package com.vivo.httpdns.k;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.vivo.security.utils.RSAUtils;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes4.dex */
public class d2501 {

    /* renamed from: a, reason: collision with root package name */
    private static final String f19018a = "KeyStoreUtil";

    /* renamed from: b, reason: collision with root package name */
    private static final String f19019b = "AndroidKeyStore";

    /* renamed from: c, reason: collision with root package name */
    private static final String f19020c = "AndroidKeyStoreBCWorkaround";

    /* renamed from: d, reason: collision with root package name */
    private static final String f19021d = "RSA/ECB/PKCS1Padding";

    /* renamed from: e, reason: collision with root package name */
    private static final String f19022e = "AES/GCM/NoPadding";

    /* renamed from: f, reason: collision with root package name */
    private static final int f19023f = 256;

    /* renamed from: g, reason: collision with root package name */
    private static final int f19024g = 2048;

    /* renamed from: h, reason: collision with root package name */
    private static final String f19025h = "SHA512withRSA";

    /* renamed from: i, reason: collision with root package name */
    private static final String f19026i = "SHA256withECDSA";

    /* renamed from: j, reason: collision with root package name */
    private static final String f19027j = "CN=test";

    /* renamed from: k, reason: collision with root package name */
    private static final String f19028k = "RSA";

    /* renamed from: l, reason: collision with root package name */
    private static final String f19029l = "AES";

    /* renamed from: m, reason: collision with root package name */
    private static final String f19030m = "RSA";

    /* renamed from: n, reason: collision with root package name */
    private static final String f19031n = "EC";

    /* renamed from: o, reason: collision with root package name */
    private static final String f19032o = "vhs_ks_aes";

    /* renamed from: p, reason: collision with root package name */
    private static final int f19033p = 12;

    /* renamed from: q, reason: collision with root package name */
    private static final Object f19034q = new Object();

    /* renamed from: r, reason: collision with root package name */
    private static KeyStore f19035r;

    public static String a(String str) {
        try {
            return new String(a(Base64.decode(str, 0), f19032o, f19029l));
        } catch (Throwable th2) {
            com.vivo.httpdns.g.a2501.b(f19018a, "aesDecryptFromBase64 failed: " + th2);
            return "";
        }
    }

    private static void a() throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        synchronized (f19034q) {
            try {
                if (f19035r == null) {
                    KeyStore keyStore = KeyStore.getInstance(f19019b);
                    f19035r = keyStore;
                    keyStore.load(null);
                }
            } catch (Throwable th2) {
                throw th2;
            }
        }
    }

    private static void a(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec build;
        if (Build.VERSION.SDK_INT < 23) {
            com.vivo.httpdns.g.a2501.f(f19018a, "the Android SDK version is below 6.0, do not generate AES key!");
            return;
        }
        if (keyStore.containsAlias(str)) {
            return;
        }
        int size = keyStore.size();
        KeyGenerator keyGenerator = KeyGenerator.getInstance(f19029l, f19019b);
        blockModes = qf.d.a(str, 3).setBlockModes("GCM");
        encryptionPaddings = blockModes.setEncryptionPaddings("NoPadding");
        build = encryptionPaddings.build();
        keyGenerator.init(build);
        keyGenerator.generateKey();
        if (com.vivo.httpdns.g.a2501.f18730s) {
            com.vivo.httpdns.g.a2501.e(f19018a, "generateAESKeyIfNeed Before = " + size + " After = " + keyStore.size());
        }
    }

    public static boolean a(String str, boolean z10, String str2) {
        try {
            if (f19035r == null) {
                a();
            }
            if (z10 && f19035r.containsAlias(str)) {
                c(str);
            }
            if (RSAUtils.KEY_ALGORITHM.equals(str2)) {
                c(f19035r, str);
                return true;
            }
            if (f19031n.equals(str2)) {
                b(f19035r, str);
                return true;
            }
            a(f19035r, str);
            return true;
        } catch (Exception e10) {
            com.vivo.httpdns.g.a2501.b(f19018a, "generateKey Exception: " + e10);
            return false;
        }
    }

