package com.huawei.gameassistant.utils;

import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import com.huawei.agconnect.datastore.annotation.SharedPreference;
import com.huawei.gameassistant.a90;
import com.huawei.gameassistant.cy;
import com.huawei.gameassistant.q80;
import com.huawei.gameassistant.xx;
import com.huawei.phoneservice.feedbackcommon.network.FeedbackWebConstants;
import com.huawei.secure.android.common.encrypt.aes.AesGcm;
import com.huawei.security.keystore.HwUniversalKeyStoreProvider;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.util.Arrays;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes4.dex */
public final class SecurityUtil {
    private static final String ALIAS_ENCRYPT = "appgallery_assistant_encrypt";
    private static final String ALIAS_ENCRYPT_1 = "appgallery_assistant_encrypt_1";
    private static final String ALIAS_SIGN = "appgallery_assistant_sign";
    public static final String CHARSET = "UTF-8";
    public static final int ERROR_MAX_COUNT = 3;
    private static final String KEYSTORE_NAME = "HwKeystore";
    private static final Object LOCK = new Object();
    private static final String SECURITY_INIT = "SecuritInit";
    private static final String SIGNATURE_TYPE_SHA256 = "SHA256WithRSA/PSS";
    private static final String SP_FILE_NAME = "SecuritConfig";
    private static final String TAG = "SecurityUtil";
    private final Map<String, Certificate[]> certificateChainMap;

    @SharedPreference(fileName = SP_FILE_NAME, key = SECURITY_INIT)
    boolean isInit;
    private KeyStore ks;
    private final Map<String, Key> privateKeyMap;
    private final ScheduledExecutorService singleThreadScheduledPool;

    /* loaded from: classes4.dex */
    class a implements Runnable {
        a() {
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                q.d(SecurityUtil.TAG, "init start");
                if (SecurityUtil.this.initKeyPair()) {
                    q.d(SecurityUtil.TAG, "init KeyPair success.");
                } else {
                    SecurityUtil.this.onOprEvent("001", "init KeyPair failed");
                    q.b(SecurityUtil.TAG, "init KeyPair fail.");
                }
            } catch (Throwable th) {
                SecurityUtil.this.onOprEvent("001", "init Exception:" + SecurityUtil.this.collectStackInfo(th));
                q.c(SecurityUtil.TAG, "init Exception", th);
            }
        }
    }

    /* loaded from: classes4.dex */
    private static class b {
        private static final SecurityUtil a = new SecurityUtil(null);

        private b() {
        }
    }

    private SecurityUtil() {
        this.singleThreadScheduledPool = Executors.newSingleThreadScheduledExecutor();
        this.ks = null;
        this.privateKeyMap = new HashMap();
        this.certificateChainMap = new HashMap();
        c0.b().c(this);
    }

    /* synthetic */ SecurityUtil(a aVar) {
        this();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String collectStackInfo(Throwable th) {
        StringBuilder sb = new StringBuilder();
        StringWriter stringWriter = new StringWriter();
        PrintWriter printWriter = new PrintWriter(stringWriter);
        try {
            th.printStackTrace(printWriter);
            for (Throwable cause = th.getCause(); cause != null; cause = cause.getCause()) {
                cause.printStackTrace(printWriter);
            }
            printWriter.close();
            sb.append(stringWriter);
            sb.append(System.lineSeparator());
            return sb.toString();
        } catch (Throwable th2) {
            try {
                printWriter.close();
            } catch (Throwable th3) {
                th2.addSuppressed(th3);
            }
            throw th2;
        }
    }

