package com.huawei.phoneservice.login.util;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.huawei.cbg.phoenix.security.watermark.util.WatermarkConstant;
import com.huawei.module.base.constants.Consts;
import com.huawei.module.base.util.EmuiUtils;
import com.huawei.module.base.util.RefectUtils;
import com.huawei.module.base.util.StringUtils;
import com.huawei.module.log.MyLogUtil;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.CharacterCodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Locale;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes4.dex */
public class SaltDeal {
    public static final String HW_KEY_STORE = "HwUniversalKeyStoreProvider";
    public static final String KEYSTORE_PROVIDER_ANDROID_KEYSTORE = "HwKeyStore";
    public static final String SAMPLE_ALIAS = "HwKey";
    public static final String SIGNATURE_SHA256withRSA = "SHA256withRSA";
    public static final String TYPE_RSA = "RSA";
    public static volatile SaltDeal instance;
    public String mAlias = SAMPLE_ALIAS;
    public KeyPair mKeyPair;
    public String mSalt;
    public String mSecretDigest;

    /* loaded from: classes4.dex */
    public interface SaltCreateListeners {
        void saltCallBack(String str, String str2);
    }

    public static String base64EncodeToString(byte[] bArr) {
        return Base64.encodeToString(bArr, 0);
    }

    public static String creatSalt() {
        StringBuilder sb = new StringBuilder();
        String formatTimeString = getFormatTimeString(WatermarkConstant.KEY_FILE_NAME_FORM, Long.valueOf(System.currentTimeMillis()));
        int nextInt = new SecureRandom().nextInt(10000);
        if (nextInt < 1000) {
            nextInt += 1000;
        }
        sb.append(formatTimeString);
        sb.append(nextInt);
        String sb2 = sb.toString();
        MyLogUtil.d("salt:%s", sb2);
        return sb2;
    }

    public static String createSecretDigest(String str) {
        byte[] sign = getSign("TDID", str);
        if (sign == null || sign.length <= 0) {
            return null;
        }
        return Base64.encodeToString(sign, 10);
    }

    public static String getFormatTimeString(String str, Long l) {
        try {
            return new SimpleDateFormat(str, Locale.getDefault()).format(new Date(l.longValue()));
        } catch (IllegalArgumentException e) {
            MyLogUtil.e(e);
            return null;
        }
    }

    public static SaltDeal getInstance() {
        if (instance == null) {
            synchronized (SaltDeal.class) {
                if (instance == null) {
                    instance = new SaltDeal();
                }
            }
        }
        return instance;
    }

    public static byte[] getSign(String str, String str2) {
        byte[] bArr;
        int intFiled = RefectUtils.getIntFiled("com.huawei.attestation.HwAttestationManager", "KEY_INDEX_HWCLOUD", -1);
        if (-1 == intFiled) {
            return new byte[0];
        }
        int intFiled2 = RefectUtils.getIntFiled("com.huawei.attestation.HwAttestationManager", "DEVICE_ID_TYPE_EMMC", -1);
        if (-1 == intFiled2) {
            return new byte[0];
        }
        try {
            bArr = StringUtils.convertToBytes(Consts.BYTES_ENCODING_TYPE, str2);
        } catch (CharacterCodingException e) {
            MyLogUtil.e(e);
            bArr = null;
        }
        Class cls = Integer.TYPE;
        Object invokeFun = RefectUtils.invokeFun("com.huawei.attestation.HwAttestationManager", "getAttestationSignature", new Class[]{cls, cls, String.class, byte[].class}, new Object[]{Integer.valueOf(intFiled), Integer.valueOf(intFiled2), str, bArr});
        byte[] bArr2 = invokeFun != null ? (byte[]) invokeFun : null;
        if (bArr2 == null || bArr2.length == 0) {
            MyLogUtil.w("construct failed");
        }
        return bArr2;
    }

