package com.hyperwallet.clientsdk.util;

import com.hyperwallet.clientsdk.HyperwalletException;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.RSADecrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;

/* loaded from: input_file:com/hyperwallet/clientsdk/util/HyperwalletEncryption.class */
public class HyperwalletEncryption {
    private static final String EXPIRATION = "exp";
    private static final Integer MILLISECONDS_IN_ONE_MINUTE = 60000;
    private static final Long MILLISECONDS_IN_SECOND = 1000L;
    private static final Integer EXPIRATION_MINUTES = 5;
    private static final JWEAlgorithm ENCRYPTION_ALGORITHM = JWEAlgorithm.RSA_OAEP_256;
    private static final JWSAlgorithm SIGN_ALGORITHM = JWSAlgorithm.RS256;
    private static final EncryptionMethod ENCRYPTION_METHOD = EncryptionMethod.A256CBC_HS512;
    private JWEAlgorithm encryptionAlgorithm;
    private JWSAlgorithm signAlgorithm;
    private EncryptionMethod encryptionMethod;
    private String clientPrivateKeySetLocation;
    private String hyperwalletKeySetLocation;
    private Integer jwsExpirationMinutes;

    /* loaded from: input_file:com/hyperwallet/clientsdk/util/HyperwalletEncryption$HyperwalletEncryptionBuilder.class */
    public static class HyperwalletEncryptionBuilder {
        private JWEAlgorithm encryptionAlgorithm;
        private JWSAlgorithm signAlgorithm;
        private EncryptionMethod encryptionMethod;
        private String clientPrivateKeySetLocation;
        private String hyperwalletKeySetLocation;
        private Integer jwsExpirationMinutes;

        public HyperwalletEncryptionBuilder encryptionAlgorithm(JWEAlgorithm jWEAlgorithm) {
            this.encryptionAlgorithm = jWEAlgorithm;
            return this;
        }

        public HyperwalletEncryptionBuilder signAlgorithm(JWSAlgorithm jWSAlgorithm) {
            this.signAlgorithm = jWSAlgorithm;
            return this;
        }

        public HyperwalletEncryptionBuilder encryptionMethod(EncryptionMethod encryptionMethod) {
            this.encryptionMethod = encryptionMethod;
            return this;
        }

        public HyperwalletEncryptionBuilder clientPrivateKeySetLocation(String str) {
            this.clientPrivateKeySetLocation = str;
            return this;
        }

        public HyperwalletEncryptionBuilder hyperwalletKeySetLocation(String str) {
            this.hyperwalletKeySetLocation = str;
            return this;
        }

        public HyperwalletEncryptionBuilder jwsExpirationMinutes(Integer num) {
            this.jwsExpirationMinutes = num;
            return this;
        }

        public HyperwalletEncryption build() {
            return new HyperwalletEncryption(this.encryptionAlgorithm, this.signAlgorithm, this.encryptionMethod, this.clientPrivateKeySetLocation, this.hyperwalletKeySetLocation, this.jwsExpirationMinutes);
        }
    }

    public HyperwalletEncryption(JWEAlgorithm jWEAlgorithm, JWSAlgorithm jWSAlgorithm, EncryptionMethod encryptionMethod, String str, String str2, Integer num) {
        this.encryptionAlgorithm = jWEAlgorithm == null ? ENCRYPTION_ALGORITHM : jWEAlgorithm;
        this.signAlgorithm = jWSAlgorithm == null ? SIGN_ALGORITHM : jWSAlgorithm;
        this.encryptionMethod = encryptionMethod == null ? ENCRYPTION_METHOD : encryptionMethod;
        this.clientPrivateKeySetLocation = str;
        this.hyperwalletKeySetLocation = str2;
        this.jwsExpirationMinutes = num == null ? EXPIRATION_MINUTES : num;
    }