    private synchronized KeyPair generateKeyPair(String str, String str2, int i, String str3, String str4) {
        KeyPairGenerator keyPairGenerator;
        try {
            keyPairGenerator = KeyPairGenerator.getInstance(str2, getHwUniversalKeyStoreProvider());
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            gregorianCalendar2.add(1, 10);
            keyPairGenerator.initialize(ALIAS_SIGN.equals(str) ? new KeyGenParameterSpec.Builder(str, i).setDigests(str3).setSignaturePaddings(str4).setCertificateSerialNumber(BigInteger.valueOf(1337L)).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).setAttestationChallenge("appAssistant".getBytes("UTF-8")).setUserAuthenticationRequired(false).build() : new KeyGenParameterSpec.Builder(str, i).setDigests(str3).setEncryptionPaddings(str4).setCertificateSerialNumber(BigInteger.valueOf(1337L)).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).setAttestationChallenge("appAssistant".getBytes("UTF-8")).setUserAuthenticationRequired(false).build());
        } catch (Exception e) {
            onOprEvent("001", "generateKeyPair e:" + collectStackInfo(e));
            q.b(TAG, "generateKeyPair e:" + e.getMessage());
            return null;
        }
        return keyPairGenerator.generateKeyPair();
    }

    private synchronized Certificate[] getCertificateChain(String str) {
        KeyStore.Entry entry;
        Certificate[] certificateArr = null;
        try {
            entry = this.ks.getEntry(str, null);
        } catch (Exception e) {
            onOprEvent("001", "getCertificateChain e:" + collectStackInfo(e));
            q.b(TAG, "getCertificateChain e:" + e.getMessage());
        }
        if (entry == null) {
            q.k(TAG, "Entry is not exist");
            return null;
        }
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            certificateArr = ((KeyStore.PrivateKeyEntry) entry).getCertificateChain();
            return certificateArr;
        }
        q.k(TAG, "Not an INSTANCE of a PrivateKeyEntry");
        return null;
    }

    public static SecurityUtil getInstance() {
        return b.a;
    }

    public static String getSHA256Str(String str) {
        String b2 = q80.b(str);
        return TextUtils.isEmpty(b2) ? "" : b2.toUpperCase(Locale.ENGLISH);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onOprEvent(String str, String str2) {
        xx.X0(new cy(str, str2));
    }

    public String aesBaseDecrypt(String str, byte[] bArr, byte[] bArr2) {
        if (bArr != null && bArr.length >= 16) {
            try {
                if (bArr.length > 16) {
                    bArr = Arrays.copyOf(bArr, 16);
                }
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                cipher.init(2, secretKeySpec, new IvParameterSpec(bArr2));
                return new String(cipher.doFinal(com.huawei.gameassistant.utils.b.a(str)), "UTF-8");
            } catch (Exception e) {
                onOprEvent("003", "AESBaseDecrypt Exception:" + collectStackInfo(e));
                q.c(TAG, "AESBaseDecrypt error", e);
            }
        }
        return null;
    }

    public String aesBaseEncrypt(String str, byte[] bArr, byte[] bArr2) {
        if (bArr == null || bArr.length < 16) {
            return "";
        }
        if (bArr.length > 16) {
            bArr = Arrays.copyOf(bArr, 16);
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, secretKeySpec, new IvParameterSpec(bArr2));
            return com.huawei.gameassistant.utils.b.b(cipher.doFinal(str.getBytes("UTF-8"))).replaceAll("\n", "").replaceAll("\r", "");
        } catch (Exception e) {
            onOprEvent("002", "AESBaseEncrypt Exception:" + collectStackInfo(e));
            q.c(TAG, "AESBaseEncrypt Exception", e);
            return "";
        }
    }

    public String aesGcmDecrypt(String str, String str2, String str3) {
        try {
            return AesGcm.decrypt(str2, str, str3);
        } catch (Exception e) {
            onOprEvent("003", "aesGcmDecrypt Exception:" + collectStackInfo(e));
            q.c(TAG, "aesGcmDecrypt Exception:", e);
            return str2;
        }
    }

    public String aesGcmDecryptServer(String str, byte[] bArr) {
        return AesGcm.decryptWithCryptHead(str, bArr);
    }

