package com.satispay.protocore.dh;

import com.google.gson.Gson;
import com.satispay.protocore.EndpointConfigEnum;
import com.satispay.protocore.ProtoCoreEndpointsConfig;
import com.satispay.protocore.consts.Keys;
import com.satispay.protocore.crypto.Crypto;
import com.satispay.protocore.crypto.CryptoDH;
import com.satispay.protocore.crypto.CryptoUtils;
import com.satispay.protocore.dh.beans.ChallengeRequestBean;
import com.satispay.protocore.dh.beans.ChallengeResponseBean;
import com.satispay.protocore.dh.beans.DHEncryptedRequestBean;
import com.satispay.protocore.dh.beans.DHEncryptedResponseBean;
import com.satispay.protocore.dh.beans.ExchangeRequestBean;
import com.satispay.protocore.dh.beans.ExchangeResponseBean;
import com.satispay.protocore.dh.beans.TokenVerificationRequestBean;
import com.satispay.protocore.dh.beans.TokenVerificationResponseBean;
import com.satispay.protocore.errors.ProtoCoreError;
import com.satispay.protocore.errors.ProtoCoreErrorType;
import com.satispay.protocore.log.ProtoLogger;
import com.satispay.protocore.persistence.SecurePersistenceManager;
import com.satispay.protocore.utility.NetworkUtilities;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.UUID;
import org.spongycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import org.spongycastle.util.encoders.Base64;
import rx.Observable;
import rx.Subscriber;
import rx.functions.Action1;
import rx.functions.Func1;

/* loaded from: classes3.dex */
public abstract class DHFlow {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.satispay.protocore.dh.DHFlow$5, reason: invalid class name */
    /* loaded from: classes3.dex */
    public class AnonymousClass5 implements Func1<ArrayList<String>, Observable<? extends DHEncryptedResponseBean>> {
        final /* synthetic */ Gson val$gson;

        AnonymousClass5(Gson gson) {
            this.val$gson = gson;
        }

        @Override // rx.functions.Func1
        public Observable<? extends DHEncryptedResponseBean> call(ArrayList<String> arrayList) {
            return DHFlow.this.getDhProvider().getDH().challenge(new DHEncryptedRequestBean(DHFlow.this.getDHValues().getUserKeyId(), DHFlow.this.getDHValues().getSequence(), "LOW", arrayList.get(0), arrayList.get(1))).switchMap(new Func1<DHEncryptedResponseBean, Observable<? extends DHEncryptedResponseBean>>() { // from class: com.satispay.protocore.dh.DHFlow.5.1
                @Override // rx.functions.Func1
                public Observable<? extends DHEncryptedResponseBean> call(final DHEncryptedResponseBean dHEncryptedResponseBean) {
                    return Observable.create(new Observable.OnSubscribe<DHEncryptedResponseBean>() { // from class: com.satispay.protocore.dh.DHFlow.5.1.1
                        @Override // rx.functions.Action1
                        public void call(Subscriber<? super DHEncryptedResponseBean> subscriber) {
                            try {
                                ChallengeResponseBean challengeResponseBean = (ChallengeResponseBean) AnonymousClass5.this.val$gson.fromJson(new String(CryptoUtils.decryptPkcs5(DHFlow.this.getDHValues().getkSess(), Base64.decode(dHEncryptedResponseBean.getEncryptedPayload()))), ChallengeResponseBean.class);
                                String challengeResponse = challengeResponseBean.getChallengeResponse();
                                try {
                                    String base64String = Base64.toBase64String(CryptoUtils.hmacSha256Raw(DHFlow.this.getDHValues().getkAuth(), AnonymousClass5.this.val$gson.toJson(challengeResponseBean).getBytes()));
                                    DHFlow.this.getDHValues().setNonce(challengeResponseBean.getNonce());
                                    if (!challengeResponse.equals(DHFlow.this.getDHValues().getUuid().toString())) {
                                        ProtoCoreErrorType protoCoreErrorType = ProtoCoreErrorType.DH_ERROR;
                                        protoCoreErrorType.setMessage("uuid returned from server doesn't match the one generated by client");
                                        subscriber.onError(new ProtoCoreError(protoCoreErrorType));
                                    } else if (base64String.equals(dHEncryptedResponseBean.getHmac())) {
                                        subscriber.onNext(dHEncryptedResponseBean);
                                        subscriber.onCompleted();
                                    } else {
                                        ProtoCoreErrorType protoCoreErrorType2 = ProtoCoreErrorType.DH_ERROR;
                                        protoCoreErrorType2.setMessage("hmac doesn't match");
                                        subscriber.onError(new ProtoCoreError(protoCoreErrorType2));
                                    }
                                } catch (ProtoCoreError e) {
                                    subscriber.onError(e);
                                }
                            } catch (ProtoCoreError e2) {
                                subscriber.onError(e2);
                            }
                        }
                    });
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.satispay.protocore.dh.DHFlow$7, reason: invalid class name */
    /* loaded from: classes3.dex */
    public class AnonymousClass7 implements Func1<ArrayList<String>, Observable<? extends DHEncryptedResponseBean>> {
        final /* synthetic */ Gson val$gson;

