package com.vivo.httpdns.k;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.vivo.vcard.utils.RSAUtils2;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.security.auth.x500.X500Principal;

/* compiled from: KeyStoreUtil.java */
/* loaded from: classes10.dex */
public class d2401 {

    /* renamed from: a, reason: collision with root package name */
    private static final String f12939a = "KeyStoreUtil";

    /* renamed from: b, reason: collision with root package name */
    private static final String f12940b = "AndroidKeyStore";
    private static final String c = "AndroidKeyStoreBCWorkaround";

    /* renamed from: d, reason: collision with root package name */
    private static final String f12941d = "RSA/ECB/PKCS1Padding";
    private static final String e = "AES/CBC/PKCS7Padding";

    /* renamed from: f, reason: collision with root package name */
    private static final int f12942f = 256;

    /* renamed from: g, reason: collision with root package name */
    private static final int f12943g = 2048;

    /* renamed from: h, reason: collision with root package name */
    private static final String f12944h = "SHA512withRSA";

    /* renamed from: i, reason: collision with root package name */
    private static final String f12945i = "SHA256withECDSA";

    /* renamed from: j, reason: collision with root package name */
    private static final String f12946j = "CN=test";

    /* renamed from: k, reason: collision with root package name */
    private static final String f12947k = "RSA";

    /* renamed from: l, reason: collision with root package name */
    private static final String f12948l = "AES";

    /* renamed from: m, reason: collision with root package name */
    private static final String f12949m = "RSA";

    /* renamed from: n, reason: collision with root package name */
    private static final String f12950n = "EC";

    /* renamed from: o, reason: collision with root package name */
    private static final String f12951o = "vhs_key_aes";

    /* renamed from: p, reason: collision with root package name */
    private static final int f12952p = 16;

    /* renamed from: q, reason: collision with root package name */
    private static int f12953q = 16;

    /* renamed from: r, reason: collision with root package name */
    private static final Object f12954r = new Object();

    /* renamed from: s, reason: collision with root package name */
    private static KeyStore f12955s;

    public static String a(String str) throws GeneralSecurityException {
        return new String(a(Base64.decode(str, 0), f12951o, "AES"));
    }

    private static void a() throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        synchronized (f12954r) {
            if (f12955s == null) {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                f12955s = keyStore;
                keyStore.load(null);
            }
        }
    }

    private static void a(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        if (keyStore.containsAlias(str)) {
            return;
        }
        int size = keyStore.size();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC").setUserAuthenticationRequired(false).setEncryptionPaddings("PKCS7Padding").build());
        keyGenerator.generateKey();
        int size2 = keyStore.size();
        if (com.vivo.httpdns.g.a2401.f12707s) {
            com.vivo.httpdns.g.a2401.e(f12939a, "generateAESKeyIfNeed Before = " + size + " After = " + size2);
        }
    }

    public static boolean a(String str, boolean z10, String str2) {
        try {
            if (f12955s == null) {
                a();
            }
            if (z10 && f12955s.containsAlias(str)) {
                b(str);
            }
            if (RSAUtils2.SERVER.equals(str2)) {
                c(f12955s, str);
                return true;
            }
            if (f12950n.equals(str2)) {
                b(f12955s, str);
                return true;
            }
            a(f12955s, str);
            return true;
        } catch (Exception e8) {
            com.vivo.httpdns.g.a2401.b(f12939a, "generateKey Exception: " + e8);
            return false;
        }
    }

    private static boolean a(byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException {
        KeyStore.Entry d10 = d(str);
        if (d10 == null) {
            return false;
        }
        Signature signature = Signature.getInstance(f12945i);
        signature.initVerify(((KeyStore.PrivateKeyEntry) d10).getCertificate());
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static boolean a(byte[] bArr, byte[] bArr2, String str, String str2) throws GeneralSecurityException {
        return RSAUtils2.SERVER.equals(str2) ? b(bArr, bArr2, str) : a(bArr, bArr2, str);
    }

    private static byte[] a(byte[] bArr, String str) throws GeneralSecurityException {
        KeyStore.Entry d10 = d(str);
        if (d10 == null) {
            return bArr;
        }
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", c);
        cipher.init(2, ((KeyStore.PrivateKeyEntry) d10).getPrivateKey());
        return cipher.doFinal(bArr);
    }

    public static byte[] a(byte[] bArr, String str, String str2) throws GeneralSecurityException {
        if (RSAUtils2.SERVER.equals(str2)) {
            return a(bArr, str);
        }
        return a(Arrays.copyOfRange(bArr, f12953q, bArr.length), str, Arrays.copyOfRange(bArr, 0, f12953q));
    }

    public static byte[] a(byte[] bArr, String str, boolean z10, String str2) throws GeneralSecurityException {
        a(str, z10, str2);
        return RSAUtils2.SERVER.equals(str2) ? c(bArr, str) : b(bArr, str);
    }