    public String aesGcmEncrypt(String str, String str2, String str3) {
        try {
            return AesGcm.encrypt(str2, str, str3);
        } catch (Exception e) {
            onOprEvent("002", "aesGcmEncrypt Exception:" + collectStackInfo(e));
            q.c(TAG, "aesGcmEncrypt Exception:", e);
            return str2;
        }
    }

    public synchronized String baseDecrypt(String str) {
        try {
            if (TextUtils.isEmpty(str)) {
                q.b(TAG, "baseDecrypt inputStr is null!");
                return null;
            }
            byte[] a2 = com.huawei.gameassistant.utils.b.a(str);
            Key key = this.privateKeyMap.get(ALIAS_ENCRYPT_1);
            if (key == null) {
                KeyStore.Entry entry = this.ks.getEntry(ALIAS_ENCRYPT_1, null);
                if (entry == null) {
                    q.b(TAG, "Entry is not exist");
                    return null;
                }
                if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                    q.b(TAG, "Not an INSTANCE of a PrivateKeyEntry");
                    return null;
                }
                key = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                this.privateKeyMap.put(ALIAS_ENCRYPT_1, key);
            }
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", getHwUniversalKeyStoreProvider());
            cipher.init(2, key, new OAEPParameterSpec(FeedbackWebConstants.SHA_256, "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
            cipher.update(a2);
            byte[] doFinal = cipher.doFinal();
            if (doFinal == null) {
                return null;
            }
            return new String(doFinal, "UTF-8");
        } catch (Exception e) {
            onOprEvent("003", "baseDecrypt Exception:" + collectStackInfo(e));
            q.c(TAG, "baseDecrypt Exception", e);
            return null;
        }
    }

    public String baseEncrypt(String str) {
        if (TextUtils.isEmpty(str)) {
            q.b(TAG, "encrypt error, sSrc is null");
            return "";
        }
        try {
            Certificate[] certificateArr = this.certificateChainMap.get(ALIAS_ENCRYPT_1);
            if (certificateArr == null) {
                certificateArr = getCertificateChain(ALIAS_ENCRYPT_1);
                if (certificateArr == null) {
                    return null;
                }
                this.certificateChainMap.put(ALIAS_ENCRYPT_1, certificateArr);
            }
            PublicKey publicKey = certificateArr[0].getPublicKey();
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
            cipher.init(1, publicKey, new OAEPParameterSpec(FeedbackWebConstants.SHA_256, "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
            cipher.update(str.getBytes("UTF-8"));
            byte[] doFinal = cipher.doFinal();
            if (doFinal != null) {
                return com.huawei.gameassistant.utils.b.b(doFinal);
            }
        } catch (Exception e) {
            onOprEvent("002", "baseEncrypt Exception:" + collectStackInfo(e));
            q.c(TAG, "baseEncrypt error", e);
        }
        return "";
    }

    public String decryptData(String str) {
        byte[] a2;
        Key key;
        if (TextUtils.isEmpty(str)) {
            q.b(TAG, "decryptData inputStr is null!");
            return "";
        }
        try {
            a2 = com.huawei.gameassistant.utils.b.a(str);
            key = this.privateKeyMap.get(ALIAS_ENCRYPT);
        } catch (Exception e) {
            onOprEvent("003", "decryptData Exception:" + collectStackInfo(e));
            q.c(TAG, "decryptData Exception e", e);
        }
        if (key == null) {
            q.b(TAG, "decryptData privateKey is null");
            return null;
        }
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", getHwUniversalKeyStoreProvider());
        cipher.init(2, key, new OAEPParameterSpec(FeedbackWebConstants.SHA_256, "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
        cipher.update(a2);
        byte[] doFinal = cipher.doFinal();
        if (doFinal != null) {
            return new String(doFinal, "UTF-8");
        }
        return "";
    }

