package com.heytap.omas.omkms.feature;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.text.TextUtils;
import android.util.Base64;
import com.google.gson.Gson;
import com.google.gson.JsonIOException;
import com.google.gson.JsonSyntaxException;
import com.google.gson.reflect.TypeToken;
import com.heytap.omas.a.e.i;
import com.heytap.omas.proto.Omkms3;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

@TargetApi(19)
/* loaded from: classes.dex */
public class d implements com.heytap.omas.omkms.feature.a {

    /* renamed from: d, reason: collision with root package name */
    private static final String f20096d = "KeyStoreLowerApiISessionTicketCache";

    /* renamed from: e, reason: collision with root package name */
    private static final String f20097e = "AndroidKeyStore";

    /* renamed from: f, reason: collision with root package name */
    private static final String f20098f = "OMAS";

    /* renamed from: g, reason: collision with root package name */
    private static final String f20099g = "session_key_encrypt_keystore_rsa_alias";

    /* renamed from: h, reason: collision with root package name */
    private static final String f20100h = "RSA/None/PKCS1Padding";

    /* renamed from: i, reason: collision with root package name */
    private static final String f20101i = "AES/GCM/NoPadding";

    /* renamed from: j, reason: collision with root package name */
    private static KeyStore f20102j;

    /* renamed from: k, reason: collision with root package name */
    private static volatile byte[] f20103k;

    /* renamed from: l, reason: collision with root package name */
    private static Map<String, Omkms3.ServiceSessionInfo> f20104l = new ConcurrentHashMap();

    /* renamed from: m, reason: collision with root package name */
    private static Map<String, Omkms3.KmsSessionInfo> f20105m = new ConcurrentHashMap();

    /* renamed from: a, reason: collision with root package name */
    private String f20106a;

    /* renamed from: b, reason: collision with root package name */
    private String f20107b;

    /* renamed from: c, reason: collision with root package name */
    private String f20108c;

    @TargetApi(19)
    /* loaded from: classes.dex */
    private static class b {

        /* renamed from: a, reason: collision with root package name */
        private static final String f20109a = "EnAesSpUtils";

        /* renamed from: b, reason: collision with root package name */
        private static final String f20110b = "en_aes_key_file";

        /* renamed from: c, reason: collision with root package name */
        private static final String f20111c = "aes_encrypted_key_of_android_key_store_rsa_key";

        /* renamed from: d, reason: collision with root package name */
        private static volatile byte[] f20112d;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes.dex */
        public static class a extends TypeToken<byte[]> {
            a() {
            }
        }

        private b() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        @TargetApi(19)
        public static synchronized void b(Context context, byte[] bArr) {
            synchronized (b.class) {
                if (f20112d != null) {
                    i.b(f20109a, "saveEnAesKey: should not take place always,in this case that would be bug ,not ensure a singleton object to call this method.");
                }
                i.c(f20109a, "saveEnAesKey: encryptedAesKey:" + bArr);
                SharedPreferences.Editor edit = context.getSharedPreferences(f20110b, 0).edit();
                edit.putString(f20111c, new Gson().toJson(bArr));
                i.c(f20109a, "saveEnAesKey: result:" + edit.commit());
                f20112d = bArr;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        @TargetApi(19)
        public static byte[] b(Context context) {
            try {
                if (f20112d != null && f20112d.length != 0) {
                    i.c(f20109a, "loadEnAesKey: load enAesKey from memory cache.enAesKey:" + f20112d);
                    return f20112d;
                }
                String string = context.getSharedPreferences(f20110b, 0).getString(f20111c, null);
                if (string == null) {
                    i.b(f20109a, "loadEnAesKey: null,not en aes key info.");
                    return null;
                }
                byte[] bArr = (byte[]) new Gson().fromJson(string, new a().getType());
                i.c(f20109a, "loadEnAesKey: load enAesKey from sp file, enAesKey:" + bArr);
                f20112d = bArr;
                return f20112d;
            } catch (Exception e10) {
                i.b(f20109a, "loadEnAesKey: exception,detail:" + e10);
                return null;
            }
        }
    }

    /* loaded from: classes.dex */
    private static final class c {

        /* renamed from: a, reason: collision with root package name */
        private static final String f20113a = "kms_";

        /* renamed from: b, reason: collision with root package name */
        private static final String f20114b = "service_";

