }
        return "0" + hexString;
    }

    static String ToHexString(String str) {
        return ToHexString(str.getBytes());
    }

    static String ToHexString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        if (bArr != null) {
            for (byte b : bArr) {
                stringBuffer.append(ToHexString(b));
            }
        }
        return stringBuffer.toString();
    }

    public static byte[] decryptWithAES(byte[] bArr, byte[] bArr2) throws Exception {
        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
        cipher.init(2, new SecretKeySpec(bArr2, "AES"), new IvParameterSpec(IV));
        return cipher.doFinal(bArr);
    }

    public static byte[] encryptWithAES(String str, byte[] bArr) throws Exception {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(1, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(IV));
        return cipher.doFinal(str.getBytes("UTF-8"));
    }

    private static byte[] encryptWithPublicKey(byte[] bArr, PublicKey publicKey) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding");
            cipher.init(1, publicKey);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static int generateHSMRSAKey(short s) {
        int i = RCODE_HSM_RSAKEY_GENERATION_FAIL;
        if (s != 1 && s != 2) {
            return RCODE_ERROR;
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(SecurityConstants.RSA);
            keyPairGenerator.initialize(2048, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            int i2 = s - 1;
            _hsmPK[i2] = generateKeyPair.getPublic();
            _hsmSK[i2] = generateKeyPair.getPrivate();
            return (_hsmPK[i2] == null || _hsmSK[i2] == null) ? i : RCODE_SUCCESS;
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            return i;
        }
    }

    private static byte[] generateHSMRandomNumber() {
        String num = Integer.toString(Build.VERSION.SDK_INT >= 21 ? ThreadLocalRandom.current().nextInt(BZip2Constants.baseBlockSize, 1000000) : new Random(System.currentTimeMillis()).nextInt(900000) + BZip2Constants.baseBlockSize);
        if (num != null) {
            return num.getBytes();
        }
        return null;
    }

    public static byte[] generateRsaSignedKey(short s, byte[] bArr) {
        byte[] bArr2;
        if (s != 1 && s != 2) {
            return null;
        }
        int i = s - 1;
        if (_kdcPK[i] != null && _hsmSK[i] != null) {
            byte[] generateHSMRandomNumber = generateHSMRandomNumber();
            if (bArr != null && generateHSMRandomNumber != null && (bArr2 = _kdcRN) != null && generateHSMRandomNumber.length == 6 && bArr2.length == 6) {
                byte[] bArr3 = new byte[(short) (bArr2.length + generateHSMRandomNumber.length + bArr.length)];
                System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
                System.arraycopy(generateHSMRandomNumber, 0, bArr3, _kdcRN.length, generateHSMRandomNumber.length);
                System.arraycopy(bArr, 0, bArr3, _kdcRN.length + generateHSMRandomNumber.length, bArr.length);
                byte[] encryptWithPublicKey = encryptWithPublicKey(bArr3, _kdcPK[i]);
                byte[] signWithSha256Rsa = signWithSha256Rsa(encryptWithPublicKey, _hsmSK[i]);
                byte[] hexValue = getHexValue(encryptWithPublicKey, 0, encryptWithPublicKey.length);
                byte[] hexValue2 = getHexValue(signWithSha256Rsa, 0, signWithSha256Rsa.length);
                byte[] bArr4 = new byte[hexValue.length + 2 + hexValue2.length];
                int length = bArr.length;
                bArr4[0] = (byte) ((length >> 8) & 255);
                bArr4[1] = (byte) (length & 255);
                System.arraycopy(hexValue, 0, bArr4, 2, hexValue.length);
                System.arraycopy(hexValue2, 0, bArr4, hexValue.length + 2, hexValue2.length);
                return bArr4;
            }
        }
        return null;
    }

    private static byte[] generateSHA256(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static PublicKey getCAPublicKey(short s) {
        if (s == 1 || s == 2) {
            return _caPK[s - 1];
        }
        return null;
    }

    public static PublicKey getHSMPublicKey(short s) {
        if (s == 1 || s == 2) {
            return _hsmPK[s - 1];
        }
        return null;
    }

