package com.huawei.gameassistant.utils;

import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import com.huawei.agconnect.datastore.annotation.SharedPreference;
import com.huawei.gameassistant.basemodule.R;
import com.huawei.phoneservice.feedback.network.FeedbackWebConstants;
import com.huawei.security.keystore.HwUniversalKeyStoreProvider;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.MGF1ParameterSpec;
import java.util.Arrays;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import kotlin.aac;
import kotlin.aak;
import kotlin.aaq;
import kotlin.kq;
import kotlin.nb;
import kotlin.zz;

/* loaded from: classes.dex */
public final class SecurityUtil {
    private static final String ALIAS_ENCRYPT = "appgallery_assistant_encrypt";
    private static final String ALIAS_ENCRYPT_1 = "appgallery_assistant_encrypt_1";
    private static final String ALIAS_SIGN = "appgallery_assistant_sign";
    public static final String CHARSET = "UTF-8";
    public static final int ERROR_MAX_COUNT = 3;
    private static final SecurityUtil INSTANCE = new SecurityUtil();
    private static final String KEYSTORE_NAME = "HwKeystore";
    private static final String SECURITY_INIT = "SecuritInit";
    private static final String SIGNATURE_TYPE_SHA256 = "SHA256WithRSA/PSS";
    private static final String SP_FILE_NAME = "SecuritConfig";
    private static final String TAG = "SecurityUtil";

    @SharedPreference(fileName = SP_FILE_NAME, key = SECURITY_INIT)
    public boolean isInit;
    private ScheduledExecutorService singleThreadScheduledPool = Executors.newSingleThreadScheduledExecutor();
    private KeyStore ks = null;
    private Map<String, Key> privateKeyMap = new HashMap();
    private Map<String, Certificate[]> certificateChainMap = new HashMap();
    private byte[] keySeed = null;

    private SecurityUtil() {
        aaq.e().e(this);
    }

    private static byte[] createHash(char[] cArr, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(cArr, bArr, 1000, 256)).getEncoded();
    }

    private synchronized KeyPair generateKeyPair(String str, String str2, int i, String str3, String str4) {
        KeyPair keyPair;
        try {
            try {
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str2, getHwUniversalKeyStoreProvider());
                    GregorianCalendar gregorianCalendar = new GregorianCalendar();
                    GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
                    gregorianCalendar2.add(1, 10);
                    keyPairGenerator.initialize(ALIAS_SIGN.equals(str) ? new KeyGenParameterSpec.Builder(str, i).setDigests(str3).setSignaturePaddings(str4).setCertificateSerialNumber(BigInteger.valueOf(1337L)).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).setAttestationChallenge("appAssistant".getBytes("UTF-8")).setUserAuthenticationRequired(false).build() : new KeyGenParameterSpec.Builder(str, i).setDigests(str3).setEncryptionPaddings(str4).setCertificateSerialNumber(BigInteger.valueOf(1337L)).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).setAttestationChallenge("appAssistant".getBytes("UTF-8")).setUserAuthenticationRequired(false).build());
                    keyPair = keyPairGenerator.generateKeyPair();
                } catch (Exception e) {
                    aak.c(TAG, "generateKeyPair e:" + e.getMessage());
                    keyPair = null;
                    return keyPair;
                }
            } catch (NoSuchAlgorithmException e2) {
                aak.c(TAG, "generateKeyPair e:" + e2.getMessage());
                keyPair = null;
                return keyPair;
            }
        } catch (InvalidAlgorithmParameterException e3) {
            aak.c(TAG, "generateKeyPair e:" + e3.getMessage());
            keyPair = null;
            return keyPair;
        }
        return keyPair;
    }

