package com.heytap.omas.omkms.feature;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.google.gson.Gson;
import com.google.gson.JsonIOException;
import com.google.gson.JsonSyntaxException;
import com.google.gson.reflect.TypeToken;
import com.heytap.omas.omkms.feature.c;
import com.heytap.omas.proto.Omkms3;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import r3.i;

@TargetApi(19)
/* loaded from: classes2.dex */
public class d implements com.heytap.omas.omkms.feature.a {

    /* renamed from: d, reason: collision with root package name */
    public static final String f5123d = "KeyStoreLowerApiISessionTicketCache";

    /* renamed from: e, reason: collision with root package name */
    public static final String f5124e = "AndroidKeyStore";

    /* renamed from: f, reason: collision with root package name */
    public static final String f5125f = "OMAS";

    /* renamed from: g, reason: collision with root package name */
    public static final String f5126g = "session_key_encrypt_keystore_rsa_alias";

    /* renamed from: h, reason: collision with root package name */
    public static final String f5127h = "RSA/None/PKCS1Padding";

    /* renamed from: i, reason: collision with root package name */
    public static final String f5128i = "AES/GCM/NoPadding";

    /* renamed from: j, reason: collision with root package name */
    public static KeyStore f5129j;

    /* renamed from: k, reason: collision with root package name */
    public static volatile byte[] f5130k;

    /* renamed from: l, reason: collision with root package name */
    public static Map<String, Omkms3.ServiceSessionInfo> f5131l = new ConcurrentHashMap();

    /* renamed from: m, reason: collision with root package name */
    public static Map<String, Omkms3.KmsSessionInfo> f5132m = new ConcurrentHashMap();

    /* renamed from: a, reason: collision with root package name */
    public String f5133a;

    /* renamed from: b, reason: collision with root package name */
    public String f5134b;

    /* renamed from: c, reason: collision with root package name */
    public String f5135c;

    @TargetApi(19)
    /* loaded from: classes2.dex */
    public static class b {

        /* renamed from: a, reason: collision with root package name */
        public static final String f5136a = "EnAesSpUtils";

        /* renamed from: b, reason: collision with root package name */
        public static final String f5137b = "en_aes_key_file";

        /* renamed from: c, reason: collision with root package name */
        public static final String f5138c = "aes_encrypted_key_of_android_key_store_rsa_key";

        /* renamed from: d, reason: collision with root package name */
        public static volatile byte[] f5139d;

        /* loaded from: classes2.dex */
        public static class a extends TypeToken<byte[]> {
        }

        @TargetApi(19)
        public static synchronized void c(Context context, byte[] bArr) {
            synchronized (b.class) {
                try {
                    if (f5139d != null) {
                        i.h(f5136a, "saveEnAesKey: should not take place always,in this case that would be bug ,not ensure a singleton object to call this method.");
                    }
                    i.j(f5136a, "saveEnAesKey: encryptedAesKey:" + bArr);
                    SharedPreferences.Editor edit = context.getSharedPreferences(f5137b, 0).edit();
                    edit.putString(f5138c, new Gson().toJson(bArr));
                    i.j(f5136a, "saveEnAesKey: result:" + edit.commit());
                    f5139d = bArr;
                } catch (Throwable th) {
                    throw th;
                }
            }
        }

        @Nullable
        @TargetApi(19)
        public static byte[] d(Context context) {
            try {
                if (f5139d != null && f5139d.length != 0) {
                    i.j(f5136a, "loadEnAesKey: load enAesKey from memory cache.enAesKey:" + f5139d);
                    return f5139d;
                }
                String string = context.getSharedPreferences(f5137b, 0).getString(f5138c, null);
                if (string == null) {
                    i.h(f5136a, "loadEnAesKey: null,not en aes key info.");
                    return null;
                }
                byte[] bArr = (byte[]) new Gson().fromJson(string, new a().getType());
                i.j(f5136a, "loadEnAesKey: load enAesKey from sp file, enAesKey:" + bArr);
                f5139d = bArr;
                return f5139d;
            } catch (Exception e10) {
                i.h(f5136a, "loadEnAesKey: exception,detail:" + e10);
                return null;
            }
        }
    }

    /* loaded from: classes2.dex */
    public static final class c {

        /* renamed from: a, reason: collision with root package name */
        public static final String f5140a = "kms_";

