package in.gov.uidai.kyc.a;

import java.io.InputStream;
import java.io.StringReader;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.spec.MGF1ParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.xml.parsers.DocumentBuilderFactory;
import javax1.xml.crypto.MarshalException;
import javax1.xml.crypto.dsig.XMLSignatureException;
import javax1.xml.crypto.dsig.XMLSignatureFactory;
import javax1.xml.crypto.dsig.dom.DOMValidateContext;
import org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.apache.xml.security.utils.Constants;
import org.spongycastle.crypto.BufferedBlockCipher;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.crypto.engines.AESEngine;
import org.spongycastle.crypto.modes.CFBBlockCipher;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.crypto.params.ParametersWithIV;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;

/* loaded from: classes.dex */
public final class a {
    private static final byte[] a = "VERSION_1.0".getBytes();
    private KeyStore.PrivateKeyEntry b;
    private InputStream c;

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    public a(InputStream inputStream, char[] cArr, InputStream inputStream2) {
        this.b = a(inputStream, cArr);
        this.c = inputStream2;
        if (this.b == null) {
            throw new RuntimeException("Key could not be read for digital signature. Please check value of signature alias and signature password, and restart the Auth Client");
        }
    }

    private static KeyStore.PrivateKeyEntry a(InputStream inputStream, char[] cArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(inputStream, cArr);
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(keyStore.aliases().nextElement(), new KeyStore.PasswordProtection(cArr));
            if (privateKeyEntry == null) {
                throw new Exception("Key not found for the given alias.");
            }
            inputStream.close();
            return privateKeyEntry;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private static byte[] a(byte[] bArr, byte[] bArr2, PrivateKey privateKey) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING", "BC");
            cipher.init(2, privateKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, new PSource.PSpecified(bArr2)));
            return cipher.doFinal(bArr);
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
            throw new Exception("Failed to decrypt AES secret key using RSA.", e);
        }
    }

    private static byte[] a(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            byte[][] a2 = a(bArr2, 16);
            BufferedBlockCipher bufferedBlockCipher = new BufferedBlockCipher(new CFBBlockCipher(new AESEngine(), 128));
            bufferedBlockCipher.init(false, new ParametersWithIV(new KeyParameter(bArr3), a2[0]));
            byte[] bArr4 = new byte[bufferedBlockCipher.getOutputSize(bArr.length)];
            bufferedBlockCipher.doFinal(bArr4, bufferedBlockCipher.processBytes(bArr, 0, bArr.length, bArr4, 0));
            return bArr4;
        } catch (InvalidCipherTextException e) {
            throw new Exception("Decrypting data using AES failed", e);
        }
    }

    private static byte[][] a(byte[] bArr, int i) {
        byte[] bArr2;
        if (bArr == null || bArr.length <= i) {
            bArr2 = new byte[0];
        } else {
            byte[] bArr3 = new byte[i];
            bArr2 = new byte[bArr.length - i];
            System.arraycopy(bArr, 0, bArr3, 0, i);
            System.arraycopy(bArr, i, bArr2, 0, bArr2.length);
            bArr = bArr3;
        }
        return new byte[][]{bArr, bArr2};
    }

    private static boolean b(byte[] bArr) {
        byte[][] a2 = a(bArr, 32);
        try {
            return new String(a2[0], "UTF-8").equals(new String(c(a2[1]), "UTF-8"));
        } catch (Exception e) {
            throw new Exception("Not able to compute hash.", e);
        }
    }

    private static byte[] c(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256", "BC");
            messageDigest.reset();
            return messageDigest.digest(bArr);
        } catch (GeneralSecurityException e) {
            throw new Exception("SHA-256 Hashing algorithm not available");
        }
    }

    public final boolean a(String str) {
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            Document parse = newInstance.newDocumentBuilder().parse(new InputSource(new StringReader(str)));
            PublicKey publicKey = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(this.c).getPublicKey();
            NodeList elementsByTagNameNS = parse.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", Constants._TAG_SIGNATURE);
            if (elementsByTagNameNS.getLength() == 0) {
                throw new IllegalArgumentException("Cannot find Signature element");
            }
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());
            DOMValidateContext dOMValidateContext = new DOMValidateContext(publicKey, elementsByTagNameNS.item(0));
            return xMLSignatureFactory.unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext);
        } catch (MarshalException e) {
            throw new Exception(e);
        } catch (XMLSignatureException e2) {
            throw new Exception(e2);
        }
    }

    public final byte[] a(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            throw new Exception("byte array data can not be null or blank array.");
        }
        b bVar = new b(bArr);
        byte[] a2 = a(bVar.c(), bVar.a(), a(bVar.b(), bVar.a(), this.b.getPrivateKey()));
        if (!b(a2)) {
            throw new Exception("Integrity Validation Failed : The original data at client side and the decrypted data at server side is not identical");
        }
        if (a2 == null || a2.length <= 32) {
            return new byte[0];
        }
        byte[] bArr2 = new byte[a2.length - 32];
        System.arraycopy(a2, 32, bArr2, 0, bArr2.length);
        return bArr2;
    }
}
