package com.bytedance.labcv.bytedcertsdk.ticketguard.key;

import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import com.bytedance.labcv.bytedcertsdk.utils.BLog;
import f.a.v.a;
import i.m.a.q.h.v.b.e;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import kotlin.Metadata;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@Metadata(d1 = {"\u0000V\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J.\u0010\u0003\u001a\u00020\u00042\b\u0010\u0005\u001a\u0004\u0018\u00010\u00062\u0006\u0010\u0007\u001a\u00020\b2\b\u0010\t\u001a\u0004\u0018\u00010\u00062\b\u0010\n\u001a\u0004\u0018\u00010\u0006H\u0007J\u0010\u0010\u000b\u001a\u0004\u0018\u00010\u00062\u0006\u0010\f\u001a\u00020\rJ\u001a\u0010\u000e\u001a\u00020\u00062\u0006\u0010\f\u001a\u00020\r2\b\u0010\u000f\u001a\u0004\u0018\u00010\u0006H\u0007J0\u0010\u0010\u001a\u0004\u0018\u00010\r2\b\u0010\u0005\u001a\u0004\u0018\u00010\u00062\u0006\u0010\u0011\u001a\u00020\u00122\b\u0010\t\u001a\u0004\u0018\u00010\u00062\b\u0010\n\u001a\u0004\u0018\u00010\u0006H\u0007J\u0018\u0010\u0013\u001a\u00020\u00042\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u0017H\u0007J0\u0010\u0018\u001a\u0004\u0018\u00010\r2\b\u0010\u0005\u001a\u0004\u0018\u00010\u00062\u0006\u0010\u0007\u001a\u00020\b2\b\u0010\t\u001a\u0004\u0018\u00010\u00062\b\u0010\n\u001a\u0004\u0018\u00010\u0006H\u0007J\u0010\u0010\u0019\u001a\u00020\u00062\u0006\u0010\u001a\u001a\u00020\u001bH\u0007J\u0010\u0010\u001c\u001a\u00020\u00062\u0006\u0010\u001a\u001a\u00020\u001bH\u0007J\u0012\u0010\u001d\u001a\u0004\u0018\u00010\u001e2\u0006\u0010\u0014\u001a\u00020\u0015H\u0007J\u0018\u0010\u001f\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u00172\u0006\u0010 \u001a\u00020\u0015H\u0007J \u0010!\u001a\u00020\u00042\u0006\u0010\"\u001a\u00020#2\u0006\u0010 \u001a\u00020\u00152\u0006\u0010$\u001a\u00020\u0015H\u0007¨\u0006%"}, d2 = {"Lcom/bytedance/labcv/bytedcertsdk/ticketguard/key/TeeApi;", "", "()V", "containsAlias", "", "keystoreAlias", "", "sp", "Landroid/content/SharedPreferences;", "spKeyPublic", "spKeyPrivate", "convertPEMString", "keyPair", "Ljava/security/KeyPair;", "genCsr", "principal", "genKeyPair", "editor", "Landroid/content/SharedPreferences$Editor;", "isKeyMatch", "cert", "", "privateKey", "Ljava/security/PrivateKey;", "loadKeyPair", "parse04PublicKey", "ecPublicKey", "Ljava/security/interfaces/ECPublicKey;", "parseBase64PublicKey", "parseCertificate", "Ljava/security/cert/X509Certificate;", "sign", "data", e.b, "certificate", "Ljava/security/cert/Certificate;", i.s.f.e.f13649m, "BytedCertSdk_release"}, k = 1, mv = {1, 7, 1}, xi = 48)
/* renamed from: com.bytedance.labcv.bytedcertsdk.f.a.c, reason: from Kotlin metadata */
/* loaded from: classes2.dex */
public final class TeeApi {

    @NotNull
    public static final TeeApi a = new TeeApi();

    private TeeApi() {
    }

    @Nullable
    private static String a(@NotNull KeyPair keyPair) {
        Intrinsics.checkNotNullParameter(keyPair, "keyPair");
        try {
            PemObject pemObject = new PemObject(PEMParser.f19125n, keyPair.getPublic().getEncoded());
            StringWriter stringWriter = new StringWriter();
            PemWriter pemWriter = new PemWriter(stringWriter);
            pemWriter.j(pemObject);
            pemWriter.close();
            stringWriter.close();
            return stringWriter.toString();
        } catch (CertificateEncodingException e2) {
            throw new RuntimeException(e2);
        }
    }

    @JvmStatic
    @NotNull
    public static final String a(@NotNull KeyPair keyPair, @Nullable String str) throws OperatorCreationException, IOException {
        Intrinsics.checkNotNullParameter(keyPair, "keyPair");
        ContentSigner b = new JcaContentSignerBuilder("SHA256withECDSA").b(keyPair.getPrivate());
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(str), keyPair.getPublic());
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.a(Extension.f16247j, true, new BasicConstraints(true));
        jcaPKCS10CertificationRequestBuilder.a(PKCSObjectIdentifiers.x2, extensionsGenerator.e());
        PemObject pemObject = new PemObject(PEMParser.f19115d, jcaPKCS10CertificationRequestBuilder.c(b).c());
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        pemWriter.j(pemObject);
        pemWriter.close();
        stringWriter.close();
        String stringWriter2 = stringWriter.toString();
        Intrinsics.checkNotNullExpressionValue(stringWriter2, "stringWriter.toString()");
        return stringWriter2;
    }

