package com.sds.ocp.sdk.security.impl;

import com.google.gson.o;
import com.sds.ocp.sdk.common.code.IotAuthType;
import com.sds.ocp.sdk.common.code.IotEncType;
import com.sds.ocp.sdk.security.IotSecurityEngine;
import com.sds.ocp.sdk.security.vo.DhAuthVO;
import com.sds.ocp.sdk.security.vo.IIotSecurityVO;
import java.lang.reflect.Field;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes2.dex */
public class SecurityEngineDhAes256Impl extends IotSecurityEngine {
    private static final String DH_ALGORITHM = "DH";
    private static final String ENC_ALGORITHM = "AES";
    private static final String MAC_ALGORITHM = "HmacSHA1";
    private static final String TRANS_PADDING_TYPE = "AES/CBC/PKCS5Padding";
    private static SecretKey g_sessionKey;
    private DhAuthVO g_requestAuthVo;
    private static final Logger LOGGER = Logger.getLogger(SecurityEngineDhAes256Impl.class.getName());
    private static final IotAuthType ENGINE_AUTH_TYPE = IotAuthType.DH;
    private static final IotEncType ENGINE_ENC_TYPE = IotEncType.DH_AES256;

    private static void byte2hex(byte b2, StringBuffer stringBuffer) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        stringBuffer.append(cArr[(b2 & 240) >> 4]);
        stringBuffer.append(cArr[b2 & 15]);
    }

    private static byte[] encryptDataWithSecretKey(SecretKey secretKey, byte[] bArr) {
        try {
            removeCryptographyRestrictions();
            Cipher cipher = Cipher.getInstance(TRANS_PADDING_TYPE);
            cipher.init(1, secretKey, new IvParameterSpec(toHexString(secretKey.getEncoded()).substring(0, 16).getBytes()));
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, "Encryption Error : cause by : >>" + e.toString());
            return null;
        }
    }

    private static KeyPair generateKeyPairFromPublicKey(byte[] bArr) throws Exception {
        try {
            DHParameterSpec params = ((DHPublicKey) KeyFactory.getInstance(DH_ALGORITHM).generatePublic(new X509EncodedKeySpec(bArr))).getParams();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(DH_ALGORITHM);
            keyPairGenerator.initialize(params);
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new Exception(e);
        }
    }

    private static SecretKey generateSecretKey(PrivateKey privateKey, byte[] bArr) throws Exception {
        SecretKey secretKey = null;
        if (privateKey == null || bArr == null) {
            LOGGER.log(Level.WARNING, "[DHEngine] skip generateSecretKey priKey: " + privateKey + "pubKey :" + bArr);
            return null;
        }
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance(DH_ALGORITHM);
            keyAgreement.init(privateKey);
            keyAgreement.doPhase(KeyFactory.getInstance(DH_ALGORITHM).generatePublic(new X509EncodedKeySpec(bArr)), true);
            secretKey = keyAgreement.generateSecret(ENC_ALGORITHM);
            g_sessionKey = secretKey;
            return secretKey;
        } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOGGER.log(Level.WARNING, "generateSecretKey Exception occured. \nSecret key will be null.", e.getCause());
            return secretKey;
        }
    }

    private static SecretKeySpec getSecretKey(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256);
            messageDigest.reset();
            return new SecretKeySpec(messageDigest.digest(bArr), ENC_ALGORITHM);
        } catch (NoSuchAlgorithmException e) {
            LOGGER.warning("Get Secretkey Error : " + e.getMessage());
            return null;
        }
    }

    private static boolean isRestrictedCryptography() {
        return "Java(TM) SE Runtime Environment".equals(System.getProperty("java.runtime.name"));
    }