    @TargetApi(24)
    public KeyPair createKeys(Context context) {
        AlgorithmParameterSpec build;
        if (!EmuiUtils.isAboveEMUI60()) {
            return null;
        }
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 1);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", HW_KEY_STORE);
            if (Build.VERSION.SDK_INT < 23) {
                build = new KeyPairGeneratorSpec.Builder(context).setAlias(this.mAlias).setSubject(new X500Principal("CN=" + this.mAlias)).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
            } else {
                build = new KeyGenParameterSpec.Builder(this.mAlias, 4).setCertificateSubject(new X500Principal("CN=" + this.mAlias)).setDigests("SHA-256").setSignaturePaddings("PSS").setCertificateSerialNumber(BigInteger.valueOf(1337L)).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).setAttestationChallenge(StringUtils.convertToBytes(Consts.BYTES_ENCODING_TYPE, "hwkeystory ")).build();
            }
            MyLogUtil.d("createKeys: kpGenerator.initialize(spec)");
            keyPairGenerator.initialize(build);
            MyLogUtil.d("createKeys:  kpGenerator.generateKeyPair();");
            return keyPairGenerator.generateKeyPair();
        } catch (IllegalStateException | NoSuchMethodError | CharacterCodingException | InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException | ProviderException e) {
            MyLogUtil.e(e);
            return null;
        }
    }

    public synchronized void createSalt(SaltCreateListeners saltCreateListeners) {
        if (this.mSalt == null || this.mSecretDigest == null) {
            String creatSalt = creatSalt();
            this.mSalt = creatSalt;
            this.mSecretDigest = createSecretDigest(creatSalt);
        }
        saltCreateListeners.saltCallBack(this.mSalt, this.mSecretDigest);
    }

    @TargetApi(24)
    public Certificate[] getCertificate(Context context) {
        try {
            KeyPairGenerator.getInstance("RSA", HW_KEY_STORE).initialize(new KeyGenParameterSpec.Builder("key1", 4).setDigests("SHA-256", "SHA-384", "SHA-512").setUserAuthenticationRequired(true).setAttestationChallenge(StringUtils.convertToBytes(Consts.BYTES_ENCODING_TYPE, "hwkeystory ")).build());
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
            keyStore.load(null);
            return keyStore.getCertificateChain(this.mAlias);
        } catch (IOException e) {
            MyLogUtil.e(e);
            return new Certificate[0];
        } catch (InvalidAlgorithmParameterException e2) {
            MyLogUtil.e(e2);
            return new Certificate[0];
        } catch (KeyStoreException e3) {
            MyLogUtil.e(e3);
            return new Certificate[0];
        } catch (NoSuchAlgorithmException e4) {
            MyLogUtil.e(e4);
            return new Certificate[0];
        } catch (NoSuchProviderException e5) {
            MyLogUtil.e(e5);
            return new Certificate[0];
        } catch (CertificateException e6) {
            MyLogUtil.e(e6);
            return new Certificate[0];
        }
    }

    public KeyPair getKeyPair(Context context) {
        if (this.mKeyPair == null) {
            this.mKeyPair = createKeys(context);
        }
        return this.mKeyPair;
    }

    public String signData(String str) {
        byte[] bArr = new byte[0];
        try {
            bArr = StringUtils.convertToBytes(Consts.BYTES_ENCODING_TYPE, str);
        } catch (CharacterCodingException e) {
            MyLogUtil.e(e);
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(this.mAlias, null);
            if (entry == null) {
                MyLogUtil.w("No key found under alias");
                return null;
            }
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                MyLogUtil.w("Not an instance of a PrivateKeyEntry");
                return null;
            }
            Signature signature = Signature.getInstance(SIGNATURE_SHA256withRSA, HW_KEY_STORE);
            signature.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
            signature.update(bArr);
            return base64EncodeToString(signature.sign());
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | UnrecoverableEntryException | CertificateException e2) {
            MyLogUtil.e(e2);
            return null;
        }
    }
}
