package fr.lundimatin.core.nf525.modele.fr.signature;

import android.os.Build;
import android.util.Base64;
import com.ibm.icu.impl.locale.BaseLocale;
import fr.lundimatin.core.LMBLog;
import fr.lundimatin.core.auth.AccountMethods;
import fr.lundimatin.core.auth.EncodeUtils;
import fr.lundimatin.core.config.MappingManager;
import fr.lundimatin.core.config.variable.instance.RoverCashVariableInstance;
import fr.lundimatin.core.device.DeviceModel;
import fr.lundimatin.core.internet.api.utils.ApiUtil;
import fr.lundimatin.core.internet.httpRequest.HttpResponseNew;
import fr.lundimatin.core.internet.httpRequest.RCHttpRequestNew;
import fr.lundimatin.core.internet.httpRequest.httpResponseListenerNew;
import fr.lundimatin.core.profile.ProfileHolder;
import fr.lundimatin.core.profile.RoverCashProfile;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.Random;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v1CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes5.dex */
public class SignatureUtils {
    private static final String CERT_NAME = "Certification pour signatures NF525";
    private static final String NF_ALIAS = "NF";
    private static final String PROVIDER_NAME = "BC";
    private static final String SIGNATURE_ALGORITHM = "SHA256WithRSA";
    private static final String TAG = "SignatureUtils";

    /* loaded from: classes5.dex */
    public static class LMBPublicKeyTask {
        private static final String DATA = "data";
        private String email;
        private String keyNF;
        private String mdp;
        private NFKeyListener nfKeyListener;
        private httpResponseListenerNew responseListener;

        /* loaded from: classes5.dex */
        public interface NFKeyListener {
            void onMessageFailed();

            void onMessageSucceed();
        }

        public LMBPublicKeyTask(String str) {
            this(str, null, null, null);
        }

        public LMBPublicKeyTask(String str, NFKeyListener nFKeyListener, String str2, String str3) {
            this.responseListener = new httpResponseListenerNew() { // from class: fr.lundimatin.core.nf525.modele.fr.signature.SignatureUtils.LMBPublicKeyTask.1
                @Override // fr.lundimatin.core.internet.httpRequest.httpResponseListenerNew
                public void onFailed(int i, String str4) {
                    LMBLog.e(getClass().getSimpleName(), "Send nf key failed");
                    if (LMBPublicKeyTask.this.nfKeyListener != null) {
                        LMBPublicKeyTask.this.nfKeyListener.onMessageFailed();
                    }
                }

                @Override // fr.lundimatin.core.internet.httpRequest.httpResponseListenerNew
                public void onSuccess(HttpResponseNew httpResponseNew) {
                    MappingManager.getInstance().setVariableValue(RoverCashVariableInstance.NF_PUBKEY_SENT, true);
                    LMBLog.d(getClass().getSimpleName(), "Send nf key success");
                    if (LMBPublicKeyTask.this.nfKeyListener != null) {
                        LMBPublicKeyTask.this.nfKeyListener.onMessageSucceed();
                    }
                }
            };
            this.keyNF = str;
            this.nfKeyListener = nFKeyListener;
            this.email = str2;
            this.mdp = str3;
        }

        public void execute() {
            String str = this.email;
            if (str == null) {
                str = (String) MappingManager.getInstance().getVariableValue(RoverCashVariableInstance.ROVERCASH_EMAIL_CLIENT);
            }
            String str2 = this.mdp;
            new RCHttpRequestNew(ApiUtil.APIs.NF_KEY.toString(), str, str2 != null ? EncodeUtils.inMD5(str2) : (String) MappingManager.getInstance().getVariableValue(RoverCashVariableInstance.ROVERCASH_MD5_MDP_CLIENT), this.responseListener).executePost(AccountMethods.generateJSONPostKeyNF(this.keyNF).toString());
        }
    }

