package r7;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import javax.security.auth.x500.X500Principal;

/* compiled from: KeyStoreUtil.java */
/* loaded from: classes2.dex */
public class o {

    /* renamed from: a, reason: collision with root package name */
    public static final Object f25144a = new Object();

    /* renamed from: b, reason: collision with root package name */
    public static KeyStore f25145b;

    public static String a(String str) {
        try {
            return new String(f(Base64.decode(str, 0), "vhs_ks_aes", "AES"));
        } catch (Throwable th2) {
            l7.a.g("KeyStoreUtil", "aesDecryptFromBase64 failed: " + th2);
            return "";
        }
    }

    public static void b() {
        synchronized (f25144a) {
            try {
                if (f25145b == null) {
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    f25145b = keyStore;
                    keyStore.load(null);
                }
            } catch (Throwable th2) {
                throw th2;
            }
        }
    }

    public static void c(KeyStore keyStore, String str) {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec build;
        if (Build.VERSION.SDK_INT < 23) {
            l7.a.o("KeyStoreUtil", "the Android SDK version is below 6.0, do not generate AES key!");
            return;
        }
        if (keyStore.containsAlias(str)) {
            return;
        }
        int size = keyStore.size();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        blockModes = e.a(str, 3).setBlockModes("GCM");
        encryptionPaddings = blockModes.setEncryptionPaddings("NoPadding");
        build = encryptionPaddings.build();
        keyGenerator.init(build);
        keyGenerator.generateKey();
        if (l7.a.f22819h) {
            l7.a.m("KeyStoreUtil", "generateAESKeyIfNeed Before = " + size + " After = " + keyStore.size());
        }
    }

    public static boolean d(String str, boolean z10, String str2) {
        try {
            if (f25145b == null) {
                b();
            }
            if (z10 && f25145b.containsAlias(str)) {
                l(str);
            }
            if ("RSA".equals(str2)) {
                m(f25145b, str);
                return true;
            }
            if ("EC".equals(str2)) {
                j(f25145b, str);
                return true;
            }
            c(f25145b, str);
            return true;
        } catch (Exception e10) {
            l7.a.g("KeyStoreUtil", "generateKey Exception: " + e10);
            return false;
        }
    }

    public static byte[] e(byte[] bArr, String str) {
        KeyStore.Entry o10 = o(str);
        if (o10 == null) {
            return bArr;
        }
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidKeyStoreBCWorkaround");
        cipher.init(2, ((KeyStore.PrivateKeyEntry) o10).getPrivateKey());
        return cipher.doFinal(bArr);
    }

    public static byte[] f(byte[] bArr, String str, String str2) {
        if (Build.VERSION.SDK_INT >= 23) {
            try {
                if ("RSA".equals(str2)) {
                    return e(bArr, str);
                }
                return h(Arrays.copyOfRange(bArr, 12, bArr.length), str, Arrays.copyOfRange(bArr, 0, 12));
            } catch (Exception e10) {
                l7.a.g("KeyStoreUtil", "decrypt Exception:" + e10.getMessage());
                if (e10 instanceof InvalidKeyException) {
                    l(str);
                }
            }
        }
        return bArr;
    }

    public static byte[] g(byte[] bArr, String str, boolean z10, String str2) {
        d(str, z10, str2);
        return Build.VERSION.SDK_INT >= 23 ? "RSA".equals(str2) ? n(bArr, str) : k(bArr, str) : bArr;
    }

    public static byte[] h(byte[] bArr, String str, byte[] bArr2) {
        KeyStore.Entry o10 = o(str);
        if (o10 == null || Build.VERSION.SDK_INT < 23) {
            return bArr;
        }
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, ((KeyStore.SecretKeyEntry) o10).getSecretKey(), new GCMParameterSpec(128, bArr2));
        return cipher.doFinal(bArr);
    }

    public static String i(String str) {
        try {
            return Base64.encodeToString(g(str.getBytes(), "vhs_ks_aes", false, "AES"), 0);
        } catch (Throwable th2) {
            l7.a.g("KeyStoreUtil", "aesEncryptToBase64 failed: " + th2);
            return "";
        }
    }

