package com.heytap.omas.omkms.feature;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.n0;
import androidx.annotation.p0;
import com.coloros.ocrscanner.utils.n0;
import com.google.gson.Gson;
import com.google.gson.JsonIOException;
import com.google.gson.JsonSyntaxException;
import com.google.gson.reflect.TypeToken;
import com.heytap.omas.a.e.i;
import com.heytap.omas.proto.Omkms3;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

@TargetApi(19)
/* loaded from: classes2.dex */
public class d implements com.heytap.omas.omkms.feature.a {

    /* renamed from: d, reason: collision with root package name */
    private static final String f20422d = "KeyStoreLowerApiISessionTicketCache";

    /* renamed from: e, reason: collision with root package name */
    private static final String f20423e = "AndroidKeyStore";

    /* renamed from: f, reason: collision with root package name */
    private static final String f20424f = "OMAS";

    /* renamed from: g, reason: collision with root package name */
    private static final String f20425g = "session_key_encrypt_keystore_rsa_alias";

    /* renamed from: h, reason: collision with root package name */
    private static final String f20426h = "RSA/None/PKCS1Padding";

    /* renamed from: i, reason: collision with root package name */
    private static final String f20427i = "AES/GCM/NoPadding";

    /* renamed from: j, reason: collision with root package name */
    private static KeyStore f20428j;

    /* renamed from: k, reason: collision with root package name */
    private static volatile byte[] f20429k;

    /* renamed from: l, reason: collision with root package name */
    private static Map<String, Omkms3.ServiceSessionInfo> f20430l = new ConcurrentHashMap();

    /* renamed from: m, reason: collision with root package name */
    private static Map<String, Omkms3.KmsSessionInfo> f20431m = new ConcurrentHashMap();

    /* renamed from: a, reason: collision with root package name */
    private String f20432a;

    /* renamed from: b, reason: collision with root package name */
    private String f20433b;

    /* renamed from: c, reason: collision with root package name */
    private String f20434c;

    @TargetApi(19)
    /* loaded from: classes2.dex */
    private static class b {

        /* renamed from: a, reason: collision with root package name */
        private static final String f20435a = "EnAesSpUtils";

        /* renamed from: b, reason: collision with root package name */
        private static final String f20436b = "en_aes_key_file";

        /* renamed from: c, reason: collision with root package name */
        private static final String f20437c = "aes_encrypted_key_of_android_key_store_rsa_key";

        /* renamed from: d, reason: collision with root package name */
        private static volatile byte[] f20438d;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes2.dex */
        public static class a extends TypeToken<byte[]> {
            a() {
            }
        }

        private b() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        @TargetApi(19)
        public static synchronized void c(Context context, byte[] bArr) {
            synchronized (b.class) {
                if (f20438d != null) {
                    i.h(f20435a, "saveEnAesKey: should not take place always,in this case that would be bug ,not ensure a singleton object to call this method.");
                }
                i.j(f20435a, "saveEnAesKey: encryptedAesKey:" + bArr);
                SharedPreferences.Editor edit = context.getSharedPreferences(f20436b, 0).edit();
                edit.putString(f20437c, new Gson().toJson(bArr));
                i.j(f20435a, "saveEnAesKey: result:" + edit.commit());
                f20438d = bArr;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        @TargetApi(19)
        @p0
        public static byte[] d(Context context) {
            try {
                if (f20438d != null && f20438d.length != 0) {
                    i.j(f20435a, "loadEnAesKey: load enAesKey from memory cache.enAesKey:" + f20438d);
                    return f20438d;
                }
                String string = context.getSharedPreferences(f20436b, 0).getString(f20437c, null);
                if (string == null) {
                    i.h(f20435a, "loadEnAesKey: null,not en aes key info.");
                    return null;
                }
                byte[] bArr = (byte[]) new Gson().fromJson(string, new a().getType());
                i.j(f20435a, "loadEnAesKey: load enAesKey from sp file, enAesKey:" + bArr);
                f20438d = bArr;
                return f20438d;
            } catch (Exception e8) {
                i.h(f20435a, "loadEnAesKey: exception,detail:" + e8);
                return null;
            }
        }
    }