    @JvmStatic
    @Nullable
    public static final KeyPair a(@Nullable String str, @NotNull SharedPreferences.Editor editor, @Nullable String str2, @Nullable String str3) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyPair generateKeyPair;
        Intrinsics.checkNotNullParameter(editor, "editor");
        if (Build.VERSION.SDK_INT >= 23) {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            Intrinsics.checkNotNullExpressionValue(keyPairGenerator, "getInstance(KEY_PAIR_ALG…Y_STORE_PROVIDER_ANDROID)");
            Intrinsics.checkNotNull(str);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 4).setDigests("SHA-256").build());
            generateKeyPair = keyPairGenerator.generateKeyPair();
            Intrinsics.checkNotNullExpressionValue(generateKeyPair, "keyGen.generateKeyPair()");
        } else {
            KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("EC", "BC");
            Intrinsics.checkNotNullExpressionValue(keyPairGenerator2, "getInstance(KEY_PAIR_ALG…M, KEY_STORE_PROVIDER_BC)");
            keyPairGenerator2.initialize(256, new SecureRandom());
            generateKeyPair = keyPairGenerator2.generateKeyPair();
            Intrinsics.checkNotNullExpressionValue(generateKeyPair, "keyGen.generateKeyPair()");
            PublicKey publicKey = generateKeyPair.getPublic();
            Intrinsics.checkNotNullExpressionValue(publicKey, "keyPair.public");
            editor.putString(str2, e.a(publicKey));
            PrivateKey privateKey = generateKeyPair.getPrivate();
            Intrinsics.checkNotNullExpressionValue(privateKey, "keyPair.private");
            editor.putString(str3, e.a(privateKey));
            editor.apply();
        }
        BLog.w("TeeKeyHelper", "keyPair Public Key : " + generateKeyPair.getPublic().getEncoded());
        return generateKeyPair;
    }

    @JvmStatic
    public static final boolean a(@Nullable String str, @NotNull SharedPreferences sp, @Nullable String str2, @Nullable String str3) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        Intrinsics.checkNotNullParameter(sp, "sp");
        if (Build.VERSION.SDK_INT < 23) {
            return (TextUtils.isEmpty(sp.getString(str2, null)) || TextUtils.isEmpty(sp.getString(str3, null))) ? false : true;
        }
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore.containsAlias(str);
    }

    @JvmStatic
    public static final boolean a(@NotNull byte[] cert, @NotNull PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, CertificateException {
        Intrinsics.checkNotNullParameter(cert, "cert");
        Intrinsics.checkNotNullParameter(privateKey, "privateKey");
        byte[] data = a.f9304n.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(data, "this as java.lang.String).getBytes(charset)");
        byte[] signature = a(privateKey, data);
        Intrinsics.checkNotNullParameter(cert, "cert");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(cert);
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        X509Certificate certificate = generateCertificate instanceof X509Certificate ? (X509Certificate) generateCertificate : null;
        if (certificate == null) {
            return false;
        }
        Intrinsics.checkNotNullParameter(certificate, "certificate");
        Intrinsics.checkNotNullParameter(data, "data");
        Intrinsics.checkNotNullParameter(signature, "signature");
        Signature signature2 = Signature.getInstance("SHA256withECDSA");
        signature2.initVerify(certificate);
        signature2.update(data);
        return signature2.verify(signature);
    }

    @JvmStatic
    @NotNull
    public static final byte[] a(@NotNull PrivateKey privateKey, @NotNull byte[] data) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Intrinsics.checkNotNullParameter(privateKey, "privateKey");
        Intrinsics.checkNotNullParameter(data, "data");
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);
        signature.update(data);
        byte[] sign = signature.sign();
        Intrinsics.checkNotNullExpressionValue(sign, "s.sign()");
        return sign;
    }

    @JvmStatic
    @Nullable
    public static final KeyPair b(@Nullable String str, @NotNull SharedPreferences sp, @Nullable String str2, @Nullable String str3) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableEntryException, InvalidKeySpecException {
        PrivateKey generatePrivate;
        PublicKey publicKey;
        Intrinsics.checkNotNullParameter(sp, "sp");
        if (Build.VERSION.SDK_INT >= 23) {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
                publicKey = privateKeyEntry.getCertificate().getPublicKey();
                generatePrivate = privateKeyEntry.getPrivateKey();
            } else {
                generatePrivate = null;
                publicKey = null;
            }
        } else {
            PublicKey generatePublic = KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(Base64.decode(sp.getString(str2, null), 0)));
            generatePrivate = KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(sp.getString(str3, null), 0)));
            publicKey = generatePublic;
        }
        if (publicKey == null || generatePrivate == null) {
            return null;
        }
        String a2 = a(new KeyPair(publicKey, generatePrivate));
        if (a2 != null) {
            BLog.w("TeeKeyHelper", "PEM PublicKey".concat(String.valueOf(a2)));
        }
        return new KeyPair(publicKey, generatePrivate);
    }
}
