package com.heytap.omas.omkms.feature;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.google.gson.Gson;
import com.google.gson.JsonIOException;
import com.google.gson.JsonSyntaxException;
import com.google.gson.reflect.TypeToken;
import com.heytap.omas.a.d.h;
import com.heytap.omas.proto.Omkms3;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

@TargetApi(19)
/* loaded from: classes3.dex */
public class d implements com.heytap.omas.omkms.feature.a {

    /* renamed from: a, reason: collision with root package name */
    private static KeyStore f5949a;
    private static volatile byte[] b;

    /* renamed from: c, reason: collision with root package name */
    private static Map<String, Omkms3.ServiceSessionInfo> f5950c = new ConcurrentHashMap();

    /* renamed from: d, reason: collision with root package name */
    private static Map<String, Omkms3.KmsSessionInfo> f5951d = new ConcurrentHashMap();

    /* renamed from: e, reason: collision with root package name */
    private String f5952e;
    private String f;
    private String g;

    @TargetApi(19)
    /* loaded from: classes3.dex */
    private static class b {

        /* renamed from: a, reason: collision with root package name */
        private static volatile byte[] f5953a;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes3.dex */
        public static class a extends TypeToken<byte[]> {
            a() {
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        @TargetApi(19)
        public static synchronized void c(Context context, byte[] bArr) {
            synchronized (b.class) {
                if (f5953a != null) {
                    h.e("EnAesSpUtils", "saveEnAesKey: should not take place always,in this case that would be bug ,not ensure a singleton object to call this method.");
                }
                h.g("EnAesSpUtils", "saveEnAesKey: encryptedAesKey:" + bArr);
                SharedPreferences.Editor edit = context.getSharedPreferences("en_aes_key_file", 0).edit();
                edit.putString("aes_encrypted_key_of_android_key_store_rsa_key", new Gson().toJson(bArr));
                h.g("EnAesSpUtils", "saveEnAesKey: result:" + edit.commit());
                f5953a = bArr;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        @Nullable
        @TargetApi(19)
        public static byte[] d(Context context) {
            try {
                if (f5953a != null && f5953a.length != 0) {
                    h.g("EnAesSpUtils", "loadEnAesKey: load enAesKey from memory cache.enAesKey:" + f5953a);
                    return f5953a;
                }
                String string = context.getSharedPreferences("en_aes_key_file", 0).getString("aes_encrypted_key_of_android_key_store_rsa_key", null);
                if (string == null) {
                    h.e("EnAesSpUtils", "loadEnAesKey: null,not en aes key info.");
                    return null;
                }
                byte[] bArr = (byte[]) new Gson().fromJson(string, new a().getType());
                h.g("EnAesSpUtils", "loadEnAesKey: load enAesKey from sp file, enAesKey:" + bArr);
                f5953a = bArr;
                return f5953a;
            } catch (Exception e2) {
                h.e("EnAesSpUtils", "loadEnAesKey: exception,detail:" + e2);
                return null;
            }
        }
    }

    /* loaded from: classes3.dex */
    private static final class c {
        /* JADX INFO: Access modifiers changed from: private */
        @Nullable
        public static Omkms3.EnKmsSessionInfo d(Context context, String str) {
            try {
                if (context == null) {
                    throw new IllegalArgumentException("loadEnKmsSessionFromFile: context cannot be null.");
                }
                String str2 = "loadEnKmsSessionFromFile: SpKey:" + str;
                String string = context.getSharedPreferences("encrypted_session_key_info", 0).getString("kms_" + str, null);
                if (!TextUtils.isEmpty(string)) {
                    return (Omkms3.EnKmsSessionInfo) com.heytap.omas.a.d.g.a(string, Omkms3.EnKmsSessionInfo.class);
                }
                h.e("KeyStoreLowerApiISessionTicketCache", "loadEnKmsSessionFromFile: fail.");
                return null;
            } catch (JsonSyntaxException e2) {
                h.e("KeyStoreLowerApiISessionTicketCache", "loadEnKmsSessionFromFile: " + e2);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void e(Context context, Omkms3.EnKmsSessionInfo enKmsSessionInfo) {
            try {
                SharedPreferences.Editor edit = context.getSharedPreferences("encrypted_session_key_info", 0).edit();
                String str = "kms_" + enKmsSessionInfo.getUserInitInfo();
                String str2 = "saveEnKmsSessionToFile: SpKey:" + str;
                edit.putString(str, com.heytap.omas.a.d.g.b(enKmsSessionInfo, Omkms3.EnKmsSessionInfo.class));
                String str3 = "saveEnKmsSessionToFile: commitResult:" + edit.commit();
            } catch (JsonIOException e2) {
                h.e("KeyStoreLowerApiISessionTicketCache", "saveEnKmsSessionToFile: " + e2);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void f(Context context, Omkms3.EnServiceSessionInfo enServiceSessionInfo) {
            SharedPreferences.Editor edit = context.getSharedPreferences("encrypted_session_key_info", 0).edit();
            String str = "service_" + enServiceSessionInfo.getUserInitInfo();
            String str2 = "saveEnServiceSessionToFile: SpKey:" + str;
            edit.putString(str, com.heytap.omas.a.d.g.b(enServiceSessionInfo, Omkms3.EnServiceSessionInfo.class));
            String str3 = "saveEnServiceSessionToFile: commitResult:" + edit.commit();
        }

