package com.huawei.hiassistant.voice.wakeup.common;

import android.security.keystore.KeyGenParameterSpec;
import com.huawei.hiassistant.platform.base.util.KitLog;
import com.huawei.hiassistant.voice.wakeup.bean.AesInfoBean;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes5.dex */
public class KeyStoreUtils {
    private static final String AES_MODE = "AES/GCM/NoPadding";
    private static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    private static final int AUTHENTICATION_TAG_LENGTH = 128;
    private static final String CLIENT_CIPHER = "client_cipher";
    private static final int KEY_SIZE = 256;
    private static final String TAG = "KeyStoreUtils";
    private static KeyStoreUtils sInstance;
    private KeyStore mKeyStore;
    private SecretKey mSecretKey;

    private KeyStoreUtils() {
        initKeyStore();
    }

    private void generateKey() {
        if (this.mKeyStore == null) {
            return;
        }
        KitLog.info(TAG, "generateKey begin");
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEYSTORE);
            if (keyGenerator == null) {
                KitLog.error(TAG, "keyGenerator is null");
                return;
            }
            keyGenerator.init(new KeyGenParameterSpec.Builder(CLIENT_CIPHER, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build());
            SecretKey generateKey = keyGenerator.generateKey();
            if (generateKey == null) {
                KitLog.error(TAG, "secretKey is null");
                return;
            }
            KitLog.info(TAG, "generateKey end, secretKey:" + generateKey.getAlgorithm());
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException unused) {
            KitLog.error(TAG, "generateKey exception");
        }
    }

    public static KeyStoreUtils getInstance() {
        if (sInstance == null) {
            synchronized (KeyStoreUtils.class) {
                sInstance = new KeyStoreUtils();
            }
        }
        return sInstance;
    }

    private void initKeyStore() {
        try {
            KitLog.debug(TAG, "initKeyStore begin", new Object[0]);
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            this.mKeyStore = keyStore;
            if (keyStore == null) {
                KitLog.error(TAG, "ANDROID_KEYSTORE is null");
                return;
            }
            keyStore.load(null);
            Key key = this.mKeyStore.getKey(CLIENT_CIPHER, null);
            if (key == null) {
                generateKey();
                key = this.mKeyStore.getKey(CLIENT_CIPHER, null);
            }
            if (key == null) {
                KitLog.error(TAG, "not exist key:client_cipher");
                return;
            }
            if (key instanceof SecretKey) {
                this.mSecretKey = (SecretKey) key;
            } else {
                KitLog.error(TAG, "key is not SecretKey");
            }
            KitLog.debug(TAG, "initKeyStore end", new Object[0]);
        } catch (IOException | CertificateException unused) {
            KitLog.error(TAG, "load keyStore exception");
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException unused2) {
            KitLog.error(TAG, "initKeyStore exception");
        }
    }

    private boolean isDecryptInfoValid(AesInfoBean aesInfoBean) {
        if (aesInfoBean == null) {
            KitLog.error(TAG, "decrypt Info not Valid, bean is null");
            return false;
        }
        if (aesInfoBean.getEncryptedData() == null || aesInfoBean.getEncryptedData().length <= 0) {
            KitLog.error(TAG, "decrypt Info not Valid, encrypted Data is empty");
            return false;
        }
        if (aesInfoBean.getAesIv() != null && aesInfoBean.getAesIv().length > 0) {
            return true;
        }
        KitLog.error(TAG, "decrypt Info not Valid, AesIv Data is empty");
        return false;
    }

    private boolean isEncryptInfoValid(AesInfoBean aesInfoBean) {
        if (aesInfoBean == null) {
            KitLog.error(TAG, "encrypt Info not Valid, bean is null");
            return false;
        }
        if (aesInfoBean.getOriginData() != null && aesInfoBean.getOriginData().length > 0) {
            return true;
        }
        KitLog.error(TAG, "encrypt Info not Valid, origin data is empty");
        return false;
    }

    private boolean isFunctionAvailable() {
        if (this.mKeyStore != null && this.mSecretKey != null) {
            return true;
        }
        KitLog.error(TAG, "function is not available!");
        return false;
    }

    public void decrypt(AesInfoBean aesInfoBean) {
        long currentTimeMillis = System.currentTimeMillis();
        try {
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException unused) {
            KitLog.error(TAG, "decrypt exception");
        }
        if (isFunctionAvailable() && isDecryptInfoValid(aesInfoBean)) {
            KitLog.info(TAG, "start decrypt");
            Cipher cipher = Cipher.getInstance(AES_MODE);
            if (cipher == null) {
                KitLog.error(TAG, "decrypt cipher is null");
                return;
            }
            cipher.init(2, this.mSecretKey, new GCMParameterSpec(128, aesInfoBean.getAesIv()));
            aesInfoBean.setOriginData(cipher.doFinal(aesInfoBean.getEncryptedData()));
            KitLog.info(TAG, "decrypt cost time:" + (System.currentTimeMillis() - currentTimeMillis));
        }
    }

    public void encrypt(AesInfoBean aesInfoBean) {
        long currentTimeMillis = System.currentTimeMillis();
        try {
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException unused) {
            KitLog.error(TAG, "encrypt exception");
        }
        if (isFunctionAvailable() && isEncryptInfoValid(aesInfoBean)) {
            KitLog.debug(TAG, "start encrypt", new Object[0]);
            Cipher cipher = Cipher.getInstance(AES_MODE);
            if (cipher == null) {
                KitLog.error(TAG, "encrypt cipher is null");
                return;
            }
            cipher.init(1, this.mSecretKey);
            aesInfoBean.setEncryptedData(cipher.doFinal(aesInfoBean.getOriginData()));
            aesInfoBean.setAesIv(cipher.getIV());
            KitLog.debug(TAG, "encrypt cost time:" + (System.currentTimeMillis() - currentTimeMillis), new Object[0]);
        }
    }
}