        /* renamed from: b, reason: collision with root package name */
        public static final String f5141b = "service_";

        /* renamed from: c, reason: collision with root package name */
        public static final String f5142c = "encrypted_session_key_info";

        @Nullable
        public static Omkms3.EnKmsSessionInfo d(Context context, String str) {
            try {
                if (context == null) {
                    throw new IllegalArgumentException("loadEnKmsSessionFromFile: context cannot be null.");
                }
                String string = context.getSharedPreferences(f5142c, 0).getString(f5140a + str, null);
                if (!TextUtils.isEmpty(string)) {
                    return (Omkms3.EnKmsSessionInfo) r3.h.a(string, Omkms3.EnKmsSessionInfo.class);
                }
                i.h(d.f5123d, "loadEnKmsSessionFromFile: fail.");
                return null;
            } catch (JsonSyntaxException e10) {
                i.h(d.f5123d, "loadEnKmsSessionFromFile: " + e10);
                return null;
            }
        }

        public static void e(Context context, Omkms3.EnKmsSessionInfo enKmsSessionInfo) {
            try {
                SharedPreferences.Editor edit = context.getSharedPreferences(f5142c, 0).edit();
                edit.putString(f5140a + enKmsSessionInfo.getUserInitInfo(), r3.h.b(enKmsSessionInfo, Omkms3.EnKmsSessionInfo.class));
                edit.commit();
            } catch (JsonIOException e10) {
                i.h(d.f5123d, "saveEnKmsSessionToFile: " + e10);
            }
        }

        public static void f(Context context, Omkms3.EnServiceSessionInfo enServiceSessionInfo) {
            SharedPreferences.Editor edit = context.getSharedPreferences(f5142c, 0).edit();
            edit.putString(f5141b + enServiceSessionInfo.getUserInitInfo(), r3.h.b(enServiceSessionInfo, Omkms3.EnServiceSessionInfo.class));
            edit.commit();
        }

        @Nullable
        public static Omkms3.EnServiceSessionInfo g(Context context, String str) {
            try {
                if (context == null) {
                    throw new IllegalArgumentException("loadEnServiceSessionFromFile: context cannot be null.");
                }
                String string = context.getSharedPreferences(f5142c, 0).getString(f5141b + str, null);
                if (!TextUtils.isEmpty(string)) {
                    return (Omkms3.EnServiceSessionInfo) r3.h.a(string, Omkms3.EnServiceSessionInfo.class);
                }
                i.h(d.f5123d, "loadEnServiceSessionFromFile: fail.");
                return null;
            } catch (JsonSyntaxException e10) {
                i.h(d.f5123d, "loadEnServiceSessionFromFile: " + e10);
                return null;
            }
        }
    }

    /* renamed from: com.heytap.omas.omkms.feature.d$d, reason: collision with other inner class name */
    /* loaded from: classes2.dex */
    public static class C0041d {

        /* renamed from: a, reason: collision with root package name */
        public static final d f5143a = new d();
    }

    public d() {
        this.f5133a = c.b.f5119a;
        this.f5134b = c.b.f5120b;
        this.f5135c = c.b.f5121c;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            f5129j = keyStore;
            keyStore.load(null);
        } catch (Exception e10) {
            i.h(f5123d, "KeyStoreRsaCache: exception:" + e10);
        }
    }

    public static d e() {
        return C0041d.f5143a;
    }

    private String f(@NonNull com.heytap.omas.omkms.data.h hVar) {
        if (hVar == null) {
            throw new IllegalArgumentException("InitParamSpec cannot be null");
        }
        return "lower-api_" + r3.g.a(hVar);
    }

    public static AlgorithmParameterSpec g(int i10, byte[] bArr) {
        return h(i10, bArr, 0, bArr.length);
    }

    public static AlgorithmParameterSpec h(int i10, byte[] bArr, int i11, int i12) {
        return new GCMParameterSpec(i10, bArr, i11, i12);
    }