    /* loaded from: classes2.dex */
    private static final class c {

        /* renamed from: a, reason: collision with root package name */
        private static final String f20439a = "kms_";

        /* renamed from: b, reason: collision with root package name */
        private static final String f20440b = "service_";

        /* renamed from: c, reason: collision with root package name */
        private static final String f20441c = "encrypted_session_key_info";

        private c() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        @p0
        public static Omkms3.EnKmsSessionInfo d(Context context, String str) {
            try {
                if (context == null) {
                    throw new IllegalArgumentException("loadEnKmsSessionFromFile: context cannot be null.");
                }
                String string = context.getSharedPreferences(f20441c, 0).getString(f20439a + str, null);
                if (!TextUtils.isEmpty(string)) {
                    return (Omkms3.EnKmsSessionInfo) com.heytap.omas.a.e.h.a(string, Omkms3.EnKmsSessionInfo.class);
                }
                i.h(d.f20422d, "loadEnKmsSessionFromFile: fail.");
                return null;
            } catch (JsonSyntaxException e8) {
                i.h(d.f20422d, "loadEnKmsSessionFromFile: " + e8);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void e(Context context, Omkms3.EnKmsSessionInfo enKmsSessionInfo) {
            try {
                SharedPreferences.Editor edit = context.getSharedPreferences(f20441c, 0).edit();
                edit.putString(f20439a + enKmsSessionInfo.getUserInitInfo(), com.heytap.omas.a.e.h.b(enKmsSessionInfo, Omkms3.EnKmsSessionInfo.class));
                edit.commit();
            } catch (JsonIOException e8) {
                i.h(d.f20422d, "saveEnKmsSessionToFile: " + e8);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void f(Context context, Omkms3.EnServiceSessionInfo enServiceSessionInfo) {
            SharedPreferences.Editor edit = context.getSharedPreferences(f20441c, 0).edit();
            edit.putString(f20440b + enServiceSessionInfo.getUserInitInfo(), com.heytap.omas.a.e.h.b(enServiceSessionInfo, Omkms3.EnServiceSessionInfo.class));
            edit.commit();
        }

        @p0
        public static Omkms3.EnServiceSessionInfo g(Context context, String str) {
            try {
                if (context == null) {
                    throw new IllegalArgumentException("loadEnServiceSessionFromFile: context cannot be null.");
                }
                String string = context.getSharedPreferences(f20441c, 0).getString(f20440b + str, null);
                if (!TextUtils.isEmpty(string)) {
                    return (Omkms3.EnServiceSessionInfo) com.heytap.omas.a.e.h.a(string, Omkms3.EnServiceSessionInfo.class);
                }
                i.h(d.f20422d, "loadEnServiceSessionFromFile: fail.");
                return null;
            } catch (JsonSyntaxException e8) {
                i.h(d.f20422d, "loadEnServiceSessionFromFile: " + e8);
                return null;
            }
        }
    }

    /* renamed from: com.heytap.omas.omkms.feature.d$d, reason: collision with other inner class name */
    /* loaded from: classes2.dex */
    private static class C0272d {

        /* renamed from: a, reason: collision with root package name */
        private static final d f20442a = new d();

        private C0272d() {
        }
    }

    private d() {
        this.f20432a = "KMS-";
        this.f20433b = "SERVICE-";
        this.f20434c = "en_session_key_info";
        try {
            KeyStore keyStore = KeyStore.getInstance(f20423e);
            f20428j = keyStore;
            keyStore.load(null);
        } catch (Exception e8) {
            i.h(f20422d, "KeyStoreRsaCache: exception:" + e8);
        }
    }

    public static d e() {
        return C0272d.f20442a;
    }

    private String f(@n0 com.heytap.omas.omkms.data.h hVar) {
        if (hVar == null) {
            throw new IllegalArgumentException("InitParamSpec cannot be null");
        }
        return "lower-api_" + com.heytap.omas.a.e.g.a(hVar);
    }

    private static AlgorithmParameterSpec g(int i7, byte[] bArr) {
        return h(i7, bArr, 0, bArr.length);
    }

    private static AlgorithmParameterSpec h(int i7, byte[] bArr, int i8, int i9) {
        return Build.VERSION.SDK_INT < 21 ? new IvParameterSpec(bArr, i8, i9) : new GCMParameterSpec(i7, bArr, i8, i9);
    }

