package sg.gov.ica.mobile.app;

import android.util.Log;
import com.facebook.react.bridge.Promise;
import com.facebook.react.bridge.ReactApplicationContext;
import com.facebook.react.bridge.ReactContextBaseJavaModule;
import com.facebook.react.bridge.ReactMethod;
import com.facebook.react.bridge.WritableNativeArray;
import hc.m;
import hc.n;
import hc.r;
import hc.u;
import hc.v;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Enumeration;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.IESParameterSpec;
import org.bouncycastle.util.io.pem.PemReader;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class Crypto extends ReactContextBaseJavaModule {
    private static final String CIPHER_ALGORITHM_AES_GCM = "AES/GCM/NoPadding";
    private static final String CIPHER_ALGORITHM_RSA_ECB = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    private static final String ENCRYPTOR_PROFILE_ID = "ICA_ARRIVAL_CARD";
    private static final String ENCRYPT_ALGO = "AES/GCM/NoPadding";
    private static final int IV_LENGTH_BYTE = 16;
    private static final int SALT_LENGTH_BYTE = 16;
    private static final String TAG = "Crypto";
    private static final int TAG_LENGTH_BIT = 96;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Crypto(ReactApplicationContext reactApplicationContext) {
        super(reactApplicationContext);
    }

    public static Object[] aesEncryption(byte[] bArr, String str) {
        KeyGenerator.getInstance("AES").init(256, SecureRandom.getInstanceStrong());
        byte[] bArr2 = new byte[16];
        new SecureRandom().nextBytes(bArr2);
        SecretKey b10 = lg.a.b(str.toCharArray(), bArr2);
        byte[] bArr3 = new byte[16];
        Arrays.fill(bArr3, (byte) 0);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, b10, new GCMParameterSpec(TAG_LENGTH_BIT, bArr3));
        byte[] doFinal = cipher.doFinal(bArr);
        return new Object[]{Base64.getEncoder().encodeToString(ByteBuffer.allocate(16 + doFinal.length).put(bArr3).put(doFinal).array()), b10};
    }

    private String convertPrivateKeyToString(RSAPrivateKey rSAPrivateKey) {
        return Base64.getEncoder().encodeToString(rSAPrivateKey.getEncoded());
    }

    private String convertPublicKeyToString(RSAPublicKey rSAPublicKey) {
        return Base64.getEncoder().encodeToString(rSAPublicKey.getEncoded());
    }

    private RSAPrivateKey convertStringToPrivateKey(String str) {
        return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str)));
    }

    private String decrypt(String str) {
        SecretKeySpec secretKeySpec = new SecretKeySpec(ENCRYPTOR_PROFILE_ID.getBytes(StandardCharsets.UTF_8), "AES");
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, secretKeySpec, new GCMParameterSpec(128, new byte[16]));
        return new String(cipher.doFinal(Base64.getDecoder().decode(str)), StandardCharsets.UTF_8);
    }

    private byte[] encrypt(byte[] bArr, RSAPublicKey rSAPublicKey) {
        int i10 = rSAPublicKey.getModulus().bitLength() >= 4096 ? 256 : 128;
        SecureRandom instanceStrong = SecureRandom.getInstanceStrong();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(i10, instanceStrong);
        SecretKey generateKey = keyGenerator.generateKey();
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, generateKey, new GCMParameterSpec(128, new byte[16]));
        cipher.updateAAD(SubjectPublicKeyInfo.getInstance(rSAPublicKey.getEncoded()).parsePublicKey().getEncoded());
        byte[] doFinal = cipher.doFinal(bArr);
        Cipher cipher2 = Cipher.getInstance(CIPHER_ALGORITHM_RSA_ECB);
        cipher2.init(3, rSAPublicKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT));
        byte[] wrap = cipher2.wrap(generateKey);
        byte[] bArr2 = new byte[wrap.length + doFinal.length];
        System.arraycopy(wrap, 0, bArr2, 0, wrap.length);
        System.arraycopy(doFinal, 0, bArr2, wrap.length, doFinal.length);
        return bArr2;
    }

    private PublicKey getECCPublicKeyForPassportQr() {
        String str = (String) ((Stream) new BufferedReader(new InputStreamReader(getReactApplicationContext().getResources().openRawResource(i.ec_public_key))).lines().parallel()).collect(Collectors.joining("\n"));
        Log.i(TAG, "eccPublicKeyString: " + str);
        return KeyFactory.getInstance("EC", new BouncyCastleProvider()).generatePublic(new X509EncodedKeySpec(new PemReader(new StringReader(str)).readPemObject().getContent()));
    }

