package com.assaabloy.mobilekeys.cdm;

import com.assaabloy.mobilekeys.cdm.ecdh.EcdhKeyAgreementBC;
import com.assaabloy.mobilekeys.cdm.ecdh.Nist800108DerivationFunction;
import com.assaabloy.mobilekeys.common.tools.ByteUtils;
import com.assaabloy.mobilekeys.common.tools.HexUtils;
import com.kochava.android.tracker.Feature;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.PlainHeader;
import com.nimbusds.jose.PlainObject;
import com.nimbusds.jose.util.Base64URL;
import com.starwood.spg.mci.MciAppLogging;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.ECPoint;
import java.text.ParseException;
import java.util.HashMap;
import java.util.HashSet;
import javax.crypto.spec.SecretKeySpec;
import net.minidev.json.JSONObject;

/* loaded from: classes.dex */
public class SoftTokenServerSession implements ScriptSession {
    public static final String AUTH_KEY = "05050505050505050505050505050505";
    public static final String ENGINE_ID = "0406112233445566";
    public static final String PRIVACY_KEY = "04040404040404040404040404040404";
    public static final String SERVER_SESSION_ID = "100001";
    public static final String USERNAME = "0406665544332211";
    private EcdhKeyAgreementBC keyAgreement;
    private SecretKeySpec sessionKekKey;
    private SecretKeySpec sessionKey;

    private JSONObject createKey(String str, String str2, String str3, int i) throws ScriptException {
        byte[] encryptKey = CryptoUtil.encryptKey(this.sessionKekKey, HexUtils.toBytes(str));
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(SoftTokenJsonFields.JSON_FIELD_KEY_TYPE, "AES");
        jSONObject.put("value", Base64URL.encode(encryptKey));
        jSONObject.put(SoftTokenJsonFields.JSON_FIELD_KEY_ALGORITHM, "A256KW");
        jSONObject.put(SoftTokenJsonFields.JSON_FIELD_KEY_ID, Integer.toString(i));
        jSONObject.put(MciAppLogging.JSON_KEY_LABEL, str2);
        jSONObject.put("use", str3);
        return jSONObject;
    }

    private String getNextPayload(String str) throws ParseException, UnsupportedEncodingException, NoSuchAlgorithmException, JOSEException, ScriptException {
        if (this.keyAgreement == null) {
            throw new IllegalStateException("Not initialized");
        }
        JOSEObject parse = JOSEObject.parse(str);
        JSONObject jSONObject = parse.getHeader().toJSONObject();
        String str2 = (String) jSONObject.get("action");
        if (!str2.equalsIgnoreCase("keyestablishment")) {
            if (str2.equalsIgnoreCase(SoftTokenJsonFields.INJECT_DATA_ACTION)) {
                return "";
            }
            throw new IllegalStateException("Unhandled action");
        }
        JSONObject jSONObject2 = (JSONObject) jSONObject.get("key");
        String str3 = (String) jSONObject2.get(SoftTokenJsonFields.JSON_FIELD_KEY_PUBX);
        String str4 = (String) jSONObject2.get(SoftTokenJsonFields.JSON_FIELD_KEY_PUBY);
        byte[] encoded = this.keyAgreement.agree(new ECPoint(new Base64URL(str3).decodeToBigInteger(), new Base64URL(str4).decodeToBigInteger())).getEncoded();
        byte[] deriveSeos = new Nist800108DerivationFunction().deriveSeos(encoded, 256, Nist800108DerivationFunction.KeyType.ENC);
        byte[] deriveSeos2 = new Nist800108DerivationFunction().deriveSeos(encoded, 256, Nist800108DerivationFunction.KeyType.MAC);
        byte[] deriveSeos3 = new Nist800108DerivationFunction().deriveSeos(encoded, 256, Nist800108DerivationFunction.KeyType.KEK);
        this.sessionKey = new SecretKeySpec(ByteUtils.join(deriveSeos2, deriveSeos), "AES");
        this.sessionKekKey = new SecretKeySpec(deriveSeos3, "AES");
        HashSet hashSet = new HashSet();
        hashSet.add("action");
        hashSet.add(SoftTokenJsonFields.JSON_FIELD_SERVER_SESSIONID);
        hashSet.add(SoftTokenJsonFields.JSON_FIELD_VERSION);
        hashSet.add(SoftTokenJsonFields.JSON_FIELD_KEY_ID);
        hashSet.add("key");
        CryptoUtil.decryptWithSharedKey(parse, this.sessionKey.getEncoded(), hashSet);
        return injectData();
    }

    private String injectData() throws JOSEException, ScriptException {
        HashMap hashMap = new HashMap();
        hashMap.put(SoftTokenJsonFields.JSON_FIELD_VERSION, SoftTokenJsonFields.COE_ACTION_SCRIPT_VERSION);
        hashMap.put("action", SoftTokenJsonFields.INJECT_DATA_ACTION);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(SoftTokenJsonFields.JSON_FIELD_DGI_ENGINE_ID, Base64URL.encode(HexUtils.toBytes(ENGINE_ID)));
        jSONObject.put(SoftTokenJsonFields.JSON_FIELD_DGI_USERNAME, Base64URL.encode(HexUtils.toBytes(USERNAME)));
        jSONObject.put(SoftTokenJsonFields.JSON_FIELD_DGI_MAC_KEY, createKey(AUTH_KEY, "snmpMacKey", Feature.PARAMS.MAC, 2));
        jSONObject.put(SoftTokenJsonFields.JSON_FIELD_DGI_ENC_KEY, createKey(PRIVACY_KEY, "snmpEncKey", "enc", 1));
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("data", jSONObject);
        return CryptoUtil.encryptWithSharedKey(jSONObject2, EncryptionMethod.A256CBC_HS512, this.sessionKey.getEncoded(), hashMap).serialize();
    }

    private String keyEstablishment() {
        this.keyAgreement = new EcdhKeyAgreementBC();
        ECPoint init = this.keyAgreement.init();
        String base64URL = Base64URL.encode(init.getAffineX()).toString();
        String base64URL2 = Base64URL.encode(init.getAffineY()).toString();
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(SoftTokenJsonFields.JSON_FIELD_KEY_TYPE, "EC");
        jSONObject.put(SoftTokenJsonFields.JSON_FIELD_KEY_CURVE, "P-256");
        jSONObject.put(SoftTokenJsonFields.JSON_FIELD_KEY_PUBX, base64URL);
        jSONObject.put(SoftTokenJsonFields.JSON_FIELD_KEY_PUBY, base64URL2);
        jSONObject.put(SoftTokenJsonFields.JSON_FIELD_KEY_ALGORITHM, "ECDH-ES");
        jSONObject.put(SoftTokenJsonFields.JSON_FIELD_KEY_ID, "1");
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("key", jSONObject);
        jSONObject2.put(SoftTokenJsonFields.JSON_FIELD_VERSION, SoftTokenJsonFields.COE_ACTION_SCRIPT_VERSION);
        jSONObject2.put("action", "keyestablishment");
        jSONObject2.put(SoftTokenJsonFields.JSON_FIELD_SERVER_SESSIONID, SERVER_SESSION_ID);
        return new PlainObject(new PlainHeader(), new Payload(jSONObject2)).serialize();
    }

    @Override // com.assaabloy.mobilekeys.cdm.ScriptSession
    public String execute(String str) throws ScriptException {
        if (str.isEmpty()) {
            return keyEstablishment();
        }
        try {
            return getNextPayload(str);
        } catch (Exception e) {
            throw new ScriptException(e);
        }
    }
}