        @Nullable
        public static Omkms3.EnServiceSessionInfo g(Context context, String str) {
            try {
                if (context == null) {
                    throw new IllegalArgumentException("loadEnServiceSessionFromFile: context cannot be null.");
                }
                String str2 = "loadEnServiceSessionFromFile: SpKey=" + str;
                String string = context.getSharedPreferences("encrypted_session_key_info", 0).getString("service_" + str, null);
                if (!TextUtils.isEmpty(string)) {
                    return (Omkms3.EnServiceSessionInfo) com.heytap.omas.a.d.g.a(string, Omkms3.EnServiceSessionInfo.class);
                }
                h.e("KeyStoreLowerApiISessionTicketCache", "loadEnServiceSessionFromFile: fail.");
                return null;
            } catch (JsonSyntaxException e2) {
                h.e("KeyStoreLowerApiISessionTicketCache", "loadEnServiceSessionFromFile: " + e2);
                return null;
            }
        }
    }

    /* renamed from: com.heytap.omas.omkms.feature.d$d, reason: collision with other inner class name */
    /* loaded from: classes3.dex */
    private static class C0285d {

        /* renamed from: a, reason: collision with root package name */
        private static final d f5954a = new d();
    }

    private d() {
        this.f5952e = "KMS-";
        this.f = "SERVICE-";
        this.g = "en_session_key_info";
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            f5949a = keyStore;
            keyStore.load(null);
        } catch (Exception e2) {
            h.e("KeyStoreLowerApiISessionTicketCache", "KeyStoreRsaCache: exception:" + e2);
        }
    }

    public static d e() {
        return C0285d.f5954a;
    }

    private String f(@NonNull com.heytap.omas.omkms.data.c cVar) {
        if (cVar == null) {
            throw new IllegalArgumentException("InitParamSpec cannot be null");
        }
        String str = "lower-api_" + com.heytap.omas.a.d.f.a(cVar);
        String str2 = "genSessionInfoKey: spKey:" + str;
        return str;
    }

    private static AlgorithmParameterSpec g(int i, byte[] bArr) {
        return h(i, bArr, 0, bArr.length);
    }

    private static AlgorithmParameterSpec h(int i, byte[] bArr, int i2, int i3) {
        return Build.VERSION.SDK_INT < 21 ? new IvParameterSpec(bArr, i2, i3) : new GCMParameterSpec(i, bArr, i2, i3);
    }

    @TargetApi(19)
    private static boolean i(Context context, String str) {
        try {
            h.e("KeyStoreLowerApiISessionTicketCache", "generateRsaKeyPair: alias:" + str);
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 100);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(com.alipay.sdk.m.n.d.f1079a, "AndroidKeyStore");
            keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(context).setKeyType(com.alipay.sdk.m.n.d.f1079a).setKeySize(2048).setAlias(str).setSubject(new X500Principal("CN=cn,O=OPLUS,OU=OSEC")).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build());
            keyPairGenerator.generateKeyPair();
            String str2 = "generateRsaKeyPair: alias:" + str + ",success.";
            return true;
        } catch (Exception e2) {
            String str3 = "generateRsaKeyPair fail.exception:" + e2;
            return false;
        }
    }

