package com.heytap.omas.omkms.feature;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.google.gson.Gson;
import com.google.gson.JsonIOException;
import com.google.gson.JsonSyntaxException;
import com.google.gson.reflect.TypeToken;
import com.heytap.omas.proto.Omkms3;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

@TargetApi(19)
/* loaded from: classes20.dex */
public class d implements com.heytap.omas.omkms.feature.a {

    /* renamed from: d, reason: collision with root package name */
    private static final String f22600d = "KeyStoreLowerApiISessionTicketCache";

    /* renamed from: e, reason: collision with root package name */
    private static final String f22601e = "AndroidKeyStore";

    /* renamed from: f, reason: collision with root package name */
    private static final String f22602f = "OMAS";

    /* renamed from: g, reason: collision with root package name */
    private static final String f22603g = "session_key_encrypt_keystore_rsa_alias";

    /* renamed from: h, reason: collision with root package name */
    private static final String f22604h = "RSA/None/PKCS1Padding";

    /* renamed from: i, reason: collision with root package name */
    private static final String f22605i = "AES/GCM/NoPadding";

    /* renamed from: j, reason: collision with root package name */
    private static KeyStore f22606j;

    /* renamed from: k, reason: collision with root package name */
    private static volatile byte[] f22607k;

    /* renamed from: l, reason: collision with root package name */
    private static Map<String, Omkms3.ServiceSessionInfo> f22608l = new ConcurrentHashMap();

    /* renamed from: m, reason: collision with root package name */
    private static Map<String, Omkms3.KmsSessionInfo> f22609m = new ConcurrentHashMap();

    /* renamed from: a, reason: collision with root package name */
    private String f22610a;

    /* renamed from: b, reason: collision with root package name */
    private String f22611b;

    /* renamed from: c, reason: collision with root package name */
    private String f22612c;

    @TargetApi(19)
    /* loaded from: classes20.dex */
    private static class b {

        /* renamed from: a, reason: collision with root package name */
        private static final String f22613a = "EnAesSpUtils";

        /* renamed from: b, reason: collision with root package name */
        private static final String f22614b = "en_aes_key_file";

        /* renamed from: c, reason: collision with root package name */
        private static final String f22615c = "aes_encrypted_key_of_android_key_store_rsa_key";

        /* renamed from: d, reason: collision with root package name */
        private static volatile byte[] f22616d;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes20.dex */
        public static class a extends TypeToken<byte[]> {
            a() {
            }
        }

        private b() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        @TargetApi(19)
        public static synchronized void c(Context context, byte[] bArr) {
            synchronized (b.class) {
                if (f22616d != null) {
                    com.heytap.omas.a.e.i.h(f22613a, "saveEnAesKey: should not take place always,in this case that would be bug ,not ensure a singleton object to call this method.");
                }
                com.heytap.omas.a.e.i.j(f22613a, "saveEnAesKey: encryptedAesKey:" + bArr);
                SharedPreferences.Editor edit = context.getSharedPreferences(f22614b, 0).edit();
                edit.putString(f22615c, new Gson().toJson(bArr));
                com.heytap.omas.a.e.i.j(f22613a, "saveEnAesKey: result:" + edit.commit());
                f22616d = bArr;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        @Nullable
        @TargetApi(19)
        public static byte[] d(Context context) {
            try {
                if (f22616d != null && f22616d.length != 0) {
                    com.heytap.omas.a.e.i.j(f22613a, "loadEnAesKey: load enAesKey from memory cache.enAesKey:" + f22616d);
                    return f22616d;
                }
                String string = context.getSharedPreferences(f22614b, 0).getString(f22615c, null);
                if (string == null) {
                    com.heytap.omas.a.e.i.h(f22613a, "loadEnAesKey: null,not en aes key info.");
                    return null;
                }
                byte[] bArr = (byte[]) new Gson().fromJson(string, new a().getType());
                com.heytap.omas.a.e.i.j(f22613a, "loadEnAesKey: load enAesKey from sp file, enAesKey:" + bArr);
                f22616d = bArr;
                return f22616d;
            } catch (Exception e2) {
                com.heytap.omas.a.e.i.h(f22613a, "loadEnAesKey: exception,detail:" + e2);
                return null;
            }
        }
    }

    /* loaded from: classes20.dex */
    private static final class c {

        /* renamed from: a, reason: collision with root package name */
        private static final String f22617a = "kms_";

        /* renamed from: b, reason: collision with root package name */
        private static final String f22618b = "service_";

