package com.tencent.tmf.biometricauth.core.keystore.aes;

import android.annotation.TargetApi;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import com.tencent.tmf.biometricauth.core.keystore.BaseKeyStore;
import com.tencent.tmf.biometricauth.core.keystore.rsa.KeyPropertiesCompact;
import com.tencent.tmf.biometricauth.core.model.Triple;
import com.tencent.tmf.biometricauth.model.PubKeyModel;
import com.tencent.tmf.biometricauth.model.ReturnResult;
import com.tencent.tmf.biometricauth.util.DebugLogger;
import com.tencent.tmf.biometricauth.util.SpHelper;
import java.security.KeyStore;
import java.security.Signature;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import t.a;

/* loaded from: classes.dex */
public class AesKeyStore extends BaseKeyStore {
    public AesKeyStore(@NonNull String str) {
        this("AndroidKeyStore", str);
    }

    public AesKeyStore(@NonNull String str, @NonNull String str2) {
        super(str, str2);
        this.isSupport = true;
    }

    @TargetApi(23)
    private ReturnResult generateAesKey(String str) {
        try {
            KeyStore.getInstance(this.mProviderName).load(null);
            KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyPropertiesCompact.KEY_ALGORITHM_AES, this.mProviderName);
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(str, 3);
            builder.setUserAuthenticationRequired(true);
            if (Build.VERSION.SDK_INT >= 24) {
                builder.setInvalidatedByBiometricEnrollment(true);
            }
            builder.setBlockModes(KeyPropertiesCompact.BLOCK_MODE_CBC);
            builder.setEncryptionPaddings(KeyPropertiesCompact.ENCRYPTION_PADDING_PKCS7);
            keyGenerator.init(builder.build());
            keyGenerator.generateKey();
            return new ReturnResult(0);
        } catch (Exception e10) {
            e10.printStackTrace();
            return new ReturnResult(6, e10.toString());
        } catch (OutOfMemoryError e11) {
            e11.printStackTrace();
            return new ReturnResult(2);
        }
    }

    private SecretKey getSecretKey(String str) {
        if (TextUtils.isEmpty(str)) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(this.mProviderName);
            keyStore.load(null);
            return (SecretKey) keyStore.getKey(str, null);
        } catch (Exception e10) {
            StringBuilder a10 = a.a("getSecretKey exception: ");
            a10.append(e10.toString());
            DebugLogger.e(BaseKeyStore.TAG, a10.toString(), new Object[0]);
            return null;
        }
    }

    private boolean hasKey(@NonNull String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(this.mProviderName);
            keyStore.load(null);
            return keyStore.getKey(str, null) != null;
        } catch (Exception e10) {
            StringBuilder a10 = a.a("hasAppGlobalSecureKey exception: ");
            a10.append(e10.toString());
            DebugLogger.e(BaseKeyStore.TAG, a10.toString(), new Object[0]);
            return false;
        }
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IAuthHelper
    public byte[] finishAuth(long j10) {
        return new byte[0];
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    @TargetApi(23)
    public ReturnResult generateAppGlobalSecureKey() {
        return generateAesKey(this.mAppSecureKeyName);
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    public PubKeyModel getAppGlobalSecureKeyModel() {
        return null;
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IAuthHelper
    @TargetApi(23)
    public Triple<Signature, Cipher, Mac> getAuthInitAndSign(String str) {
        if (!isNativeSupport()) {
            return null;
        }
        try {
            SecretKey secretKey = getSecretKey(this.mAppSecureKeyName);
            if (secretKey == null) {
                return null;
            }
            int parseInt = Integer.parseInt(str);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            if (parseInt == 1) {
                cipher.init(1, secretKey);
                SpHelper.getInstance().putString(this.mAppSecureKeyName + "iv", Base64.encodeToString(cipher.getIV(), 2));
            } else {
                cipher.init(2, secretKey, new IvParameterSpec(Base64.decode(SpHelper.getInstance().getString(this.mAppSecureKeyName + "iv"), 2)));
            }
            return new Triple<>(null, cipher, null);
        } catch (Exception e10) {
            StringBuilder a10 = a.a("initCipher exception: ");
            a10.append(e10.getMessage());
            a10.toString();
            return null;
        }
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    public int getKeyStoreType() {
        return 0;
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    public boolean hasAppGlobalSecureKey() {
        return hasKey(this.mAppSecureKeyName);
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    public boolean isAppGlobalSecureKeyValid() {
        return hasAppGlobalSecureKey();
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    @TargetApi(23)
    public boolean isKeyProtectedEnforcedBySecureHardware() {
        SecretKey secretKey = hasAppGlobalSecureKey() ? getSecretKey(this.mAppSecureKeyName) : generateAesKey("test_temp_key").mErrorCode == 0 ? getSecretKey("test_temp_key") : null;
        if (secretKey == null) {
            return false;
        }
        try {
            KeyInfo keyInfo = (KeyInfo) SecretKeyFactory.getInstance(KeyPropertiesCompact.KEY_ALGORITHM_AES, "AndroidKeyStore").getKeySpec(secretKey, KeyInfo.class);
            if (keyInfo.isInsideSecureHardware()) {
                return keyInfo.isUserAuthenticationRequirementEnforcedBySecureHardware();
            }
            return false;
        } catch (Exception e10) {
            StringBuilder a10 = a.a("isKeyProtectedEnforcedBySecureHardware exception: ");
            a10.append(e10.toString());
            DebugLogger.e(BaseKeyStore.TAG, a10.toString(), new Object[0]);
            return false;
        }
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    public boolean isNativeSupport() {
        return this.isSupport.booleanValue();
    }

    @Override // com.tencent.tmf.biometricauth.core.model.IRelease
    public void release() {
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    public ReturnResult removeAppGlobalSecureKey() {
        try {
            KeyStore keyStore = KeyStore.getInstance(this.mProviderName);
            keyStore.load(null);
            keyStore.deleteEntry(this.mAppSecureKeyName);
            return new ReturnResult(0);
        } catch (Exception e10) {
            return new ReturnResult(5, e10.toString());
        } catch (OutOfMemoryError e11) {
            return new ReturnResult(5, e11.toString());
        }
    }
}
