package com.adyen.terminal.security;

import android.util.Log;
import com.adyen.model.nexo.MessageHeader;
import com.adyen.model.terminal.security.NexoDerivedKey;
import com.adyen.model.terminal.security.SaleToPOISecuredMessage;
import com.adyen.model.terminal.security.SecurityKey;
import com.adyen.model.terminal.security.SecurityTrailer;
import com.adyen.terminal.security.exception.NexoCryptoException;
import com.adyen.util.HMACValidator;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

/* loaded from: classes.dex */
public class NexoCrypto2 {
    private byte[] crypt(byte[] bArr, NexoDerivedKey nexoDerivedKey, byte[] bArr2, int i) throws NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        SecretKeySpec secretKeySpec = new SecretKeySpec(nexoDerivedKey.getCipherKey(), "AES");
        byte[] iv = nexoDerivedKey.getIv();
        byte[] bArr3 = new byte[16];
        for (int i2 = 0; i2 < 16; i2++) {
            bArr3[i2] = (byte) (iv[i2] ^ bArr2[i2]);
        }
        cipher.init(i, secretKeySpec, new IvParameterSpec(bArr3));
        return cipher.doFinal(bArr);
    }

    private byte[] generateRandomIvNonce() {
        byte[] bArr = new byte[16];
        new Random().nextBytes(bArr);
        return bArr;
    }

    private byte[] hmac(byte[] bArr, NexoDerivedKey nexoDerivedKey) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance(HMACValidator.HMAC_SHA256_ALGORITHM);
        mac.init(new SecretKeySpec(nexoDerivedKey.getHmacKey(), HMACValidator.HMAC_SHA256_ALGORITHM));
        return mac.doFinal(bArr);
    }

    private void validateHmac(byte[] bArr, byte[] bArr2, NexoDerivedKey nexoDerivedKey) throws NexoCryptoException, InvalidKeyException, NoSuchAlgorithmException {
        byte[] hmac = hmac(bArr2, nexoDerivedKey);
        boolean z = false;
        boolean z2 = bArr.length == hmac.length;
        for (int i = 0; i < hmac.length && z2; i++) {
            if (bArr[i] != hmac[i]) {
                break;
            }
        }
        z = z2;
        if (!z) {
            throw new NexoCryptoException("Hmac validation failed");
        }
    }

    private void validateSecurityKey(SecurityKey securityKey) throws NexoCryptoException {
        if (securityKey == null || securityKey.getPassphrase() == null || securityKey.getPassphrase().isEmpty() || securityKey.getKeyIdentifier() == null || securityKey.getKeyVersion() == null || securityKey.getAdyenCryptoVersion() == null) {
            throw new NexoCryptoException("Invalid Security Key");
        }
    }

    public String decrypt(SaleToPOISecuredMessage saleToPOISecuredMessage, SecurityKey securityKey) throws Exception {
        validateSecurityKey(securityKey);
        byte[] crypt = crypt(Base64.decodeBase64(saleToPOISecuredMessage.getNexoBlob().getBytes()), NexoDerivedKeyGenerator.deriveKeyMaterial(securityKey.getPassphrase()), saleToPOISecuredMessage.getSecurityTrailer().getNonce(), 2);
        saleToPOISecuredMessage.getSecurityTrailer().getHmac();
        String str = new String(crypt);
        if (!str.startsWith("{ \"SaleToPOI")) {
            Log.e("ADYEN", "header wrong");
            int indexOf = str.indexOf("{", 5);
            if (indexOf > 0) {
                str = "{ \"SaleToPOIResponse\":" + str.substring(indexOf);
            }
        }
        Log.e("CRYPTO", "result is " + str);
        return str;
    }

    public SaleToPOISecuredMessage encrypt(String str, MessageHeader messageHeader, SecurityKey securityKey) throws Exception {
        validateSecurityKey(securityKey);
        NexoDerivedKey deriveKeyMaterial = NexoDerivedKeyGenerator.deriveKeyMaterial(securityKey.getPassphrase());
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        byte[] generateRandomIvNonce = generateRandomIvNonce();
        byte[] crypt = crypt(bytes, deriveKeyMaterial, generateRandomIvNonce, 1);
        byte[] hmac = hmac(bytes, deriveKeyMaterial);
        SecurityTrailer securityTrailer = new SecurityTrailer();
        securityTrailer.setKeyVersion(securityKey.getKeyVersion());
        securityTrailer.setKeyIdentifier(securityKey.getKeyIdentifier());
        securityTrailer.setHmac(hmac);
        securityTrailer.setNonce(generateRandomIvNonce);
        securityTrailer.setAdyenCryptoVersion(securityKey.getAdyenCryptoVersion());
        SaleToPOISecuredMessage saleToPOISecuredMessage = new SaleToPOISecuredMessage();
        saleToPOISecuredMessage.setMessageHeader(messageHeader);
        saleToPOISecuredMessage.setNexoBlob(new String(Base64.encodeBase64(crypt)));
        saleToPOISecuredMessage.setSecurityTrailer(securityTrailer);
        return saleToPOISecuredMessage;
    }
}