        /* renamed from: c, reason: collision with root package name */
        private static final String f22619c = "encrypted_session_key_info";

        private c() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        @Nullable
        public static Omkms3.EnKmsSessionInfo d(Context context, String str) {
            try {
                if (context == null) {
                    throw new IllegalArgumentException("loadEnKmsSessionFromFile: context cannot be null.");
                }
                String string = context.getSharedPreferences(f22619c, 0).getString(f22617a + str, null);
                if (!TextUtils.isEmpty(string)) {
                    return (Omkms3.EnKmsSessionInfo) com.heytap.omas.a.e.h.a(string, Omkms3.EnKmsSessionInfo.class);
                }
                com.heytap.omas.a.e.i.h(d.f22600d, "loadEnKmsSessionFromFile: fail.");
                return null;
            } catch (JsonSyntaxException e2) {
                com.heytap.omas.a.e.i.h(d.f22600d, "loadEnKmsSessionFromFile: " + e2);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void e(Context context, Omkms3.EnKmsSessionInfo enKmsSessionInfo) {
            try {
                SharedPreferences.Editor edit = context.getSharedPreferences(f22619c, 0).edit();
                edit.putString(f22617a + enKmsSessionInfo.getUserInitInfo(), com.heytap.omas.a.e.h.b(enKmsSessionInfo, Omkms3.EnKmsSessionInfo.class));
                edit.commit();
            } catch (JsonIOException e2) {
                com.heytap.omas.a.e.i.h(d.f22600d, "saveEnKmsSessionToFile: " + e2);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void f(Context context, Omkms3.EnServiceSessionInfo enServiceSessionInfo) {
            SharedPreferences.Editor edit = context.getSharedPreferences(f22619c, 0).edit();
            edit.putString(f22618b + enServiceSessionInfo.getUserInitInfo(), com.heytap.omas.a.e.h.b(enServiceSessionInfo, Omkms3.EnServiceSessionInfo.class));
            edit.commit();
        }

        @Nullable
        public static Omkms3.EnServiceSessionInfo g(Context context, String str) {
            try {
                if (context == null) {
                    throw new IllegalArgumentException("loadEnServiceSessionFromFile: context cannot be null.");
                }
                String string = context.getSharedPreferences(f22619c, 0).getString(f22618b + str, null);
                if (!TextUtils.isEmpty(string)) {
                    return (Omkms3.EnServiceSessionInfo) com.heytap.omas.a.e.h.a(string, Omkms3.EnServiceSessionInfo.class);
                }
                com.heytap.omas.a.e.i.h(d.f22600d, "loadEnServiceSessionFromFile: fail.");
                return null;
            } catch (JsonSyntaxException e2) {
                com.heytap.omas.a.e.i.h(d.f22600d, "loadEnServiceSessionFromFile: " + e2);
                return null;
            }
        }
    }

    /* renamed from: com.heytap.omas.omkms.feature.d$d, reason: collision with other inner class name */
    /* loaded from: classes20.dex */
    private static class C0087d {

        /* renamed from: a, reason: collision with root package name */
        private static final d f22620a = new d();

        private C0087d() {
        }
    }

    private d() {
        this.f22610a = "KMS-";
        this.f22611b = "SERVICE-";
        this.f22612c = "en_session_key_info";
        try {
            KeyStore keyStore = KeyStore.getInstance(f22601e);
            f22606j = keyStore;
            keyStore.load(null);
        } catch (Exception e2) {
            com.heytap.omas.a.e.i.h(f22600d, "KeyStoreRsaCache: exception:" + e2);
        }
    }

    public static d e() {
        return C0087d.f22620a;
    }

    private String f(@NonNull com.heytap.omas.omkms.data.h hVar) {
        if (hVar == null) {
            throw new IllegalArgumentException("InitParamSpec cannot be null");
        }
        return "lower-api_" + com.heytap.omas.a.e.g.a(hVar);
    }

    private static AlgorithmParameterSpec g(int i2, byte[] bArr) {
        return h(i2, bArr, 0, bArr.length);
    }

    private static AlgorithmParameterSpec h(int i2, byte[] bArr, int i3, int i4) {
        return new GCMParameterSpec(i2, bArr, i3, i4);
    }

