package com.assaabloy.mobilekeys.cdm;

import com.assaabloy.mobilekeys.cdm.ecdh.EcdhKeyAgreementBC;
import com.assaabloy.mobilekeys.cdm.ecdh.Nist800108DerivationFunction;
import com.assaabloy.mobilekeys.common.tools.ByteUtils;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObject;
import com.nimbusds.jose.util.Base64URL;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.spec.ECPoint;
import java.text.ParseException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import javax.crypto.spec.SecretKeySpec;
import net.minidev.json.JSONObject;

/* loaded from: classes.dex */
public abstract class SoftTokenClientSession implements ScriptSession {
    private static final String EMPTY_SCRIPT = "";
    private SecretKeySpec sessionKekKey;
    private SecretKeySpec sessionKey;

    private static Set<String> createCustomHeaders() {
        HashSet hashSet = new HashSet();
        hashSet.add("action");
        hashSet.add(SoftTokenJsonFields.JSON_FIELD_SERVER_SESSIONID);
        hashSet.add(SoftTokenJsonFields.JSON_FIELD_VERSION);
        hashSet.add(SoftTokenJsonFields.JSON_FIELD_KEY_ID);
        hashSet.add("key");
        return hashSet;
    }

    private String handleScript(String str) throws ParseException, UnsupportedEncodingException, NoSuchAlgorithmException, JOSEException, ScriptException {
        if (str.isEmpty()) {
            return "";
        }
        JOSEObject parse = JOSEObject.parse(str);
        if (this.sessionKey != null) {
            CryptoUtil.decryptWithSharedKey(parse, this.sessionKey.getEncoded(), createCustomHeaders());
        }
        JSONObject jSONObject = parse.getHeader().toJSONObject();
        JSONObject jSONObject2 = parse.getPayload().toJSONObject();
        if (jSONObject == null || jSONObject2 == null) {
            throw new ScriptException("Failed to parse JSON");
        }
        String str2 = (String) jSONObject.get("action");
        if (str2 == null) {
            str2 = (String) jSONObject2.get("action");
        }
        if (str2.equals("keyestablishment")) {
            return keyEstablishmentResponse(jSONObject2);
        }
        if (str2.equals(SoftTokenJsonFields.INJECT_DATA_ACTION)) {
            return injectDataResponse(jSONObject2);
        }
        throw new ScriptException("Illegal action: " + str2);
    }

    private String injectDataResponse(JSONObject jSONObject) throws JOSEException, ScriptException {
        JSONObject jSONObject2 = (JSONObject) jSONObject.get("data");
        injectSnmp(new Base64URL((String) jSONObject2.get(SoftTokenJsonFields.JSON_FIELD_DGI_ENGINE_ID)).decode(), new Base64URL((String) jSONObject2.get(SoftTokenJsonFields.JSON_FIELD_DGI_USERNAME)).decode(), CryptoUtil.decryptKey(this.sessionKekKey, new Base64URL((String) ((JSONObject) jSONObject2.get(SoftTokenJsonFields.JSON_FIELD_DGI_ENC_KEY)).get("value")).decode()), CryptoUtil.decryptKey(this.sessionKekKey, new Base64URL((String) ((JSONObject) jSONObject2.get(SoftTokenJsonFields.JSON_FIELD_DGI_MAC_KEY)).get("value")).decode()));
        HashMap hashMap = new HashMap();
        hashMap.put(SoftTokenJsonFields.JSON_FIELD_VERSION, SoftTokenJsonFields.COE_ACTION_SCRIPT_VERSION);
        hashMap.put("action", SoftTokenJsonFields.INJECT_DATA_ACTION);
        return CryptoUtil.encryptWithSharedKey(new JSONObject(), EncryptionMethod.A256CBC_HS512, this.sessionKey.getEncoded(), hashMap).serialize();
    }