    private static void removeCryptographyRestrictions() {
        if (!isRestrictedCryptography()) {
            LOGGER.log(Level.CONFIG, "Cryptography restrictions removal not needed");
            return;
        }
        try {
            Class<?> cls = Class.forName("javax.crypto.JceSecurity");
            Class<?> cls2 = Class.forName("javax.crypto.CryptoPermissions");
            Class<?> cls3 = Class.forName("javax.crypto.CryptoAllPermission");
            Field declaredField = cls.getDeclaredField("isRestricted");
            declaredField.setAccessible(true);
            Field declaredField2 = Field.class.getDeclaredField("modifiers");
            declaredField2.setAccessible(true);
            declaredField2.setInt(declaredField, declaredField.getModifiers() & (-17));
            declaredField.set(null, false);
            Field declaredField3 = cls.getDeclaredField("defaultPolicy");
            declaredField3.setAccessible(true);
            PermissionCollection permissionCollection = (PermissionCollection) declaredField3.get(null);
            Field declaredField4 = cls2.getDeclaredField("perms");
            declaredField4.setAccessible(true);
            ((Map) declaredField4.get(permissionCollection)).clear();
            Field declaredField5 = cls3.getDeclaredField("INSTANCE");
            declaredField5.setAccessible(true);
            permissionCollection.add((Permission) declaredField5.get(null));
            LOGGER.log(Level.CONFIG, "Successfully removed cryptography restrictions");
        } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | NoSuchFieldException | SecurityException e) {
            LOGGER.log(Level.WARNING, "Failed to remove cryptography restrictions\n" + e);
        }
    }

    private static String toHexString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        int length = bArr.length;
        for (int i = 0; i < length; i++) {
            byte2hex(bArr[i], stringBuffer);
            if (i < length - 1) {
                stringBuffer.append(":");
            }
        }
        return stringBuffer.toString();
    }

    @Override // com.sds.ocp.sdk.security.IotSecurityEngine
    public byte[] decryptData(byte[] bArr) {
        byte[] bArr2;
        try {
            Cipher cipher = Cipher.getInstance(TRANS_PADDING_TYPE);
            LOGGER.info("[DHEngine] decrypt SecretKey : " + toHexString(g_sessionKey.getEncoded()));
            cipher.init(2, g_sessionKey, new IvParameterSpec(toHexString(g_sessionKey.getEncoded()).substring(0, 16).getBytes()));
            bArr2 = cipher.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            LOGGER.warning("Decrypt Error : " + e.getMessage());
            bArr2 = bArr;
        }
        LOGGER.info("[DHEngine] encrypt: org : " + toHexString(bArr) + " encrypt : " + toHexString(bArr2));
        return bArr2;
    }

    @Override // com.sds.ocp.sdk.security.IotSecurityEngine
    public byte[] encryptData(byte[] bArr) {
        removeCryptographyRestrictions();
        try {
            Cipher cipher = Cipher.getInstance(TRANS_PADDING_TYPE);
            cipher.init(1, g_sessionKey, new IvParameterSpec(toHexString(g_sessionKey.getEncoded()).substring(0, 16).getBytes()));
            return cipher.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            LOGGER.warning("Encryption Erro : " + e.getMessage());
            return null;
        }
    }

    @Override // com.sds.ocp.sdk.security.IotSecurityEngine
    public IotAuthType getAuthType() {
        return ENGINE_AUTH_TYPE;
    }

    @Override // com.sds.ocp.sdk.security.IotSecurityEngine
    public IotEncType getEncType() {
        return ENGINE_ENC_TYPE;
    }

    @Override // com.sds.ocp.sdk.security.IotSecurityEngine
    public IIotSecurityVO getSecurityVO() {
        return this.g_requestAuthVo;
    }