    @TargetApi(19)
    public static boolean i(Context context, String str) {
        try {
            i.h(f5123d, "generateRsaKeyPair: alias:" + str);
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 100);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(context).setKeyType("RSA").setKeySize(2048).setAlias(str).setSubject(new X500Principal("CN=cn,O=OPLUS,OU=OSEC")).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build());
            keyPairGenerator.generateKeyPair();
            return true;
        } catch (Exception e10) {
            e10.toString();
            return false;
        }
    }

    public static byte[] j(com.heytap.omas.omkms.data.h hVar, SecretKey secretKey, int i10, byte[] bArr, byte[] bArr2, int i11) {
        Cipher cipher;
        try {
            if (TextUtils.isEmpty(hVar.getCipherProvider())) {
                cipher = Cipher.getInstance("AES/GCM/NoPadding");
            } else {
                if ("OMAS".equals(hVar.getCipherProvider())) {
                    q3.a.d();
                    cipher = Cipher.getInstance("AES/GCM/NoPadding", "OMAS");
                    cipher.init(i11, secretKey, new GCMParameterSpec(i10, bArr));
                    return cipher.doFinal(bArr2);
                }
                cipher = Cipher.getInstance("AES/GCM/NoPadding", hVar.getCipherProvider());
            }
            cipher.init(i11, secretKey, g(i10, bArr));
            return cipher.doFinal(bArr2);
        } catch (InvalidAlgorithmParameterException e10) {
            e = e10;
            e.printStackTrace();
            return null;
        } catch (InvalidKeyException e11) {
            e = e11;
            e.printStackTrace();
            return null;
        } catch (NoSuchAlgorithmException e12) {
            e = e12;
            e.printStackTrace();
            return null;
        } catch (NoSuchProviderException e13) {
            e = e13;
            e.printStackTrace();
            return null;
        } catch (BadPaddingException e14) {
            e = e14;
            e.printStackTrace();
            return null;
        } catch (IllegalBlockSizeException e15) {
            e = e15;
            e.printStackTrace();
            return null;
        } catch (NoSuchPaddingException e16) {
            e = e16;
            e.printStackTrace();
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.KmsSessionInfo a(Context context, com.heytap.omas.omkms.data.h hVar) {
        try {
            String f10 = f(hVar);
            if (f5132m.containsKey(f10)) {
                i.j(f5123d, "loadKmsSessionTicketInfo: try load kms ticket from memory.");
                return f5132m.get(f10);
            }
            if (!f5129j.containsAlias(f5126g)) {
                i.h(f5123d, "loadKmsSessionTicketInfo: Uninitialized,cannot load kms session info.");
                return null;
            }
            i.j(f5123d, "loadKmsSessionTicketInfo: try load encrypted service ticket from share preference.");
            Omkms3.EnKmsSessionInfo d10 = c.d(context, f10);
            if (d10 == null) {
                i.h(f5123d, "loadKmsSessionTicketInfo: enKmsSessionInfo == null.");
                return null;
            }
            PrivateKey privateKey = (PrivateKey) f5129j.getKey(f5126g, null);
            if (f5130k == null) {
                synchronized (this) {
                    try {
                        if (f5130k == null) {
                            f5130k = b.d(context);
                        }
                        if (f5130k != null && f5130k.length != 0) {
                        }
                        i.h(f5123d, "saveServiceSessionTicketInfo: fail,not found enKeystoreAesKey info,must save kms session ticket info first.");
                        return null;
                    } finally {
                    }
                }
            }
            Cipher cipher = Cipher.getInstance(f5127h);
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(f5130k);
            i.h(f5123d, "loadKmsSessionTicketInfo: deEnKeystoreAesKey:" + Arrays.toString(doFinal));
            Omkms3.KmsSessionInfo kmsSessionInfo = (Omkms3.KmsSessionInfo) r3.h.a(new String(j(hVar, new SecretKeySpec(doFinal, "AES"), 128, Base64.decode(d10.getIv(), 2), Base64.decode(d10.getEnSessionInfo().getBytes(), 2), 2)), Omkms3.KmsSessionInfo.class);
            f5132m.put(f10, kmsSessionInfo);
            i.h(f5123d, "loadKmsSessionTicketInfo: kmsSessionTicketInfo:\nbegin time:" + kmsSessionInfo.getBeginTime() + "\nendTime:" + kmsSessionInfo.getEndTime());
            return kmsSessionInfo;
        } catch (Exception e10) {
            i.h(f5123d, "loadKmsSessionTicketInfo: KeyStore exception:" + e10);