    private static byte[] j(com.heytap.omas.omkms.data.c cVar, SecretKey secretKey, int i, byte[] bArr, byte[] bArr2, int i2) {
        Cipher cipher;
        try {
            if (TextUtils.isEmpty(cVar.getCipherProvider())) {
                cipher = Cipher.getInstance("AES/GCM/NoPadding");
            } else {
                if ("OMAS".equals(cVar.getCipherProvider())) {
                    com.heytap.omas.a.b.a.d();
                    cipher = Cipher.getInstance("AES/GCM/NoPadding", "OMAS");
                    cipher.init(i2, secretKey, new GCMParameterSpec(i, bArr));
                    return cipher.doFinal(bArr2);
                }
                cipher = Cipher.getInstance("AES/GCM/NoPadding", cVar.getCipherProvider());
            }
            cipher.init(i2, secretKey, g(i, bArr));
            return cipher.doFinal(bArr2);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e2) {
            e2.printStackTrace();
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.KmsSessionInfo a(Context context, com.heytap.omas.omkms.data.c cVar) {
        try {
            String f = f(cVar);
            if (f5951d.containsKey(f)) {
                h.g("KeyStoreLowerApiISessionTicketCache", "loadKmsSessionTicketInfo: try load kms ticket from memory.");
                return f5951d.get(f);
            }
            if (!f5949a.containsAlias("session_key_encrypt_keystore_rsa_alias")) {
                h.e("KeyStoreLowerApiISessionTicketCache", "loadKmsSessionTicketInfo: Uninitialized,cannot load kms session info.");
                return null;
            }
            h.g("KeyStoreLowerApiISessionTicketCache", "loadKmsSessionTicketInfo: try load encrypted service ticket from share preference.");
            Omkms3.EnKmsSessionInfo d2 = c.d(context, f);
            if (d2 == null) {
                h.e("KeyStoreLowerApiISessionTicketCache", "loadKmsSessionTicketInfo: enKmsSessionInfo == null.");
                return null;
            }
            PrivateKey privateKey = (PrivateKey) f5949a.getKey("session_key_encrypt_keystore_rsa_alias", null);
            if (b == null) {
                synchronized (this) {
                    if (b == null) {
                        b = b.d(context);
                    }
                    if (b != null && b.length != 0) {
                    }
                    h.e("KeyStoreLowerApiISessionTicketCache", "saveServiceSessionTicketInfo: fail,not found enKeystoreAesKey info,must save kms session ticket info first.");
                    return null;
                }
            }
            Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding");
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(b);
            h.e("KeyStoreLowerApiISessionTicketCache", "loadKmsSessionTicketInfo: deEnKeystoreAesKey:" + Arrays.toString(doFinal));
            Omkms3.KmsSessionInfo kmsSessionInfo = (Omkms3.KmsSessionInfo) com.heytap.omas.a.d.g.a(new String(j(cVar, new SecretKeySpec(doFinal, "AES"), 128, Base64.decode(d2.getIv(), 2), Base64.decode(d2.getEnSessionInfo().getBytes(), 2), 2)), Omkms3.KmsSessionInfo.class);
            f5951d.put(f, kmsSessionInfo);
            h.e("KeyStoreLowerApiISessionTicketCache", "loadKmsSessionTicketInfo: kmsSessionTicketInfo:\nbegin time:" + kmsSessionInfo.getBeginTime() + "\nendTime:" + kmsSessionInfo.getEndTime());
            return kmsSessionInfo;
        } catch (Exception e2) {
            h.e("KeyStoreLowerApiISessionTicketCache", "loadKmsSessionTicketInfo: KeyStore exception:" + e2);
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.EnKmsSessionInfo b(Context context, com.heytap.omas.omkms.data.c cVar, Omkms3.KmsSessionInfo kmsSessionInfo) {
        boolean z;
        SecretKey secretKeySpec;
        if (context == null || cVar == null || kmsSessionInfo == null) {
            h.e("KeyStoreLowerApiISessionTicketCache", "saveKmsSessionTicketInfo: fail,parameters cannot be null.");
            return null;
        }
        try {
            String f = f(cVar);
            if (f5949a.containsAlias("session_key_encrypt_keystore_rsa_alias")) {
                z = true;
            } else {
                synchronized (d.class) {
                    if (f5949a.containsAlias("session_key_encrypt_keystore_rsa_alias")) {
                        z = true;
                    } else {
                        h.g("KeyStoreLowerApiISessionTicketCache", "saveKmsSessionTicketInfo: keyStore not contains alias:session_key_encrypt_keystore_rsa_alias,generate it now.");