        AnonymousClass7(Gson gson) {
            this.val$gson = gson;
        }

        @Override // rx.functions.Func1
        public Observable<? extends DHEncryptedResponseBean> call(ArrayList<String> arrayList) {
            return DHFlow.this.getDhProvider().getDH().tokenVerification(new DHEncryptedRequestBean(DHFlow.this.getDHValues().getUserKeyId(), DHFlow.this.getDHValues().getSequence(), "LOW", arrayList.get(0), arrayList.get(1))).switchMap(new Func1<DHEncryptedResponseBean, Observable<? extends DHEncryptedResponseBean>>() { // from class: com.satispay.protocore.dh.DHFlow.7.1
                @Override // rx.functions.Func1
                public Observable<? extends DHEncryptedResponseBean> call(final DHEncryptedResponseBean dHEncryptedResponseBean) {
                    return Observable.create(new Observable.OnSubscribe<DHEncryptedResponseBean>() { // from class: com.satispay.protocore.dh.DHFlow.7.1.1
                        @Override // rx.functions.Action1
                        public void call(Subscriber<? super DHEncryptedResponseBean> subscriber) {
                            try {
                                TokenVerificationResponseBean tokenVerificationResponseBean = (TokenVerificationResponseBean) AnonymousClass7.this.val$gson.fromJson(new String(CryptoUtils.decryptPkcs5(DHFlow.this.getDHValues().getkSess(), Base64.decode(dHEncryptedResponseBean.getEncryptedPayload()))), TokenVerificationResponseBean.class);
                                try {
                                    if (!Base64.toBase64String(CryptoUtils.hmacSha256Raw(DHFlow.this.getDHValues().getkAuth(), AnonymousClass7.this.val$gson.toJson(tokenVerificationResponseBean).getBytes())).equals(dHEncryptedResponseBean.getHmac())) {
                                        ProtoCoreErrorType protoCoreErrorType = ProtoCoreErrorType.DH_ERROR;
                                        protoCoreErrorType.setMessage("hmac doesn't match");
                                        subscriber.onError(new ProtoCoreError(protoCoreErrorType));
                                    } else if (!tokenVerificationResponseBean.getResponse().equals("OK")) {
                                        ProtoCoreErrorType protoCoreErrorType2 = ProtoCoreErrorType.INVALID_ACTIVATION_CODE;
                                        protoCoreErrorType2.setMessage("Response is not OK");
                                        subscriber.onError(new ProtoCoreError(protoCoreErrorType2));
                                    } else {
                                        DHFlow.this.getSecurePersistenceManager().persistSecurely(SecurePersistenceManager.KMASTER_KEY, Base64.toBase64String(DHFlow.this.getDHValues().getkMaster()));
                                        DHFlow.this.getSecurePersistenceManager().persistSecurely(SecurePersistenceManager.SEQUENCE_KEY, String.valueOf(DHFlow.this.getDHValues().getSequence()));
                                        DHFlow.this.getSecurePersistenceManager().persistSecurely(SecurePersistenceManager.USER_KEY_ID_KEY, DHFlow.this.getDHValues().getUserKeyId());
                                        DHFlow.this.getSecurePersistenceManager().persistSecurely(SecurePersistenceManager.KSAFE_APP_KEY, Base64.toBase64String(DHFlow.this.getDHValues().getkSafeApp()));
                                        subscriber.onNext(dHEncryptedResponseBean);
                                        subscriber.onCompleted();
                                    }
                                } catch (ProtoCoreError unused) {
                                    ProtoCoreErrorType protoCoreErrorType3 = ProtoCoreErrorType.DH_ERROR;
                                    protoCoreErrorType3.setMessage("error generating hmac");
                                    subscriber.onError(new ProtoCoreError(protoCoreErrorType3));
                                }
                            } catch (ProtoCoreError unused2) {
                                ProtoCoreErrorType protoCoreErrorType4 = ProtoCoreErrorType.DH_ERROR;
                                protoCoreErrorType4.setMessage("error decrypting encrypted payload");
                                subscriber.onError(new ProtoCoreError(protoCoreErrorType4));
                            }
                        }
                    });
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.satispay.protocore.dh.DHFlow$9, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass9 {
        static final /* synthetic */ int[] $SwitchMap$com$satispay$protocore$EndpointConfigEnum;

