package com.microsoft.did.sdk.crypto;

import com.microsoft.did.sdk.crypto.keyStore.KeyStore;
import com.microsoft.did.sdk.crypto.keys.KeyContainer;
import com.microsoft.did.sdk.crypto.keys.KeyType;
import com.microsoft.did.sdk.crypto.keys.KeyTypeFactory;
import com.microsoft.did.sdk.crypto.keys.PrivateKey;
import com.microsoft.did.sdk.crypto.keys.PublicKey;
import com.microsoft.did.sdk.crypto.keys.SecretKey;
import com.microsoft.did.sdk.crypto.keys.ellipticCurve.EllipticCurvePairwiseKey;
import com.microsoft.did.sdk.crypto.keys.ellipticCurve.EllipticCurvePrivateKey;
import com.microsoft.did.sdk.crypto.keys.rsa.RsaPrivateKey;
import com.microsoft.did.sdk.crypto.models.AndroidConstants;
import com.microsoft.did.sdk.crypto.models.Sha;
import com.microsoft.did.sdk.crypto.models.webCryptoApi.CryptoKey;
import com.microsoft.did.sdk.crypto.models.webCryptoApi.CryptoKeyPair;
import com.microsoft.did.sdk.crypto.models.webCryptoApi.JsonWebKey;
import com.microsoft.did.sdk.crypto.models.webCryptoApi.KeyFormat;
import com.microsoft.did.sdk.crypto.models.webCryptoApi.KeyUsage;
import com.microsoft.did.sdk.crypto.models.webCryptoApi.SubtleCrypto;
import com.microsoft.did.sdk.crypto.models.webCryptoApi.W3cCryptoApiConstants;
import com.microsoft.did.sdk.crypto.models.webCryptoApi.algorithms.Algorithm;
import com.microsoft.did.sdk.crypto.models.webCryptoApi.algorithms.EcKeyGenParams;
import com.microsoft.did.sdk.crypto.models.webCryptoApi.algorithms.RsaHashedKeyAlgorithm;
import com.microsoft.did.sdk.crypto.plugins.SubtleCryptoFactory;
import com.microsoft.did.sdk.crypto.plugins.SubtleCryptoScope;
import com.microsoft.did.sdk.crypto.protocols.jose.JoseConstants;
import com.microsoft.did.sdk.util.Base64Url;
import com.microsoft.did.sdk.util.Constants;
import com.microsoft.did.sdk.util.controlflow.KeyException;
import com.microsoft.did.sdk.util.controlflow.PairwiseKeyException;
import com.microsoft.did.sdk.util.controlflow.SignatureException;
import com.microsoft.did.sdk.util.log.SdkLog;
import com.microsoft.identity.common.internal.platform.DevicePopManager;
import com.samsung.android.knox.accounts.Account;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import kotlin.Metadata;
import kotlin.NotImplementedError;
import kotlin.TuplesKt;
import kotlin.collections.CollectionsKt__CollectionsJVMKt;
import kotlin.collections.CollectionsKt__CollectionsKt;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.collections.MapsKt__MapsJVMKt;
import kotlin.collections.MapsKt__MapsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.chromium.base.TraceEvent;