        /* renamed from: c, reason: collision with root package name */
        private static final String f20115c = "encrypted_session_key_info";

        private c() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static Omkms3.EnKmsSessionInfo b(Context context, String str) {
            try {
                if (context == null) {
                    throw new IllegalArgumentException("loadEnKmsSessionFromFile: context cannot be null.");
                }
                String string = context.getSharedPreferences(f20115c, 0).getString(f20113a + str, null);
                if (!TextUtils.isEmpty(string)) {
                    return (Omkms3.EnKmsSessionInfo) com.heytap.omas.a.e.h.a(string, Omkms3.EnKmsSessionInfo.class);
                }
                i.b(d.f20096d, "loadEnKmsSessionFromFile: fail.");
                return null;
            } catch (JsonSyntaxException e10) {
                i.b(d.f20096d, "loadEnKmsSessionFromFile: " + e10);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void b(Context context, Omkms3.EnKmsSessionInfo enKmsSessionInfo) {
            try {
                SharedPreferences.Editor edit = context.getSharedPreferences(f20115c, 0).edit();
                edit.putString(f20113a + enKmsSessionInfo.getUserInitInfo(), com.heytap.omas.a.e.h.a(enKmsSessionInfo, (Class<Omkms3.EnKmsSessionInfo>) Omkms3.EnKmsSessionInfo.class));
                edit.commit();
            } catch (JsonIOException e10) {
                i.b(d.f20096d, "saveEnKmsSessionToFile: " + e10);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void b(Context context, Omkms3.EnServiceSessionInfo enServiceSessionInfo) {
            SharedPreferences.Editor edit = context.getSharedPreferences(f20115c, 0).edit();
            edit.putString(f20114b + enServiceSessionInfo.getUserInitInfo(), com.heytap.omas.a.e.h.a(enServiceSessionInfo, (Class<Omkms3.EnServiceSessionInfo>) Omkms3.EnServiceSessionInfo.class));
            edit.commit();
        }

        public static Omkms3.EnServiceSessionInfo c(Context context, String str) {
            try {
                if (context == null) {
                    throw new IllegalArgumentException("loadEnServiceSessionFromFile: context cannot be null.");
                }
                String string = context.getSharedPreferences(f20115c, 0).getString(f20114b + str, null);
                if (!TextUtils.isEmpty(string)) {
                    return (Omkms3.EnServiceSessionInfo) com.heytap.omas.a.e.h.a(string, Omkms3.EnServiceSessionInfo.class);
                }
                i.b(d.f20096d, "loadEnServiceSessionFromFile: fail.");
                return null;
            } catch (JsonSyntaxException e10) {
                i.b(d.f20096d, "loadEnServiceSessionFromFile: " + e10);
                return null;
            }
        }
    }

    /* renamed from: com.heytap.omas.omkms.feature.d$d, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    private static class C0214d {

        /* renamed from: a, reason: collision with root package name */
        private static final d f20116a = new d();

        private C0214d() {
        }
    }

    private d() {
        this.f20106a = "KMS-";
        this.f20107b = "SERVICE-";
        this.f20108c = "en_session_key_info";
        try {
            KeyStore keyStore = KeyStore.getInstance(f20097e);
            f20102j = keyStore;
            keyStore.load(null);
        } catch (Exception e10) {
            i.b(f20096d, "KeyStoreRsaCache: exception:" + e10);
        }
    }

    public static d a() {
        return C0214d.f20116a;
    }

    private String a(com.heytap.omas.omkms.data.h hVar) {
        if (hVar == null) {
            throw new IllegalArgumentException("InitParamSpec cannot be null");
        }
        return "lower-api_" + com.heytap.omas.a.e.g.a(hVar);
    }

    private static AlgorithmParameterSpec a(int i10, byte[] bArr) {
        return a(i10, bArr, 0, bArr.length);
    }

    private static AlgorithmParameterSpec a(int i10, byte[] bArr, int i11, int i12) {
        return new GCMParameterSpec(i10, bArr, i11, i12);
    }