    private RSAPublicKey getRSAPublicKey(String str) {
        InputStream openRawResource = getReactApplicationContext().getResources().openRawResource(i.eservices_keystore);
        KeyStore keyStore = KeyStore.getInstance("BKS");
        keyStore.load(openRawResource, str.toCharArray());
        Enumeration<String> aliases = keyStore.aliases();
        if (aliases.hasMoreElements()) {
            return (RSAPublicKey) keyStore.getCertificate(aliases.nextElement()).getPublicKey();
        }
        return null;
    }

    private RSAPublicKey getRSAPublicKeyForQrJWE() {
        String replace = ((String) ((Stream) new BufferedReader(new InputStreamReader(getReactApplicationContext().getResources().openRawResource(i.cargo_pub_key))).lines().parallel()).collect(Collectors.joining("\n"))).replace("-----BEGIN PUBLIC KEY-----", "").replaceAll(System.lineSeparator(), "").replace("-----END PUBLIC KEY-----", "");
        Log.i(TAG, "publicKeyPEM:" + replace);
        return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(replace)));
    }

    private RSAPublicKey getSGACPublicKey() {
        InputStream openRawResource = getReactApplicationContext().getResources().openRawResource(i.sgac_keystore);
        KeyStore keyStore = KeyStore.getInstance("BKS");
        keyStore.load(openRawResource, "eservices".toCharArray());
        Enumeration<String> aliases = keyStore.aliases();
        if (aliases.hasMoreElements()) {
            return (RSAPublicKey) keyStore.getCertificate(aliases.nextElement()).getPublicKey();
        }
        return null;
    }

    @ReactMethod
    public void decryptJWECompact(String str, String str2, Promise promise) {
        String str3;
        try {
            n q10 = n.q(str);
            q10.f(new ic.a(convertStringToPrivateKey(str2)));
            String vVar = q10.b().toString();
            Log.i(TAG, "jwsString: " + vVar);
            r k10 = r.k(vVar);
            if (k10.n(new ic.c(getSGACPublicKey()))) {
                promise.resolve(new String(Base64.getDecoder().decode(k10.b().toString()), StandardCharsets.UTF_8));
            } else {
                promise.reject("Signature Error", "Failed to verify JWS");
            }
        } catch (u e10) {
            e = e10;
            promise.reject("Parse Error - Failed to decrypt JWE compact: ", e);
        } catch (hc.f e11) {
            e = e11;
            str3 = "JOSE Error - Failed to decrypt JWE compact: ";
            promise.reject(str3, e);
        } catch (IOException e12) {
            e = e12;
            str3 = "IO Error - Failed to decrypt JWE compact: ";
            promise.reject(str3, e);
        } catch (KeyStoreException e13) {
            e = e13;
            str3 = "KeyStore Error - Failed to decrypt JWE compact: ";
            promise.reject(str3, e);
        } catch (NoSuchAlgorithmException e14) {
            e = e14;
            str3 = "No Algorithm Error - Failed to decrypt JWE compact: ";
            promise.reject(str3, e);
        } catch (CertificateException e15) {
            e = e15;
            str3 = "Certificate Error - Failed to decrypt JWE compact: ";
            promise.reject(str3, e);
        } catch (InvalidKeySpecException e16) {
            e = e16;
            str3 = "Invalid Key Spec Error - Failed to decrypt JWE compact: ";
            promise.reject(str3, e);
        } catch (ParseException e17) {
            e = e17;
            promise.reject("Parse Error - Failed to decrypt JWE compact: ", e);
        }
    }

    @ReactMethod
    public void encryptCargoQRJWE(String str, Promise promise) {
        String str2;
        hc.i iVar = hc.i.f14305f;
        hc.d dVar = hc.d.f14287l;
        try {
            String str3 = TAG;
            Log.i(str3, "qrJsonPayload: " + str);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(dVar.b());
            n nVar = new n(new m(iVar, dVar), new v(str));
            nVar.g(new ic.b(getRSAPublicKeyForQrJWE(), keyGenerator.generateKey()));
            String r10 = nVar.r();
            Log.i(str3, "jweString: " + r10);
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("qr", r10);
            promise.resolve(jSONObject.toString());
        } catch (hc.f e10) {
            e = e10;
            str2 = "JOSE Error - Failed to encrypt QR String JWE: ";
            promise.reject(str2, e);
        } catch (IOException e11) {
            e = e11;
            str2 = "IOException Error - Failed to encrypt QR String JWE: ";
            promise.reject(str2, e);
        } catch (KeyStoreException e12) {
            e = e12;
            str2 = "KeyStore Error - Failed to encrypt QR String JWE: ";
            promise.reject(str2, e);
        } catch (NoSuchAlgorithmException e13) {
            e = e13;
            str2 = "No Algorithm Error - Failed to encrypt QR String JWE: ";
            promise.reject(str2, e);
        } catch (InvalidKeySpecException e14) {
            e = e14;
            str2 = "InvalidKeySpecException Error - Failed to encrypt QR String JWE: ";
            promise.reject(str2, e);
        } catch (JSONException e15) {
            e = e15;
            str2 = "JSONException Error - Failed to encrypt QR String JWE: ";
            promise.reject(str2, e);
        }
    }