    public static void j(KeyStore keyStore, String str) {
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec.Builder keyValidityStart;
        KeyGenParameterSpec.Builder keyValidityEnd;
        KeyGenParameterSpec build;
        if (Build.VERSION.SDK_INT < 23) {
            l7.a.o("KeyStoreUtil", "the Android SDK version is below 6.0, do not generate EC key!");
            return;
        }
        if (keyStore.containsAlias(str)) {
            return;
        }
        int size = keyStore.size();
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 10);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
        digests = e.a(str, 12).setDigests("SHA-256", "SHA-512");
        keyValidityStart = digests.setKeyValidityStart(calendar.getTime());
        keyValidityEnd = keyValidityStart.setKeyValidityEnd(calendar2.getTime());
        build = keyValidityEnd.build();
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        int size2 = keyStore.size();
        if (l7.a.f22819h) {
            l7.a.m("KeyStoreUtil", "Before = " + size + " After = " + size2);
        }
    }

    public static byte[] k(byte[] bArr, String str) {
        KeyStore.Entry o10 = o(str);
        if (o10 == null) {
            return bArr;
        }
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, ((KeyStore.SecretKeyEntry) o10).getSecretKey());
        byte[] iv = cipher.getIV();
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] bArr2 = new byte[iv.length + doFinal.length];
        System.arraycopy(iv, 0, bArr2, 0, iv.length);
        System.arraycopy(doFinal, 0, bArr2, iv.length, doFinal.length);
        return bArr2;
    }

    public static void l(String str) {
        try {
            if (f25145b == null) {
                b();
            }
            f25145b.deleteEntry(str);
        } catch (Exception e10) {
            l7.a.g("KeyStoreUtil", "deleteKey Exception: " + e10);
        }
    }

    public static void m(KeyStore keyStore, String str) {
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder signaturePaddings;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec.Builder keyValidityStart;
        KeyGenParameterSpec.Builder keyValidityEnd;
        KeyGenParameterSpec.Builder certificateSubject;
        KeyGenParameterSpec.Builder certificateSerialNumber;
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec build;
        if (Build.VERSION.SDK_INT < 23) {
            l7.a.o("KeyStoreUtil", "the Android SDK version is below 6.0, do not generate RAS key!");
            return;
        }
        if (keyStore.containsAlias(str)) {
            return;
        }
        int size = keyStore.size();
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 10);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        encryptionPaddings = e.a(str, 15).setEncryptionPaddings("PKCS1Padding");
        signaturePaddings = encryptionPaddings.setSignaturePaddings("PKCS1");
        keySize = signaturePaddings.setKeySize(2048);
        keyValidityStart = keySize.setKeyValidityStart(calendar.getTime());
        keyValidityEnd = keyValidityStart.setKeyValidityEnd(calendar2.getTime());
        certificateSubject = keyValidityEnd.setCertificateSubject(new X500Principal("CN=test"));
        certificateSerialNumber = certificateSubject.setCertificateSerialNumber(BigInteger.ONE);
        digests = certificateSerialNumber.setDigests("SHA-256", "SHA-512");
        build = digests.build();
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        int size2 = keyStore.size();
        if (l7.a.f22819h) {
            l7.a.m("KeyStoreUtil", "Before = " + size + " After = " + size2);
        }
    }

    public static byte[] n(byte[] bArr, String str) {
        KeyStore.Entry o10 = o(str);
        if (o10 == null) {
            return bArr;
        }
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidKeyStoreBCWorkaround");
        cipher.init(1, ((KeyStore.PrivateKeyEntry) o10).getCertificate().getPublicKey());
        return cipher.doFinal(bArr);
    }

    public static KeyStore.Entry o(String str) {
        try {
            if (f25145b == null) {
                b();
            }
            KeyStore.Entry entry = f25145b.getEntry(str, null);
            if ((entry instanceof KeyStore.PrivateKeyEntry) || (entry instanceof KeyStore.SecretKeyEntry)) {
                return entry;
            }
            l7.a.o("KeyStoreUtil", "Not an instance of a PrivateKeyEntry or SecretKeyEntry");
            return null;
        } catch (Exception e10) {
            l7.a.g("KeyStoreUtil", "getKey Exception: " + e10);
            return null;
        }
    }
}