    @TargetApi(19)
    private static boolean a(Context context, String str) {
        try {
            i.b(f20096d, "generateRsaKeyPair: alias:" + str);
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 100);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", f20097e);
            keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(context).setKeyType("RSA").setKeySize(2048).setAlias(str).setSubject(new X500Principal("CN=cn,O=OPLUS,OU=OSEC")).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build());
            keyPairGenerator.generateKeyPair();
            return true;
        } catch (Exception e10) {
            e10.toString();
            return false;
        }
    }

    private static byte[] a(com.heytap.omas.omkms.data.h hVar, SecretKey secretKey, int i10, byte[] bArr, byte[] bArr2, int i11) {
        Cipher cipher;
        try {
            if (TextUtils.isEmpty(hVar.getCipherProvider())) {
                cipher = Cipher.getInstance("AES/GCM/NoPadding");
            } else {
                if (f20098f.equals(hVar.getCipherProvider())) {
                    com.heytap.omas.a.c.a.b();
                    cipher = Cipher.getInstance("AES/GCM/NoPadding", f20098f);
                    cipher.init(i11, secretKey, new GCMParameterSpec(i10, bArr));
                    return cipher.doFinal(bArr2);
                }
                cipher = Cipher.getInstance("AES/GCM/NoPadding", hVar.getCipherProvider());
            }
            cipher.init(i11, secretKey, a(i10, bArr));
            return cipher.doFinal(bArr2);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e10) {
            e10.printStackTrace();
            return null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r5v10, types: [java.security.Key, javax.crypto.SecretKey] */
    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.EnKmsSessionInfo a(Context context, com.heytap.omas.omkms.data.h hVar, Omkms3.KmsSessionInfo kmsSessionInfo) {
        boolean z10;
        SecretKeySpec secretKeySpec;
        SecretKeySpec secretKeySpec2;
        if (context == null || hVar == null || kmsSessionInfo == null) {
            i.b(f20096d, "saveKmsSessionTicketInfo: fail,parameters cannot be null.");
            return null;
        }
        try {
            String a10 = a(hVar);
            if (f20102j.containsAlias(f20099g)) {
                z10 = true;
            } else {
                synchronized (d.class) {
                    if (f20102j.containsAlias(f20099g)) {
                        z10 = true;
                    } else {
                        i.c(f20096d, "saveKmsSessionTicketInfo: keyStore not contains alias:session_key_encrypt_keystore_rsa_alias,generate it now.");
                        z10 = a(context, f20099g);
                    }
                }
            }
            if (!z10) {
                return null;
            }
            PublicKey publicKey = f20102j.getCertificate(f20099g).getPublicKey();
            PrivateKey privateKey = (PrivateKey) f20102j.getKey(f20099g, null);
            byte[] bArr = new byte[12];
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.nextBytes(bArr);
            if (f20103k == null) {
                synchronized (this) {
                    if (f20103k == null) {
                        f20103k = b.b(context);
                    }
                    if (f20103k != null && f20103k.length != 0) {
                        secureRandom.nextBytes(bArr);
                        Cipher cipher = Cipher.getInstance(f20100h);
                        cipher.init(2, privateKey);
                        secretKeySpec2 = new SecretKeySpec(cipher.doFinal(f20103k), com.heytap.market.app_dist.a.f17603b);
                    }
                    i.c(f20096d, "saveKmsSessionTicketInfo:not found enAesKey info,generate and save it.");
                    KeyGenerator keyGenerator = KeyGenerator.getInstance(com.heytap.market.app_dist.a.f17603b);
                    keyGenerator.init(256);
                    ?? generateKey = keyGenerator.generateKey();
                    byte[] encoded = generateKey.getEncoded();
                    secureRandom.nextBytes(bArr);
                    Cipher cipher2 = Cipher.getInstance(f20100h);
                    cipher2.init(1, publicKey);
                    f20103k = cipher2.doFinal(encoded);
                    b.b(context, f20103k);
                    secretKeySpec2 = generateKey;
                }