/* compiled from: CryptoOperations.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000`\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\t\u0018\u00002\u00020\u0001B\u001d\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007¢\u0006\u0002\u0010\bJ\u0006\u0010\u000f\u001a\u00020\u0010J\u0006\u0010\u0011\u001a\u00020\u0010J\u0006\u0010\u0012\u001a\u00020\u0010J\u0016\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0018J\u001e\u0010\u0019\u001a\u00020\u001a2\f\u0010\u001b\u001a\b\u0012\u0004\u0012\u00020\u001d0\u001c2\u0006\u0010\u001e\u001a\u00020\u0016H\u0002J&\u0010\u001f\u001a\u00020 2\u0006\u0010!\u001a\u00020\"2\u0006\u0010#\u001a\u00020\u00162\u0006\u0010\u001e\u001a\u00020\u00162\u0006\u0010$\u001a\u00020\u0016J\u0016\u0010%\u001a\u00020\u001a2\u0006\u0010#\u001a\u00020\u00162\u0006\u0010\u001e\u001a\u00020\u0016J\"\u0010&\u001a\u00020\u001a2\u0006\u0010'\u001a\u00020\u001a2\u0006\u0010(\u001a\u00020\u00162\n\b\u0002\u0010!\u001a\u0004\u0018\u00010\"J*\u0010)\u001a\u00020\u00102\u0006\u0010'\u001a\u00020\u001a2\u0006\u0010*\u001a\u00020\u001a2\u0006\u0010(\u001a\u00020\u00162\n\b\u0002\u0010!\u001a\u0004\u0018\u00010\"R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n\u0000\u001a\u0004\b\t\u0010\nR\u0011\u0010\u000b\u001a\u00020\f¢\u0006\b\n\u0000\u001a\u0004\b\r\u0010\u000e¨\u0006+"}, d2 = {"Lcom/microsoft/did/sdk/crypto/CryptoOperations;", "", "subtleCrypto", "Lcom/microsoft/did/sdk/crypto/models/webCryptoApi/SubtleCrypto;", "keyStore", "Lcom/microsoft/did/sdk/crypto/keyStore/KeyStore;", "ellipticCurvePairwiseKey", "Lcom/microsoft/did/sdk/crypto/keys/ellipticCurve/EllipticCurvePairwiseKey;", "(Lcom/microsoft/did/sdk/crypto/models/webCryptoApi/SubtleCrypto;Lcom/microsoft/did/sdk/crypto/keyStore/KeyStore;Lcom/microsoft/did/sdk/crypto/keys/ellipticCurve/EllipticCurvePairwiseKey;)V", "getKeyStore", "()Lcom/microsoft/did/sdk/crypto/keyStore/KeyStore;", "subtleCryptoFactory", "Lcom/microsoft/did/sdk/crypto/plugins/SubtleCryptoFactory;", "getSubtleCryptoFactory", "()Lcom/microsoft/did/sdk/crypto/plugins/SubtleCryptoFactory;", "decrypt", "", "encrypt", "generateAndStoreSeed", "generateKeyPair", "Lcom/microsoft/did/sdk/crypto/keys/PublicKey;", "keyReference", "", "keyType", "Lcom/microsoft/did/sdk/crypto/keys/KeyType;", "generateMasterKeyFromSeed", "", DevicePopManager.SignedHttpRequestJwtClaims.JWK, "Lcom/microsoft/did/sdk/crypto/keys/KeyContainer;", "Lcom/microsoft/did/sdk/crypto/keys/SecretKey;", "userDid", "generatePairwise", "Lcom/microsoft/did/sdk/crypto/keys/PrivateKey;", "algorithm", "Lcom/microsoft/did/sdk/crypto/models/webCryptoApi/algorithms/Algorithm;", "seedReference", "peerId", "generatePersonaMasterKey", Constants.SIGNATURE_KEYREFERENCE, "payload", "signingKeyReference", "verify", Account.SIGNATURE, "VerifiableCredential-SDK_release"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes2.dex */
public final class CryptoOperations {
    private final EllipticCurvePairwiseKey ellipticCurvePairwiseKey;
    private final KeyStore keyStore;
    private final SubtleCryptoFactory subtleCryptoFactory;

    @Metadata(bv = {1, 0, 3}, k = 3, mv = {1, 4, 0})
    /* loaded from: classes2.dex */
    public final /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0;
        public static final /* synthetic */ int[] $EnumSwitchMapping$1;

        static {
            int[] iArr = new int[KeyType.values().length];
            $EnumSwitchMapping$0 = iArr;
            iArr[KeyType.Octets.ordinal()] = 1;
            $EnumSwitchMapping$0[KeyType.RSA.ordinal()] = 2;
            $EnumSwitchMapping$0[KeyType.EllipticCurve.ordinal()] = 3;
            int[] iArr2 = new int[KeyType.values().length];
            $EnumSwitchMapping$1 = iArr2;
            iArr2[KeyType.EllipticCurve.ordinal()] = 1;
        }
    }