    @TargetApi(19)
    private static boolean i(Context context, String str) {
        try {
            i.h(f20422d, "generateRsaKeyPair: alias:" + str);
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 100);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(n0.c.f13889a, f20423e);
            keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(context).setKeyType(n0.c.f13889a).setKeySize(2048).setAlias(str).setSubject(new X500Principal("CN=cn,O=OPLUS,OU=OSEC")).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build());
            keyPairGenerator.generateKeyPair();
            return true;
        } catch (Exception e8) {
            e8.toString();
            return false;
        }
    }

    private static byte[] j(com.heytap.omas.omkms.data.h hVar, SecretKey secretKey, int i7, byte[] bArr, byte[] bArr2, int i8) {
        Cipher cipher;
        try {
            if (TextUtils.isEmpty(hVar.getCipherProvider())) {
                cipher = Cipher.getInstance(f20427i);
            } else {
                if (f20424f.equals(hVar.getCipherProvider())) {
                    com.heytap.omas.a.c.a.d();
                    cipher = Cipher.getInstance(f20427i, f20424f);
                    cipher.init(i8, secretKey, new GCMParameterSpec(i7, bArr));
                    return cipher.doFinal(bArr2);
                }
                cipher = Cipher.getInstance(f20427i, hVar.getCipherProvider());
            }
            cipher.init(i8, secretKey, g(i7, bArr));
            return cipher.doFinal(bArr2);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e8) {
            e8.printStackTrace();
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.KmsSessionInfo a(Context context, com.heytap.omas.omkms.data.h hVar) {
        try {
            String f8 = f(hVar);
            if (f20431m.containsKey(f8)) {
                i.j(f20422d, "loadKmsSessionTicketInfo: try load kms ticket from memory.");
                return f20431m.get(f8);
            }
            if (!f20428j.containsAlias(f20425g)) {
                i.h(f20422d, "loadKmsSessionTicketInfo: Uninitialized,cannot load kms session info.");
                return null;
            }
            i.j(f20422d, "loadKmsSessionTicketInfo: try load encrypted service ticket from share preference.");
            Omkms3.EnKmsSessionInfo d8 = c.d(context, f8);
            if (d8 == null) {
                i.h(f20422d, "loadKmsSessionTicketInfo: enKmsSessionInfo == null.");
                return null;
            }
            PrivateKey privateKey = (PrivateKey) f20428j.getKey(f20425g, null);
            if (f20429k == null) {
                synchronized (this) {
                    if (f20429k == null) {
                        f20429k = b.d(context);
                    }
                    if (f20429k != null && f20429k.length != 0) {
                    }
                    i.h(f20422d, "saveServiceSessionTicketInfo: fail,not found enKeystoreAesKey info,must save kms session ticket info first.");
                    return null;
                }
            }
            Cipher cipher = Cipher.getInstance(f20426h);
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(f20429k);
            i.h(f20422d, "loadKmsSessionTicketInfo: deEnKeystoreAesKey:" + Arrays.toString(doFinal));
            Omkms3.KmsSessionInfo kmsSessionInfo = (Omkms3.KmsSessionInfo) com.heytap.omas.a.e.h.a(new String(j(hVar, new SecretKeySpec(doFinal, "AES"), 128, Base64.decode(d8.getIv(), 2), Base64.decode(d8.getEnSessionInfo().getBytes(), 2), 2)), Omkms3.KmsSessionInfo.class);
            f20431m.put(f8, kmsSessionInfo);
            i.h(f20422d, "loadKmsSessionTicketInfo: kmsSessionTicketInfo:\nbegin time:" + kmsSessionInfo.getBeginTime() + "\nendTime:" + kmsSessionInfo.getEndTime());
            return kmsSessionInfo;
        } catch (Exception e8) {
            i.h(f20422d, "loadKmsSessionTicketInfo: KeyStore exception:" + e8);
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    @p0
    public Omkms3.EnServiceSessionInfo b(Context context, com.heytap.omas.omkms.data.h hVar, Omkms3.ServiceSessionInfo serviceSessionInfo) {
        try {
            if (!f20428j.containsAlias(f20425g)) {
                i.h(f20422d, "saveServiceSessionTicketInfo: keyStore not contains alias:session_key_encrypt_keystore_rsa_alias,should not take place always.");