    @TargetApi(19)
    private static boolean i(Context context, String str) {
        try {
            com.heytap.omas.a.e.i.h(f22600d, "generateRsaKeyPair: alias:" + str);
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 100);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", f22601e);
            keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(context).setKeyType("RSA").setKeySize(2048).setAlias(str).setSubject(new X500Principal("CN=cn,O=OPLUS,OU=OSEC")).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build());
            keyPairGenerator.generateKeyPair();
            return true;
        } catch (Exception e2) {
            e2.toString();
            return false;
        }
    }

    private static byte[] j(com.heytap.omas.omkms.data.h hVar, SecretKey secretKey, int i2, byte[] bArr, byte[] bArr2, int i3) {
        Cipher cipher;
        try {
            if (TextUtils.isEmpty(hVar.getCipherProvider())) {
                cipher = Cipher.getInstance(f22605i);
            } else {
                if (f22602f.equals(hVar.getCipherProvider())) {
                    com.heytap.omas.a.c.a.d();
                    cipher = Cipher.getInstance(f22605i, f22602f);
                    cipher.init(i3, secretKey, new GCMParameterSpec(i2, bArr));
                    return cipher.doFinal(bArr2);
                }
                cipher = Cipher.getInstance(f22605i, hVar.getCipherProvider());
            }
            cipher.init(i3, secretKey, g(i2, bArr));
            return cipher.doFinal(bArr2);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e2) {
            e2.printStackTrace();
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.KmsSessionInfo a(Context context, com.heytap.omas.omkms.data.h hVar) {
        try {
            String f2 = f(hVar);
            if (f22609m.containsKey(f2)) {
                com.heytap.omas.a.e.i.j(f22600d, "loadKmsSessionTicketInfo: try load kms ticket from memory.");
                return f22609m.get(f2);
            }
            if (!f22606j.containsAlias(f22603g)) {
                com.heytap.omas.a.e.i.h(f22600d, "loadKmsSessionTicketInfo: Uninitialized,cannot load kms session info.");
                return null;
            }
            com.heytap.omas.a.e.i.j(f22600d, "loadKmsSessionTicketInfo: try load encrypted service ticket from share preference.");
            Omkms3.EnKmsSessionInfo d2 = c.d(context, f2);
            if (d2 == null) {
                com.heytap.omas.a.e.i.h(f22600d, "loadKmsSessionTicketInfo: enKmsSessionInfo == null.");
                return null;
            }
            PrivateKey privateKey = (PrivateKey) f22606j.getKey(f22603g, null);
            if (f22607k == null) {
                synchronized (this) {
                    if (f22607k == null) {
                        f22607k = b.d(context);
                    }
                    if (f22607k != null && f22607k.length != 0) {
                    }
                    com.heytap.omas.a.e.i.h(f22600d, "saveServiceSessionTicketInfo: fail,not found enKeystoreAesKey info,must save kms session ticket info first.");
                    return null;
                }
            }
            Cipher cipher = Cipher.getInstance(f22604h);
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(f22607k);
            com.heytap.omas.a.e.i.h(f22600d, "loadKmsSessionTicketInfo: deEnKeystoreAesKey:" + Arrays.toString(doFinal));
            Omkms3.KmsSessionInfo kmsSessionInfo = (Omkms3.KmsSessionInfo) com.heytap.omas.a.e.h.a(new String(j(hVar, new SecretKeySpec(doFinal, "AES"), 128, Base64.decode(d2.getIv(), 2), Base64.decode(d2.getEnSessionInfo().getBytes(), 2), 2)), Omkms3.KmsSessionInfo.class);
            f22609m.put(f2, kmsSessionInfo);
            com.heytap.omas.a.e.i.h(f22600d, "loadKmsSessionTicketInfo: kmsSessionTicketInfo:\nbegin time:" + kmsSessionInfo.getBeginTime() + "\nendTime:" + kmsSessionInfo.getEndTime());
            return kmsSessionInfo;
        } catch (Exception e2) {
            com.heytap.omas.a.e.i.h(f22600d, "loadKmsSessionTicketInfo: KeyStore exception:" + e2);
            return null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r5v11, types: [java.security.Key, javax.crypto.SecretKey] */
    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.EnKmsSessionInfo b(Context context, com.heytap.omas.omkms.data.h hVar, Omkms3.KmsSessionInfo kmsSessionInfo) {
        boolean z2;
        SecretKeySpec secretKeySpec;
        if (context == null || hVar == null || kmsSessionInfo == null) {
            com.heytap.omas.a.e.i.h(f22600d, "saveKmsSessionTicketInfo: fail,parameters cannot be null.");
            return null;
        }
        try {
            String f2 = f(hVar);
            if (f22606j.containsAlias(f22603g)) {
                z2 = true;
            } else {
                synchronized (d.class) {
                    if (f22606j.containsAlias(f22603g)) {
                        z2 = true;
                    } else {
                        com.heytap.omas.a.e.i.j(f22600d, "saveKmsSessionTicketInfo: keyStore not contains alias:session_key_encrypt_keystore_rsa_alias,generate it now.");
                        z2 = i(context, f22603g);
                    }
                }
            }
            if (!z2) {
                return null;
            }
            PublicKey publicKey = f22606j.getCertificate(f22603g).getPublicKey();