    private static byte[] a(byte[] bArr, String str, byte[] bArr2) throws GeneralSecurityException {
        KeyStore.Entry d10 = d(str);
        if (d10 == null) {
            return bArr;
        }
        Cipher cipher = Cipher.getInstance(e);
        cipher.init(2, ((KeyStore.SecretKeyEntry) d10).getSecretKey(), new IvParameterSpec(bArr2));
        return cipher.doFinal(bArr);
    }

    public static void b(String str) {
        try {
            if (f12955s == null) {
                a();
            }
            f12955s.deleteEntry(str);
        } catch (Exception e8) {
            com.vivo.httpdns.g.a2401.b(f12939a, "deleteKey Exception: " + e8);
        }
    }

    private static void b(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        if (keyStore.containsAlias(str)) {
            return;
        }
        int size = keyStore.size();
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 10);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(f12950n, "AndroidKeyStore");
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256", "SHA-512").setKeyValidityStart(calendar.getTime()).setKeyValidityEnd(calendar2.getTime()).build());
        keyPairGenerator.generateKeyPair();
        int size2 = keyStore.size();
        if (com.vivo.httpdns.g.a2401.f12707s) {
            com.vivo.httpdns.g.a2401.e(f12939a, "Before = " + size + " After = " + size2);
        }
    }

    private static boolean b(byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException {
        KeyStore.Entry d10 = d(str);
        if (d10 == null) {
            return false;
        }
        Signature signature = Signature.getInstance(f12944h);
        signature.initVerify(((KeyStore.PrivateKeyEntry) d10).getCertificate());
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    private static byte[] b(byte[] bArr, String str) throws GeneralSecurityException {
        KeyStore.Entry d10 = d(str);
        if (d10 == null) {
            return bArr;
        }
        Cipher cipher = Cipher.getInstance(e);
        cipher.init(1, ((KeyStore.SecretKeyEntry) d10).getSecretKey());
        byte[] iv = cipher.getIV();
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] bArr2 = new byte[iv.length + doFinal.length];
        System.arraycopy(iv, 0, bArr2, 0, iv.length);
        System.arraycopy(doFinal, 0, bArr2, iv.length, doFinal.length);
        f12953q = iv.length;
        return bArr2;
    }

    public static byte[] b(byte[] bArr, String str, boolean z10, String str2) throws GeneralSecurityException {
        a(str, z10, str2);
        return RSAUtils2.SERVER.equals(str2) ? e(bArr, str) : d(bArr, str);
    }

    public static String c(String str) throws GeneralSecurityException {
        return Base64.encodeToString(a(str.getBytes(), f12951o, false, "AES"), 0);
    }

    private static void c(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        if (keyStore.containsAlias(str)) {
            return;
        }
        int size = keyStore.size();
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 10);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSAUtils2.SERVER, "AndroidKeyStore");
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 15).setEncryptionPaddings("PKCS1Padding").setSignaturePaddings("PKCS1").setKeySize(2048).setKeyValidityStart(calendar.getTime()).setKeyValidityEnd(calendar2.getTime()).setCertificateSubject(new X500Principal(f12946j)).setCertificateSerialNumber(BigInteger.ONE).setDigests("SHA-256", "SHA-512").build());
        keyPairGenerator.generateKeyPair();
        int size2 = keyStore.size();
        if (com.vivo.httpdns.g.a2401.f12707s) {
            com.vivo.httpdns.g.a2401.e(f12939a, "Before = " + size + " After = " + size2);
        }
    }

    private static byte[] c(byte[] bArr, String str) throws GeneralSecurityException {
        KeyStore.Entry d10 = d(str);
        if (d10 == null) {
            return bArr;
        }
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", c);
        cipher.init(1, ((KeyStore.PrivateKeyEntry) d10).getCertificate().getPublicKey());
        return cipher.doFinal(bArr);
    }

    public static KeyStore.Entry d(String str) {
        try {
            if (f12955s == null) {
                a();
            }
            KeyStore.Entry entry = f12955s.getEntry(str, null);
            if ((entry instanceof KeyStore.PrivateKeyEntry) || (entry instanceof KeyStore.SecretKeyEntry)) {
                return entry;
            }
            com.vivo.httpdns.g.a2401.f(f12939a, "Not an instance of a PrivateKeyEntry or SecretKeyEntry");
            return null;
        } catch (Exception e8) {
            com.vivo.httpdns.g.a2401.b(f12939a, "getKey Exception: " + e8);
            return null;
        }
    }

    private static byte[] d(byte[] bArr, String str) throws GeneralSecurityException {
        KeyStore.Entry d10 = d(str);
        if (d10 == null) {
            return bArr;
        }
        Signature signature = Signature.getInstance(f12945i);
        signature.initSign(((KeyStore.PrivateKeyEntry) d10).getPrivateKey());
        signature.update(bArr);
        return signature.sign();
    }

    private static byte[] e(byte[] bArr, String str) throws GeneralSecurityException {
        KeyStore.Entry d10 = d(str);
        if (d10 == null) {
            return bArr;
        }
        Signature signature = Signature.getInstance(f12944h);
        signature.initSign(((KeyStore.PrivateKeyEntry) d10).getPrivateKey());
        signature.update(bArr);
        return signature.sign();
    }
}