    private synchronized Certificate[] getCertificateChain(String str) {
        Certificate[] certificateArr;
        KeyStore.Entry entry;
        Certificate[] certificateArr2 = null;
        synchronized (this) {
            try {
                entry = this.ks.getEntry(str, null);
            } catch (Exception e) {
                aak.c(TAG, "getCertificateChain e:" + e.getMessage());
                certificateArr = null;
            }
            if (entry == null) {
                aak.b(TAG, "Entry is not exist");
            } else if (entry instanceof KeyStore.PrivateKeyEntry) {
                certificateArr = ((KeyStore.PrivateKeyEntry) entry).getCertificateChain();
                certificateArr2 = certificateArr;
            } else {
                aak.b(TAG, "Not an INSTANCE of a PrivateKeyEntry");
            }
        }
        return certificateArr2;
    }

    public static SecurityUtil getInstance() {
        return INSTANCE;
    }

    public static String getSHA256Str(String str) {
        try {
            return zz.d(MessageDigest.getInstance(FeedbackWebConstants.SHA_256).digest(str.getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            aak.c(TAG, "getSHA256Str UnsupportedEncodingException", e);
            return "";
        } catch (NoSuchAlgorithmException e2) {
            aak.c(TAG, "getSHA256Str NoSuchAlgorithmException", e2);
            return "";
        } catch (Exception e3) {
            aak.c(TAG, "getSHA256Str Exception", e3);
            return "";
        }
    }

    private String twoStringXor(String str, String str2) throws UnsupportedEncodingException {
        byte[] bytes = str.getBytes("UTF-8");
        byte[] bytes2 = str2.getBytes("UTF-8");
        if (bytes.length < bytes2.length) {
            bytes = bytes2;
            bytes2 = bytes;
        }
        byte[] bArr = new byte[bytes.length];
        int i = 0;
        while (i < bytes2.length) {
            bArr[i] = (byte) (bytes2[i] ^ bytes[i]);
            i++;
        }
        while (i < bytes.length) {
            bArr[i] = bytes[i];
            i++;
        }
        return new String(bArr, "UTF-8");
    }

    public String aesBaseDecrypt(String str, byte[] bArr, byte[] bArr2) {
        if (bArr == null || bArr.length < 16) {
            return null;
        }
        try {
            if (bArr.length > 16) {
                bArr = Arrays.copyOf(bArr, 16);
            }
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, secretKeySpec, new IvParameterSpec(bArr2));
            return new String(cipher.doFinal(Base64.decode(str, 0)), "UTF-8");
        } catch (Exception e) {
            aak.c(TAG, "AESBaseDecrypt error", e);
            return null;
        }
    }

    public String aesBaseEncrypt(String str, byte[] bArr, byte[] bArr2) {
        if (bArr == null || bArr.length < 16) {
            return "";
        }
        if (bArr.length > 16) {
            bArr = Arrays.copyOf(bArr, 16);
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, secretKeySpec, new IvParameterSpec(bArr2));
            return aac.e(cipher.doFinal(str.getBytes("UTF-8"))).replaceAll("\n", "").replaceAll("\r", "");
        } catch (Exception e) {
            aak.c(TAG, "AESBaseEncrypt Exception", e);
            return "";
        }
    }

    public synchronized String baseDecrypt(String str) {
        String str2;
        try {
            if (TextUtils.isEmpty(str)) {
                aak.c(TAG, "baseDecrypt inputStr is null!");
                str2 = null;
            } else {
                byte[] c = aac.c(str);
                Key key = this.privateKeyMap.get(ALIAS_ENCRYPT_1);
                if (key == null) {
                    KeyStore.Entry entry = this.ks.getEntry(ALIAS_ENCRYPT_1, null);
                    if (entry == null) {
                        aak.c(TAG, "Entry is not exist");
                        str2 = null;
                    } else if (entry instanceof KeyStore.PrivateKeyEntry) {
                        key = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                        this.privateKeyMap.put(ALIAS_ENCRYPT_1, key);
                    } else {
                        aak.c(TAG, "Not an INSTANCE of a PrivateKeyEntry");
                        str2 = null;
                    }
                }
                Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", getHwUniversalKeyStoreProvider());
                cipher.init(2, key, new OAEPParameterSpec(FeedbackWebConstants.SHA_256, "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
                cipher.update(c);
                byte[] doFinal = cipher.doFinal();
                str2 = doFinal != null ? new String(doFinal, "UTF-8") : null;
            }
        } catch (Exception e) {
            aak.c(TAG, "baseDecrypt Exception", e);
            str2 = null;
        }
        return str2;
    }