    private static SubjectPublicKeyInfo createSubjectKeyInfo(Key key) throws IOException {
        ASN1InputStream aSN1InputStream;
        ASN1InputStream aSN1InputStream2 = null;
        try {
            aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(key.getEncoded()));
        } catch (Throwable th) {
            th = th;
        }
        try {
            SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance((ASN1Sequence) aSN1InputStream.readObject());
            IOUtils.closeQuietly((InputStream) aSN1InputStream);
            return subjectPublicKeyInfo;
        } catch (Throwable th2) {
            th = th2;
            aSN1InputStream2 = aSN1InputStream;
            IOUtils.closeQuietly((InputStream) aSN1InputStream2);
            throw th;
        }
    }

    private static X509Certificate generateCertificate(KeyPair keyPair) {
        Calendar calendar = Calendar.getInstance();
        calendar.setTimeInMillis(System.currentTimeMillis());
        Date time = calendar.getTime();
        calendar.add(1, 1);
        Date time2 = calendar.getTime();
        X500Name x500Name = new X500Name(getX500Name());
        BigInteger valueOf = BigInteger.valueOf(new Random().nextInt());
        PublicKey publicKey = keyPair.getPublic();
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = signCertificate(new X509v1CertificateBuilder(x500Name, valueOf, time, time2, x500Name, createSubjectKeyInfo(publicKey)), keyPair.getPrivate());
            if (x509Certificate != null) {
                x509Certificate.checkValidity(new Date());
                x509Certificate.verify(publicKey);
                x509Certificate.getSignature();
            }
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException | OperatorCreationException e) {
            LMBLog.exception(TAG, "Failed generating certificate : " + e.getMessage(), e);
        }
        return x509Certificate;
    }

    private static PrivateKey generateKeysAndSaveInKeyStore(KeyStore keyStore) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048, new SecureRandom());
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            PrivateKey privateKey = genKeyPair.getPrivate();
            keyStore.setKeyEntry(NF_ALIAS, privateKey, null, new Certificate[]{generateCertificate(genKeyPair)});
            DeviceModel.get().saveKeyStore(keyStore);
            return privateKey;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LMBLog.exception(TAG, "Error generating keys : " + e.getMessage(), e);
            return null;
        }
    }

    public static X509Certificate getCertificateNF() {
        try {
            return (X509Certificate) initKeyStore().getCertificate(NF_ALIAS);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LMBLog.exception(TAG, "Certificate not found : " + e.getMessage(), e);
            return null;
        }
    }

    public static String getFormattedPublicKey(int i) {
        X509Certificate certificateNF = getCertificateNF();
        return certificateNF != null ? Base64.encodeToString(certificateNF.getPublicKey().getEncoded(), i) : "";
    }

    public static String getShortFormattedPublicKey(int i) {
        X509Certificate certificateNF = getCertificateNF();
        return certificateNF != null ? Base64.encodeToString(certificateNF.getPublicKey().getEncoded(), i).substring(0, 4) : "";
    }

    private static String getX500Name() {
        RoverCashProfile activeProfile = ProfileHolder.getInstance().getActiveProfile();
        return "CN=Certification pour signatures NF525, O=" + activeProfile.getDisplayableLabel() + ", L=" + activeProfile.getCity() + ", C=" + activeProfile.getCountry();
    }

    private static KeyStore initKeyStore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        return DeviceModel.get().initKeyStore();
    }

    public static PrivateKey loadOrCreateKeys() {
        try {
            KeyStore initKeyStore = initKeyStore();
            PrivateKey loadPrivateKeyFromKeyStore = loadPrivateKeyFromKeyStore(initKeyStore);
            if (loadPrivateKeyFromKeyStore != null) {
                return loadPrivateKeyFromKeyStore;
            }
            PrivateKey generateKeysAndSaveInKeyStore = generateKeysAndSaveInKeyStore(initKeyStore);
            new LMBPublicKeyTask(getFormattedPublicKey(0)).execute();
            return generateKeysAndSaveInKeyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LMBLog.exception(TAG, "KEY_GEN_EXCEPTION : Failed generating keys : " + e.getMessage(), e);
            return null;
        }
    }

