package co.spaece.applepay;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.ArrayUtils;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:co/spaece/applepay/PaymentUtilImpl.class */
class PaymentUtilImpl implements PaymentUtil {
    private final String appleRootCACertificatePath;
    private final String appleMerchantPrivateKeyPath;
    private static KeyStore publicCertificatekeyStore;
    private static KeyStore privateCertificateKeyStore;
    private static final byte[] APPLE_OEM;
    private static final byte[] COUNTER;
    private static final byte[] ALG_IDENTIFIER_BYTES;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PaymentUtilImpl(String str, String str2) {
        this.appleRootCACertificatePath = str;
        this.appleMerchantPrivateKeyPath = str2;
    }

    @Override // co.spaece.applepay.PaymentUtil
    public PaymentData decryptPaymentToken(PaymentToken paymentToken, String str) throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, NoSuchProviderException {
        initializePrivateCertificateKeyStore(this.appleMerchantPrivateKeyPath, str);
        initializePublicCertificateKeyStore(this.appleRootCACertificatePath);
        try {
            return decrypt(paymentToken, str);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected PaymentData decrypt(PaymentToken paymentToken, String str) throws Exception {
        byte[] decode = Base64.getDecoder().decode(paymentToken.getSignature());
        byte[] decode2 = Base64.getDecoder().decode(paymentToken.getData());
        byte[] decode3 = Hex.decode(paymentToken.getHeader().getTransactionId());
        byte[] decode4 = Base64.getDecoder().decode(paymentToken.getHeader().getEphemeralPublicKey());
        CMSSignedData cMSSignedData = new CMSSignedData(new CMSProcessableByteArray(ArrayUtils.addAll(ArrayUtils.addAll(decode4, decode2), decode3)), decode);
        Store certificates = cMSSignedData.getCertificates();
        ArrayList arrayList = new ArrayList();
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        jcaX509CertificateConverter.setProvider("BC");
        Iterator it = certificates.getMatches((Selector) null).iterator();
        while (it.hasNext()) {
            arrayList.add(jcaX509CertificateConverter.getCertificate((X509CertificateHolder) it.next()));
        }
        CertificateFactory.getInstance("X.509", "BC").generateCertPath(arrayList);
        new PKIXParameters(publicCertificatekeyStore).setRevocationEnabled(false);
        CertPathValidator.getInstance("PKIX", "BC");
        boolean z = false;
        Date date = null;
        for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
            Collection matches = certificates.getMatches(signerInformation.getSID());
            if (!matches.isEmpty()) {
                if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build((X509CertificateHolder) matches.iterator().next()))) {
                    date = signerInformation.getSignedAttributes().get(CMSAttributes.signingTime).toASN1Primitive().getObjectAt(1).getObjectAt(0).toASN1Primitive().getDate();
                    z = true;
                }
            }
        }
        if (!z) {
            return null;
        }
        PublicKey generatePublic = KeyFactory.getInstance("EC", "BC").generatePublic(new X509EncodedKeySpec(decode4));
        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", "BC");
        keyAgreement.init(getMerchantPrivateKey(str));
        keyAgreement.doPhase(generatePublic, true);
        byte[] performKDF = performKDF(keyAgreement.generateSecret(), extractMerchantIdFromCertificateOid());
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
        cipher.init(2, new SecretKeySpec(performKDF, cipher.getAlgorithm()), new IvParameterSpec(new byte[16]));
        PaymentData paymentData = (PaymentData) new ObjectMapper().readValue(new String(cipher.doFinal(decode2), StandardCharsets.UTF_8), PaymentData.class);
        paymentData.setSigningDate(date);
        return paymentData;
    }

    private static byte[] performKDF(byte[] bArr, byte[] bArr2) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(COUNTER);
        byteArrayOutputStream.write(bArr);
        byteArrayOutputStream.write(ALG_IDENTIFIER_BYTES.length);
        byteArrayOutputStream.write(ALG_IDENTIFIER_BYTES);
        byteArrayOutputStream.write(APPLE_OEM);
        byteArrayOutputStream.write(bArr2);
        return MessageDigest.getInstance("SHA256", "BC").digest(byteArrayOutputStream.toByteArray());
    }

    protected PrivateKey getMerchantPrivateKey(String str) {
        try {
            String extractAliasFromCertificate = extractAliasFromCertificate();
            PrivateKey privateKey = (PrivateKey) privateCertificateKeyStore.getKey(extractAliasFromCertificate, str.toCharArray());
            if (privateKey == null) {
                throw new Exception("No private key found with the alias: " + extractAliasFromCertificate);
            }
            return privateKey;
        } catch (Exception e) {
            return null;
        }
    }

    protected byte[] extractMerchantIdFromCertificateOid() throws Exception {
        byte[] extensionValue = ((X509Certificate) privateCertificateKeyStore.getCertificate(extractAliasFromCertificate())).getExtensionValue("1.2.840.113635.100.6.32");
        byte[] bArr = new byte[64];
        System.arraycopy(extensionValue, 4, bArr, 0, 64);
        return Hex.decode(bArr);
    }

    String extractAliasFromCertificate() throws KeyStoreException {
        Enumeration<String> aliases = privateCertificateKeyStore.aliases();
        String str = null;
        while (true) {
            String str2 = str;
            if (!aliases.hasMoreElements()) {
                return str2;
            }
            str = aliases.nextElement();
        }
    }

    private static byte[] performKDF(byte[] bArr, String str) throws Exception {
        return performKDF(bArr, MessageDigest.getInstance("SHA256", "BC").digest(str.getBytes(StandardCharsets.UTF_8)));
    }

    private static void initializePublicCertificateKeyStore(String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException {
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            publicCertificatekeyStore = KeyStore.getInstance("BKS", "BC");
            publicCertificatekeyStore.load(null, "defaultPassword".toCharArray());
            publicCertificatekeyStore.setCertificateEntry("appleRootCA", CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream));
            fileInputStream.close();
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    protected void initializePrivateCertificateKeyStore(String str, String str2) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            privateCertificateKeyStore = KeyStore.getInstance("PKCS12");
            privateCertificateKeyStore.load(fileInputStream, str2.toCharArray());
            fileInputStream.close();
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        APPLE_OEM = "Apple".getBytes(StandardCharsets.US_ASCII);
        COUNTER = new byte[]{0, 0, 0, 1};
        ALG_IDENTIFIER_BYTES = "id-aes256-GCM".getBytes(StandardCharsets.US_ASCII);
    }
}