    public static byte[] getHSMPublicKeySignature(short s) {
        if (s != 1 && s != 2) {
            return null;
        }
        PublicKey[] publicKeyArr = _hsmPK;
        int i = s - 1;
        if (publicKeyArr[i] == null || _caSK[i] == null) {
            return null;
        }
        try {
            byte[] encoded = publicKeyArr[i].getEncoded();
            byte[] bArr = new byte[encoded.length - KPOSConstants.SEQUENCE_HEADER.length];
            System.arraycopy(encoded, KPOSConstants.SEQUENCE_HEADER.length, bArr, 0, encoded.length - KPOSConstants.SEQUENCE_HEADER.length);
            return signWithSha256Rsa(bArr, _caSK[i]);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    static byte[] getHexValue(byte[] bArr, int i, int i2) {
        char[] charArray = "0123456789ABCDEF".toCharArray();
        if (bArr == null) {
            return null;
        }
        byte[] bArr2 = new byte[i2 * 2];
        for (int i3 = 0; i3 < i2; i3++) {
            int i4 = bArr[i3 + i] & 255;
            int i5 = i3 * 2;
            bArr2[i5 + 1] = (byte) charArray[i4 & 15];
            bArr2[i5] = (byte) charArray[i4 >> 4];
        }
        return bArr2;
    }

    static byte[] hexStringToByteArray(String str) {
        byte[] bArr = new byte[str.length() / 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = i * 2;
            bArr[i] = (byte) Integer.parseInt(str.substring(i2, i2 + 2), 16);
        }
        return bArr;
    }

    public static int initiateCARSAKey(short s) {
        int i = RCODE_CA_RSAKEY_GENERATION_FAIL;
        if (s != 1 && s != 2) {
            return RCODE_ERROR;
        }
        try {
            KeyFactory keyFactory = KeyFactory.getInstance(SecurityConstants.RSA);
            int i2 = s - 1;
            _caSK[i2] = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(RSA_CA_PRIVATE_KEY_PKCS8_DER[i2], 0)));
            _caPK[i2] = keyFactory.generatePublic(new X509EncodedKeySpec(Base64.decode(RSA_CA_PUBLIC_KEY_DER_BASE64[i2], 0)));
            return (_caSK[i2] == null || _caPK[i2] == null) ? i : RCODE_SUCCESS;
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            return i;
        } catch (InvalidKeySpecException e2) {
            e2.printStackTrace();
            return i;
        }
    }

    public static void setKDCRandomNumber(byte[] bArr) {
        _kdcRN = bArr;
    }

    private static byte[] signWithSha256Rsa(byte[] bArr, PrivateKey privateKey) {
        if (bArr == null) {
            return null;
        }
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static int verifyAndStoreKDCPublicKey(short s, byte[] bArr, byte[] bArr2) {
        int i;
        int i2 = RCODE_INVALID_PUBLIC_KEY;
        if (s != 1 && s != 2) {
            return RCODE_ERROR;
        }
        int i3 = s - 1;
        if (_caPK[i3] == null) {
            return RCODE_ERROR;
        }
        try {
            if (verifyWithSha256Rsa(s, bArr, bArr2)) {
                byte[] bArr3 = new byte[KPOSConstants.SEQUENCE_HEADER.length + bArr.length];
                System.arraycopy(KPOSConstants.SEQUENCE_HEADER, 0, bArr3, 0, KPOSConstants.SEQUENCE_HEADER.length);
                System.arraycopy(bArr, 0, bArr3, KPOSConstants.SEQUENCE_HEADER.length, bArr.length);
                _kdcPK[i3] = KeyFactory.getInstance(SecurityConstants.RSA).generatePublic(new X509EncodedKeySpec(bArr3));
                i = RCODE_SUCCESS;
            } else {
                i = RCODE_VERIFICATION_FAIL;
            }
            return i;
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            return i2;
        } catch (InvalidKeySpecException e2) {
            e2.printStackTrace();
            return i2;
        }
    }

    public static boolean verifyWithSha256Rsa(short s, byte[] bArr, byte[] bArr2) {
        if ((s != 1 && s != 2) || bArr == null || bArr2 == null) {
            return false;
        }
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(_caPK[s - 1]);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }
}