    public CryptoOperations(SubtleCrypto subtleCrypto, KeyStore keyStore, EllipticCurvePairwiseKey ellipticCurvePairwiseKey) {
        Intrinsics.checkNotNullParameter(subtleCrypto, "subtleCrypto");
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        Intrinsics.checkNotNullParameter(ellipticCurvePairwiseKey, "ellipticCurvePairwiseKey");
        this.keyStore = keyStore;
        this.ellipticCurvePairwiseKey = ellipticCurvePairwiseKey;
        this.subtleCryptoFactory = new SubtleCryptoFactory(subtleCrypto);
    }

    private final byte[] generateMasterKeyFromSeed(KeyContainer<SecretKey> jwk, String userDid) {
        List<? extends KeyUsage> listOf;
        byte[] byteArray;
        SubtleCrypto messageAuthenticationCodeSigners = this.subtleCryptoFactory.getMessageAuthenticationCodeSigners(W3cCryptoApiConstants.Hmac.getValue(), SubtleCryptoScope.PRIVATE);
        Algorithm algorithm = new Algorithm(W3cCryptoApiConstants.HmacSha512.getValue(), null, 2, null);
        JsonWebKey jsonWebKey = new JsonWebKey(KeyType.Octets.getValue(), (String) null, (String) null, (List) null, JoseConstants.Hs512.getValue(), (Boolean) null, (String) null, (String) null, (String) null, (String) null, (String) null, (String) null, (String) null, (String) null, (String) null, (String) null, (String) null, (List) null, ((SecretKey) KeyContainer.getKey$default(jwk, null, 1, null)).getK(), 262126, (DefaultConstructorMarker) null);
        KeyFormat keyFormat = KeyFormat.Jwk;
        listOf = CollectionsKt__CollectionsJVMKt.listOf(KeyUsage.Sign);
        CryptoKey importKey = messageAuthenticationCodeSigners.importKey(keyFormat, jsonWebKey, algorithm, false, listOf);
        ArrayList arrayList = new ArrayList(userDid.length());
        for (int i = 0; i < userDid.length(); i++) {
            arrayList.add(Byte.valueOf((byte) userDid.charAt(i)));
        }
        byteArray = CollectionsKt___CollectionsKt.toByteArray(arrayList);
        return messageAuthenticationCodeSigners.sign(algorithm, importKey, byteArray);
    }

    public static /* synthetic */ byte[] sign$default(CryptoOperations cryptoOperations, byte[] bArr, String str, Algorithm algorithm, int i, Object obj) {
        if ((i & 4) != 0) {
            algorithm = null;
        }
        return cryptoOperations.sign(bArr, str, algorithm);
    }

    public static /* synthetic */ void verify$default(CryptoOperations cryptoOperations, byte[] bArr, byte[] bArr2, String str, Algorithm algorithm, int i, Object obj) {
        if ((i & 8) != 0) {
            algorithm = null;
        }
        cryptoOperations.verify(bArr, bArr2, str, algorithm);
    }

    public final void decrypt() {
        throw new NotImplementedError("An operation is not implemented: Not implemented");
    }

    public final void encrypt() {
        throw new NotImplementedError("An operation is not implemented: Not implemented");
    }

    public final void generateAndStoreSeed() {
        byte[] seed = new SecureRandom().generateSeed(16);
        Base64Url base64Url = Base64Url.INSTANCE;
        Intrinsics.checkNotNullExpressionValue(seed, "seed");
        this.keyStore.save(AndroidConstants.masterSeed.getValue(), new SecretKey(new JsonWebKey((String) null, (String) null, (String) null, (List) null, (String) null, (Boolean) null, (String) null, (String) null, (String) null, (String) null, (String) null, (String) null, (String) null, (String) null, (String) null, (String) null, (String) null, (List) null, base64Url.encode(seed), 262143, (DefaultConstructorMarker) null)));
    }