    public String baseEncrypt(String str) {
        if (TextUtils.isEmpty(str)) {
            aak.c(TAG, "encrypt error, sSrc is null");
            return "";
        }
        try {
            Certificate[] certificateArr = this.certificateChainMap.get(ALIAS_ENCRYPT_1);
            if (certificateArr == null) {
                certificateArr = getCertificateChain(ALIAS_ENCRYPT_1);
                if (certificateArr == null) {
                    return null;
                }
                this.certificateChainMap.put(ALIAS_ENCRYPT_1, certificateArr);
            }
            PublicKey publicKey = certificateArr[0].getPublicKey();
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
            cipher.init(1, publicKey, new OAEPParameterSpec(FeedbackWebConstants.SHA_256, "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
            cipher.update(str.getBytes("UTF-8"));
            byte[] doFinal = cipher.doFinal();
            if (doFinal != null) {
                return aac.e(doFinal);
            }
        } catch (Exception e) {
            aak.c(TAG, "baseEncrypt error", e);
        }
        return "";
    }

    /* JADX WARN: Code restructure failed: missing block: B:16:0x000f, code lost:
    
        r0 = "";
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String decryptData(java.lang.String r10) {
        /*
            r9 = this;
            boolean r0 = android.text.TextUtils.isEmpty(r10)
            if (r0 == 0) goto L10
            java.lang.String r0 = "SecurityUtil"
            java.lang.String r1 = "decryptData inputStr is null!"
            kotlin.aak.c(r0, r1)
            java.lang.String r0 = ""
        Lf:
            return r0
        L10:
            byte[] r1 = kotlin.aac.c(r10)     // Catch: java.lang.Exception -> L55
            java.util.Map<java.lang.String, java.security.Key> r0 = r9.privateKeyMap     // Catch: java.lang.Exception -> L55
            java.lang.String r2 = "appgallery_assistant_encrypt"
            java.lang.Object r0 = r0.get(r2)     // Catch: java.lang.Exception -> L55
            java.security.Key r0 = (java.security.Key) r0     // Catch: java.lang.Exception -> L55
            if (r0 != 0) goto L29
            java.lang.String r0 = "SecurityUtil"
            java.lang.String r1 = "decryptData privateKey is null"
            kotlin.aak.c(r0, r1)     // Catch: java.lang.Exception -> L55
            r0 = 0
            goto Lf
        L29:
            java.lang.String r2 = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"
            java.security.Provider r3 = r9.getHwUniversalKeyStoreProvider()     // Catch: java.lang.Exception -> L55
            javax.crypto.Cipher r2 = javax.crypto.Cipher.getInstance(r2, r3)     // Catch: java.lang.Exception -> L55
            r3 = 2
            javax.crypto.spec.OAEPParameterSpec r4 = new javax.crypto.spec.OAEPParameterSpec     // Catch: java.lang.Exception -> L55
            java.lang.String r5 = "SHA-256"
            java.lang.String r6 = "MGF1"
            java.security.spec.MGF1ParameterSpec r7 = java.security.spec.MGF1ParameterSpec.SHA1     // Catch: java.lang.Exception -> L55
            javax.crypto.spec.PSource$PSpecified r8 = javax.crypto.spec.PSource.PSpecified.DEFAULT     // Catch: java.lang.Exception -> L55
            r4.<init>(r5, r6, r7, r8)     // Catch: java.lang.Exception -> L55
            r2.init(r3, r0, r4)     // Catch: java.lang.Exception -> L55
            r2.update(r1)     // Catch: java.lang.Exception -> L55
            byte[] r1 = r2.doFinal()     // Catch: java.lang.Exception -> L55
            if (r1 == 0) goto L5d
            java.lang.String r0 = new java.lang.String     // Catch: java.lang.Exception -> L55
            java.lang.String r2 = "UTF-8"
            r0.<init>(r1, r2)     // Catch: java.lang.Exception -> L55
            goto Lf
        L55:
            r0 = move-exception
            java.lang.String r1 = "SecurityUtil"
            java.lang.String r2 = "decryptData Exception e"
            kotlin.aak.c(r1, r2, r0)
        L5d:
            java.lang.String r0 = ""
            goto Lf
        */
        throw new UnsupportedOperationException("Method not decompiled: com.huawei.gameassistant.utils.SecurityUtil.decryptData(java.lang.String):java.lang.String");
    }