                secretKeySpec = secretKeySpec2;
            } else {
                secureRandom.nextBytes(bArr);
                Cipher cipher3 = Cipher.getInstance(f20100h);
                cipher3.init(2, privateKey);
                secretKeySpec = new SecretKeySpec(cipher3.doFinal(f20103k), com.heytap.market.app_dist.a.f17603b);
            }
            String a11 = com.heytap.omas.a.e.h.a(kmsSessionInfo, (Class<Omkms3.KmsSessionInfo>) Omkms3.KmsSessionInfo.class);
            secureRandom.nextBytes(bArr);
            byte[] a12 = a(hVar, secretKeySpec, 128, bArr, a11.getBytes(), 1);
            if (a12 != null && a12.length != 0) {
                Omkms3.EnKmsSessionInfo build = Omkms3.EnKmsSessionInfo.newBuilder().setUserInitInfo(a10).setIv(Base64.encodeToString(bArr, 2)).setBeginTime(kmsSessionInfo.getBeginTime()).setEndTime(kmsSessionInfo.getEndTime()).setEnSessionInfo(Base64.encodeToString(a12, 2)).build();
                kmsSessionInfo.getBeginTime();
                kmsSessionInfo.getEndTime();
                c.b(context, build);
                f20105m.put(a10, kmsSessionInfo);
                return build;
            }
            i.b(f20096d, "saveKmsSessionTicketInfo: enKmsSessionBytes is null,encrypt fail,always should not take place.");
            return null;
        } catch (Exception e10) {
            e10.printStackTrace();
            i.b(f20096d, "saveKmsSessionKey: exception,detail:" + e10);
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.EnServiceSessionInfo a(Context context, com.heytap.omas.omkms.data.h hVar, Omkms3.ServiceSessionInfo serviceSessionInfo) {
        try {
            if (!f20102j.containsAlias(f20099g)) {
                i.b(f20096d, "saveServiceSessionTicketInfo: keyStore not contains alias:session_key_encrypt_keystore_rsa_alias,should not take place always.");
                return null;
            }
            PrivateKey privateKey = (PrivateKey) f20102j.getKey(f20099g, null);
            if (f20103k == null) {
                synchronized (this) {
                    if (f20103k == null) {
                        f20103k = b.b(context);
                    }
                    if (f20103k != null && f20103k.length != 0) {
                    }
                    i.b(f20096d, "saveServiceSessionTicketInfo: fail,not found enAesKey info,must save kms session ticket info first.");
                    return null;
                }
            }
            String a10 = a(hVar);
            byte[] bArr = new byte[12];
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.nextBytes(bArr);
            Cipher cipher = Cipher.getInstance(f20100h);
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(f20103k);
            SecretKeySpec secretKeySpec = new SecretKeySpec(doFinal, com.heytap.market.app_dist.a.f17603b);
            i.b(f20096d, "saveServiceSessionTicketInfo: dAesKey:" + Arrays.toString(doFinal));
            String a11 = com.heytap.omas.a.e.h.a(serviceSessionInfo, (Class<Omkms3.ServiceSessionInfo>) Omkms3.ServiceSessionInfo.class);
            secureRandom.nextBytes(bArr);
            byte[] a12 = a(hVar, secretKeySpec, 128, bArr, a11.getBytes(), 1);
            if (a12 != null && a12.length != 0) {
                Omkms3.EnServiceSessionInfo build = Omkms3.EnServiceSessionInfo.newBuilder().setUserInitInfo(a10).setIv(Base64.encodeToString(bArr, 2)).setBeginTime(serviceSessionInfo.getBeginTime()).setEndTime(serviceSessionInfo.getEndTime()).setEnSessionInfo(Base64.encodeToString(a12, 2)).build();
                c.b(context, build);
                f20104l.put(a10, serviceSessionInfo);
                return build;
            }
            i.b(f20096d, "saveServiceSessionTicketInfo: enServiceSessionBytes is null,encrypt fail,always should not take place.");
            return null;
        } catch (Exception e10) {
            i.b(f20096d, "saveServiceSessionTicketInfo: exception:" + e10);
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.KmsSessionInfo a(Context context, com.heytap.omas.omkms.data.h hVar) {
        try {
            String a10 = a(hVar);
            if (f20105m.containsKey(a10)) {
                i.c(f20096d, "loadKmsSessionTicketInfo: try load kms ticket from memory.");
                return f20105m.get(a10);
            }
            if (!f20102j.containsAlias(f20099g)) {
                i.b(f20096d, "loadKmsSessionTicketInfo: Uninitialized,cannot load kms session info.");
                return null;
            }
