package f.f0.a.f;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyProtection;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.RequiresApi;
import com.privacy.azerothprivacy.AzerothPrivacy;
import com.privacy.azerothprivacy.alarm.receiver.KeyAgreementUpdater;
import com.ss.android.ugc.bytex.pthread.base.convergence.hook.ThreadMethodProxy;
import com.ss.android.ugc.bytex.pthread.base.proxy.PthreadThreadV2;
import f.f0.a.i.n;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.Callable;
import java.util.concurrent.CancellationException;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
import java.util.concurrent.FutureTask;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.json.JSONException;
import org.json.JSONObject;

/* compiled from: AzerothKeystore.java */
/* loaded from: classes9.dex */
public class f {
    public static KeyStore b;

    /* renamed from: f, reason: collision with root package name */
    public static boolean f4354f;
    public final ConcurrentHashMap<Object, Future<Boolean>> a = new ConcurrentHashMap<>();
    public static final Map<String, Key> c = new ConcurrentHashMap();
    public static final Map<String, Key> d = new ConcurrentHashMap();
    public static final Map<String, Key> e = new ConcurrentHashMap();
    public static final AtomicInteger g = new AtomicInteger(0);
    public static final f h = a.a;

    /* compiled from: AzerothKeystore.java */
    /* loaded from: classes9.dex */
    public static class a {
        public static final f a = new f();
    }

    public f() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            b = keyStore;
            keyStore.load(null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            b = null;
            f4354f = true;
            f.z.trace.f.c.e("AzerothKeystore", "failed to get AndroidKeyStore instance", e2);
            if (f.f0.a.g.a.a == null) {
                return;
            }
            f.f0.a.g.a.a.ensureNotReachHere(e2, "failed to load android key store", null);
        }
    }

    public f.f0.a.f.h.a a(final Context context) throws InvalidKeyException {
        long c2 = e.c(AzerothPrivacy.getAppContext());
        if (c2 == 0 && g.compareAndSet(0, 1)) {
            ThreadMethodProxy.start(new PthreadThreadV2(new Runnable() { // from class: f.f0.a.f.c
                @Override // java.lang.Runnable
                public final void run() {
                    f.h.c(context);
                }
            }, "AzerothKeystore"));
            throw new InvalidKeyException("zero key version returned");
        }
        Key h2 = h(context, Long.valueOf(c2));
        if (h2 != null) {
            return new f.f0.a.f.h.a(c2, h2);
        }
        throw new InvalidKeyException("null key returned");
    }

    public Key b(Context context, long j) throws Exception {
        Key key = e.get(l("sub_aes_key", Long.valueOf(j)));
        if (key == null) {
            Key h2 = h(context, Long.valueOf(j));
            if (h2 == null) {
                throw new KeyStoreException("null root key returned");
            }
            key = o(context, new f.f0.a.f.h.a(j, h2));
        }
        if (key != null) {
            return key;
        }
        throw new KeyStoreException("null sub key returned");
    }

    public final void c(final Context context) {
        FutureTask futureTask;
        f fVar = h;
        Future<Boolean> future = fVar.a.get("initKeys");
        if (future == null && (future = fVar.a.putIfAbsent("initKeys", (futureTask = new FutureTask(new Callable() { // from class: f.f0.a.f.b
            @Override // java.util.concurrent.Callable
            public final Object call() {
                boolean z;
                f fVar2 = f.this;
                Context context2 = context;
                synchronized (fVar2) {
                    f.z.trace.f.c.d("CRYPTO", "initial key");
                    byte[] a2 = e.a(context2);
                    z = true;
                    if (a2.length != 32) {
                        f.z.trace.f.c.e("CRYPTO", "keyBytes is invalid");
                        z = false;
                    } else {
                        if (f.f4354f) {
                            fVar2.d(a2, context2);
                        } else {
                            try {
                                if (Build.VERSION.SDK_INT >= 23) {
                                    fVar2.f(a2);
                                } else {
                                    fVar2.e(a2, context2);
                                }
                            } catch (Exception e2) {
                                HashMap hashMap = new HashMap();
                                hashMap.put("key_version", String.valueOf(e.b(context2)));
                                hashMap.put("shared_preference", f.f0.a.l.a.b(AzerothPrivacy.getAppContext()).a().toString());
                                if (f.f0.a.g.a.a != null) {
                                    f.f0.a.g.a.a.ensureNotReachHere(e2, "key initial internal exception", hashMap);
                                }
                                f.f4354f = true;
                                fVar2.d(a2, context2);
                            }
                        }
                        fVar2.n(context2, new SecretKeySpec(a2, "AES"));
                        e.g(context2, e.c(context2), true);
                    }
                }
                return Boolean.valueOf(z);
            }
        })))) == null) {
            futureTask.run();
            future = futureTask;
        }
        try {
            f.z.trace.f.c.d("CRYPTO", "InitialKey result is " + future.get(3L, TimeUnit.SECONDS).booleanValue());
            fVar.a.remove("initKeys", future);
        } catch (InterruptedException | CancellationException | ExecutionException | TimeoutException e2) {
            HashMap hashMap = new HashMap();
            hashMap.put("key version", String.valueOf(e.c(context)));
            hashMap.put("shared_preference", f.f0.a.l.a.b(AzerothPrivacy.getAppContext()).a().toString());
            if (f.f0.a.g.a.a != null) {
                f.f0.a.g.a.a.ensureNotReachHere(e2, "key initial remote exception", hashMap);
            }
            h.a.remove("initKeys", future);
        }
    }

