package io.getlime.security.powerauth.crypto.client.activation;

import com.google.common.io.BaseEncoding;
import io.getlime.security.powerauth.crypto.lib.config.PowerAuthConfiguration;
import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator;
import io.getlime.security.powerauth.crypto.lib.model.ActivationStatusBlobInfo;
import io.getlime.security.powerauth.crypto.lib.model.ActivationVersion;
import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException;
import io.getlime.security.powerauth.crypto.lib.util.AESEncryptionUtils;
import io.getlime.security.powerauth.crypto.lib.util.ECPublicKeyFingerprint;
import io.getlime.security.powerauth.crypto.lib.util.HMACHashUtilities;
import io.getlime.security.powerauth.crypto.lib.util.SignatureUtils;
import io.getlime.security.powerauth.provider.exception.CryptoProviderException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import javax.crypto.SecretKey;

/* loaded from: input_file:io/getlime/security/powerauth/crypto/client/activation/PowerAuthClientActivation.class */
public class PowerAuthClientActivation {
    private final SignatureUtils signatureUtils = new SignatureUtils();

    public boolean verifyActivationCodeSignature(String str, byte[] bArr, PublicKey publicKey) throws InvalidKeyException, GenericCryptoException, CryptoProviderException {
        return this.signatureUtils.validateECDSASignature(str.getBytes(StandardCharsets.UTF_8), bArr, publicKey);
    }

    public KeyPair generateDeviceKeyPair() throws CryptoProviderException {
        return new KeyGenerator().generateKeyPair();
    }

    public byte[] generateActivationNonce() {
        return new KeyGenerator().generateRandomBytes(16);
    }

    public byte[] computeApplicationSignature(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws GenericCryptoException, CryptoProviderException {
        return new HMACHashUtilities().hash(bArr4, (str + "&" + BaseEncoding.base64().encode(bArr) + "&" + BaseEncoding.base64().encode(bArr2) + "&" + BaseEncoding.base64().encode(bArr3)).getBytes(StandardCharsets.UTF_8));
    }

    public byte[] encryptDevicePublicKey(PublicKey publicKey, PrivateKey privateKey, PublicKey publicKey2, String str, String str2, byte[] bArr) throws InvalidKeyException, GenericCryptoException, CryptoProviderException {
        KeyGenerator keyGenerator = new KeyGenerator();
        SecretKey deriveSecretKeyFromPassword = keyGenerator.deriveSecretKeyFromPassword(str, str2.getBytes(StandardCharsets.UTF_8));
        byte[] convertPublicKeyToBytes = PowerAuthConfiguration.INSTANCE.getKeyConvertor().convertPublicKeyToBytes(publicKey);
        SecretKey computeSharedKey = keyGenerator.computeSharedKey(privateKey, publicKey2);
        AESEncryptionUtils aESEncryptionUtils = new AESEncryptionUtils();
        return aESEncryptionUtils.encrypt(aESEncryptionUtils.encrypt(convertPublicKeyToBytes, bArr, deriveSecretKeyFromPassword), bArr, computeSharedKey);
    }

    public boolean verifyServerDataSignature(String str, byte[] bArr, byte[] bArr2, PublicKey publicKey) throws InvalidKeyException, GenericCryptoException, CryptoProviderException {
        return this.signatureUtils.validateECDSASignature((BaseEncoding.base64().encode(str.getBytes(StandardCharsets.UTF_8)) + "&" + BaseEncoding.base64().encode(bArr)).getBytes(StandardCharsets.UTF_8), bArr2, publicKey);
    }

    public PublicKey decryptServerPublicKey(byte[] bArr, PrivateKey privateKey, PublicKey publicKey, String str, String str2, byte[] bArr2) throws InvalidKeyException, InvalidKeySpecException, GenericCryptoException, CryptoProviderException {
        KeyGenerator keyGenerator = new KeyGenerator();
        SecretKey computeSharedKey = keyGenerator.computeSharedKey(privateKey, publicKey);
        SecretKey deriveSecretKeyFromPassword = keyGenerator.deriveSecretKeyFromPassword(str, str2.getBytes(StandardCharsets.UTF_8));
        AESEncryptionUtils aESEncryptionUtils = new AESEncryptionUtils();
        return PowerAuthConfiguration.INSTANCE.getKeyConvertor().convertBytesToPublicKey(aESEncryptionUtils.decrypt(aESEncryptionUtils.decrypt(bArr, bArr2, computeSharedKey), bArr2, deriveSecretKeyFromPassword));
    }

    public String computeActivationFingerprint(PublicKey publicKey) throws GenericCryptoException, CryptoProviderException {
        return computeActivationFingerprint(publicKey, null, null, ActivationVersion.VERSION_2);
    }

    public String computeActivationFingerprint(PublicKey publicKey, PublicKey publicKey2, String str) throws GenericCryptoException, CryptoProviderException {
        return computeActivationFingerprint(publicKey, publicKey2, str, ActivationVersion.VERSION_3);
    }

    public String computeActivationFingerprint(PublicKey publicKey, PublicKey publicKey2, String str, ActivationVersion activationVersion) throws GenericCryptoException, CryptoProviderException {
        return ECPublicKeyFingerprint.compute((ECPublicKey) publicKey, (ECPublicKey) publicKey2, str, activationVersion);
    }

    public ActivationStatusBlobInfo getStatusFromEncryptedBlob(byte[] bArr, SecretKey secretKey) throws InvalidKeyException, GenericCryptoException, CryptoProviderException {
        if (bArr.length != 32) {
            throw new GenericCryptoException("Invalid status blob size");
        }
        byte[] decrypt = new AESEncryptionUtils().decrypt(bArr, new byte[16], secretKey, "AES/CBC/NoPadding");
        ActivationStatusBlobInfo activationStatusBlobInfo = new ActivationStatusBlobInfo();
        ByteBuffer wrap = ByteBuffer.wrap(decrypt);
        activationStatusBlobInfo.setValid(wrap.getInt(0) == -557785391);
        activationStatusBlobInfo.setActivationStatus(wrap.get(4));
        activationStatusBlobInfo.setCurrentVersion(wrap.get(5));
        activationStatusBlobInfo.setUpgradeVersion(wrap.get(6));
        activationStatusBlobInfo.setFailedAttempts(wrap.get(13));
        activationStatusBlobInfo.setMaxFailedAttempts(wrap.get(14));
        activationStatusBlobInfo.setCtrData(Arrays.copyOfRange(decrypt, 16, 32));
        return activationStatusBlobInfo;
    }
}
