package com.protectoria.pss.proto.client;

import com.google.gson.Gson;
import com.google.gson.JsonIOException;
import com.google.gson.JsonParseException;
import com.protectoria.pss.core.encryption.AsymmetricEncryptionParams;
import com.protectoria.pss.core.encryption.Encryption;
import com.protectoria.pss.core.encryption.InitializationVectorService;
import com.protectoria.pss.core.encryption.SymmetricEncryptionIVParams;
import com.protectoria.pss.core.key.AESKeyGenerator;
import com.protectoria.pss.core.key.CryptoAlgorithm;
import com.protectoria.pss.core.key.KeyParams;
import com.protectoria.pss.core.key.KeyUtils;
import com.protectoria.pss.core.signature.SHA256WithRSABouncyMessageSignatureImpl;
import com.protectoria.pss.dto.ClientActionRequest;
import com.protectoria.pss.dto.ClientActionRequestHeader;
import com.protectoria.pss.dto.ClientActionRequestWrapper;
import com.protectoria.pss.dto.ClientActionResponse;
import com.protectoria.pss.dto.ClientActionResponseWrapper;
import com.protectoria.pss.proto.ClientProtocolSenderConverter;
import com.protectoria.pss.proto.ProtocolException;
import com.protectoria.pss.proto.client.AbstractClientProtocolSenderContext;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.crypto.SecretKey;

/* loaded from: classes4.dex */
public abstract class AbstractClientProtocolSenderConverter<C extends AbstractClientProtocolSenderContext> implements ClientProtocolSenderConverter<C> {
    public static final Charset UTF_8 = Charset.forName("UTF-8");
    private final InitializationVectorService a;
    private final Encryption b;
    private final Encryption c;
    private final Gson d;

    public AbstractClientProtocolSenderConverter(Encryption encryption, Encryption encryption2, InitializationVectorService initializationVectorService, Gson gson) {
        this.b = encryption;
        this.c = encryption2;
        this.a = initializationVectorService;
        this.d = gson;
    }

    private <T extends ClientActionResponse> T a(byte[] bArr, Class<T> cls) throws ProtocolException {
        try {
            return (T) this.d.fromJson(new String(bArr, UTF_8), (Class) cls);
        } catch (JsonParseException e2) {
            throw new ProtocolException("Unable to parse response body.", e2);
        }
    }

    private SecretKey a(byte[] bArr, PrivateKey privateKey) throws ProtocolException {
        try {
            return KeyUtils.bytesToSecretKey(this.b.decrypt(new AsymmetricEncryptionParams(bArr, privateKey)), CryptoAlgorithm.AES.toString());
        } catch (GeneralSecurityException e2) {
            throw new ProtocolException("Unable to decrypt symmetric key.", e2);
        }
    }

    private void a(ClientActionResponseWrapper clientActionResponseWrapper, C c) throws ProtocolException {
        try {
            PublicKey pubPss = c.getPubPss();
            if (clientActionResponseWrapper.getSignaturePSS() != null && !a(clientActionResponseWrapper, pubPss)) {
                throw new ProtocolException("Invalid signature.", null);
            }
        } catch (GeneralSecurityException e2) {
            throw new ProtocolException("Invalid public pss key.", e2);
        }
    }

    private boolean a(ClientActionResponseWrapper clientActionResponseWrapper, PublicKey publicKey) throws ProtocolException {
        try {
            return new SHA256WithRSABouncyMessageSignatureImpl().verify(clientActionResponseWrapper.getDataEncryptedResponse(), clientActionResponseWrapper.getSignaturePSS(), publicKey);
        } catch (GeneralSecurityException e2) {
            throw new ProtocolException("Unable to verify message signature.", e2);
        }
    }

    private byte[] a(ClientActionRequest clientActionRequest, C c) throws ProtocolException {
        setNonce(clientActionRequest, c);
        try {
            return this.c.encrypt(new SymmetricEncryptionIVParams(this.d.toJson(clientActionRequest).getBytes(UTF_8), c.getIv(), d(c)));
        } catch (JsonIOException e2) {
            throw new ProtocolException("Unable to serialize body", e2);
        } catch (GeneralSecurityException e3) {
            throw new ProtocolException("Unable to encrypt body", e3);
        }
    }