    public final void d(byte[] bArr, Context context) {
        f.f0.a.l.a.b(context).f(k("aes_key"), Base64.encodeToString(bArr, 2));
        f.f0.a.l.a.c.remove(m("aes_key"));
        f.f0.a.l.a.c.commit();
    }

    @RequiresApi(api = 21)
    public final void e(byte[] bArr, Context context) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, KeyStoreException {
        f.f0.a.l.a b2 = f.f0.a.l.a.b(context);
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 1);
        BigInteger bigInteger = new BigInteger(63, new SecureRandom());
        KeyPairGeneratorSpec.Builder alias = new KeyPairGeneratorSpec.Builder(context).setAlias(k("rsa_private_key"));
        StringBuilder X = f.d.a.a.a.X("CN=");
        X.append(k("rsa_private_key"));
        KeyPairGeneratorSpec build = alias.setSubject(new X500Principal(X.toString())).setSerialNumber(bigInteger).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        PublicKey publicKey = keyPairGenerator.generateKeyPair().getPublic();
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, publicKey);
        b2.f(k("aes_key"), Base64.encodeToString(cipher.doFinal(bArr), 2));
        f.f0.a.l.a.c.remove(m("aes_key"));
        f.f0.a.l.a.c.commit();
        b.deleteEntry(m("rsa_private_key"));
    }

    @RequiresApi(api = 23)
    public final void f(byte[] bArr) throws KeyStoreException {
        for (int i = 1; i <= 3; i++) {
            try {
                b.setEntry(k("aes_key"), new KeyStore.SecretKeyEntry(new SecretKeySpec(bArr, "AES")), new KeyProtection.Builder(3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
                b.deleteEntry(m("aes_key"));
                b.setEntry(k("hmacsha256_key"), new KeyStore.SecretKeyEntry(new SecretKeySpec(bArr, "HmacSHA256")), new KeyProtection.Builder(4).setDigests("SHA-256").build());
                b.deleteEntry(m("hmacsha256_key"));
                return;
            } catch (KeyStoreException e2) {
                String keyStoreException = e2.toString();
                JSONObject jSONObject = new JSONObject();
                JSONObject jSONObject2 = new JSONObject();
                try {
                    jSONObject.put("AzerothKeystore", keyStoreException);
                    jSONObject2.put("failed_count", i);
                } catch (JSONException e3) {
                    if (f.f0.a.g.a.a != null) {
                        f.f0.a.g.a.a.ensureNotReachHere(e3, "key store error event reporter Json exception", null);
                    }
                }
                n.k0("crypto", jSONObject, jSONObject2, null);
                if (i == 3) {
                    throw e2;
                }
            }
        }
    }

    public final Key g(Context context, Long l) {
        if (f4354f || Build.VERSION.SDK_INT < 23) {
            return h(context, l);
        }
        try {
            return b.getKey(l("hmacsha256_key", l), null);
        } catch (GeneralSecurityException e2) {
            f.z.trace.f.c.e("CRYPTO", "GetHmacSHA256Key exceptions:" + e2);
            HashMap hashMap = new HashMap();
            hashMap.put("key version", String.valueOf(e.c(context)));
            hashMap.put("shared_preference", f.f0.a.l.a.b(AzerothPrivacy.getAppContext()).a().toString());
            if (f.f0.a.g.a.a == null) {
                return null;
            }
            f.f0.a.g.a.a.ensureNotReachHere(e2, "retrieve hmac key exception", hashMap);
            return null;
        }
    }