                return null;
            }
            PrivateKey privateKey = (PrivateKey) f20428j.getKey(f20425g, null);
            if (f20429k == null) {
                synchronized (this) {
                    if (f20429k == null) {
                        f20429k = b.d(context);
                    }
                    if (f20429k != null && f20429k.length != 0) {
                    }
                    i.h(f20422d, "saveServiceSessionTicketInfo: fail,not found enAesKey info,must save kms session ticket info first.");
                    return null;
                }
            }
            String f8 = f(hVar);
            byte[] bArr = new byte[12];
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.nextBytes(bArr);
            Cipher cipher = Cipher.getInstance(f20426h);
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(f20429k);
            SecretKeySpec secretKeySpec = new SecretKeySpec(doFinal, "AES");
            i.h(f20422d, "saveServiceSessionTicketInfo: dAesKey:" + Arrays.toString(doFinal));
            String b8 = com.heytap.omas.a.e.h.b(serviceSessionInfo, Omkms3.ServiceSessionInfo.class);
            secureRandom.nextBytes(bArr);
            byte[] j7 = j(hVar, secretKeySpec, 128, bArr, b8.getBytes(), 1);
            if (j7 != null && j7.length != 0) {
                Omkms3.EnServiceSessionInfo build = Omkms3.EnServiceSessionInfo.newBuilder().setUserInitInfo(f8).setIv(Base64.encodeToString(bArr, 2)).setBeginTime(serviceSessionInfo.getBeginTime()).setEndTime(serviceSessionInfo.getEndTime()).setEnSessionInfo(Base64.encodeToString(j7, 2)).build();
                c.f(context, build);
                f20430l.put(f8, serviceSessionInfo);
                return build;
            }
            i.h(f20422d, "saveServiceSessionTicketInfo: enServiceSessionBytes is null,encrypt fail,always should not take place.");
            return null;
        } catch (Exception e8) {
            i.h(f20422d, "saveServiceSessionTicketInfo: exception:" + e8);
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.EnKmsSessionInfo c(Context context, com.heytap.omas.omkms.data.h hVar, Omkms3.KmsSessionInfo kmsSessionInfo) {
        boolean z7;
        SecretKey secretKeySpec;
        SecretKey secretKey;
        if (context == null || hVar == null || kmsSessionInfo == null) {
            i.h(f20422d, "saveKmsSessionTicketInfo: fail,parameters cannot be null.");
            return null;
        }
        try {
            String f8 = f(hVar);
            if (f20428j.containsAlias(f20425g)) {
                z7 = true;
            } else {
                synchronized (d.class) {
                    if (f20428j.containsAlias(f20425g)) {
                        z7 = true;
                    } else {
                        i.j(f20422d, "saveKmsSessionTicketInfo: keyStore not contains alias:session_key_encrypt_keystore_rsa_alias,generate it now.");
                        z7 = i(context, f20425g);
                    }
                }
            }
            if (!z7) {
                return null;
            }
            PublicKey publicKey = f20428j.getCertificate(f20425g).getPublicKey();
            PrivateKey privateKey = (PrivateKey) f20428j.getKey(f20425g, null);
            byte[] bArr = new byte[12];
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.nextBytes(bArr);
            if (f20429k == null) {
                synchronized (this) {
                    if (f20429k == null) {
                        f20429k = b.d(context);
                    }
                    if (f20429k != null && f20429k.length != 0) {
                        secureRandom.nextBytes(bArr);
                        Cipher cipher = Cipher.getInstance(f20426h);
                        cipher.init(2, privateKey);
                        secretKey = new SecretKeySpec(cipher.doFinal(f20429k), "AES");
                    }
                    i.j(f20422d, "saveKmsSessionTicketInfo:not found enAesKey info,generate and save it.");
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                    keyGenerator.init(256);
                    SecretKey generateKey = keyGenerator.generateKey();
                    byte[] encoded = generateKey.getEncoded();
                    secureRandom.nextBytes(bArr);