        static {
            int[] iArr = new int[EndpointConfigEnum.values().length];
            $SwitchMap$com$satispay$protocore$EndpointConfigEnum = iArr;
            try {
                iArr[EndpointConfigEnum.STAGING.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$satispay$protocore$EndpointConfigEnum[EndpointConfigEnum.TEST.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$satispay$protocore$EndpointConfigEnum[EndpointConfigEnum.PROD.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    public DHValues getDHValues() {
        return DHValues.getInstance();
    }

    public DHProvider getDhProvider() {
        return new DHProvider() { // from class: com.satispay.protocore.dh.DHFlow.1
        };
    }

    protected abstract SecurePersistenceManager getSecurePersistenceManager();

    protected abstract UptimeMillisProvider getUptimeMillisProvider();

    public Observable<DHEncryptedResponseBean> performChallenge() {
        final Gson gson = NetworkUtilities.getGson();
        return Observable.create(new Observable.OnSubscribe<ArrayList<String>>() { // from class: com.satispay.protocore.dh.DHFlow.6
            @Override // rx.functions.Action1
            public void call(Subscriber<? super ArrayList<String>> subscriber) {
                try {
                    DHFlow.this.getDHValues().setUuid(UUID.randomUUID());
                    String str = Keys.PROD_PUBLIC_KEY;
                    int i = AnonymousClass9.$SwitchMap$com$satispay$protocore$EndpointConfigEnum[ProtoCoreEndpointsConfig.CONFIG.ordinal()];
                    if (i == 1 || i == 2) {
                        str = "-----BEGIN PUBLIC KEY-----\nMIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQB3ywj4mFovtOHGqKY+fkeN\nEJVvwVPCF8uiutVr0Q48UH5U1vmpeSS03ghKpAD8fGm7pgqUfp8vkBbKNvqvJyXv\nDhyMFAtp6Dj8HEEuNXaBfcIIsIqHsXrHlXPUCXbolKoJk1K7Un0p2mV2r+NRQnEP\n+V2SnDUEbJiz/eRRH/KNhnkKipJKCoOqgiMxkmZcymxfUN4zleiENqDs0jGbO9VR\nHnx8DWIJbYpFALsilDsd6gYzlQJy1x2hixYWNBS30pIDNu8+tempHuCYojz8Xre3\nC3rICMmsMrQELxBVuFzLeli0592wL5uI/lFPzs0cFzp6NPpW11W47IgV4HH+wl65\nAgMBAAE=\n-----END PUBLIC KEY-----";
                    }
                    String base64String = Base64.toBase64String(CryptoUtils.encryptRSA(str, DHFlow.this.getDHValues().getUuid().toString().getBytes()));
                    String json = gson.toJson(new ChallengeRequestBean(base64String));
                    DHFlow.this.getDHValues().setSequence(2);
                    DHFlow.this.getDHValues().setkMaster(Crypto.generateKMaster(DHFlow.this.getDHValues().getDhKeys(), DHFlow.this.getDHValues().getPublicKey()));
                    DHFlow.this.getDHValues().setkAuth(Crypto.generateKAuth(DHFlow.this.getDHValues().getSequence(), DHFlow.this.getDHValues().getkMaster()));
                    DHFlow.this.getDHValues().setkSess(Crypto.generateKSess(DHFlow.this.getDHValues().getSequence(), DHFlow.this.getDHValues().getkMaster()));
                    String base64String2 = Base64.toBase64String(CryptoUtils.hmacSha256Raw(DHFlow.this.getDHValues().getkAuth(), json.getBytes()));
                    String base64String3 = Base64.toBase64String(CryptoUtils.encryptPkcs5(DHFlow.this.getDHValues().getkSess(), json.getBytes()));
                    ProtoLogger.info("==> plain uuid: " + DHFlow.this.getDHValues().getUuid());
                    ProtoLogger.info("==> encrypted uuid: " + base64String);
                    ProtoLogger.info("==> kMaster: " + Base64.toBase64String(DHFlow.this.getDHValues().getkMaster()));
                    ProtoLogger.info("==> kSess: " + Base64.toBase64String(DHFlow.this.getDHValues().getkSess()));
                    ProtoLogger.info("==> kAuth: " + Base64.toBase64String(DHFlow.this.getDHValues().getkAuth()));
                    ProtoLogger.info("==> plain payload: " + json);
                    ProtoLogger.info("==> encrypted payload: " + base64String3);
                    ProtoLogger.info("==> hmac plain nested payload: " + base64String2);
                    ArrayList arrayList = new ArrayList(2);
                    arrayList.add(base64String3);
                    arrayList.add(base64String2);
                    subscriber.onNext(arrayList);
                } catch (ProtoCoreError e) {
                    subscriber.onError(e);
                }
            }
        }).switchMap(new AnonymousClass5(gson));
    }