    public final Key h(Context context, Long l) {
        f.f0.a.l.a b2 = f.f0.a.l.a.b(context);
        String l2 = l("aes_key", l);
        f.z.trace.f.c.d("CRYPTO", f.d.a.a.a.p5("start get key:", l2));
        if (f4354f) {
            Map<String, Key> map = d;
            Key key = map.get(l2);
            if (key == null) {
                String d2 = b2.d(l2);
                if (!TextUtils.isEmpty(d2)) {
                    try {
                        byte[] decode = Base64.decode(d2, 0);
                        if (decode.length == 32) {
                            map.put(l2, new SecretKeySpec(decode, "AES"));
                            return map.get(l2);
                        }
                        b2.f(l2, "");
                    } catch (IllegalArgumentException e2) {
                        b2.f(l2, "");
                        f.z.trace.f.c.d("AzerothKeystore", e2.toString());
                        return null;
                    }
                }
            }
            return key;
        }
        try {
            if (Build.VERSION.SDK_INT >= 23) {
                return b.getKey(l2, null);
            }
            Map<String, Key> map2 = c;
            Key key2 = map2.get(l2);
            if (key2 == null) {
                PrivateKey privateKey = (PrivateKey) b.getKey(l("rsa_private_key", l), null);
                String d3 = b2.d(l2);
                if (privateKey != null && !TextUtils.isEmpty(d3)) {
                    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                    cipher.init(2, privateKey);
                    byte[] doFinal = cipher.doFinal(Base64.decode(d3, 0));
                    if (doFinal.length == 32) {
                        key2 = new SecretKeySpec(doFinal, "AES");
                    }
                    map2.put(l2, key2);
                }
            }
            return key2;
        } catch (GeneralSecurityException e3) {
            f.z.trace.f.c.e("CRYPTO", "GetKey exceptions:" + e3);
            HashMap hashMap = new HashMap();
            hashMap.put("key version", String.valueOf(e.c(context)));
            hashMap.put("shared_preference", f.f0.a.l.a.b(AzerothPrivacy.getAppContext()).a().toString());
            if (f.f0.a.g.a.a != null) {
                f.f0.a.g.a.a.ensureNotReachHere(e3, "retrieve key exception", hashMap);
            }
            return null;
        }
    }

    public void i(final Context context) {
        e.f();
        Key h2 = h(context, null);
        if (h2 == null || g(context, null) == null) {
            ThreadMethodProxy.start(new PthreadThreadV2(new Runnable() { // from class: f.f0.a.f.d
                @Override // java.lang.Runnable
                public final void run() {
                    f.this.c(context);
                }
            }, "AzerothKeystore"));
        } else {
            n(context, h2);
            f.z.trace.f.V2(context, new KeyAgreementUpdater());
        }
    }

    public void j(final Context context) {
        e.f();
        Key h2 = h(context, null);
        if (h2 == null || g(context, null) == null) {
            ThreadMethodProxy.start(new PthreadThreadV2(new Runnable() { // from class: f.f0.a.f.a
                @Override // java.lang.Runnable
                public final void run() {
                    f.this.c(context);
                }
            }, "AzerothKeystore"));
        } else {
            n(context, h2);
        }
    }

    public final String k(String str) {
        return f.d.a.a.a.r5(str, AzerothPrivacy.getAppInfo().e, String.valueOf(e.c(AzerothPrivacy.getAppContext())));
    }

    public final String l(String str, Long l) {
        if (l == null) {
            l = Long.valueOf(e.c(AzerothPrivacy.getAppContext()));
        }
        return str + AzerothPrivacy.getAppInfo().e + l;
    }

    public final String m(String str) {
        Long valueOf;
        AzerothPrivacy.getAppContext();
        String str2 = e.a;
        synchronized (e.class) {
            valueOf = e.e == 0 ? null : Long.valueOf(e.e);
        }
        return f.d.a.a.a.r5(str, AzerothPrivacy.getAppInfo().e, String.valueOf(valueOf));
    }

    public final void n(Context context, Key key) {
        o(context, new f.f0.a.f.h.a(e.c(context), key));
    }

    public final Key o(Context context, f.f0.a.f.h.a aVar) {
        try {
            long parseLong = Long.parseLong(AzerothPrivacy.getAppInfo().e);
            ByteBuffer allocate = ByteBuffer.allocate(8);
            allocate.order(ByteOrder.LITTLE_ENDIAN).putLong(parseLong);
            byte[] array = allocate.array();
            Key key = aVar.b;
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            byte[] bArr = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
            cipher.init(1, key, new GCMParameterSpec(128, bArr));
            ByteBuffer allocate2 = ByteBuffer.allocate(cipher.doFinal(array).length + 12);
            allocate2.put(bArr);
            SecretKeySpec secretKeySpec = new SecretKeySpec(allocate2.array(), "AES");
            e.put(l("sub_aes_key", Long.valueOf(aVar.a)), secretKeySpec);
            return secretKeySpec;
        } catch (Exception e2) {
            HashMap hashMap = new HashMap();
            hashMap.put("key version", String.valueOf(e.c(context)));
            hashMap.put("shared_preference", f.f0.a.l.a.b(AzerothPrivacy.getAppContext()).a().toString());
            if (f.f0.a.g.a.a == null) {
                return null;
            }
            f.f0.a.g.a.a.ensureNotReachHere(e2, "sub key initial exception", hashMap);
            return null;
        }
    }
}
