package com.vbft.filetransmission.utils.transfer;

import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.RequiresApi;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;

/* loaded from: classes3.dex */
public class RSAHelper {
    public static final String CERT_ALIAS = "ECDHSigningCert";
    public static final int KEY_BIT_SIZE = 2048;
    public static final String SIGN_ALGORITHM = "SHA256withRSA";
    private KeyStore keyStore;
    private PrivateKey privateKey;
    private PublicKey publicKey;

    @RequiresApi(23)
    public RSAHelper() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, InvalidAlgorithmParameterException, UnrecoverableEntryException, NoSuchProviderException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        this.keyStore = keyStore;
        keyStore.load(null);
        if (this.keyStore.containsAlias(CERT_ALIAS)) {
            this.privateKey = (PrivateKey) this.keyStore.getKey(CERT_ALIAS, null);
            this.publicKey = this.keyStore.getCertificate(CERT_ALIAS).getPublicKey();
            return;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(CERT_ALIAS, 12).setDigests("SHA-256", "SHA-512").setKeySize(2048).setSignaturePaddings("PKCS1").build());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        this.privateKey = generateKeyPair.getPrivate();
        this.publicKey = generateKeyPair.getPublic();
    }

    public static boolean verify(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        ByteBuffer wrap = ByteBuffer.wrap(bArr2);
        byte[] bArr3 = new byte[wrap.getInt()];
        wrap.get(bArr3);
        PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr3));
        byte[] bArr4 = new byte[wrap.remaining()];
        wrap.get(bArr4);
        Signature signature = Signature.getInstance(SIGN_ALGORITHM);
        signature.initVerify(generatePublic);
        signature.update(bArr);
        return signature.verify(bArr4);
    }

    public byte[] sign(byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, IOException {
        Signature signature = Signature.getInstance(SIGN_ALGORITHM);
        signature.initSign(this.privateKey);
        signature.update(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] encoded = this.publicKey.getEncoded();
        byteArrayOutputStream.write(ByteBuffer.allocate(4).putInt(encoded.length).array());
        byteArrayOutputStream.write(encoded);
        byteArrayOutputStream.write(signature.sign());
        return byteArrayOutputStream.toByteArray();
    }
}