    public Observable<ExchangeResponseBean> performExchange() {
        return Observable.create(new Observable.OnSubscribe<Object>() { // from class: com.satispay.protocore.dh.DHFlow.4
            @Override // rx.functions.Action1
            public void call(Subscriber<? super Object> subscriber) {
                try {
                    DHFlow.this.getDHValues().setDhKeys(CryptoDH.generateDHKeys(DHFlow.this.getUptimeMillisProvider()));
                } catch (ProtoCoreError e) {
                    subscriber.onError(e);
                }
                subscriber.onNext(null);
                subscriber.onCompleted();
            }
        }).switchMap(new Func1<Object, Observable<ExchangeResponseBean>>() { // from class: com.satispay.protocore.dh.DHFlow.3
            @Override // rx.functions.Func1
            public Observable<ExchangeResponseBean> call(Object obj) {
                return DHFlow.this.getDhProvider().getDH().exchange(new ExchangeRequestBean(DHFlow.this.getDHValues().getDhKeys().getP().toString(), DHFlow.this.getDHValues().getDhKeys().getG().toString(), DHFlow.this.getDHValues().getDhKeys().getPublicKey().toString(), "IT", "IT"));
            }
        }).doOnNext(new Action1<ExchangeResponseBean>() { // from class: com.satispay.protocore.dh.DHFlow.2
            @Override // rx.functions.Action1
            public void call(ExchangeResponseBean exchangeResponseBean) {
                DHFlow.this.getDHValues().setUserKeyId(exchangeResponseBean.getUserKeyId());
                DHFlow.this.getDHValues().setPublicKey(exchangeResponseBean.getPublicKey());
            }
        });
    }