    private byte[] a(C c) throws ProtocolException {
        ClientActionRequestHeader clientActionRequestHeader = new ClientActionRequestHeader();
        clientActionRequestHeader.setType(c.getActionType());
        clientActionRequestHeader.setEnrollmentId(c.getEnrollmentIdentifier());
        clientActionRequestHeader.setNIV(encodeBase64(c.getIv()));
        if (c.getSkSession() == null) {
            clientActionRequestHeader.setSymmetricKeyPSA(c.getSymmetricKey().getEncoded());
        }
        try {
            return this.b.encrypt(new AsymmetricEncryptionParams(this.d.toJson(clientActionRequestHeader).getBytes(UTF_8), c.getPubPss()));
        } catch (JsonIOException e2) {
            throw new ProtocolException("Unable to serialize header", e2);
        } catch (GeneralSecurityException e3) {
            throw new ProtocolException("Unable to encrypt header", e3);
        }
    }

    private byte[] a(byte[] bArr, C c) throws ProtocolException {
        try {
            return this.c.decrypt(new SymmetricEncryptionIVParams(bArr, c.getIv(), d(c)));
        } catch (GeneralSecurityException e2) {
            throw new ProtocolException("Unable to decrypt response body.", e2);
        }
    }

    private void b(C c) {
        if (c.getIv() == null) {
            c.setIv(this.a.getIV());
        }
    }

    private void c(C c) throws ProtocolException {
        if (c.getSkSession() == null) {
            try {
                c.setSymmetricKey(new AESKeyGenerator().generateKey(new KeyParams(CryptoAlgorithm.AES.getDefaultSize())));
            } catch (GeneralSecurityException e2) {
                throw new ProtocolException("Unable to generate symmetric key.", e2);
            }
        }
    }

    private SecretKey d(C c) {
        return c.getSkSession() != null ? c.getSkSession() : c.getSymmetricKey();
    }

    @Override // com.protectoria.pss.proto.ClientProtocolSenderConverter
    public Object buildRequestMessage(ClientActionRequest clientActionRequest, C c) throws ProtocolException {
        ClientActionRequestWrapper clientActionRequestWrapper = new ClientActionRequestWrapper();
        clientActionRequestWrapper.setInstallationId(c.getInstallationId());
        b(c);
        c(c);
        clientActionRequestWrapper.setEncryptedHeader(a(c));
        clientActionRequestWrapper.setDataEncryptedRequest(a(clientActionRequest, (ClientActionRequest) c));
        return clientActionRequestWrapper;
    }

    @Override // com.protectoria.pss.proto.ClientProtocolSenderConverter
    public String decryptResponseMessage(ClientActionResponseWrapper clientActionResponseWrapper, C c) throws ProtocolException {
        a(clientActionResponseWrapper, (ClientActionResponseWrapper) c);
        extractSymmetricKey(clientActionResponseWrapper, c);
        return new String(a(clientActionResponseWrapper.getDataEncryptedResponse(), (byte[]) c), UTF_8);
    }

    protected abstract String encodeBase64(byte[] bArr);

    protected void extractSymmetricKey(ClientActionResponseWrapper clientActionResponseWrapper, C c) throws ProtocolException {
        if (c.getSkSession() != null || clientActionResponseWrapper.getSkPSS() == null) {
            return;
        }
        c.setSymmetricKey(a(clientActionResponseWrapper.getSkPSS(), c.getPrvClient()));
    }

    protected abstract String generateNonce();

    @Override // com.protectoria.pss.proto.ClientProtocolSenderConverter
    public <T extends ClientActionResponse> T parseResponseMessage(ClientActionResponseWrapper clientActionResponseWrapper, C c, Class<T> cls) throws ProtocolException {
        a(clientActionResponseWrapper, (ClientActionResponseWrapper) c);
        extractSymmetricKey(clientActionResponseWrapper, c);
        return (T) a(a(clientActionResponseWrapper.getDataEncryptedResponse(), (byte[]) c), cls);
    }

    protected void setNonce(ClientActionRequest clientActionRequest, C c) {
        if (c.getNonce() == null) {
            String generateNonce = clientActionRequest.getNoncePSA() == null ? generateNonce() : clientActionRequest.getNoncePSA();
            c.setNonce(generateNonce);
            clientActionRequest.setNoncePSA(generateNonce);
        }
    }
}