    public Certificate[] getEncryptCertificateChain() {
        Certificate[] certificateArr = this.certificateChainMap.get(ALIAS_ENCRYPT);
        if (certificateArr != null) {
            return certificateArr;
        }
        Certificate[] certificateChain = getCertificateChain(ALIAS_ENCRYPT);
        this.certificateChainMap.put(ALIAS_ENCRYPT, certificateChain);
        return certificateChain;
    }

    public Provider getHwUniversalKeyStoreProvider() {
        try {
            return new HwUniversalKeyStoreProvider();
        } catch (Throwable th) {
            aak.c(TAG, "getHwUniversalKeyStoreProvider Exception", th);
            return null;
        }
    }

    public synchronized byte[] getKeySeed(String str) {
        byte[] bArr;
        bArr = null;
        if (this.keySeed != null) {
            bArr = new byte[this.keySeed.length];
            System.arraycopy(this.keySeed, 0, bArr, 0, this.keySeed.length);
        } else {
            try {
                try {
                    String twoStringXor = twoStringXor(twoStringXor(nb.d().a().getResources().getString(R.string.key_part1), nb.d().a().getResources().getString(R.string.key_part2)), nb.d().a().getResources().getString(R.string.key_part3));
                    this.keySeed = createHash(twoStringXor.toCharArray(), Base64.decode(str, 0));
                    bArr = new byte[this.keySeed.length];
                    System.arraycopy(this.keySeed, 0, bArr, 0, this.keySeed.length);
                } catch (UnsupportedEncodingException e) {
                    aak.c(TAG, "getKeySeed UnsupportedEncodingException ");
                } catch (NoSuchAlgorithmException e2) {
                    aak.c(TAG, "getKeySeed NoSuchAlgorithmException ");
                }
            } catch (InvalidKeySpecException e3) {
                aak.c(TAG, "getKeySeed InvalidKeySpecException ");
            } catch (Exception e4) {
                aak.c(TAG, "getKeySeed Exception ");
            }
        }
        return bArr;
    }

    public byte[] getSaltBytes() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    public String getSaltString() {
        return zz.d(getSaltBytes());
    }

    public Certificate[] getSignCertificateChain() {
        Certificate[] certificateArr = this.certificateChainMap.get(ALIAS_SIGN);
        if (certificateArr != null) {
            return certificateArr;
        }
        Certificate[] certificateChain = getCertificateChain(ALIAS_SIGN);
        this.certificateChainMap.put(ALIAS_SIGN, certificateChain);
        return certificateChain;
    }

    public void init() {
        aak.a(TAG, "init");
        synchronized (INSTANCE) {
            if (kq.e("ro.config.gameassist.peripherals", 0) == 1) {
                try {
                    HwUniversalKeyStoreProvider.install();
                } catch (Throwable th) {
                    aak.c(TAG, "Provider install Exception", th);
                }
                this.singleThreadScheduledPool.execute(new Runnable() { // from class: com.huawei.gameassistant.utils.SecurityUtil.2
                    @Override // java.lang.Runnable
                    public void run() {
                        try {
                            aak.d(SecurityUtil.TAG, "init start");
                            if (SecurityUtil.this.initKeyPair()) {
                                aak.d(SecurityUtil.TAG, "init KeyPair success.");
                            } else {
                                aak.c(SecurityUtil.TAG, "init KeyPair fail.");
                            }
                        } catch (Throwable th2) {
                            aak.c(SecurityUtil.TAG, "init Exception", th2);
                        }
                    }
                });
            }
        }
    }

