package com.huawei.hms.keyring.credential.util;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import defpackage.Cif;
import defpackage.df;
import defpackage.qe;
import defpackage.re;
import defpackage.te;
import defpackage.va;
import defpackage.wa;
import defpackage.we;
import defpackage.xe;
import defpackage.ya;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.MGF1ParameterSpec;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class CryptoUtils {
    private static final String AES_KEY = "aesKey";
    private static final int AES_KEY_SIZE = 256;
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String BIOMETRIC_KEY = "_bio";
    private static final String DATA = "data";
    private static final int DAY = -7;
    private static final String DECRYPT_ERROR = "decrypt error, ";
    private static final String ENCRYPT_ERROR = "encrypt error, ";
    private static final Object GENERATOR_LOCK = new Object();
    private static final String IV = "iv";
    private static final int IV_RANDOM_LEN = 12;
    private static final int KEY_RANDOM_LEN = 32;
    private static final int RSA_KEY_SIZE = 3072;
    private static final String RSA_MODE_OAEP = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    private static final String TAG = "CryptoUtils";
    private static final int YEAR = 20;

    private CryptoUtils() {
    }

    public static void checkBiometricKeyAccessibility(String str) throws wa {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            keyStore.getKey(str + BIOMETRIC_KEY, null);
            ya.a(TAG, "check biometrickey OK.", new Object[0]);
        } catch (IOException e) {
            e = e;
            ya.a(TAG, "get biometrickey failed. it is OK. " + e.getMessage(), new Object[0]);
        } catch (KeyStoreException e2) {
            e = e2;
            ya.a(TAG, "get biometrickey failed. it is OK. " + e.getMessage(), new Object[0]);
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            ya.a(TAG, "get biometrickey failed. it is OK. " + e.getMessage(), new Object[0]);
        } catch (UnrecoverableKeyException e4) {
            ya.c(TAG, "check biometrickey failed. key changed. " + e4.getMessage(), new Object[0]);
            throw new wa(va.UNRECOVERABLE_KEY_CHANGED, "delete this credential.");
        } catch (CertificateException e5) {
            e = e5;
            ya.a(TAG, "get biometrickey failed. it is OK. " + e.getMessage(), new Object[0]);
        }
    }

    public static byte[] decrypt(String str, String str2) throws wa {
        return decryptAES(str, str2 + "_AES");
    }

    public static byte[] decrypt(String str, Cipher cipher) throws wa {
        return decryptRSA(str, cipher);
    }

    private static byte[] decryptAES(String str, String str2) throws wa {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            Key key = keyStore.getKey(str2, null);
            JSONObject jSONObject = new JSONObject(str);
            te b = re.a(qe.AES_GCM, key, Base64.decode(jSONObject.optString(IV), 2), null).b();
            b.a(jSONObject.optString(DATA));
            return b.a();
        } catch (df | IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException | JSONException e) {
            ya.b(TAG, "decryptAES failed. " + e.getMessage(), new Object[0]);
            throw new wa(va.DECRYPT_ERROR, DECRYPT_ERROR + e.getMessage());
        }
    }

    private static byte[] decryptRSA(String str, Cipher cipher) throws wa {
        try {
            JSONObject jSONObject = new JSONObject(str);
            te b = re.a(qe.AES_GCM, new SecretKeySpec(cipher.doFinal(Base64.decode(jSONObject.optString(AES_KEY), 2)), "AES"), Base64.decode(jSONObject.optString(IV), 2), null).b();
            b.a(jSONObject.optString(DATA));
            return b.a();
        } catch (df | BadPaddingException | IllegalBlockSizeException | JSONException e) {
            ya.b(TAG, "decryptRSA failed. " + e.getMessage(), new Object[0]);
            throw new wa(va.DECRYPT_ERROR, DECRYPT_ERROR + e.getMessage());
        }
    }

    public static String encrypt(byte[] bArr, String str, boolean z) throws wa {
        ya.c(TAG, "isUserAuth :" + z, new Object[0]);
        if (z) {
            generateAESKey(str + BIOMETRIC_KEY, true);
        }
        return encryptAES(bArr, str + "_AES");
    }

    private static String encryptAES(byte[] bArr, String str) throws wa {
        try {
            if (!hasKey(str)) {
                generateAESKey(str, false);
            }
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            Key key = keyStore.getKey(str, null);
            byte[] b = Cif.b(12);
            xe a = re.a(qe.AES_GCM, key, b, null);
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(IV, Base64.encodeToString(b, 2));
            we a2 = a.a();
            a2.a(bArr);
            jSONObject.put(DATA, a2.a());
            return jSONObject.toString();
        } catch (df | IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException | JSONException e) {
            ya.b(TAG, "encryptAES failed. " + e.getMessage(), new Object[0]);
            throw new wa(va.ENCRYPT_ERROR, ENCRYPT_ERROR + e.getMessage());
        }
    }

    private static String encryptAesKey(byte[] bArr, String str) throws wa {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            PublicKey publicKey = ((KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null)).getCertificate().getPublicKey();
            Cipher cipher = Cipher.getInstance(RSA_MODE_OAEP);
            cipher.init(1, publicKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
            return Base64.encodeToString(cipher.doFinal(bArr), 2);
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            ya.b(TAG, "encryptAesKey failed. " + e.getMessage(), new Object[0]);
            throw new wa(va.ENCRYPT_ERROR, ENCRYPT_ERROR + e.getMessage());
        }
    }

