package gbsdk.optional.aweme;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.util.Base64;
import android.util.Log;
import com.meituan.robust.ChangeQuickRedirect;
import com.meituan.robust.PatchProxy;
import com.meituan.robust.PatchProxyResult;
import java.io.StringWriter;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;

/* compiled from: TicketGuardKeyHelper.java */
/* loaded from: classes10.dex */
public class am {
    public static final String SP_NAME = "sp_TicketGuardHelper";
    private static final String TAG = "TicketGuardHelper";
    public static final String aa = "CN=%s, OU=%s, O=%s, C=%s";
    public static final String ab = "EC";

    /* renamed from: ac, reason: collision with root package name */
    public static final String f8726ac = "SHA256withECDSA";
    public static final String ad = "AndroidKeyStore";
    public static final String ae = "BC";

    /* renamed from: af, reason: collision with root package name */
    public static final String f8727af = "sp_key_public_key";
    public static final String ag = "sp_key_private_key";
    public static ChangeQuickRedirect changeQuickRedirect;
    private final SharedPreferences ah;
    private final String ai;
    private final String aj;
    private volatile PrivateKey ak;

    public am(Context context, String str, String str2) {
        this.ah = context.getSharedPreferences(SP_NAME, 0);
        this.ai = str;
        this.aj = str2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static int a(PrivateKey privateKey) {
        int i = 0;
        Throwable th = null;
        PatchProxyResult proxy = PatchProxy.proxy(new Object[]{privateKey}, null, changeQuickRedirect, true, "174c40419d75bbf37f531f81c055361f");
        if (proxy != null) {
            return ((Integer) proxy.result).intValue();
        }
        try {
            KeyFactory keyFactory = KeyFactory.getInstance(privateKey.getAlgorithm());
            if (Build.VERSION.SDK_INT >= 23) {
                KeyInfo keyInfo = (KeyInfo) keyFactory.getKeySpec(privateKey, KeyInfo.class);
                i = Build.VERSION.SDK_INT >= 31 ? keyInfo.getSecurityLevel() : keyInfo.isInsideSecureHardware();
            }
        } catch (Throwable th2) {
            th = th2;
        }
        ai.a(i, th);
        return i;
    }

    public static String a(String str, String str2, String str3, String str4) {
        PatchProxyResult proxy = PatchProxy.proxy(new Object[]{str, str2, str3, str4}, null, changeQuickRedirect, true, "bf893783765ff7c851576cc0bf9a84f9");
        return proxy != null ? (String) proxy.result : String.format(aa, str, str2, str3, str4);
    }

    private static String a(Key key) {
        PatchProxyResult proxy = PatchProxy.proxy(new Object[]{key}, null, changeQuickRedirect, true, "32b6f35453198cf84ccf45f32438a061");
        return proxy != null ? (String) proxy.result : Base64.encodeToString(key.getEncoded(), 0);
    }

    private String r() {
        PatchProxyResult proxy = PatchProxy.proxy(new Object[0], this, changeQuickRedirect, false, "d1581c59291af7d4c30ae9be9d64f82e");
        if (proxy != null) {
            return (String) proxy.result;
        }
        return "sp_key_public_key_" + this.ai;
    }

    private String s() {
        PatchProxyResult proxy = PatchProxy.proxy(new Object[0], this, changeQuickRedirect, false, "81723d5ed3c4071248054c5ea75fb4a2");
        if (proxy != null) {
            return (String) proxy.result;
        }
        return "sp_key_private_key_" + this.ai;
    }

    public String a(KeyPair keyPair) {
        PatchProxyResult proxy = PatchProxy.proxy(new Object[]{keyPair}, this, changeQuickRedirect, false, "a3cae859a2e4e841b3245c28f545bf6c");
        if (proxy != null) {
            return (String) proxy.result;
        }
        if (keyPair == null) {
            an.az.log("生成 csr 失败, key pair为空");
            ai.b(3000, null);
            return null;
        }
        try {
            ContentSigner build = new JcaContentSignerBuilder(f8726ac).build(keyPair.getPrivate());
            JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(this.aj), keyPair.getPublic());
            ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
            extensionsGenerator.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
            PemObject pemObject = new PemObject("CERTIFICATE REQUEST", jcaPKCS10CertificationRequestBuilder.build(build).getEncoded());
            StringWriter stringWriter = new StringWriter();
            PemWriter pemWriter = new PemWriter(stringWriter);
            pemWriter.writeObject(pemObject);
            pemWriter.close();
            stringWriter.close();
            String stringWriter2 = stringWriter.toString();
            an.az.log("生成 csr 成功");
            ai.b(0, null);
            return stringWriter2;
        } catch (Throwable th) {
            an.az.log("生成 csr 失败, exception=" + Log.getStackTraceString(th));
            ai.b(3001, th);
            return null;
        }
    }