    private static boolean a(byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException {
        KeyStore.Entry d10 = d(str);
        if (d10 == null) {
            return false;
        }
        Signature signature = Signature.getInstance(f19026i);
        signature.initVerify(((KeyStore.PrivateKeyEntry) d10).getCertificate());
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static boolean a(byte[] bArr, byte[] bArr2, String str, String str2) throws GeneralSecurityException {
        if (Build.VERSION.SDK_INT >= 23) {
            return RSAUtils.KEY_ALGORITHM.equals(str2) ? b(bArr, bArr2, str) : a(bArr, bArr2, str);
        }
        com.vivo.httpdns.g.a2501.f(f19018a, "the Android SDK version is below 6.0, do not verify!");
        return false;
    }

    private static byte[] a(byte[] bArr, String str) throws Exception {
        KeyStore.Entry d10 = d(str);
        if (d10 == null) {
            return bArr;
        }
        Cipher cipher = Cipher.getInstance(f19021d, f19020c);
        cipher.init(2, ((KeyStore.PrivateKeyEntry) d10).getPrivateKey());
        return cipher.doFinal(bArr);
    }

    public static byte[] a(byte[] bArr, String str, String str2) {
        if (Build.VERSION.SDK_INT >= 23) {
            try {
                if (RSAUtils.KEY_ALGORITHM.equals(str2)) {
                    return a(bArr, str);
                }
                return a(Arrays.copyOfRange(bArr, 12, bArr.length), str, Arrays.copyOfRange(bArr, 0, 12));
            } catch (Exception e10) {
                com.vivo.httpdns.g.a2501.b(f19018a, "decrypt Exception:" + e10.getMessage());
                if (e10 instanceof InvalidKeyException) {
                    c(str);
                }
            }
        }
        return bArr;
    }

    public static byte[] a(byte[] bArr, String str, boolean z10, String str2) throws Exception {
        a(str, z10, str2);
        return Build.VERSION.SDK_INT >= 23 ? RSAUtils.KEY_ALGORITHM.equals(str2) ? c(bArr, str) : b(bArr, str) : bArr;
    }

    private static byte[] a(byte[] bArr, String str, byte[] bArr2) throws Exception {
        KeyStore.Entry d10 = d(str);
        if (d10 == null || Build.VERSION.SDK_INT < 23) {
            return bArr;
        }
        Cipher cipher = Cipher.getInstance(f19022e);
        cipher.init(2, ((KeyStore.SecretKeyEntry) d10).getSecretKey(), new GCMParameterSpec(128, bArr2));
        return cipher.doFinal(bArr);
    }

    public static String b(String str) {
        try {
            return Base64.encodeToString(a(str.getBytes(), f19032o, false, f19029l), 0);
        } catch (Throwable th2) {
            com.vivo.httpdns.g.a2501.b(f19018a, "aesEncryptToBase64 failed: " + th2);
            return "";
        }
    }

    private static void b(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec.Builder keyValidityStart;
        KeyGenParameterSpec.Builder keyValidityEnd;
        KeyGenParameterSpec build;
        if (Build.VERSION.SDK_INT < 23) {
            com.vivo.httpdns.g.a2501.f(f19018a, "the Android SDK version is below 6.0, do not generate EC key!");
            return;
        }
        if (keyStore.containsAlias(str)) {
            return;
        }
        int size = keyStore.size();
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 10);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(f19031n, f19019b);
        digests = qf.d.a(str, 12).setDigests("SHA-256", "SHA-512");
        keyValidityStart = digests.setKeyValidityStart(calendar.getTime());
        keyValidityEnd = keyValidityStart.setKeyValidityEnd(calendar2.getTime());
        build = keyValidityEnd.build();
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        int size2 = keyStore.size();
        if (com.vivo.httpdns.g.a2501.f18730s) {
            com.vivo.httpdns.g.a2501.e(f19018a, "Before = " + size + " After = " + size2);
        }
    }

    private static boolean b(byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException {
        KeyStore.Entry d10 = d(str);
        if (d10 == null) {
            return false;
        }
        Signature signature = Signature.getInstance(f19025h);
        signature.initVerify(((KeyStore.PrivateKeyEntry) d10).getCertificate());
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    private static byte[] b(byte[] bArr, String str) throws Exception {
        KeyStore.Entry d10 = d(str);
        if (d10 == null) {
            return bArr;
        }
        Cipher cipher = Cipher.getInstance(f19022e);
        cipher.init(1, ((KeyStore.SecretKeyEntry) d10).getSecretKey());
        byte[] iv = cipher.getIV();
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] bArr2 = new byte[iv.length + doFinal.length];
        System.arraycopy(iv, 0, bArr2, 0, iv.length);
        System.arraycopy(doFinal, 0, bArr2, iv.length, doFinal.length);
        return bArr2;
    }