                    Cipher cipher2 = Cipher.getInstance(f20426h);
                    cipher2.init(1, publicKey);
                    f20429k = cipher2.doFinal(encoded);
                    b.c(context, f20429k);
                    secretKey = generateKey;
                }
                secretKeySpec = secretKey;
            } else {
                secureRandom.nextBytes(bArr);
                Cipher cipher3 = Cipher.getInstance(f20426h);
                cipher3.init(2, privateKey);
                secretKeySpec = new SecretKeySpec(cipher3.doFinal(f20429k), "AES");
            }
            String b8 = com.heytap.omas.a.e.h.b(kmsSessionInfo, Omkms3.KmsSessionInfo.class);
            secureRandom.nextBytes(bArr);
            byte[] j7 = j(hVar, secretKeySpec, 128, bArr, b8.getBytes(), 1);
            if (j7 != null && j7.length != 0) {
                Omkms3.EnKmsSessionInfo build = Omkms3.EnKmsSessionInfo.newBuilder().setUserInitInfo(f8).setIv(Base64.encodeToString(bArr, 2)).setBeginTime(kmsSessionInfo.getBeginTime()).setEndTime(kmsSessionInfo.getEndTime()).setEnSessionInfo(Base64.encodeToString(j7, 2)).build();
                kmsSessionInfo.getBeginTime();
                kmsSessionInfo.getEndTime();
                c.e(context, build);
                f20431m.put(f8, kmsSessionInfo);
                return build;
            }
            i.h(f20422d, "saveKmsSessionTicketInfo: enKmsSessionBytes is null,encrypt fail,always should not take place.");
            return null;
        } catch (Exception e8) {
            e8.printStackTrace();
            i.h(f20422d, "saveKmsSessionKey: exception,detail:" + e8);
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.ServiceSessionInfo d(Context context, com.heytap.omas.omkms.data.h hVar) {
        try {
            String f8 = f(hVar);
            if (f20430l.containsKey(f8)) {
                i.j(f20422d, "loadServiceSessionTicketInfo: load service ticket from memory.");
                return f20430l.get(f8);
            }
            if (!f20428j.containsAlias(f20425g)) {
                i.h(f20422d, "loadServiceSessionTicketInfo: uninitialized,cannot load service session info.");
                return null;
            }
            i.j(f20422d, "loadServiceSessionTicketInfo: load service ticket from share preference.");
            Omkms3.EnServiceSessionInfo g7 = c.g(context, f8);
            if (g7 == null) {
                i.h(f20422d, "loadServiceSessionTicketInfo: enServiceSessionInfo == null.");
                return null;
            }
            if (f20429k == null) {
                synchronized (this) {
                    if (f20429k == null) {
                        f20429k = b.d(context);
                    }
                    if (f20429k != null && f20429k.length != 0) {
                    }
                    i.h(f20422d, "saveServiceSessionTicketInfo: fail,not found enKeystoreAesKey info,must save kms session ticket info first.");
                    return null;
                }
            }
            PrivateKey privateKey = (PrivateKey) f20428j.getKey(f20425g, null);
            Cipher cipher = Cipher.getInstance(f20426h);
            cipher.init(2, privateKey);
            byte[] d8 = b.d(context);
            if (d8 != null && d8.length != 0) {
                byte[] j7 = j(hVar, new SecretKeySpec(cipher.doFinal(d8), "AES"), 128, Base64.decode(g7.getIv(), 2), Base64.decode(g7.getEnSessionInfo().getBytes(), 2), 2);
                if (j7 != null && j7.length != 0) {
                    Omkms3.ServiceSessionInfo serviceSessionInfo = (Omkms3.ServiceSessionInfo) com.heytap.omas.a.e.h.a(new String(j7), Omkms3.ServiceSessionInfo.class);
                    f20430l.put(f8, serviceSessionInfo);
                    return serviceSessionInfo;
                }
                i.h(f20422d, "loadServiceSessionTicketInfo: serviceSessionInfoBytes is null or empty,always should not take place.");
                return null;
            }
            i.h(f20422d, "loadServiceSessionTicketInfo: fail,not found enAesKey info,must save kms session ticket info first.");
            return null;
        } catch (Exception e8) {
            i.h(f20422d, "loadServiceSessionKey: KeyStore exception:" + e8);
            return null;
        }
    }
}
