package com.arxanfintech.common.crypto;

import com.arxanfintech.common.crypto.core.ECIESCoder;
import com.arxanfintech.common.crypto.core.jce.SpongyCastleProvider;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.util.encoders.Base64;
import org.json.JSONObject;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.spongycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.spongycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/arxanfintech/common/crypto/Crypto.class */
public class Crypto {
    private byte[] ePrivKeyBytes;
    private byte[] tlsCertBytes;
    private X509Certificate tlsCert;
    private java.security.PublicKey tlsPubKey;
    private java.security.PrivateKey ePrivKey;

    public Crypto(InputStream inputStream, InputStream inputStream2) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        this(IOUtils.toByteArray(inputStream), IOUtils.toByteArray(inputStream2));
    }

    public Crypto(byte[] bArr, byte[] bArr2) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        this.ePrivKeyBytes = null;
        this.tlsCertBytes = null;
        this.tlsCert = null;
        this.tlsPubKey = null;
        this.ePrivKey = null;
        this.ePrivKeyBytes = bArr;
        this.tlsCertBytes = bArr2;
        init();
    }

    private void init() throws CertificateException, IOException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        this.tlsCert = CertTool.getCertfromPEM(this.tlsCertBytes);
        this.tlsPubKey = this.tlsCert.getPublicKey();
        this.ePrivKey = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getKeyPair((PEMKeyPair) new PEMParser(new BufferedReader(new InputStreamReader(new ByteArrayInputStream(this.ePrivKeyBytes)))).readObject()).getPrivate();
    }

    public byte[] getEPrivKeyBytes() {
        return this.ePrivKeyBytes;
    }

    public byte[] getTlsCertBytes() {
        return this.tlsCertBytes;
    }

    public X509Certificate getTlsCert() {
        return this.tlsCert;
    }

    private byte[] signData(byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance("SHA3-256withECDSA", org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME);
        signature.initSign(this.ePrivKey);
        signature.update(bArr);
        return signature.sign();
    }

    private boolean verifyData(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance("SHA3-256withECDSA", org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME);
        signature.initVerify(this.tlsPubKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public String signDataWithBase64(byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
        return Base64.toBase64String(signData(bArr));
    }

    private byte[] encryptBytes(byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, InvalidCipherTextException, IOException {
        return ECIESCoder.encrypt(((BCECPublicKey) this.tlsPubKey).getQ(), bArr);
    }

    private byte[] decryptBytes(byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, InvalidCipherTextException, IOException {
        return ECIESCoder.decrypt(((BCECPrivateKey) this.ePrivKey).getD(), bArr);
    }

    public String encryptWithBase64(byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, InvalidCipherTextException, IOException {
        return Base64.toBase64String(encryptBytes(bArr));
    }

    public String signAndEncrypt(byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, SignatureException, InvalidAlgorithmParameterException, InvalidCipherTextException, IOException {
        String base64String = Base64.toBase64String(bArr);
        String signDataWithBase64 = signDataWithBase64(bArr);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("data", base64String);
        jSONObject.put("signature", signDataWithBase64);
        return encryptWithBase64(jSONObject.toString().getBytes());
    }

    public String decryptAndVerify(byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, SignatureException, InvalidAlgorithmParameterException, InvalidCipherTextException, IOException {
        JSONObject jSONObject = new JSONObject(new String(decryptBytes(Base64.decode(bArr))));
        String string = jSONObject.getString("data");
        String string2 = jSONObject.getString("signature");
        byte[] decode = Base64.decode(string.getBytes());
        if (verifyData(decode, Base64.decode(string2.getBytes()))) {
            return new String(decode);
        }
        return null;
    }

    static {
        Security.addProvider(SpongyCastleProvider.getInstance());
        Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    }
}