            PrivateKey privateKey = (PrivateKey) f22606j.getKey(f22603g, null);
            byte[] bArr = new byte[12];
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.nextBytes(bArr);
            if (f22607k == null) {
                synchronized (this) {
                    if (f22607k == null) {
                        f22607k = b.d(context);
                    }
                    if (f22607k != null && f22607k.length != 0) {
                        secureRandom.nextBytes(bArr);
                        Cipher cipher = Cipher.getInstance(f22604h);
                        cipher.init(2, privateKey);
                        secretKeySpec = new SecretKeySpec(cipher.doFinal(f22607k), "AES");
                    }
                    com.heytap.omas.a.e.i.j(f22600d, "saveKmsSessionTicketInfo:not found enAesKey info,generate and save it.");
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                    keyGenerator.init(256);
                    ?? generateKey = keyGenerator.generateKey();
                    byte[] encoded = generateKey.getEncoded();
                    secureRandom.nextBytes(bArr);
                    Cipher cipher2 = Cipher.getInstance(f22604h);
                    cipher2.init(1, publicKey);
                    f22607k = cipher2.doFinal(encoded);
                    b.c(context, f22607k);
                    secretKeySpec = generateKey;
                }
            } else {
                secureRandom.nextBytes(bArr);
                Cipher cipher3 = Cipher.getInstance(f22604h);
                cipher3.init(2, privateKey);
                secretKeySpec = new SecretKeySpec(cipher3.doFinal(f22607k), "AES");
            }
            SecretKeySpec secretKeySpec2 = secretKeySpec;
            String b2 = com.heytap.omas.a.e.h.b(kmsSessionInfo, Omkms3.KmsSessionInfo.class);
            secureRandom.nextBytes(bArr);
            byte[] j2 = j(hVar, secretKeySpec2, 128, bArr, b2.getBytes(), 1);
            if (j2 != null && j2.length != 0) {
                Omkms3.EnKmsSessionInfo build = Omkms3.EnKmsSessionInfo.newBuilder().setUserInitInfo(f2).setIv(Base64.encodeToString(bArr, 2)).setBeginTime(kmsSessionInfo.getBeginTime()).setEndTime(kmsSessionInfo.getEndTime()).setEnSessionInfo(Base64.encodeToString(j2, 2)).build();
                kmsSessionInfo.getBeginTime();
                kmsSessionInfo.getEndTime();
                c.e(context, build);
                f22609m.put(f2, kmsSessionInfo);
                return build;
            }
            com.heytap.omas.a.e.i.h(f22600d, "saveKmsSessionTicketInfo: enKmsSessionBytes is null,encrypt fail,always should not take place.");
            return null;
        } catch (Exception e2) {
            e2.printStackTrace();
            com.heytap.omas.a.e.i.h(f22600d, "saveKmsSessionKey: exception,detail:" + e2);
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @Nullable
    @TargetApi(19)
    public Omkms3.EnServiceSessionInfo c(Context context, com.heytap.omas.omkms.data.h hVar, Omkms3.ServiceSessionInfo serviceSessionInfo) {
        try {
            if (!f22606j.containsAlias(f22603g)) {
                com.heytap.omas.a.e.i.h(f22600d, "saveServiceSessionTicketInfo: keyStore not contains alias:session_key_encrypt_keystore_rsa_alias,should not take place always.");
                return null;
            }
            PrivateKey privateKey = (PrivateKey) f22606j.getKey(f22603g, null);
            if (f22607k == null) {
                synchronized (this) {
                    if (f22607k == null) {
                        f22607k = b.d(context);
                    }
                    if (f22607k != null && f22607k.length != 0) {
                    }
                    com.heytap.omas.a.e.i.h(f22600d, "saveServiceSessionTicketInfo: fail,not found enAesKey info,must save kms session ticket info first.");
                    return null;
                }
            }
            String f2 = f(hVar);
            byte[] bArr = new byte[12];
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.nextBytes(bArr);
            Cipher cipher = Cipher.getInstance(f22604h);
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(f22607k);
            SecretKeySpec secretKeySpec = new SecretKeySpec(doFinal, "AES");
            com.heytap.omas.a.e.i.h(f22600d, "saveServiceSessionTicketInfo: dAesKey:" + Arrays.toString(doFinal));
            String b2 = com.heytap.omas.a.e.h.b(serviceSessionInfo, Omkms3.ServiceSessionInfo.class);
            secureRandom.nextBytes(bArr);
            byte[] j2 = j(hVar, secretKeySpec, 128, bArr, b2.getBytes(), 1);
            if (j2 != null && j2.length != 0) {
                Omkms3.EnServiceSessionInfo build = Omkms3.EnServiceSessionInfo.newBuilder().setUserInitInfo(f2).setIv(Base64.encodeToString(bArr, 2)).setBeginTime(serviceSessionInfo.getBeginTime()).setEndTime(serviceSessionInfo.getEndTime()).setEnSessionInfo(Base64.encodeToString(j2, 2)).build();
                c.f(context, build);
                f22608l.put(f2, serviceSessionInfo);
                return build;
            }
            com.heytap.omas.a.e.i.h(f22600d, "saveServiceSessionTicketInfo: enServiceSessionBytes is null,encrypt fail,always should not take place.");
            return null;
        } catch (Exception e2) {
            com.heytap.omas.a.e.i.h(f22600d, "saveServiceSessionTicketInfo: exception:" + e2);
            return null;
        }
    }

