package im.toss.cert.sdk;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: input_file:im/toss/cert/sdk/TossCertSession.class */
public class TossCertSession {
    private final String version;
    private final String id;
    private final AESAlgorithm algorithm;
    private final String secretKey;
    private final String iv;
    private final String encryptedSessionKey;
    private final AESCipher aesCipher;
    static final String separator = "$";
    static final String separatorRegEx = "\\$";

    /* JADX INFO: Access modifiers changed from: package-private */
    public TossCertSession(String str, String str2, AESAlgorithm aESAlgorithm, String str3, String str4, String str5) {
        this.version = str;
        this.id = str2;
        this.algorithm = aESAlgorithm;
        this.secretKey = str3;
        this.iv = str4;
        this.encryptedSessionKey = str5;
        this.aesCipher = new AESCipher(str3, str4, aESAlgorithm);
    }

    public String getSessionKey() {
        return addMeta(this.encryptedSessionKey);
    }

    public String encrypt(String str) {
        try {
            return addMeta(StringUtils.join(separator, new String[]{this.aesCipher.encrypt(str), calculateHash(str)}));
        } catch (InvalidAlgorithmParameterException e) {
            throw new RuntimeException(e.getCause());
        } catch (InvalidKeyException e2) {
            throw new RuntimeException(e2.getCause());
        } catch (NoSuchAlgorithmException e3) {
            throw new RuntimeException(e3.getCause());
        } catch (BadPaddingException e4) {
            throw new RuntimeException(e4.getCause());
        } catch (IllegalBlockSizeException e5) {
            throw new RuntimeException(e5.getCause());
        } catch (NoSuchPaddingException e6) {
            throw new RuntimeException(e6.getCause());
        }
    }

    public String decrypt(String str) {
        try {
            String[] split = str.split(separatorRegEx);
            if (split.length < 3) {
                throw new RuntimeException("암호 문자열 포맷이 다릅니다");
            }
            if (!this.version.equals(split[0])) {
                throw new RuntimeException(String.format("세션 키 버전이 다릅니다. 세션 키 버전: %s != 암호 문자열 버전: %s", this.version, split[0]));
            }
            if (!this.id.equals(split[1])) {
                throw new RuntimeException(String.format("세션 키 id 이 다릅니다. 세션 키 버전: %s != 암호 문자열 id 버전: %s", this.id, split[1]));
            }
            String decrypt = this.aesCipher.decrypt(split[2]);
            verify(decrypt, split);
            return decrypt;
        } catch (InvalidAlgorithmParameterException e) {
            throw new RuntimeException(e.getCause());
        } catch (InvalidKeyException e2) {
            throw new RuntimeException(e2.getCause());
        } catch (NoSuchAlgorithmException e3) {
            throw new RuntimeException(e3.getCause());
        } catch (BadPaddingException e4) {
            throw new RuntimeException(e4.getCause());
        } catch (IllegalBlockSizeException e5) {
            throw new RuntimeException(e5.getCause());
        } catch (NoSuchPaddingException e6) {
            throw new RuntimeException(e6.getCause());
        }
    }

    public String serializeSession() {
        return StringUtils.join(separator, new String[]{this.version, this.id, this.algorithm.name(), this.secretKey, this.iv});
    }

    private void verify(String str, String[] strArr) throws NoSuchAlgorithmException, InvalidKeyException {
        if (this.algorithm == AESAlgorithm.AES_GCM) {
            return;
        }
        String calculateHash = HMAC.calculateHash(this.secretKey, str);
        if (strArr.length != 4 || !calculateHash.equals(strArr[3])) {
            throw new RuntimeException("AES_CBC 무결성 검증 실패");
        }
    }

    private String calculateHash(String str) throws NoSuchAlgorithmException, InvalidKeyException {
        return this.algorithm == AESAlgorithm.AES_GCM ? "" : HMAC.calculateHash(this.secretKey, str);
    }

    private String addMeta(String str) {
        return StringUtils.join(separator, new String[]{this.version, this.id, str});
    }
}