    private String keyEstablishmentResponse(JSONObject jSONObject) throws UnsupportedEncodingException, NoSuchAlgorithmException, JOSEException {
        JSONObject jSONObject2 = (JSONObject) jSONObject.get("key");
        String str = (String) jSONObject2.get(SoftTokenJsonFields.JSON_FIELD_KEY_PUBX);
        String str2 = (String) jSONObject2.get(SoftTokenJsonFields.JSON_FIELD_KEY_PUBY);
        String str3 = (String) jSONObject2.get(SoftTokenJsonFields.JSON_FIELD_KEY_TYPE);
        String str4 = (String) jSONObject2.get(SoftTokenJsonFields.JSON_FIELD_KEY_CURVE);
        String str5 = (String) jSONObject2.get(SoftTokenJsonFields.JSON_FIELD_KEY_ID);
        String str6 = (String) jSONObject2.get(SoftTokenJsonFields.JSON_FIELD_KEY_ALGORITHM);
        BigInteger decodeToBigInteger = new Base64URL(str).decodeToBigInteger();
        BigInteger decodeToBigInteger2 = new Base64URL(str2).decodeToBigInteger();
        EcdhKeyAgreementBC ecdhKeyAgreementBC = new EcdhKeyAgreementBC();
        ECPoint init = ecdhKeyAgreementBC.init();
        byte[] encoded = ecdhKeyAgreementBC.agree(new ECPoint(decodeToBigInteger, decodeToBigInteger2)).getEncoded();
        byte[] derive = new Nist800108DerivationFunction().derive(encoded, 256, Nist800108DerivationFunction.KeyType.ENC);
        byte[] derive2 = new Nist800108DerivationFunction().derive(encoded, 256, Nist800108DerivationFunction.KeyType.MAC);
        byte[] derive3 = new Nist800108DerivationFunction().derive(encoded, 256, Nist800108DerivationFunction.KeyType.KEK);
        String base64URL = Base64URL.encode(init.getAffineX()).toString();
        String base64URL2 = Base64URL.encode(init.getAffineY()).toString();
        this.sessionKey = new SecretKeySpec(ByteUtils.join(derive2, derive), "AES");
        this.sessionKekKey = new SecretKeySpec(derive3, "AES");
        JSONObject jSONObject3 = new JSONObject();
        jSONObject3.put(SoftTokenJsonFields.JSON_FIELD_KEY_TYPE, str3);
        jSONObject3.put(SoftTokenJsonFields.JSON_FIELD_KEY_CURVE, str4);
        jSONObject3.put(SoftTokenJsonFields.JSON_FIELD_KEY_PUBX, base64URL);
        jSONObject3.put(SoftTokenJsonFields.JSON_FIELD_KEY_PUBY, base64URL2);
        jSONObject3.put(SoftTokenJsonFields.JSON_FIELD_KEY_ALGORITHM, str6);
        jSONObject3.put(SoftTokenJsonFields.JSON_FIELD_KEY_ID, str5);
        String str7 = (String) jSONObject.get(SoftTokenJsonFields.JSON_FIELD_SERVER_SESSIONID);
        JSONObject jSONObject4 = new JSONObject();
        jSONObject4.put("key", jSONObject3);
        jSONObject4.put(SoftTokenJsonFields.JSON_FIELD_VERSION, SoftTokenJsonFields.COE_ACTION_SCRIPT_VERSION);
        jSONObject4.put("action", "keyestablishment");
        jSONObject4.put(SoftTokenJsonFields.JSON_FIELD_SERVER_SESSIONID, str7);
        jSONObject4.put(SoftTokenJsonFields.JSON_FIELD_MESSAGEID, Integer.toString(100011));
        HashMap hashMap = new HashMap();
        hashMap.put(SoftTokenJsonFields.JSON_FIELD_VERSION, SoftTokenJsonFields.COE_ACTION_SCRIPT_VERSION);
        hashMap.put("action", "keyestablishment");
        hashMap.put(SoftTokenJsonFields.JSON_FIELD_SERVER_SESSIONID, str7);
        hashMap.put("key", jSONObject3);
        return CryptoUtil.encryptWithSharedKey(jSONObject4, EncryptionMethod.A256CBC_HS512, this.sessionKey.getEncoded(), hashMap).serialize();
    }

    @Override // com.assaabloy.mobilekeys.cdm.ScriptSession
    public String execute(String str) throws ScriptException {
        try {
            return handleScript(str);
        } catch (ScriptException e) {
            throw e;
        } catch (Exception e2) {
            throw new ScriptException(e2);
        }
    }

    protected abstract void injectSnmp(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws ScriptException;
}