    public static byte[] b(byte[] bArr, String str, boolean z10, String str2) throws GeneralSecurityException {
        a(str, z10, str2);
        if (Build.VERSION.SDK_INT >= 23) {
            return RSAUtils.KEY_ALGORITHM.equals(str2) ? e(bArr, str) : d(bArr, str);
        }
        com.vivo.httpdns.g.a2501.f(f19018a, "the Android SDK version is below 6.0, do not sign!");
        return bArr;
    }

    public static void c(String str) {
        try {
            if (f19035r == null) {
                a();
            }
            f19035r.deleteEntry(str);
        } catch (Exception e10) {
            com.vivo.httpdns.g.a2501.b(f19018a, "deleteKey Exception: " + e10);
        }
    }

    private static void c(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder signaturePaddings;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec.Builder keyValidityStart;
        KeyGenParameterSpec.Builder keyValidityEnd;
        KeyGenParameterSpec.Builder certificateSubject;
        KeyGenParameterSpec.Builder certificateSerialNumber;
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec build;
        if (Build.VERSION.SDK_INT < 23) {
            com.vivo.httpdns.g.a2501.f(f19018a, "the Android SDK version is below 6.0, do not generate RAS key!");
            return;
        }
        if (keyStore.containsAlias(str)) {
            return;
        }
        int size = keyStore.size();
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 10);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSAUtils.KEY_ALGORITHM, f19019b);
        encryptionPaddings = qf.d.a(str, 15).setEncryptionPaddings("PKCS1Padding");
        signaturePaddings = encryptionPaddings.setSignaturePaddings("PKCS1");
        keySize = signaturePaddings.setKeySize(2048);
        keyValidityStart = keySize.setKeyValidityStart(calendar.getTime());
        keyValidityEnd = keyValidityStart.setKeyValidityEnd(calendar2.getTime());
        certificateSubject = keyValidityEnd.setCertificateSubject(new X500Principal(f19027j));
        certificateSerialNumber = certificateSubject.setCertificateSerialNumber(BigInteger.ONE);
        digests = certificateSerialNumber.setDigests("SHA-256", "SHA-512");
        build = digests.build();
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        int size2 = keyStore.size();
        if (com.vivo.httpdns.g.a2501.f18730s) {
            com.vivo.httpdns.g.a2501.e(f19018a, "Before = " + size + " After = " + size2);
        }
    }

    private static byte[] c(byte[] bArr, String str) throws Exception {
        KeyStore.Entry d10 = d(str);
        if (d10 == null) {
            return bArr;
        }
        Cipher cipher = Cipher.getInstance(f19021d, f19020c);
        cipher.init(1, ((KeyStore.PrivateKeyEntry) d10).getCertificate().getPublicKey());
        return cipher.doFinal(bArr);
    }

    public static KeyStore.Entry d(String str) {
        try {
            if (f19035r == null) {
                a();
            }
            KeyStore.Entry entry = f19035r.getEntry(str, null);
            if ((entry instanceof KeyStore.PrivateKeyEntry) || (entry instanceof KeyStore.SecretKeyEntry)) {
                return entry;
            }
            com.vivo.httpdns.g.a2501.f(f19018a, "Not an instance of a PrivateKeyEntry or SecretKeyEntry");
            return null;
        } catch (Exception e10) {
            com.vivo.httpdns.g.a2501.b(f19018a, "getKey Exception: " + e10);
            return null;
        }
    }

    private static byte[] d(byte[] bArr, String str) throws GeneralSecurityException {
        KeyStore.Entry d10 = d(str);
        if (d10 == null) {
            return bArr;
        }
        Signature signature = Signature.getInstance(f19026i);
        signature.initSign(((KeyStore.PrivateKeyEntry) d10).getPrivateKey());
        signature.update(bArr);
        return signature.sign();
    }

    private static byte[] e(byte[] bArr, String str) throws GeneralSecurityException {
        KeyStore.Entry d10 = d(str);
        if (d10 == null) {
            return bArr;
        }
        Signature signature = Signature.getInstance(f19025h);
        signature.initSign(((KeyStore.PrivateKeyEntry) d10).getPrivateKey());
        signature.update(bArr);
        return signature.sign();
    }
}