    public Certificate[] getEncryptCertificateChain() {
        Certificate[] certificateArr = this.certificateChainMap.get(ALIAS_ENCRYPT);
        if (certificateArr != null) {
            return certificateArr;
        }
        Certificate[] certificateChain = getCertificateChain(ALIAS_ENCRYPT);
        this.certificateChainMap.put(ALIAS_ENCRYPT, certificateChain);
        return certificateChain;
    }

    public Provider getHwUniversalKeyStoreProvider() {
        try {
            return new HwUniversalKeyStoreProvider();
        } catch (Throwable th) {
            onOprEvent("003", "getHwUniversalKeyStoreProvider Exception:" + collectStackInfo(th));
            q.c(TAG, "getHwUniversalKeyStoreProvider Exception", th);
            return null;
        }
    }

    public byte[] getSaltBytes() {
        a90.i(true);
        return a90.d(16);
    }

    public String getSaltString() {
        a90.i(true);
        return a90.e(16);
    }

    public Certificate[] getSignCertificateChain() {
        Certificate[] certificateArr = this.certificateChainMap.get(ALIAS_SIGN);
        if (certificateArr != null) {
            return certificateArr;
        }
        Certificate[] certificateChain = getCertificateChain(ALIAS_SIGN);
        this.certificateChainMap.put(ALIAS_SIGN, certificateChain);
        return certificateChain;
    }

    /* JADX WARN: Code restructure failed: missing block: B:7:0x0014, code lost:
    
        if (com.huawei.appgallery.base.os.b.d("ro.config.gameassist.peripherals", 0) == 1) goto L22;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void init(boolean r4) {
        /*
            r3 = this;
            java.lang.String r0 = "SecurityUtil"
            java.lang.String r1 = "init"
            com.huawei.gameassistant.utils.q.d(r0, r1)
            java.lang.Object r0 = com.huawei.gameassistant.utils.SecurityUtil.LOCK
            monitor-enter(r0)
            if (r4 != 0) goto L19
            java.lang.String r4 = "ro.config.gameassist.peripherals"
            r1 = 0
            int r4 = com.huawei.appgallery.base.os.b.d(r4, r1)     // Catch: java.lang.Throwable -> L17
            r1 = 1
            if (r4 != r1) goto L36
            goto L19
        L17:
            r4 = move-exception
            goto L38
        L19:
            com.huawei.security.keystore.HwUniversalKeyStoreProvider.install()     // Catch: java.lang.Throwable -> L1d
            goto L2c
        L1d:
            r4 = move-exception
            java.lang.String r1 = "001"
            java.lang.String r2 = "Provider install Exception"
            r3.onOprEvent(r1, r2)     // Catch: java.lang.Throwable -> L17
            java.lang.String r1 = "SecurityUtil"
            java.lang.String r2 = "Provider install Exception"
            com.huawei.gameassistant.utils.q.c(r1, r2, r4)     // Catch: java.lang.Throwable -> L17
        L2c:
            java.util.concurrent.ScheduledExecutorService r4 = r3.singleThreadScheduledPool     // Catch: java.lang.Throwable -> L17
            com.huawei.gameassistant.utils.SecurityUtil$a r1 = new com.huawei.gameassistant.utils.SecurityUtil$a     // Catch: java.lang.Throwable -> L17
            r1.<init>()     // Catch: java.lang.Throwable -> L17
            r4.execute(r1)     // Catch: java.lang.Throwable -> L17
        L36:
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L17
            return
        L38:
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L17
            throw r4
        */
        throw new UnsupportedOperationException("Method not decompiled: com.huawei.gameassistant.utils.SecurityUtil.init(boolean):void");
    }