                        z = i(context, "session_key_encrypt_keystore_rsa_alias");
                    }
                }
            }
            if (!z) {
                return null;
            }
            PublicKey publicKey = f5949a.getCertificate("session_key_encrypt_keystore_rsa_alias").getPublicKey();
            PrivateKey privateKey = (PrivateKey) f5949a.getKey("session_key_encrypt_keystore_rsa_alias", null);
            byte[] bArr = new byte[12];
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.nextBytes(bArr);
            if (b == null) {
                synchronized (this) {
                    if (b == null) {
                        b = b.d(context);
                    }
                    if (b != null && b.length != 0) {
                        secureRandom.nextBytes(bArr);
                        Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding");
                        cipher.init(2, privateKey);
                        secretKeySpec = new SecretKeySpec(cipher.doFinal(b), "AES");
                    }
                    h.g("KeyStoreLowerApiISessionTicketCache", "saveKmsSessionTicketInfo:not found enAesKey info,generate and save it.");
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                    keyGenerator.init(256);
                    SecretKey generateKey = keyGenerator.generateKey();
                    byte[] encoded = generateKey.getEncoded();
                    secureRandom.nextBytes(bArr);
                    Cipher cipher2 = Cipher.getInstance("RSA/None/PKCS1Padding");
                    cipher2.init(1, publicKey);
                    b = cipher2.doFinal(encoded);
                    b.c(context, b);
                    secretKeySpec = generateKey;
                }
            } else {
                secureRandom.nextBytes(bArr);
                Cipher cipher3 = Cipher.getInstance("RSA/None/PKCS1Padding");
                cipher3.init(2, privateKey);
                secretKeySpec = new SecretKeySpec(cipher3.doFinal(b), "AES");
            }
            SecretKey secretKey = secretKeySpec;
            String b2 = com.heytap.omas.a.d.g.b(kmsSessionInfo, Omkms3.KmsSessionInfo.class);
            secureRandom.nextBytes(bArr);
            byte[] j = j(cVar, secretKey, 128, bArr, b2.getBytes(), 1);
            if (j != null && j.length != 0) {
                Omkms3.EnKmsSessionInfo build = Omkms3.EnKmsSessionInfo.newBuilder().setUserInitInfo(f).setIv(Base64.encodeToString(bArr, 2)).setBeginTime(kmsSessionInfo.getBeginTime()).setEndTime(kmsSessionInfo.getEndTime()).setEnSessionInfo(Base64.encodeToString(j, 2)).build();
                String str = "saveKmsSessionTicketInfo: kmsSessionTicketInfo:\nbegin time:" + kmsSessionInfo.getBeginTime() + "\nendTime:" + kmsSessionInfo.getEndTime();
                c.e(context, build);
                f5951d.put(f, kmsSessionInfo);
                return build;
            }
            h.e("KeyStoreLowerApiISessionTicketCache", "saveKmsSessionTicketInfo: enKmsSessionBytes is null,encrypt fail,always should not take place.");
            return null;
        } catch (Exception e2) {
            e2.printStackTrace();
            h.e("KeyStoreLowerApiISessionTicketCache", "saveKmsSessionKey: exception,detail:" + e2);
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @Nullable
    @TargetApi(19)
    public Omkms3.EnServiceSessionInfo c(Context context, com.heytap.omas.omkms.data.c cVar, Omkms3.ServiceSessionInfo serviceSessionInfo) {
        try {
            if (!f5949a.containsAlias("session_key_encrypt_keystore_rsa_alias")) {
                h.e("KeyStoreLowerApiISessionTicketCache", "saveServiceSessionTicketInfo: keyStore not contains alias:session_key_encrypt_keystore_rsa_alias,should not take place always.");
                return null;
            }
            PrivateKey privateKey = (PrivateKey) f5949a.getKey("session_key_encrypt_keystore_rsa_alias", null);
            if (b == null) {
                synchronized (this) {
                    if (b == null) {
                        b = b.d(context);
                    }
                    if (b != null && b.length != 0) {
                    }
                    h.e("KeyStoreLowerApiISessionTicketCache", "saveServiceSessionTicketInfo: fail,not found enAesKey info,must save kms session ticket info first.");
                    return null;