    private static PrivateKey loadPrivateKeyFromKeyStore(KeyStore keyStore) {
        try {
            return (PrivateKey) keyStore.getKey(NF_ALIAS, null);
        } catch (Exception e) {
            LMBLog.exception(TAG, "PKey not found : " + e.getMessage(), e);
            return null;
        }
    }

    private static PublicKey loadPublicKeyFromKeyStore(KeyStore keyStore) {
        try {
            return keyStore.getCertificate(NF_ALIAS).getPublicKey();
        } catch (KeyStoreException e) {
            LMBLog.exception(TAG, "PubKey not found : " + e.getMessage(), e);
            return null;
        }
    }

    private static X509Certificate signCertificate(X509v1CertificateBuilder x509v1CertificateBuilder, PrivateKey privateKey) throws OperatorCreationException, CertificateException {
        try {
            if (Build.VERSION.SDK_INT < 28) {
                ContentSigner build = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider("BC").build(privateKey);
                CertificateFactory.getInstance("X.509");
                return new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509v1CertificateBuilder.build(build));
            }
            ContentSigner build2 = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).build(privateKey);
            CertificateFactory.getInstance("X.509");
            return new JcaX509CertificateConverter().getCertificate(x509v1CertificateBuilder.build(build2));
        } catch (OperatorCreationException e) {
            LMBLog.exception(TAG, "Failed signing certificate : " + e.getMessage(), e);
            return null;
        }
    }

    public static String signerContenu(File file) {
        try {
            PrivateKey loadOrCreateKeys = loadOrCreateKeys();
            Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
            signature.initSign(loadOrCreateKeys, new SecureRandom());
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
            byte[] bArr = new byte[1024];
            while (true) {
                int read = bufferedInputStream.read(bArr);
                if (read < 0) {
                    bufferedInputStream.close();
                    return Base64.encodeToString(signature.sign(), 8);
                }
                signature.update(bArr, 0, read);
            }
        } catch (IOException | NullPointerException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            LMBLog.exception(TAG, "Failed signing data : " + e.getMessage(), e);
            return null;
        }
    }

    public static String signerContenu(String str) {
        try {
            byte[] bytes = str.replaceAll(" ", BaseLocale.SEP).getBytes();
            PrivateKey loadOrCreateKeys = loadOrCreateKeys();
            Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
            signature.initSign(loadOrCreateKeys, new SecureRandom());
            signature.update(bytes);
            return Base64.encodeToString(signature.sign(), 8);
        } catch (NullPointerException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            LMBLog.exception(TAG, "Failed signing data : " + e.getMessage(), e);
            return null;
        }
    }

    public static String signerContenu2(File file) {
        try {
            Signature.getInstance(SIGNATURE_ALGORITHM).initSign(loadOrCreateKeys(), new SecureRandom());
            return signerContenu(EncodeUtils.inSHA2(file));
        } catch (NullPointerException | InvalidKeyException | NoSuchAlgorithmException e) {
            LMBLog.exception(TAG, "Failed signing data : " + e.getMessage(), e);
            return null;
        }
    }

    public static boolean verifySignature(String str, String str2) {
        try {
            byte[] bytes = str.replaceAll(" ", BaseLocale.SEP).getBytes();
            byte[] decode = Base64.decode(str2, 8);
            PublicKey loadPublicKeyFromKeyStore = loadPublicKeyFromKeyStore(initKeyStore());
            Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
            signature.initVerify(loadPublicKeyFromKeyStore);
            signature.update(bytes);
            return signature.verify(decode);
        } catch (Exception e) {
            LMBLog.exception(TAG, "Failed verifying data : " + e.getMessage(), e);
            return false;
        }
    }
}
