package com.protectoria.gateway.proto.client;

import com.google.gson.Gson;
import com.google.gson.JsonParseException;
import com.protectoria.gateway.dto.ClientActionRequest;
import com.protectoria.gateway.dto.ClientActionRequestHeader;
import com.protectoria.gateway.dto.ClientActionRequestWrapper;
import com.protectoria.gateway.dto.ClientActionResponse;
import com.protectoria.gateway.dto.ClientActionResponseWrapper;
import com.protectoria.gateway.proto.ClientProtocolSenderConverter;
import com.protectoria.gateway.proto.ProtocolException;
import com.protectoria.gateway.proto.client.AbstractClientProtocolSenderContext;
import com.protectoria.pss.core.encryption.AsymmetricEncryptionParams;
import com.protectoria.pss.core.encryption.Encryption;
import com.protectoria.pss.core.encryption.SymmetricEncryptionIVParams;
import com.protectoria.pss.core.signature.MessageSignature;
import com.protectoria.pss.core.signature.SHA256WithRSABouncyMessageSignatureImpl;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import javax.crypto.SecretKey;

/* loaded from: classes4.dex */
public abstract class AbstractClientProtocolSenderConverter<C extends AbstractClientProtocolSenderContext> implements ClientProtocolSenderConverter<C> {
    public static final Charset UTF_8 = Charset.forName("UTF-8");
    public final Encryption aesEncryption;
    public final Gson gson;
    public MessageSignature messageSignature;
    public final Encryption rsaEncryption;

    public AbstractClientProtocolSenderConverter(Encryption encryption, Encryption encryption2, Gson gson) {
        this.rsaEncryption = encryption;
        this.aesEncryption = encryption2;
        this.gson = gson;
    }

    private String decryptResponse(byte[] bArr, byte[] bArr2, SecretKey secretKey) throws ProtocolException {
        try {
            return new String(this.aesEncryption.decrypt(new SymmetricEncryptionIVParams(bArr, bArr2, secretKey)), UTF_8);
        } catch (GeneralSecurityException e2) {
            throw new ProtocolException("Cannot decrypt response.", e2);
        }
    }

    private byte[] encryptHeader(C c) throws GeneralSecurityException {
        ClientActionRequestHeader clientActionRequestHeader = new ClientActionRequestHeader();
        clientActionRequestHeader.setType(c.getAction());
        clientActionRequestHeader.setNIV(c.getInitializationVector());
        clientActionRequestHeader.setSymmetricKeyPSA(c.getSymmetricKey().getEncoded());
        return this.rsaEncryption.encrypt(new AsymmetricEncryptionParams(this.gson.toJson(clientActionRequestHeader).getBytes(UTF_8), c.getPublicServerKey()));
    }

    private byte[] encryptRequest(ClientActionRequest clientActionRequest, C c) throws GeneralSecurityException {
        return this.aesEncryption.encrypt(new SymmetricEncryptionIVParams(this.gson.toJson(clientActionRequest).getBytes(UTF_8), c.getInitializationVector(), c.getSymmetricKey()));
    }

    private <T extends ClientActionResponse> T fromJson(String str, Class<T> cls) throws ProtocolException {
        try {
            return (T) this.gson.fromJson(str, (Class) cls);
        } catch (JsonParseException e2) {
            throw new ProtocolException("Cannot parse decrypted JSON.", e2);
        }
    }

    private MessageSignature getMessageSignature() {
        if (this.messageSignature == null) {
            this.messageSignature = new SHA256WithRSABouncyMessageSignatureImpl();
        }
        return this.messageSignature;
    }

    private void verifySignature(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws ProtocolException {
        if (bArr == null) {
            if (bArr2 != null) {
                throw new ProtocolException("Unable to verify message signature.", new NullPointerException());
            }
        } else {
            try {
                if (getMessageSignature().verify(bArr, bArr2, publicKey)) {
                } else {
                    throw new ProtocolException("Signature is not valid.", new GeneralSecurityException());
                }
            } catch (GeneralSecurityException e2) {
                throw new ProtocolException("Unable to verify message signature.", e2);
            }
        }
    }

    @Override // com.protectoria.gateway.proto.ClientProtocolSenderConverter
    public ClientActionRequestWrapper buildRequestMessage(ClientActionRequest clientActionRequest, C c) throws ProtocolException {
        try {
            byte[] encryptRequest = encryptRequest(clientActionRequest, c);
            byte[] encryptHeader = encryptHeader(c);
            ClientActionRequestWrapper clientActionRequestWrapper = new ClientActionRequestWrapper();
            clientActionRequestWrapper.setInstallationId(c.getInstallationId());
            clientActionRequestWrapper.setEncryptedData(encryptRequest);
            clientActionRequestWrapper.setEncryptedHeader(encryptHeader);
            return clientActionRequestWrapper;
        } catch (JsonParseException e2) {
            throw new ProtocolException("Creating JSON exception.", e2);
        } catch (GeneralSecurityException e3) {
            throw new ProtocolException("Cryptography exception.", e3);
        }
    }

    @Override // com.protectoria.gateway.proto.ClientProtocolSenderConverter
    public <T extends ClientActionResponse> T parseResponseMessage(ClientActionResponseWrapper clientActionResponseWrapper, C c, Class<T> cls) throws ProtocolException {
        byte[] encryptedData = clientActionResponseWrapper.getEncryptedData();
        verifySignature(encryptedData, clientActionResponseWrapper.getSignGateway(), c.getPublicServerKey());
        return (T) fromJson(encryptedData == null ? "{}" : decryptResponse(encryptedData, c.getInitializationVector(), c.getSymmetricKey()), cls);
    }
}