    public final PublicKey generateKeyPair(String keyReference, KeyType keyType) {
        Map mapOf;
        List<? extends KeyUsage> listOf;
        Map mapOf2;
        List<? extends KeyUsage> listOf2;
        Intrinsics.checkNotNullParameter(keyReference, "keyReference");
        Intrinsics.checkNotNullParameter(keyType, "keyType");
        SdkLog.d$default(SdkLog.INSTANCE, "Generating new key pair " + keyReference + " of type " + keyType.getValue(), null, null, 6, null);
        int i = WhenMappings.$EnumSwitchMapping$0[keyType.ordinal()];
        if (i == 1) {
            throw new KeyException("Cannot generate a symmetric key", null, 2, null);
        }
        if (i == 2) {
            SubtleCrypto sharedKeyEncrypter = this.subtleCryptoFactory.getSharedKeyEncrypter(W3cCryptoApiConstants.RsaSsaPkcs1V15.getValue(), SubtleCryptoScope.PRIVATE);
            Algorithm algorithm = Sha.SHA256.getAlgorithm();
            mapOf = MapsKt__MapsJVMKt.mapOf(TuplesKt.to("KeyReference", keyReference));
            RsaHashedKeyAlgorithm rsaHashedKeyAlgorithm = new RsaHashedKeyAlgorithm(TraceEvent.ATRACE_TAG_APP, 65537L, algorithm, mapOf, null);
            listOf = CollectionsKt__CollectionsKt.listOf((Object[]) new KeyUsage[]{KeyUsage.Encrypt, KeyUsage.Decrypt});
            CryptoKeyPair generateKeyPair = sharedKeyEncrypter.generateKeyPair(rsaHashedKeyAlgorithm, false, listOf);
            SdkLog.d$default(SdkLog.INSTANCE, "Saving key pair to keystore.", null, null, 6, null);
            this.keyStore.save(keyReference, (PrivateKey) new RsaPrivateKey(sharedKeyEncrypter.exportKeyJwk(generateKeyPair.getPrivateKey())));
        } else if (i == 3) {
            SubtleCrypto messageSigner = this.subtleCryptoFactory.getMessageSigner(W3cCryptoApiConstants.EcDsa.getValue(), SubtleCryptoScope.PRIVATE);
            String value = W3cCryptoApiConstants.Secp256k1.getValue();
            mapOf2 = MapsKt__MapsKt.mapOf(TuplesKt.to("hash", Sha.SHA256.getAlgorithm()), TuplesKt.to("KeyReference", keyReference));
            EcKeyGenParams ecKeyGenParams = new EcKeyGenParams(value, mapOf2);
            listOf2 = CollectionsKt__CollectionsKt.listOf((Object[]) new KeyUsage[]{KeyUsage.Sign, KeyUsage.Verify});
            CryptoKeyPair generateKeyPair2 = messageSigner.generateKeyPair(ecKeyGenParams, true, listOf2);
            SdkLog.d$default(SdkLog.INSTANCE, "Saving key pair to keystore.", null, null, 6, null);
            this.keyStore.save(keyReference, (PrivateKey) new EllipticCurvePrivateKey(messageSigner.exportKeyJwk(generateKeyPair2.getPrivateKey())));
        }
        return (PublicKey) KeyContainer.getKey$default(this.keyStore.getPublicKey(keyReference), null, 1, null);
    }

    public final PrivateKey generatePairwise(Algorithm algorithm, String seedReference, String userDid, String peerId) {
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(seedReference, "seedReference");
        Intrinsics.checkNotNullParameter(userDid, "userDid");
        Intrinsics.checkNotNullParameter(peerId, "peerId");
        byte[] generatePersonaMasterKey = generatePersonaMasterKey(seedReference, userDid);
        KeyType createViaWebCrypto = KeyTypeFactory.INSTANCE.createViaWebCrypto(algorithm);
        if (WhenMappings.$EnumSwitchMapping$1[createViaWebCrypto.ordinal()] == 1) {
            return this.ellipticCurvePairwiseKey.generate(this, generatePersonaMasterKey, algorithm, peerId);
        }
        throw new PairwiseKeyException("Pairwise key for type '" + createViaWebCrypto.getValue() + "' is not supported.", null, 2, null);
    }