    public Observable<DHEncryptedResponseBean> performTokenVerification(final String str) {
        final Gson gson = NetworkUtilities.getGson();
        return Observable.create(new Observable.OnSubscribe<ArrayList<String>>() { // from class: com.satispay.protocore.dh.DHFlow.8
            @Override // rx.functions.Action1
            public void call(Subscriber<? super ArrayList<String>> subscriber) {
                DHFlow.this.getDHValues().setNonce(String.valueOf(new BigInteger(DHFlow.this.getDHValues().getNonce()).add(BigInteger.ONE)));
                byte[] bytes = DHFlow.this.getDHValues().getNonce().getBytes();
                byte[] bArr = new byte[0];
                try {
                    bArr = Crypto.pbkdf2WithHmacSha1(CryptoUtils.generateRandomPassword((new SecureRandom().nextInt(Integer.MAX_VALUE) % 30) + 5), 128, CryptoDH.LOW).getEncoded();
                } catch (ProtoCoreError unused) {
                    ProtoCoreErrorType protoCoreErrorType = ProtoCoreErrorType.DH_ERROR;
                    protoCoreErrorType.setMessage("error encrypting kSafe");
                    subscriber.onError(new ProtoCoreError(protoCoreErrorType));
                }
                DHFlow.this.getDHValues().setkSafe(bArr);
                DHFlow.this.getDHValues().setkSafeApp(Arrays.copyOfRange(bArr, 0, bArr.length / 2));
                DHFlow.this.getDHValues().setkSafeWally(Arrays.copyOfRange(bArr, bArr.length / 2, bArr.length));
                int length = bytes.length + DHFlow.this.getDHValues().getkSafeWally().length;
                byte[] bArr2 = new byte[length];
                Arrays.copyOfRange(bArr2, 0, bytes.length);
                for (int i = 0; i < length; i++) {
                    if (i < bytes.length) {
                        bArr2[i] = bytes[i];
                    } else {
                        bArr2[i] = DHFlow.this.getDHValues().getkSafeWally()[i - bytes.length];
                    }
                }
                try {
                    byte[] digest = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA256).digest(bArr2);
                    if (digest == null) {
                        ProtoCoreErrorType protoCoreErrorType2 = ProtoCoreErrorType.DH_ERROR;
                        protoCoreErrorType2.setMessage("verify is null");
                        subscriber.onError(new ProtoCoreError(protoCoreErrorType2));
                        return;
                    }
                    String json = gson.toJson(new TokenVerificationRequestBean(Base64.toBase64String(digest), str, Base64.toBase64String(DHFlow.this.getDHValues().getkSafeWally())));
                    try {
                        String base64String = Base64.toBase64String(CryptoUtils.encryptPkcs5(DHFlow.this.getDHValues().getkSess(), json.getBytes()));
                        String base64String2 = Base64.toBase64String(CryptoUtils.hmacSha256Raw(DHFlow.this.getDHValues().getkAuth(), json.getBytes()));
                        ProtoLogger.info("==> nonceInc: " + DHFlow.this.getDHValues().getNonce());
                        ProtoLogger.info("==> kSafe: " + Base64.toBase64String(bArr));
                        ProtoLogger.info("==> kSafeApp: " + Base64.toBase64String(DHFlow.this.getDHValues().getkSafeApp()));
                        ProtoLogger.info("==> kSafeWally: " + Base64.toBase64String(DHFlow.this.getDHValues().getkSafeWally()));
                        ProtoLogger.info("==> verify: " + Base64.toBase64String(digest));
                        ProtoLogger.info("==> plain payload: " + json);
                        ProtoLogger.info("==> encrypted payload: " + base64String);
                        ProtoLogger.info("==> hmac: " + base64String2);
                        ArrayList arrayList = new ArrayList(2);
                        arrayList.add(base64String);
                        arrayList.add(base64String2);
                        subscriber.onNext(arrayList);
                    } catch (ProtoCoreError unused2) {
                        ProtoCoreErrorType protoCoreErrorType3 = ProtoCoreErrorType.DH_ERROR;
                        protoCoreErrorType3.setMessage("error generating encryptedPayload and hmac");
                        subscriber.onError(new ProtoCoreError(protoCoreErrorType3));
                    }
                } catch (Exception unused3) {
                    ProtoCoreErrorType protoCoreErrorType4 = ProtoCoreErrorType.DH_ERROR;
                    protoCoreErrorType4.setMessage("error generating verify");
                    subscriber.onError(new ProtoCoreError(protoCoreErrorType4));
                }
            }
        }).switchMap(new AnonymousClass7(gson));
    }
}