    @ReactMethod
    public void encryptE727Request(String str, Promise promise) {
        String str2 = "InvalidKeySpecException Error - Failed to encrypt E727 Request: ";
        try {
            RSAPublicKey c10 = lg.a.c(getReactApplicationContext());
            Object[] aesEncryption = aesEncryption(str.getBytes(StandardCharsets.UTF_8), ENCRYPTOR_PROFILE_ID);
            String str3 = (String) aesEncryption[0];
            String a10 = lg.a.a(c10, (SecretKey) aesEncryption[1]);
            WritableNativeArray writableNativeArray = new WritableNativeArray();
            writableNativeArray.pushString(str3);
            writableNativeArray.pushString(a10);
            promise.resolve(writableNativeArray);
        } catch (IOException e10) {
            throw new RuntimeException(e10);
        } catch (InvalidAlgorithmParameterException e11) {
            e = e11;
            promise.reject(str2, e);
        } catch (InvalidKeyException e12) {
            e = e12;
            promise.reject(str2, e);
        } catch (KeyStoreException e13) {
            throw new RuntimeException(e13);
        } catch (NoSuchAlgorithmException e14) {
            e = e14;
            str2 = "No Algorithm Error - Failed to encrypt E727 Request: ";
            promise.reject(str2, e);
        } catch (CertificateException e15) {
            throw new RuntimeException(e15);
        } catch (InvalidKeySpecException e16) {
            e = e16;
            promise.reject(str2, e);
        } catch (BadPaddingException e17) {
            e = e17;
            promise.reject(str2, e);
        } catch (IllegalBlockSizeException e18) {
            e = e18;
            promise.reject(str2, e);
        } catch (NoSuchPaddingException e19) {
            e = e19;
            promise.reject(str2, e);
        }
    }

    @ReactMethod
    public void encryptJWECompact(String str, Promise promise) {
        String str2;
        hc.i iVar = hc.i.f14305f;
        hc.d dVar = hc.d.f14287l;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            RSAPublicKey rSAPublicKey = (RSAPublicKey) generateKeyPair.getPublic();
            String convertPrivateKeyToString = convertPrivateKeyToString((RSAPrivateKey) generateKeyPair.getPrivate());
            String convertPublicKeyToString = convertPublicKeyToString(rSAPublicKey);
            RSAPublicKey sGACPublicKey = getSGACPublicKey();
            String convertPublicKeyToString2 = convertPublicKeyToString(sGACPublicKey);
            String str3 = TAG;
            Log.i(str3, "jsonPayload: " + str);
            Log.i(str3, "sgacPublicKeyStringyString: " + convertPublicKeyToString2);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(dVar.b());
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("pk", convertPublicKeyToString);
            jSONObject.put("msg", str);
            n nVar = new n(new m(iVar, dVar), new v(Base64.getEncoder().encodeToString(jSONObject.toString().getBytes(StandardCharsets.UTF_8))));
            nVar.g(new ic.b(sGACPublicKey, keyGenerator.generateKey()));
            String r10 = nVar.r();
            Log.i(str3, "jweString: " + r10);
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put("pvt", convertPrivateKeyToString);
            jSONObject2.put("jwe", r10);
            promise.resolve(jSONObject2.toString());
        } catch (hc.f e10) {
            e = e10;
            str2 = "JOSE Error - Failed to encrypt JWE compact: ";
            promise.reject(str2, e);
        } catch (IOException e11) {
            e = e11;
            str2 = "IO Error - Failed to encrypt JWE compact: ";
            promise.reject(str2, e);
        } catch (KeyStoreException e12) {
            e = e12;
            str2 = "KeyStore Error - Failed to encrypt JWE compact: ";
            promise.reject(str2, e);
        } catch (NoSuchAlgorithmException e13) {
            e = e13;
            str2 = "No Algorithm Error - Failed to encrypt JWE compact: ";
            promise.reject(str2, e);
        } catch (CertificateException e14) {
            e = e14;
            str2 = "Certificate Error - Failed to encrypt JWE compact: ";
            promise.reject(str2, e);
        } catch (JSONException e15) {
            e = e15;
            str2 = "JSON Error - Failed to encrypt JWE compact: ";
            promise.reject(str2, e);
        }
    }