    @Override // com.heytap.omas.omkms.feature.a
    @TargetApi(19)
    public Omkms3.ServiceSessionInfo d(Context context, com.heytap.omas.omkms.data.h hVar) {
        try {
            String f2 = f(hVar);
            if (f22608l.containsKey(f2)) {
                com.heytap.omas.a.e.i.j(f22600d, "loadServiceSessionTicketInfo: load service ticket from memory.");
                return f22608l.get(f2);
            }
            if (!f22606j.containsAlias(f22603g)) {
                com.heytap.omas.a.e.i.h(f22600d, "loadServiceSessionTicketInfo: uninitialized,cannot load service session info.");
                return null;
            }
            com.heytap.omas.a.e.i.j(f22600d, "loadServiceSessionTicketInfo: load service ticket from share preference.");
            Omkms3.EnServiceSessionInfo g2 = c.g(context, f2);
            if (g2 == null) {
                com.heytap.omas.a.e.i.h(f22600d, "loadServiceSessionTicketInfo: enServiceSessionInfo == null.");
                return null;
            }
            if (f22607k == null) {
                synchronized (this) {
                    if (f22607k == null) {
                        f22607k = b.d(context);
                    }
                    if (f22607k != null && f22607k.length != 0) {
                    }
                    com.heytap.omas.a.e.i.h(f22600d, "saveServiceSessionTicketInfo: fail,not found enKeystoreAesKey info,must save kms session ticket info first.");
                    return null;
                }
            }
            PrivateKey privateKey = (PrivateKey) f22606j.getKey(f22603g, null);
            Cipher cipher = Cipher.getInstance(f22604h);
            cipher.init(2, privateKey);
            byte[] d2 = b.d(context);
            if (d2 != null && d2.length != 0) {
                byte[] j2 = j(hVar, new SecretKeySpec(cipher.doFinal(d2), "AES"), 128, Base64.decode(g2.getIv(), 2), Base64.decode(g2.getEnSessionInfo().getBytes(), 2), 2);
                if (j2 != null && j2.length != 0) {
                    Omkms3.ServiceSessionInfo serviceSessionInfo = (Omkms3.ServiceSessionInfo) com.heytap.omas.a.e.h.a(new String(j2), Omkms3.ServiceSessionInfo.class);
                    f22608l.put(f2, serviceSessionInfo);
                    return serviceSessionInfo;
                }
                com.heytap.omas.a.e.i.h(f22600d, "loadServiceSessionTicketInfo: serviceSessionInfoBytes is null or empty,always should not take place.");
                return null;
            }
            com.heytap.omas.a.e.i.h(f22600d, "loadServiceSessionTicketInfo: fail,not found enAesKey info,must save kms session ticket info first.");
            return null;
        } catch (Exception e2) {
            com.heytap.omas.a.e.i.h(f22600d, "loadServiceSessionKey: KeyStore exception:" + e2);
            return null;
        }
    }
}