    public boolean initKeyPair() {
        boolean z;
        synchronized (INSTANCE) {
            if (this.isInit) {
                aak.d(TAG, "isInit is true");
                z = true;
            } else {
                aak.d(TAG, "start init KeyPair.");
                this.isInit = false;
                aaq.e().e(this);
                KeyPair generateKeyPair = generateKeyPair(ALIAS_SIGN, "RSA", 12, FeedbackWebConstants.SHA_256, "PSS");
                KeyPair generateKeyPair2 = generateKeyPair(ALIAS_ENCRYPT, "RSA", 3, FeedbackWebConstants.SHA_256, "OAEPPadding");
                KeyPair generateKeyPair3 = generateKeyPair(ALIAS_ENCRYPT_1, "RSA", 3, FeedbackWebConstants.SHA_256, "OAEPPadding");
                this.ks = null;
                this.privateKeyMap.clear();
                this.certificateChainMap.clear();
                z = (generateKeyPair == null || generateKeyPair2 == null || generateKeyPair3 == null) ? false : true;
                if (z) {
                    this.isInit = true;
                    aaq.e().a(this);
                }
            }
        }
        return z;
    }

    public boolean isInitSuccess() {
        boolean z;
        synchronized (INSTANCE) {
            if (this.isInit) {
                try {
                    if (this.ks == null) {
                        this.ks = KeyStore.getInstance(KEYSTORE_NAME);
                        this.ks.load(null);
                        aak.a(TAG, "Load keystore success!");
                    }
                    if (!this.privateKeyMap.containsKey(ALIAS_SIGN)) {
                        this.privateKeyMap.put(ALIAS_SIGN, this.ks.getKey(ALIAS_SIGN, null));
                        this.certificateChainMap.put(ALIAS_SIGN, getCertificateChain(ALIAS_SIGN));
                    }
                    if (!this.privateKeyMap.containsKey(ALIAS_ENCRYPT)) {
                        KeyStore.Entry entry = this.ks.getEntry(ALIAS_ENCRYPT, null);
                        if (entry instanceof KeyStore.PrivateKeyEntry) {
                            this.privateKeyMap.put(ALIAS_ENCRYPT, ((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
                            this.certificateChainMap.put(ALIAS_ENCRYPT, getCertificateChain(ALIAS_ENCRYPT));
                        } else {
                            aak.b(TAG, "Not an INSTANCE of a PrivateKeyEntry");
                        }
                    }
                    if (!this.privateKeyMap.containsKey(ALIAS_ENCRYPT_1)) {
                        KeyStore.Entry entry2 = this.ks.getEntry(ALIAS_ENCRYPT_1, null);
                        if (entry2 instanceof KeyStore.PrivateKeyEntry) {
                            this.privateKeyMap.put(ALIAS_ENCRYPT_1, ((KeyStore.PrivateKeyEntry) entry2).getPrivateKey());
                            this.certificateChainMap.put(ALIAS_ENCRYPT_1, getCertificateChain(ALIAS_ENCRYPT_1));
                        } else {
                            aak.b(TAG, "Not an INSTANCE of a PrivateKeyEntry");
                        }
                    }
                } catch (Exception e) {
                    aak.c(TAG, "Init KeyStore exception:", e);
                }
            }
            z = this.isInit;
        }
        return z;
    }

    public String signData(String str) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, NoSuchProviderException {
        if (TextUtils.isEmpty(str)) {
            aak.c(TAG, "signData inputStr is null!");
            return null;
        }
        byte[] bytes = str.getBytes("UTF-8");
        Key key = this.privateKeyMap.get(ALIAS_SIGN);
        if (key == null) {
            aak.c(TAG, "signData privateKey is null");
            return null;
        }
        Signature signature = Signature.getInstance(SIGNATURE_TYPE_SHA256, "HwUniversalKeyStoreProvider");
        signature.initSign((PrivateKey) key);
        signature.update(bytes);
        return aac.e(signature.sign());
    }
}