    public boolean initKeyPair() {
        boolean z;
        synchronized (LOCK) {
            z = true;
            if (this.isInit) {
                q.d(TAG, "isInit is true");
            } else {
                q.d(TAG, "start init KeyPair.");
                boolean z2 = false;
                this.isInit = false;
                c0.b().c(this);
                KeyPair generateKeyPair = generateKeyPair(ALIAS_SIGN, "RSA", 12, FeedbackWebConstants.SHA_256, "PSS");
                KeyPair generateKeyPair2 = generateKeyPair(ALIAS_ENCRYPT, "RSA", 3, FeedbackWebConstants.SHA_256, "OAEPPadding");
                KeyPair generateKeyPair3 = generateKeyPair(ALIAS_ENCRYPT_1, "RSA", 3, FeedbackWebConstants.SHA_256, "OAEPPadding");
                this.ks = null;
                this.privateKeyMap.clear();
                this.certificateChainMap.clear();
                if (generateKeyPair != null && generateKeyPair2 != null && generateKeyPair3 != null) {
                    z2 = true;
                }
                q.d(TAG, "init KeyPair result:" + z2);
                if (z2) {
                    this.isInit = true;
                    c0.b().g(this);
                }
                z = z2;
            }
        }
        return z;
    }

    public boolean isInitSuccess() {
        boolean z;
        synchronized (LOCK) {
            if (this.isInit) {
                try {
                    if (this.ks == null) {
                        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_NAME);
                        this.ks = keyStore;
                        keyStore.load(null);
                        q.d(TAG, "Load keystore success!");
                    }
                    if (!this.privateKeyMap.containsKey(ALIAS_SIGN)) {
                        this.privateKeyMap.put(ALIAS_SIGN, this.ks.getKey(ALIAS_SIGN, null));
                        this.certificateChainMap.put(ALIAS_SIGN, getCertificateChain(ALIAS_SIGN));
                    }
                    if (!this.privateKeyMap.containsKey(ALIAS_ENCRYPT)) {
                        KeyStore.Entry entry = this.ks.getEntry(ALIAS_ENCRYPT, null);
                        if (entry instanceof KeyStore.PrivateKeyEntry) {
                            this.privateKeyMap.put(ALIAS_ENCRYPT, ((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
                            this.certificateChainMap.put(ALIAS_ENCRYPT, getCertificateChain(ALIAS_ENCRYPT));
                        } else {
                            q.k(TAG, "Not an INSTANCE of a PrivateKeyEntry");
                            this.isInit = false;
                        }
                    }
                    if (!this.privateKeyMap.containsKey(ALIAS_ENCRYPT_1)) {
                        KeyStore.Entry entry2 = this.ks.getEntry(ALIAS_ENCRYPT_1, null);
                        if (entry2 instanceof KeyStore.PrivateKeyEntry) {
                            this.privateKeyMap.put(ALIAS_ENCRYPT_1, ((KeyStore.PrivateKeyEntry) entry2).getPrivateKey());
                            this.certificateChainMap.put(ALIAS_ENCRYPT_1, getCertificateChain(ALIAS_ENCRYPT_1));
                        } else {
                            q.k(TAG, "Not an INSTANCE of a PrivateKeyEntry");
                            this.isInit = false;
                        }
                    }
                    if (!this.isInit) {
                        q.b(TAG, "keyentry not exists, init again.");
                        c0.b().g(this);
                        initKeyPair();
                    }
                } catch (Exception e) {
                    onOprEvent("001", "init Exception:" + collectStackInfo(e));
                    q.c(TAG, "Init KeyStore exception:", e);
                }
            }
            z = this.isInit;
        }
        return z;
    }

    public String signData(String str) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, NoSuchProviderException {
        if (TextUtils.isEmpty(str)) {
            q.b(TAG, "signData inputStr is null!");
            return null;
        }
        byte[] bytes = str.getBytes("UTF-8");
        Key key = this.privateKeyMap.get(ALIAS_SIGN);
        if (key == null) {
            q.b(TAG, "signData privateKey is null");
            return null;
        }
        Signature signature = Signature.getInstance(SIGNATURE_TYPE_SHA256, "HwUniversalKeyStoreProvider");
        signature.initSign((PrivateKey) key);
        signature.update(bytes);
        return com.huawei.gameassistant.utils.b.b(signature.sign());
    }
}
