package com.sankuai.meituan.tte;

import android.annotation.SuppressLint;
import android.content.Context;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.annotation.VisibleForTesting;
import android.text.TextUtils;
import com.meituan.android.cipstorage.CIPStorageCenter;
import com.sankuai.meituan.tte.TMonitor;
import com.sankuai.meituan.tte.TTE;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Enumeration;
import org.apache.harmony.beans.BeansUtils;
import org.json.JSONException;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes5.dex */
public class TKeyStore {
    private static final String TAG = "TKeyStore";

    @SuppressLint({"StaticFieldLeak"})
    private static volatile TKeyStore sInstance;
    private final Context mContext;

    public TKeyStore(@NonNull Context context) {
        this.mContext = context;
    }

    private CIPStorageCenter cips() {
        return Util.localStorage(this.mContext, "ks");
    }

    @Nullable
    private KeyItem doGetKey(TTE.Env env, TTE.DataCipher dataCipher) {
        SecureBox<?> secureBox;
        String string;
        if (ConfigManager.getInstance(this.mContext).cipherConfig(dataCipher).disableKeyStore()) {
            TLog.d(TAG, "get: disable");
            return null;
        }
        TMonitor.Transaction newTransaction = TMonitor.newTransaction("tte.keyStore.read", "keyStore");
        try {
            try {
                try {
                    try {
                        try {
                            secureBox = secureBox();
                            newTransaction.putTag("algo", dataCipher.cipherName);
                            newTransaction.putTag("code", "0");
                            newTransaction.putTag("backend", secureBox.tag());
                            string = cips().getString(secureBox.getStorageKey(env, dataCipher), "");
                        } catch (JSONException e) {
                            newTransaction.putTag("code", "1003");
                            TLog.e(TAG, BeansUtils.GET, e);
                            Assertion.fail(e);
                        }
                    } catch (KeyStoreException e2) {
                        newTransaction.putTag("code", "1001");
                        TLog.e(TAG, BeansUtils.GET, e2);
                        Assertion.fail(e2);
                    }
                } catch (GeneralSecurityException e3) {
                    newTransaction.putTag("code", "1004");
                    TLog.e(TAG, BeansUtils.GET, e3);
                    Assertion.fail(e3);
                }
            } catch (Throwable th) {
                newTransaction.putTag("code", "1100");
                TLog.e(TAG, BeansUtils.GET, th);
                Assertion.fail(th);
            }
            if (TextUtils.isEmpty(string)) {
                newTransaction.putTag("code", "1002");
                return null;
            }
            KeyItem keyItem = new KeyItem(new JSONObject(string));
            keyItem.dk = secureBox.decrypt(keyItem.dk);
            String validateDkFormat = keyItem.validateDkFormat();
            if (validateDkFormat == null) {
                return keyItem;
            }
            TLog.e(TAG, validateDkFormat, null);
            newTransaction.putTag("code", "1005");
            return null;
        } finally {
            newTransaction.complete();
        }
    }

    private boolean doRemoveKey(KeyItem keyItem) {
        if (ConfigManager.getInstance(this.mContext).cipherConfig(keyItem.dataCipher).disableKeyStore()) {
            TLog.d(TAG, "remove: disable");
            return false;
        }
        try {
            return cips().remove(secureBox().getStorageKey(keyItem.env, keyItem.dataCipher));
        } catch (Throwable th) {
            TLog.e(TAG, "remove", th);
            Assertion.fail(th);
            return false;
        }
    }

    private boolean doSetKey(KeyItem keyItem) {
        if (ConfigManager.getInstance(this.mContext).cipherConfig(keyItem.dataCipher).disableKeyStore()) {
            TLog.d(TAG, "set: disable");
            return false;
        }
        TMonitor.Transaction newTransaction = TMonitor.newTransaction("tte.keyStore.write", "keyStore");
        try {
            try {
                try {
                    SecureBox<?> secureBox = secureBox();
                    newTransaction.putTag("algo", keyItem.dataCipher.cipherName);
                    newTransaction.putTag("code", "0");
                    newTransaction.putTag("backend", secureBox.tag());
                    byte[] encrypt = secureBox.encrypt(keyItem.dk);
                    JSONObject json = keyItem.toJSON();
                    json.put("dk", Util.base64Encode(encrypt));
                    cips().setString(secureBox.getStorageKey(keyItem.env, keyItem.dataCipher), json.toString());
                    return true;
                } catch (JSONException e) {
                    newTransaction.putTag("code", "1003");
                    TLog.e(TAG, BeansUtils.SET, e);
                    Assertion.fail(e);
                    return false;
                } catch (Throwable th) {
                    newTransaction.putTag("code", "1100");
                    TLog.e(TAG, BeansUtils.SET, th);
                    Assertion.fail(th);
                    return false;
                }
            } catch (KeyStoreException e2) {
                newTransaction.putTag("code", "1001");
                TLog.e(TAG, BeansUtils.SET, e2);
                Assertion.fail(e2);
                return false;
            } catch (GeneralSecurityException e3) {
                newTransaction.putTag("code", "1004");
                TLog.e(TAG, BeansUtils.SET, e3);
                Assertion.fail(e3);
                return false;
            }
        } finally {
            newTransaction.complete();
        }
    }

    public static TKeyStore getInstance(Context context) {
        if (sInstance == null) {
            synchronized (TKeyStore.class) {
                if (sInstance == null) {
                    sInstance = new TKeyStore(context);
                }
            }
        }
        return sInstance;
    }

    @Nullable
    public KeyItem getKey(TTE.Env env, TTE.DataCipher dataCipher) {
        KeyItem doGetKey = doGetKey(env, dataCipher);
        StringBuilder sb = new StringBuilder();
        sb.append("[get][");
        sb.append(env);
        sb.append(", ");
        sb.append(dataCipher);
        sb.append("] null?: ");
        sb.append(doGetKey == null);
        TLog.v(TAG, sb.toString());
        return doGetKey;
    }

    public boolean remove(KeyItem keyItem) {
        boolean doRemoveKey = doRemoveKey(keyItem);
        TLog.v(TAG, "[remove][" + keyItem.env + ", " + keyItem.dataCipher + "]: " + doRemoveKey);
        return doRemoveKey;
    }

    @VisibleForTesting
    void reset() {
        try {
            cips().removeNonUserObject();
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                keyStore.deleteEntry(aliases.nextElement());
            }
        } catch (Throwable th) {
            th.printStackTrace();
        }
    }

    @VisibleForTesting
    protected SecureBox<?> secureBox() {
        return SecureBox.getInstance(this.mContext);
    }

    public boolean setKey(KeyItem keyItem) {
        boolean doSetKey = doSetKey(keyItem);
        TLog.v(TAG, "[set][" + keyItem.env + ", " + keyItem.dataCipher + "]: " + doSetKey);
        return doSetKey;
    }
}