    @ReactMethod
    public void encryptJsonPayload(String str, Promise promise) {
        String str2;
        try {
            promise.resolve(Base64.getEncoder().encodeToString(encrypt(str.getBytes(StandardCharsets.UTF_8), getRSAPublicKey(decrypt("IXZHaPP7K/wtTw0yX3wDCmPqtT1f8YAm1w==")))));
        } catch (IOException e10) {
            e = e10;
            str2 = "IO Error - Failed to encrypt payload: ";
            promise.reject(str2, e);
        } catch (InvalidAlgorithmParameterException e11) {
            e = e11;
            str2 = "Invalid Algorithm Error - Failed to encrypt payload: ";
            promise.reject(str2, e);
        } catch (InvalidKeyException e12) {
            e = e12;
            str2 = "Invalid key Error - Failed to encrypt payload: ";
            promise.reject(str2, e);
        } catch (KeyStoreException e13) {
            e = e13;
            str2 = "KeyStore Error - Failed to encrypt payload: ";
            promise.reject(str2, e);
        } catch (NoSuchAlgorithmException e14) {
            e = e14;
            str2 = "No Algorithm Error - Failed to encrypt payload: ";
            promise.reject(str2, e);
        } catch (CertificateException e15) {
            e = e15;
            str2 = "Certificate Error - Failed to encrypt payload: ";
            promise.reject(str2, e);
        } catch (BadPaddingException e16) {
            e = e16;
            str2 = "Bad Padding Error - Failed to encrypt payload: ";
            promise.reject(str2, e);
        } catch (IllegalBlockSizeException e17) {
            e = e17;
            str2 = "Illegal Block Error - Failed to encrypt payload: ";
            promise.reject(str2, e);
        } catch (NoSuchPaddingException e18) {
            e = e18;
            str2 = "Padding Error - Failed to encrypt payload: ";
            promise.reject(str2, e);
        }
    }

    @ReactMethod
    public void encryptPassportDetailsQrEcc(String str, Promise promise) {
        String str2;
        Security.addProvider(new BouncyCastleProvider());
        try {
            PublicKey eCCPublicKeyForPassportQr = getECCPublicKeyForPassportQr();
            Log.i(TAG, "compressedJsonPayload: " + str);
            byte[] decode = Base64.getDecoder().decode(str);
            IESParameterSpec iESParameterSpec = new IESParameterSpec(null, null, 128, 128, null);
            mg.b bVar = new mg.b(new mg.c(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA256Digest()), new mg.a()), 16);
            bVar.engineInit(1, eCCPublicKeyForPassportQr, iESParameterSpec, new SecureRandom());
            promise.resolve(Base64.getEncoder().encodeToString(bVar.engineDoFinal(decode, 0, decode.length)));
        } catch (IOException e10) {
            e = e10;
            str2 = "IOException Error - Failed to encrypt QR String JWE: ";
            promise.reject(str2, e);
        } catch (InvalidAlgorithmParameterException e11) {
            e = e11;
            str2 = "Invalid Algorithm Parameter Error - Failed to encrypt passport details QR: ";
            promise.reject(str2, e);
        } catch (InvalidKeyException e12) {
            e = e12;
            str2 = "Invalid Key Error - Failed to encrypt passport details QR: ";
            promise.reject(str2, e);
        } catch (NoSuchAlgorithmException e13) {
            e = e13;
            str2 = "No Algorithm Error - Failed to encrypt QR String JWE: ";
            promise.reject(str2, e);
        } catch (NoSuchProviderException e14) {
            e = e14;
            str2 = "No Such Provider Error - Failed to encrypt passport details QR: ";
            promise.reject(str2, e);
        } catch (InvalidKeySpecException e15) {
            e = e15;
            str2 = "Invalid KeySpec Error - Failed to encrypt passport details QR: ";
            promise.reject(str2, e);
        } catch (BadPaddingException e16) {
            e = e16;
            str2 = "Bad Padding Error - Failed to encrypt passport details QR: ";
            promise.reject(str2, e);
        } catch (IllegalBlockSizeException e17) {
            e = e17;
            str2 = "Illegal Block Size Error - Failed to encrypt passport details QR: ";
            promise.reject(str2, e);
        } catch (NoSuchPaddingException e18) {
            e = e18;
            str2 = "No Such Padding Error - Failed to encrypt passport details QR: ";
            promise.reject(str2, e);
        }
    }

    @ReactMethod
    public void generateRealmKey(Promise promise) {
        byte[] bArr = new byte[64];
        new SecureRandom().nextBytes(bArr);
        promise.resolve(Base64.getEncoder().encodeToString(bArr));
    }

    @Override // com.facebook.react.bridge.NativeModule
    public String getName() {
        return TAG;
    }
}