                }
            }
            String f = f(cVar);
            byte[] bArr = new byte[12];
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.nextBytes(bArr);
            Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding");
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(b);
            SecretKeySpec secretKeySpec = new SecretKeySpec(doFinal, "AES");
            h.e("KeyStoreLowerApiISessionTicketCache", "saveServiceSessionTicketInfo: dAesKey:" + Arrays.toString(doFinal));
            String b2 = com.heytap.omas.a.d.g.b(serviceSessionInfo, Omkms3.ServiceSessionInfo.class);
            secureRandom.nextBytes(bArr);
            byte[] j = j(cVar, secretKeySpec, 128, bArr, b2.getBytes(), 1);
            if (j != null && j.length != 0) {
                Omkms3.EnServiceSessionInfo build = Omkms3.EnServiceSessionInfo.newBuilder().setUserInitInfo(f).setIv(Base64.encodeToString(bArr, 2)).setBeginTime(serviceSessionInfo.getBeginTime()).setEndTime(serviceSessionInfo.getEndTime()).setEnSessionInfo(Base64.encodeToString(j, 2)).build();
                c.f(context, build);
                f5950c.put(f, serviceSessionInfo);
                return build;
            }
            h.e("KeyStoreLowerApiISessionTicketCache", "saveServiceSessionTicketInfo: enServiceSessionBytes is null,encrypt fail,always should not take place.");
            return null;
        } catch (Exception e2) {
            h.e("KeyStoreLowerApiISessionTicketCache", "saveServiceSessionTicketInfo: exception:" + e2);
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.ServiceSessionInfo d(Context context, com.heytap.omas.omkms.data.c cVar) {
        try {
            String f = f(cVar);
            if (f5950c.containsKey(f)) {
                h.g("KeyStoreLowerApiISessionTicketCache", "loadServiceSessionTicketInfo: load service ticket from memory.");
                return f5950c.get(f);
            }
            if (!f5949a.containsAlias("session_key_encrypt_keystore_rsa_alias")) {
                h.e("KeyStoreLowerApiISessionTicketCache", "loadServiceSessionTicketInfo: uninitialized,cannot load service session info.");
                return null;
            }
            h.g("KeyStoreLowerApiISessionTicketCache", "loadServiceSessionTicketInfo: load service ticket from share preference.");
            Omkms3.EnServiceSessionInfo g = c.g(context, f);
            if (g == null) {
                h.e("KeyStoreLowerApiISessionTicketCache", "loadServiceSessionTicketInfo: enServiceSessionInfo == null.");
                return null;
            }
            if (b == null) {
                synchronized (this) {
                    if (b == null) {
                        b = b.d(context);
                    }
                    if (b != null && b.length != 0) {
                    }
                    h.e("KeyStoreLowerApiISessionTicketCache", "saveServiceSessionTicketInfo: fail,not found enKeystoreAesKey info,must save kms session ticket info first.");
                    return null;
                }
            }
            PrivateKey privateKey = (PrivateKey) f5949a.getKey("session_key_encrypt_keystore_rsa_alias", null);
            Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding");
            cipher.init(2, privateKey);
            byte[] d2 = b.d(context);
            if (d2 != null && d2.length != 0) {
                byte[] j = j(cVar, new SecretKeySpec(cipher.doFinal(d2), "AES"), 128, Base64.decode(g.getIv(), 2), Base64.decode(g.getEnSessionInfo().getBytes(), 2), 2);
                if (j != null && j.length != 0) {
                    Omkms3.ServiceSessionInfo serviceSessionInfo = (Omkms3.ServiceSessionInfo) com.heytap.omas.a.d.g.a(new String(j), Omkms3.ServiceSessionInfo.class);
                    f5950c.put(f, serviceSessionInfo);
                    return serviceSessionInfo;
                }
                h.e("KeyStoreLowerApiISessionTicketCache", "loadServiceSessionTicketInfo: serviceSessionInfoBytes is null or empty,always should not take place.");
                return null;
            }
            h.e("KeyStoreLowerApiISessionTicketCache", "loadServiceSessionTicketInfo: fail,not found enAesKey info,must save kms session ticket info first.");
            return null;
        } catch (Exception e2) {
            h.e("KeyStoreLowerApiISessionTicketCache", "loadServiceSessionKey: KeyStore exception:" + e2);
            return null;
        }
    }
}