            return null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r5v9, types: [java.security.Key, javax.crypto.SecretKey] */
    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.EnKmsSessionInfo b(Context context, com.heytap.omas.omkms.data.h hVar, Omkms3.KmsSessionInfo kmsSessionInfo) {
        SecretKeySpec secretKeySpec;
        boolean z10;
        if (context == null || hVar == null || kmsSessionInfo == null) {
            i.h(f5123d, "saveKmsSessionTicketInfo: fail,parameters cannot be null.");
            return null;
        }
        try {
            String f10 = f(hVar);
            if (!f5129j.containsAlias(f5126g)) {
                synchronized (d.class) {
                    try {
                        if (f5129j.containsAlias(f5126g)) {
                            z10 = true;
                        } else {
                            i.j(f5123d, "saveKmsSessionTicketInfo: keyStore not contains alias:session_key_encrypt_keystore_rsa_alias,generate it now.");
                            z10 = i(context, f5126g);
                        }
                    } finally {
                    }
                }
                if (!z10) {
                    return null;
                }
            }
            PublicKey publicKey = f5129j.getCertificate(f5126g).getPublicKey();
            PrivateKey privateKey = (PrivateKey) f5129j.getKey(f5126g, null);
            byte[] bArr = new byte[12];
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.nextBytes(bArr);
            if (f5130k == null) {
                synchronized (this) {
                    try {
                        if (f5130k == null) {
                            f5130k = b.d(context);
                        }
                        if (f5130k != null && f5130k.length != 0) {
                            secureRandom.nextBytes(bArr);
                            Cipher cipher = Cipher.getInstance(f5127h);
                            cipher.init(2, privateKey);
                            secretKeySpec = new SecretKeySpec(cipher.doFinal(f5130k), "AES");
                        }
                        i.j(f5123d, "saveKmsSessionTicketInfo:not found enAesKey info,generate and save it.");
                        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                        keyGenerator.init(256);
                        ?? generateKey = keyGenerator.generateKey();
                        byte[] encoded = generateKey.getEncoded();
                        secureRandom.nextBytes(bArr);
                        Cipher cipher2 = Cipher.getInstance(f5127h);
                        cipher2.init(1, publicKey);
                        f5130k = cipher2.doFinal(encoded);
                        b.c(context, f5130k);
                        secretKeySpec = generateKey;
                    } finally {
                    }
                }
            } else {
                secureRandom.nextBytes(bArr);
                Cipher cipher3 = Cipher.getInstance(f5127h);
                cipher3.init(2, privateKey);
                secretKeySpec = new SecretKeySpec(cipher3.doFinal(f5130k), "AES");
            }
            SecretKeySpec secretKeySpec2 = secretKeySpec;
            String b10 = r3.h.b(kmsSessionInfo, Omkms3.KmsSessionInfo.class);
            secureRandom.nextBytes(bArr);
            byte[] j10 = j(hVar, secretKeySpec2, 128, bArr, b10.getBytes(), 1);
            if (j10 != null && j10.length != 0) {
                Omkms3.EnKmsSessionInfo build = Omkms3.EnKmsSessionInfo.newBuilder().setUserInitInfo(f10).setIv(Base64.encodeToString(bArr, 2)).setBeginTime(kmsSessionInfo.getBeginTime()).setEndTime(kmsSessionInfo.getEndTime()).setEnSessionInfo(Base64.encodeToString(j10, 2)).build();
                kmsSessionInfo.getBeginTime();
                kmsSessionInfo.getEndTime();
                c.e(context, build);
                f5132m.put(f10, kmsSessionInfo);
                return build;
            }
            i.h(f5123d, "saveKmsSessionTicketInfo: enKmsSessionBytes is null,encrypt fail,always should not take place.");
            return null;
        } catch (Exception e10) {
            e10.printStackTrace();
            i.h(f5123d, "saveKmsSessionKey: exception,detail:" + e10);
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @Nullable
    @TargetApi(19)
    public Omkms3.EnServiceSessionInfo c(Context context, com.heytap.omas.omkms.data.h hVar, Omkms3.ServiceSessionInfo serviceSessionInfo) {
        try {
            if (!f5129j.containsAlias(f5126g)) {
                i.h(f5123d, "saveServiceSessionTicketInfo: keyStore not contains alias:session_key_encrypt_keystore_rsa_alias,should not take place always.");
                return null;
            }