    public static String encryptRSA(byte[] bArr, String str) throws wa {
        try {
            if (!hasKey(str)) {
                generateRSAKeyPair(str);
            }
            byte[] b = Cif.b(32);
            byte[] b2 = Cif.b(12);
            xe a = re.a(qe.AES_GCM, new SecretKeySpec(b, "AES"), b2, null);
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(IV, Base64.encodeToString(b2, 2));
            we a2 = a.a();
            a2.a(bArr);
            jSONObject.put(DATA, a2.a());
            jSONObject.put(AES_KEY, encryptAesKey(b, str));
            return jSONObject.toString();
        } catch (df | JSONException e) {
            ya.b(TAG, "encryptRSA failed. " + e.getMessage(), new Object[0]);
            throw new wa(va.ENCRYPT_ERROR, ENCRYPT_ERROR + e.getMessage());
        }
    }

    public static void generateAESKey(String str, boolean z) throws wa {
        SecretKey generateKey;
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEY_STORE);
            KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder(str, 15).setDigests("SHA-256", "SHA-384", "SHA-512").setKeySize(AES_KEY_SIZE).setRandomizedEncryptionRequired(false).setUserAuthenticationRequired(z).setBlockModes("GCM", "CBC").setEncryptionPaddings("NoPadding", "PKCS7Padding");
            if (z) {
                encryptionPaddings.setUserAuthenticationValidityDurationSeconds(5);
            }
            keyGenerator.init(encryptionPaddings.build());
            synchronized (GENERATOR_LOCK) {
                generateKey = keyGenerator.generateKey();
            }
            if (generateKey != null) {
                return;
            }
            ya.b(TAG, "generateAESKey failed. Generate key with aes error.", new Object[0]);
            throw new wa(va.GENERATE_AES_KEY_ERROR, "Generate key with aes error.");
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            ya.b(TAG, "generateAESKey failed. " + e.getMessage(), new Object[0]);
            throw new wa(va.GENERATE_AES_KEY_ERROR, "Generate key with aes error. " + e.getMessage());
        }
    }

    private static void generateRSAKeyPair(String str) throws wa {
        Calendar calendar = Calendar.getInstance();
        calendar.add(6, -7);
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 20);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEY_STORE);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 3).setDigests("SHA-512", "SHA-256", "SHA-1").setEncryptionPaddings("OAEPPadding").setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).setUserAuthenticationRequired(true).setRandomizedEncryptionRequired(true).setKeySize(RSA_KEY_SIZE).setUserAuthenticationValidityDurationSeconds(5).build());
            keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException | ProviderException e) {
            ya.b(TAG, "generateRSAKeyPair failed. " + e.getMessage(), new Object[0]);
            throw new wa(va.GENERATE_RSA_KEYPAIR_ERROR, "generate RSAKeyPair error, " + e.getMessage());
        }
    }

    public static Cipher getRSACipher(String str) throws wa {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str + "_RSA", null);
            Cipher cipher = Cipher.getInstance(RSA_MODE_OAEP);
            cipher.init(2, privateKeyEntry.getPrivateKey());
            return cipher;
        } catch (IOException e) {
            e = e;
            ya.b(TAG, "getRSACipher failed. " + e.getMessage(), new Object[0]);
            throw new wa(va.GET_CIPHER_ERROR, e.getMessage());
        } catch (InvalidKeyException e2) {
            e = e2;
            ya.b(TAG, "getRSACipher failed. " + e.getMessage(), new Object[0]);
            throw new wa(va.GET_CIPHER_ERROR, e.getMessage());
        } catch (KeyStoreException e3) {
            e = e3;
            ya.b(TAG, "getRSACipher failed. " + e.getMessage(), new Object[0]);
            throw new wa(va.GET_CIPHER_ERROR, e.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            ya.b(TAG, "getRSACipher failed. " + e.getMessage(), new Object[0]);
            throw new wa(va.GET_CIPHER_ERROR, e.getMessage());
        } catch (UnrecoverableEntryException unused) {
            throw new wa(va.UNRECOVERABLE_KEY_CHANGED, "delete this credential.");
        } catch (CertificateException e5) {
            e = e5;
            ya.b(TAG, "getRSACipher failed. " + e.getMessage(), new Object[0]);
            throw new wa(va.GET_CIPHER_ERROR, e.getMessage());
        } catch (NoSuchPaddingException e6) {
            e = e6;
            ya.b(TAG, "getRSACipher failed. " + e.getMessage(), new Object[0]);
            throw new wa(va.GET_CIPHER_ERROR, e.getMessage());
        }
    }

    private static boolean hasKey(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            return keyStore.getEntry(str, null) != null;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            ya.c(TAG, "hasKey failed. " + e.getMessage(), new Object[0]);
            return false;
        }
    }

    public static void removeKey(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            keyStore.deleteEntry(str + BIOMETRIC_KEY);
            keyStore.deleteEntry(str + "_AES");
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            ya.c(TAG, "removeKey failed. " + e.getMessage(), new Object[0]);
        }
    }
}