    public final byte[] generatePersonaMasterKey(String seedReference, String userDid) {
        Intrinsics.checkNotNullParameter(seedReference, "seedReference");
        Intrinsics.checkNotNullParameter(userDid, "userDid");
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        byte[] bArr = (byte[]) linkedHashMap.get(userDid);
        if (bArr != null) {
            return bArr;
        }
        byte[] generateMasterKeyFromSeed = generateMasterKeyFromSeed(this.keyStore.getSecretKey(seedReference), userDid);
        linkedHashMap.put(userDid, generateMasterKeyFromSeed);
        return generateMasterKeyFromSeed;
    }

    public final KeyStore getKeyStore() {
        return this.keyStore;
    }

    public final SubtleCryptoFactory getSubtleCryptoFactory() {
        return this.subtleCryptoFactory;
    }

    public final byte[] sign(byte[] payload, String signingKeyReference, Algorithm algorithm) {
        List<? extends KeyUsage> listOf;
        Intrinsics.checkNotNullParameter(payload, "payload");
        Intrinsics.checkNotNullParameter(signingKeyReference, "signingKeyReference");
        SdkLog.d$default(SdkLog.INSTANCE, "Signing with " + signingKeyReference, null, null, 6, null);
        KeyContainer<PrivateKey> privateKey = this.keyStore.getPrivateKey(signingKeyReference);
        if (algorithm == null) {
            algorithm = privateKey.getAlg();
        }
        if (algorithm == null) {
            throw new KeyException("No Algorithm specified for key " + signingKeyReference, null, 2, null);
        }
        SubtleCrypto messageSigner = this.subtleCryptoFactory.getMessageSigner(algorithm.getName(), SubtleCryptoScope.PRIVATE);
        KeyFormat keyFormat = KeyFormat.Jwk;
        JsonWebKey jwk = ((PrivateKey) KeyContainer.getKey$default(privateKey, null, 1, null)).toJWK();
        listOf = CollectionsKt__CollectionsJVMKt.listOf(KeyUsage.Sign);
        return messageSigner.sign(algorithm, messageSigner.importKey(keyFormat, jwk, algorithm, false, listOf), payload);
    }

    public final void verify(byte[] payload, byte[] signature, String signingKeyReference, Algorithm algorithm) {
        List<? extends KeyUsage> listOf;
        Intrinsics.checkNotNullParameter(payload, "payload");
        Intrinsics.checkNotNullParameter(signature, "signature");
        Intrinsics.checkNotNullParameter(signingKeyReference, "signingKeyReference");
        SdkLog.d$default(SdkLog.INSTANCE, "Verifying with " + signingKeyReference, null, null, 6, null);
        KeyContainer<PublicKey> publicKey = this.keyStore.getPublicKey(signingKeyReference);
        if (algorithm == null) {
            algorithm = publicKey.getAlg();
        }
        if (algorithm == null) {
            throw new KeyException("No Algorithm specified for key " + signingKeyReference, null, 2, null);
        }
        SubtleCrypto messageSigner = this.subtleCryptoFactory.getMessageSigner(algorithm.getName(), SubtleCryptoScope.PUBLIC);
        KeyFormat keyFormat = KeyFormat.Jwk;
        JsonWebKey jwk = ((PublicKey) KeyContainer.getKey$default(publicKey, null, 1, null)).toJWK();
        listOf = CollectionsKt__CollectionsJVMKt.listOf(KeyUsage.Verify);
        if (!messageSigner.verify(algorithm, messageSigner.importKey(keyFormat, jwk, algorithm, true, listOf), signature, payload)) {
            throw new SignatureException("Signature invalid", null, 2, null);
        }
    }
}