    @Override // com.sds.ocp.sdk.security.IotSecurityEngine
    public o makeAuthRequestData() {
        String encodedPublicKey = this.g_requestAuthVo.getEncodedPublicKey();
        String tpId = this.g_requestAuthVo.getTpId();
        String apiKey = this.g_requestAuthVo.getApiKey();
        String issueTimestamp = this.g_requestAuthVo.getIssueTimestamp();
        String expireDate = this.g_requestAuthVo.getExpireDate();
        String apiSecrete = this.g_requestAuthVo.getApiSecrete();
        if (encodedPublicKey.isEmpty()) {
            LOGGER.info("make publicKey is null...");
            return null;
        }
        byte[] decodeAuthData = decodeAuthData(encodedPublicKey);
        if (decodeAuthData == null) {
            LOGGER.info("make encoded publicKey is null...");
            return null;
        }
        try {
            KeyPair generateKeyPairFromPublicKey = generateKeyPairFromPublicKey(decodeAuthData);
            if (generateKeyPairFromPublicKey.getPrivate() == null) {
                LOGGER.info("make keyPair >> keyPair private is null ");
                return null;
            }
            try {
                SecretKey generateSecretKey = generateSecretKey(generateKeyPairFromPublicKey.getPrivate(), decodeAuthData);
                SecretKeySpec secretKey = getSecretKey(generateSecretKey.getEncoded());
                if (secretKey == null) {
                    LOGGER.info("Smake SecretKeySpec error....");
                    return null;
                }
                byte[] encryptDataWithSecretKey = encryptDataWithSecretKey(secretKey, apiKey.getBytes());
                SecretKeySpec secretKeySpec = new SecretKeySpec(generateSecretKey.getEncoded(), MAC_ALGORITHM);
                byte[] encoded = generateKeyPairFromPublicKey.getPublic().getEncoded();
                try {
                    Mac mac = Mac.getInstance(MAC_ALGORITHM);
                    mac.init(secretKeySpec);
                    StringBuffer stringBuffer = new StringBuffer();
                    stringBuffer.append(tpId);
                    stringBuffer.append(StringUtils.LF);
                    stringBuffer.append(apiKey);
                    stringBuffer.append(StringUtils.LF);
                    stringBuffer.append(issueTimestamp);
                    stringBuffer.append(StringUtils.LF);
                    stringBuffer.append(expireDate);
                    stringBuffer.append(StringUtils.LF);
                    stringBuffer.append(apiSecrete);
                    LOGGER.info("\n################# DH Authentication Info data #################\n 1. publicKey : " + encodedPublicKey + "\n 2. signature : \n" + stringBuffer.toString() + "\n 3. encryptedApiKey : " + encryptDataWithSecretKey + "\n 4. tpId : " + tpId + "\n###############################################################");
                    byte[] doFinal = mac.doFinal(stringBuffer.toString().getBytes("UTF-8"));
                    o oVar = new o();
                    oVar.a("publicKey", encryptAuthData(encoded));
                    oVar.a("signature", encryptAuthData(doFinal));
                    oVar.a("encryptedApiKey", encryptAuthData(encryptDataWithSecretKey));
                    oVar.a("tpId", tpId);
                    return oVar;
                } catch (Exception e) {
                    LOGGER.info("make signature error..." + e.toString());
                    return null;
                }
            } catch (Exception e2) {
                LOGGER.info("make secretKey is null...");
                return null;
            }
        } catch (Exception e3) {
            LOGGER.info("make keyPair is null..." + e3.getMessage());
            return null;
        }
    }

    @Override // com.sds.ocp.sdk.security.IotSecurityEngine
    public void setAuthRequestVO(IIotSecurityVO iIotSecurityVO, String str, String str2) {
        DhAuthVO dhAuthVO = (DhAuthVO) iIotSecurityVO;
        dhAuthVO.setEncodedPublicKey(str);
        dhAuthVO.setTpId(str2);
        this.g_requestAuthVo = dhAuthVO;
    }

    @Override // com.sds.ocp.sdk.security.IotSecurityEngine
    public void setSecurityVO(IIotSecurityVO iIotSecurityVO) {
        this.g_requestAuthVo = (DhAuthVO) iIotSecurityVO;
    }
}