            PrivateKey privateKey = (PrivateKey) f5129j.getKey(f5126g, null);
            if (f5130k == null) {
                synchronized (this) {
                    try {
                        if (f5130k == null) {
                            f5130k = b.d(context);
                        }
                        if (f5130k != null && f5130k.length != 0) {
                        }
                        i.h(f5123d, "saveServiceSessionTicketInfo: fail,not found enAesKey info,must save kms session ticket info first.");
                        return null;
                    } finally {
                    }
                }
            }
            String f10 = f(hVar);
            byte[] bArr = new byte[12];
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.nextBytes(bArr);
            Cipher cipher = Cipher.getInstance(f5127h);
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(f5130k);
            SecretKeySpec secretKeySpec = new SecretKeySpec(doFinal, "AES");
            i.h(f5123d, "saveServiceSessionTicketInfo: dAesKey:" + Arrays.toString(doFinal));
            String b10 = r3.h.b(serviceSessionInfo, Omkms3.ServiceSessionInfo.class);
            secureRandom.nextBytes(bArr);
            byte[] j10 = j(hVar, secretKeySpec, 128, bArr, b10.getBytes(), 1);
            if (j10 != null && j10.length != 0) {
                Omkms3.EnServiceSessionInfo build = Omkms3.EnServiceSessionInfo.newBuilder().setUserInitInfo(f10).setIv(Base64.encodeToString(bArr, 2)).setBeginTime(serviceSessionInfo.getBeginTime()).setEndTime(serviceSessionInfo.getEndTime()).setEnSessionInfo(Base64.encodeToString(j10, 2)).build();
                c.f(context, build);
                f5131l.put(f10, serviceSessionInfo);
                return build;
            }
            i.h(f5123d, "saveServiceSessionTicketInfo: enServiceSessionBytes is null,encrypt fail,always should not take place.");
            return null;
        } catch (Exception e10) {
            i.h(f5123d, "saveServiceSessionTicketInfo: exception:" + e10);
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.ServiceSessionInfo d(Context context, com.heytap.omas.omkms.data.h hVar) {
        try {
            String f10 = f(hVar);
            if (f5131l.containsKey(f10)) {
                i.j(f5123d, "loadServiceSessionTicketInfo: load service ticket from memory.");
                return f5131l.get(f10);
            }
            if (!f5129j.containsAlias(f5126g)) {
                i.h(f5123d, "loadServiceSessionTicketInfo: uninitialized,cannot load service session info.");
                return null;
            }
            i.j(f5123d, "loadServiceSessionTicketInfo: load service ticket from share preference.");
            Omkms3.EnServiceSessionInfo g10 = c.g(context, f10);
            if (g10 == null) {
                i.h(f5123d, "loadServiceSessionTicketInfo: enServiceSessionInfo == null.");
                return null;
            }
            if (f5130k == null) {
                synchronized (this) {
                    try {
                        if (f5130k == null) {
                            f5130k = b.d(context);
                        }
                        if (f5130k != null && f5130k.length != 0) {
                        }
                        i.h(f5123d, "saveServiceSessionTicketInfo: fail,not found enKeystoreAesKey info,must save kms session ticket info first.");
                        return null;
                    } finally {
                    }
                }
            }
            PrivateKey privateKey = (PrivateKey) f5129j.getKey(f5126g, null);
            Cipher cipher = Cipher.getInstance(f5127h);
            cipher.init(2, privateKey);
            byte[] d10 = b.d(context);
            if (d10 != null && d10.length != 0) {
                byte[] j10 = j(hVar, new SecretKeySpec(cipher.doFinal(d10), "AES"), 128, Base64.decode(g10.getIv(), 2), Base64.decode(g10.getEnSessionInfo().getBytes(), 2), 2);
                if (j10 != null && j10.length != 0) {
                    Omkms3.ServiceSessionInfo serviceSessionInfo = (Omkms3.ServiceSessionInfo) r3.h.a(new String(j10), Omkms3.ServiceSessionInfo.class);
                    f5131l.put(f10, serviceSessionInfo);
                    return serviceSessionInfo;
                }
                i.h(f5123d, "loadServiceSessionTicketInfo: serviceSessionInfoBytes is null or empty,always should not take place.");
                return null;
            }
            i.h(f5123d, "loadServiceSessionTicketInfo: fail,not found enAesKey info,must save kms session ticket info first.");
            return null;
        } catch (Exception e10) {
            i.h(f5123d, "loadServiceSessionKey: KeyStore exception:" + e10);
            return null;
        }
    }
}
