package com.vivo.network.okhttp3.vivo.utils;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.annotation.RequiresApi;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import qf.d;

/* loaded from: classes4.dex */
public class KeyStoreUtil {
    private static final int AES_KEY_SIZE = 256;
    private static final String AES_TRANSFORMATION = "AES/GCM/NoPadding";
    private static final String ANDROID_KEY_STORE_CIPHER_PROVIDER = "AndroidKeyStoreBCWorkaround";
    private static final String ANDROID_KEY_STORE_PROVIDER = "AndroidKeyStore";
    private static final String KEY_STORE_INSTANCE_NAME = "AndroidKeyStore";
    private static final String TAG = "com.vivo.network.okhttp3.vivo.utils.KeyStoreUtil";
    private static KeyStore mKeyStore;

    @RequiresApi(api = 23)
    public static byte[] decrypt(byte[] bArr, String str) throws GeneralSecurityException {
        return decryptWithAES(Arrays.copyOfRange(bArr, 12, bArr.length), str, Arrays.copyOfRange(bArr, 0, 12));
    }

    public static String decryptByKeyStoreOrBase64(String str, String str2) {
        byte[] decode = Base64.decode(str, 0);
        if (Build.VERSION.SDK_INT < 23) {
            return new String(decode);
        }
        try {
            return new String(decrypt(decode, str2));
        } catch (IllegalArgumentException | GeneralSecurityException unused) {
            return "";
        }
    }

    @RequiresApi(api = 23)
    private static byte[] decryptWithAES(byte[] bArr, String str, byte[] bArr2) throws GeneralSecurityException {
        KeyStore.Entry key = getKey(str);
        if (key == null) {
            return new byte[0];
        }
        Cipher cipher = Cipher.getInstance(AES_TRANSFORMATION, ANDROID_KEY_STORE_CIPHER_PROVIDER);
        cipher.init(2, ((KeyStore.SecretKeyEntry) key).getSecretKey(), new GCMParameterSpec(128, bArr2));
        return cipher.doFinal(bArr);
    }

    public static void deleteKey(String str) {
        try {
            if (mKeyStore == null) {
                init();
            }
            mKeyStore.deleteEntry(str);
        } catch (Exception unused) {
        }
    }

    @RequiresApi(api = 23)
    public static byte[] encrypt(byte[] bArr, String str, boolean z10) throws GeneralSecurityException {
        generateKey(str, z10);
        return encryptWithAES(bArr, str);
    }

    public static String encryptByKeyStoreOrBase64(String str, String str2) {
        if (Build.VERSION.SDK_INT < 23) {
            return Base64.encodeToString(str.getBytes(), 0);
        }
        try {
            return Base64.encodeToString(encrypt(str.getBytes(), str2, true), 0);
        } catch (GeneralSecurityException unused) {
            return "";
        }
    }

    private static byte[] encryptWithAES(byte[] bArr, String str) throws GeneralSecurityException {
        KeyStore.Entry key = getKey(str);
        if (key == null) {
            return new byte[0];
        }
        Cipher cipher = Cipher.getInstance(AES_TRANSFORMATION, ANDROID_KEY_STORE_CIPHER_PROVIDER);
        cipher.init(1, ((KeyStore.SecretKeyEntry) key).getSecretKey());
        byte[] iv = cipher.getIV();
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] bArr2 = new byte[iv.length + doFinal.length];
        System.arraycopy(iv, 0, bArr2, 0, iv.length);
        System.arraycopy(doFinal, 0, bArr2, iv.length, doFinal.length);
        return bArr2;
    }

    @RequiresApi(api = 23)
    private static void generateAESKeyIfNeed(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec build;
        keyStore.size();
        if (!keyStore.containsAlias(str)) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            blockModes = d.a(str, 3).setBlockModes("GCM");
            keySize = blockModes.setKeySize(256);
            encryptionPaddings = keySize.setEncryptionPaddings("NoPadding");
            build = encryptionPaddings.build();
            keyGenerator.init(build);
            keyGenerator.generateKey();
        }
        keyStore.size();
    }

    @RequiresApi(api = 23)
    public static boolean generateKey(String str, boolean z10) {
        try {
            if (mKeyStore == null) {
                init();
            }
            if (z10 && mKeyStore.containsAlias(str)) {
                deleteKey(str);
            }
            generateAESKeyIfNeed(mKeyStore, str);
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    public static KeyStore.Entry getKey(String str) {
        try {
            if (mKeyStore == null) {
                init();
            }
            KeyStore.Entry entry = mKeyStore.getEntry(str, null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                    return null;
                }
            }
            return entry;
        } catch (Exception unused) {
            return null;
        }
    }

    private static void init() throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        if (mKeyStore == null) {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            mKeyStore = keyStore;
            keyStore.load(null);
        }
    }
}