    public byte[] a(PrivateKey privateKey, byte[] bArr) {
        PatchProxyResult proxy = PatchProxy.proxy(new Object[]{privateKey, bArr}, this, changeQuickRedirect, false, "bfb9c3a29d7ab954372ae09e735186c3");
        if (proxy != null) {
            return (byte[]) proxy.result;
        }
        try {
            Signature signature = Signature.getInstance(f8726ac);
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (Throwable th) {
            an.az.log("sign: sign failed, exception=" + Log.getStackTraceString(th));
            throw th;
        }
    }

    public KeyPair genKeyPair() {
        KeyPair generateKeyPair;
        PatchProxyResult proxy = PatchProxy.proxy(new Object[0], this, changeQuickRedirect, false, "9acedff7907685633bae7dde30c8b4f0");
        if (proxy != null) {
            return (KeyPair) proxy.result;
        }
        long currentTimeMillis = System.currentTimeMillis();
        try {
            if (Build.VERSION.SDK_INT >= 23) {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ab, ad);
                keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(this.ai, 4).setDigests("SHA-256").build());
                generateKeyPair = keyPairGenerator.generateKeyPair();
            } else {
                KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance(ab, "BC");
                keyPairGenerator2.initialize(256, new SecureRandom());
                generateKeyPair = keyPairGenerator2.generateKeyPair();
                SharedPreferences.Editor edit = this.ah.edit();
                edit.putString(r(), a(generateKeyPair.getPublic()));
                edit.putString(s(), a((Key) generateKeyPair.getPrivate()));
                edit.apply();
            }
            an.az.log("生成 Key pair 成功");
            ai.a(a(generateKeyPair.getPrivate()), 0, (Throwable) null, System.currentTimeMillis() - currentTimeMillis);
            return generateKeyPair;
        } catch (Throwable th) {
            an.az.log("生成 Key pair 失败, exception=" + Log.getStackTraceString(th));
            ai.a(0, -1, th, System.currentTimeMillis() - currentTimeMillis);
            return null;
        }
    }

    public PrivateKey loadPrivateKey() {
        PatchProxyResult proxy = PatchProxy.proxy(new Object[0], this, changeQuickRedirect, false, "e2a15120ecd190c6f49353aeaa6e93ec");
        if (proxy != null) {
            return (PrivateKey) proxy.result;
        }
        if (this.ak != null) {
            return this.ak;
        }
        long currentTimeMillis = System.currentTimeMillis();
        try {
            if (Build.VERSION.SDK_INT >= 23) {
                KeyStore keyStore = KeyStore.getInstance(ad);
                keyStore.load(null);
                this.ak = ((KeyStore.PrivateKeyEntry) keyStore.getEntry(this.ai, null)).getPrivateKey();
            } else {
                this.ak = KeyFactory.getInstance(ab).generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(this.ah.getString(s(), null), 0)));
            }
            an.az.log("load private key success");
            ai.a(a(this.ak), 0, null, System.currentTimeMillis() - currentTimeMillis, false);
        } catch (Exception e) {
            an.az.log("load private key error, exception=" + Log.getStackTraceString(e));
            ai.a(a(this.ak), -1, e, System.currentTimeMillis() - currentTimeMillis, false);
        }
        return this.ak;
    }

    public String t() {
        PatchProxyResult proxy = PatchProxy.proxy(new Object[0], this, changeQuickRedirect, false, "472eeda94017b94e43272deb4502bf0f");
        return proxy != null ? (String) proxy.result : a(genKeyPair());
    }
}