    public String encrypt(String str) throws JOSEException, IOException, ParseException {
        RSAKey keyByAlgorithm = getKeyByAlgorithm(loadKeySet(this.clientPrivateKeySetLocation), this.signAlgorithm);
        RSAKey keyByAlgorithm2 = getKeyByAlgorithm(loadKeySet(this.hyperwalletKeySetLocation), this.encryptionAlgorithm);
        RSASSASigner rSASSASigner = new RSASSASigner(keyByAlgorithm);
        JWSObject jWSObject = new JWSObject(new JWSHeader.Builder(this.signAlgorithm).keyID(keyByAlgorithm.getKeyID()).criticalParams(new HashSet(Collections.singletonList(EXPIRATION))).customParam(EXPIRATION, Long.valueOf(getJWSExpirationMillis())).build(), new Payload(str));
        jWSObject.sign(rSASSASigner);
        JWEObject jWEObject = new JWEObject(new JWEHeader.Builder(this.encryptionAlgorithm, this.encryptionMethod).keyID(keyByAlgorithm2.getKeyID()).build(), new Payload(jWSObject));
        jWEObject.encrypt(new RSAEncrypter(keyByAlgorithm2));
        return jWEObject.serialize();
    }

    public String decrypt(String str) throws ParseException, IOException, JOSEException {
        RSAKey keyByAlgorithm = getKeyByAlgorithm(loadKeySet(this.clientPrivateKeySetLocation), this.encryptionAlgorithm);
        RSAPublicKey rSAPublicKey = getKeyByAlgorithm(loadKeySet(this.hyperwalletKeySetLocation), this.signAlgorithm).toRSAPublicKey();
        JWEObject parse = JWEObject.parse(str);
        parse.decrypt(new RSADecrypter(keyByAlgorithm));
        JWSObject jWSObject = parse.getPayload().toJWSObject();
        verifySignatureExpirationDate(jWSObject.getHeader().getCustomParam(EXPIRATION));
        if (jWSObject.verify(new RSASSAVerifier(rSAPublicKey, new HashSet(Collections.singletonList(EXPIRATION))))) {
            return jWSObject.getPayload().toString();
        }
        throw new HyperwalletException("JWS signature is incorrect");
    }

    public void verifySignatureExpirationDate(Object obj) {
        if (obj == null) {
            throw new HyperwalletException("exp JWS header param was null");
        }
        if (!(obj instanceof Long)) {
            throw new HyperwalletException("exp JWS header must be of type Long");
        }
        if (new Date().getTime() / MILLISECONDS_IN_SECOND.longValue() > ((Long) obj).longValue()) {
            throw new HyperwalletException("Response message signature(JWS) has expired");
        }
    }

    public JWEAlgorithm getEncryptionAlgorithm() {
        return this.encryptionAlgorithm;
    }

    public JWSAlgorithm getSignAlgorithm() {
        return this.signAlgorithm;
    }

    public EncryptionMethod getEncryptionMethod() {
        return this.encryptionMethod;
    }

    public String getClientPrivateKeySetLocation() {
        return this.clientPrivateKeySetLocation;
    }

    public String getHyperwalletKeySetLocation() {
        return this.hyperwalletKeySetLocation;
    }

    public Integer getJwsExpirationMinutes() {
        return this.jwsExpirationMinutes;
    }

    private JWKSet loadKeySet(String str) throws IOException, ParseException {
        try {
            return JWKSet.load(new URL(str));
        } catch (MalformedURLException e) {
            checkKeySetLocationIsFile(str);
            return JWKSet.load(new File(str));
        }
    }

    private long getJWSExpirationMillis() {
        return new Date(new Date().getTime() + (MILLISECONDS_IN_ONE_MINUTE.intValue() * this.jwsExpirationMinutes.intValue())).getTime() / MILLISECONDS_IN_SECOND.longValue();
    }

    private <T extends Algorithm> JWK getKeyByAlgorithm(JWKSet jWKSet, T t) {
        for (JWK jwk : jWKSet.getKeys()) {
            if (jwk.getAlgorithm().equals(t)) {
                return jwk;
            }
        }
        throw new IllegalStateException("Algorithm = " + t + " is not found in client or Hyperwallet key set");
    }

    private void checkKeySetLocationIsFile(String str) {
        if (Files.notExists(Paths.get(str, new String[0]), new LinkOption[0])) {
            throw new IllegalArgumentException("Wrong client JWK set location");
        }
    }
}