            i.c(f20096d, "loadKmsSessionTicketInfo: try load encrypted service ticket from share preference.");
            Omkms3.EnKmsSessionInfo b10 = c.b(context, a10);
            if (b10 == null) {
                i.b(f20096d, "loadKmsSessionTicketInfo: enKmsSessionInfo == null.");
                return null;
            }
            PrivateKey privateKey = (PrivateKey) f20102j.getKey(f20099g, null);
            if (f20103k == null) {
                synchronized (this) {
                    if (f20103k == null) {
                        f20103k = b.b(context);
                    }
                    if (f20103k != null && f20103k.length != 0) {
                    }
                    i.b(f20096d, "saveServiceSessionTicketInfo: fail,not found enKeystoreAesKey info,must save kms session ticket info first.");
                    return null;
                }
            }
            Cipher cipher = Cipher.getInstance(f20100h);
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(f20103k);
            i.b(f20096d, "loadKmsSessionTicketInfo: deEnKeystoreAesKey:" + Arrays.toString(doFinal));
            Omkms3.KmsSessionInfo kmsSessionInfo = (Omkms3.KmsSessionInfo) com.heytap.omas.a.e.h.a(new String(a(hVar, new SecretKeySpec(doFinal, com.heytap.market.app_dist.a.f17603b), 128, Base64.decode(b10.getIv(), 2), Base64.decode(b10.getEnSessionInfo().getBytes(), 2), 2)), Omkms3.KmsSessionInfo.class);
            f20105m.put(a10, kmsSessionInfo);
            i.b(f20096d, "loadKmsSessionTicketInfo: kmsSessionTicketInfo:\nbegin time:" + kmsSessionInfo.getBeginTime() + "\nendTime:" + kmsSessionInfo.getEndTime());
            return kmsSessionInfo;
        } catch (Exception e10) {
            i.b(f20096d, "loadKmsSessionTicketInfo: KeyStore exception:" + e10);
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.ServiceSessionInfo b(Context context, com.heytap.omas.omkms.data.h hVar) {
        try {
            String a10 = a(hVar);
            if (f20104l.containsKey(a10)) {
                i.c(f20096d, "loadServiceSessionTicketInfo: load service ticket from memory.");
                return f20104l.get(a10);
            }
            if (!f20102j.containsAlias(f20099g)) {
                i.b(f20096d, "loadServiceSessionTicketInfo: uninitialized,cannot load service session info.");
                return null;
            }
            i.c(f20096d, "loadServiceSessionTicketInfo: load service ticket from share preference.");
            Omkms3.EnServiceSessionInfo c10 = c.c(context, a10);
            if (c10 == null) {
                i.b(f20096d, "loadServiceSessionTicketInfo: enServiceSessionInfo == null.");
                return null;
            }
            if (f20103k == null) {
                synchronized (this) {
                    if (f20103k == null) {
                        f20103k = b.b(context);
                    }
                    if (f20103k != null && f20103k.length != 0) {
                    }
                    i.b(f20096d, "saveServiceSessionTicketInfo: fail,not found enKeystoreAesKey info,must save kms session ticket info first.");
                    return null;
                }
            }
            PrivateKey privateKey = (PrivateKey) f20102j.getKey(f20099g, null);
            Cipher cipher = Cipher.getInstance(f20100h);
            cipher.init(2, privateKey);
            byte[] b10 = b.b(context);
            if (b10 != null && b10.length != 0) {
                byte[] a11 = a(hVar, new SecretKeySpec(cipher.doFinal(b10), com.heytap.market.app_dist.a.f17603b), 128, Base64.decode(c10.getIv(), 2), Base64.decode(c10.getEnSessionInfo().getBytes(), 2), 2);
                if (a11 != null && a11.length != 0) {
                    Omkms3.ServiceSessionInfo serviceSessionInfo = (Omkms3.ServiceSessionInfo) com.heytap.omas.a.e.h.a(new String(a11), Omkms3.ServiceSessionInfo.class);
                    f20104l.put(a10, serviceSessionInfo);
                    return serviceSessionInfo;
                }
                i.b(f20096d, "loadServiceSessionTicketInfo: serviceSessionInfoBytes is null or empty,always should not take place.");
                return null;
            }
            i.b(f20096d, "loadServiceSessionTicketInfo: fail,not found enAesKey info,must save kms session ticket info first.");
            return null;
        } catch (Exception e10) {
            i.b(f20096d, "loadServiceSessionKey: KeyStore exception:" + e10);
            return null;
        }
    }
}
