package com.wallee.sdk.trid.encryption;

import com.mastercard.developer.encryption.EncryptionException;
import com.mastercard.developer.utils.EncodingUtils;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.MGF1ParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;

/* loaded from: input_file:com/wallee/sdk/trid/encryption/FieldLevelEncryptionParams.class */
public final class FieldLevelEncryptionParams {
    private static final Integer SYMMETRIC_KEY_SIZE = 128;
    protected static final String SYMMETRIC_KEY_TYPE = "AES";
    private static final String ASYMMETRIC_CYPHER = "RSA/ECB/OAEPWith{ALG}AndMGF1Padding";
    private static final String SUN_JCE = "SunJCE";
    private final String ivValue;
    private final String encryptedKeyValue;
    private final String oaepPaddingDigestAlgorithmValue;
    private final FieldLevelEncryptionConfig config;
    private Key secretKey;
    private IvParameterSpec ivParameterSpec;
    private String fingerprint;

    public FieldLevelEncryptionParams(String str, String str2, String str3, FieldLevelEncryptionConfig fieldLevelEncryptionConfig) {
        this.ivValue = str;
        this.encryptedKeyValue = str2;
        this.oaepPaddingDigestAlgorithmValue = str3;
        this.config = fieldLevelEncryptionConfig;
    }

    public FieldLevelEncryptionParams(String str, String str2, String str3, FieldLevelEncryptionConfig fieldLevelEncryptionConfig, String str4) {
        this(str, str2, str3, fieldLevelEncryptionConfig);
        this.fingerprint = str4;
    }

    public static FieldLevelEncryptionParams generate(FieldLevelEncryptionConfig fieldLevelEncryptionConfig) throws EncryptionException {
        IvParameterSpec generateIv = generateIv();
        String encodeBytes = EncodingUtils.encodeBytes(generateIv.getIV(), fieldLevelEncryptionConfig.getFieldValueEncoding());
        SecretKey generateSecretKey = generateSecretKey();
        FieldLevelEncryptionParams fieldLevelEncryptionParams = new FieldLevelEncryptionParams(encodeBytes, EncodingUtils.encodeBytes(wrapSecretKey(fieldLevelEncryptionConfig, generateSecretKey), fieldLevelEncryptionConfig.getFieldValueEncoding()), fieldLevelEncryptionConfig.getOaepPaddingDigestAlgorithm().replace("-", ""), fieldLevelEncryptionConfig);
        fieldLevelEncryptionParams.secretKey = generateSecretKey;
        fieldLevelEncryptionParams.ivParameterSpec = generateIv;
        return fieldLevelEncryptionParams;
    }

    public String getIvValue() {
        return this.ivValue;
    }

    public String getEncryptedKeyValue() {
        return this.encryptedKeyValue;
    }

    public String getOaepPaddingDigestAlgorithmValue() {
        return this.oaepPaddingDigestAlgorithmValue;
    }

    public Key getSecretKey() throws EncryptionException {
        try {
            if (this.secretKey != null) {
                return this.secretKey;
            }
            this.secretKey = unwrapSecretKey(this.config, EncodingUtils.decodeValue(this.encryptedKeyValue, this.config.getFieldValueEncoding()), this.oaepPaddingDigestAlgorithmValue, this.fingerprint);
            return this.secretKey;
        } catch (Exception e) {
            throw new EncryptionException("Failed to decode and unwrap the provided secret key value!", e);
        } catch (EncryptionException e2) {
            throw e2;
        }
    }

    public IvParameterSpec getIvSpec() throws EncryptionException {
        try {
            if (this.ivParameterSpec != null) {
                return this.ivParameterSpec;
            }
            this.ivParameterSpec = new IvParameterSpec(EncodingUtils.decodeValue(this.ivValue, this.config.getFieldValueEncoding()));
            return this.ivParameterSpec;
        } catch (Exception e) {
            throw new EncryptionException("Failed to decode the provided IV value!", e);
        }
    }

    private static IvParameterSpec generateIv() throws EncryptionException {
        try {
            byte[] bArr = new byte[16];
            SecureRandom.getInstance("SHA1PRNG", "SUN").nextBytes(bArr);
            return new IvParameterSpec(bArr);
        } catch (GeneralSecurityException e) {
            throw new EncryptionException("Failed to generate an IV value!", e);
        }
    }

    private static SecretKey generateSecretKey() throws EncryptionException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(SYMMETRIC_KEY_TYPE, SUN_JCE);
            keyGenerator.init(SYMMETRIC_KEY_SIZE.intValue());
            return keyGenerator.generateKey();
        } catch (GeneralSecurityException e) {
            throw new EncryptionException("Failed to generate a secret key!", e);
        }
    }

    protected static byte[] wrapSecretKey(FieldLevelEncryptionConfig fieldLevelEncryptionConfig, Key key) throws EncryptionException {
        try {
            PublicKey publicKey = fieldLevelEncryptionConfig.getEncryptionCertificate().getPublicKey();
            MGF1ParameterSpec mGF1ParameterSpec = new MGF1ParameterSpec(fieldLevelEncryptionConfig.getOaepPaddingDigestAlgorithm());
            Cipher cipher = Cipher.getInstance(ASYMMETRIC_CYPHER.replace("{ALG}", mGF1ParameterSpec.getDigestAlgorithm()), SUN_JCE);
            cipher.init(3, publicKey, getOaepParameterSpec(mGF1ParameterSpec));
            return cipher.wrap(key);
        } catch (GeneralSecurityException e) {
            throw new EncryptionException("Failed to wrap secret key!", e);
        }
    }

    protected static Key unwrapSecretKey(FieldLevelEncryptionConfig fieldLevelEncryptionConfig, byte[] bArr, String str, String str2) throws EncryptionException {
        if (!str.contains("-")) {
            str = str.replace("SHA", "SHA-");
        }
        try {
            MGF1ParameterSpec mGF1ParameterSpec = new MGF1ParameterSpec(str);
            PrivateKey decryptionKey = fieldLevelEncryptionConfig.getDecryptionKey(str2);
            Cipher cipher = Cipher.getInstance(ASYMMETRIC_CYPHER.replace("{ALG}", mGF1ParameterSpec.getDigestAlgorithm()), SUN_JCE);
            cipher.init(4, decryptionKey, getOaepParameterSpec(mGF1ParameterSpec));
            return cipher.unwrap(bArr, SYMMETRIC_KEY_TYPE, 3);
        } catch (GeneralSecurityException e) {
            throw new EncryptionException("Failed to unwrap secret key!", e);
        }
    }

    private static OAEPParameterSpec getOaepParameterSpec(MGF1ParameterSpec mGF1ParameterSpec) {
        return new OAEPParameterSpec(mGF1ParameterSpec.getDigestAlgorithm(), "MGF1", mGF1ParameterSpec, PSource.PSpecified.DEFAULT);
    }
}
