package gov.zwfw.iam.tacsdk.utils;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.support.annotation.RequiresApi;
import android.text.TextUtils;
import android.util.Base64;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: classes2.dex */
public class SecUtil {
    private static final String AES_MODE = "AES/GCM/NoPadding";
    private static final String ALG_RSA = "RSA";
    private static final String KEYSTORE_ALIAS = "gov.dek";
    private static final String KEYSTORE_PROVIDER = "AndroidKeyStore";
    private static final String RSA_MODE = "RSA/ECB/PKCS1Padding";
    private static final String TAG = "SecUtil";
    private SecretKeySpec aesKey;
    private IvParameterSpec iv;
    private KeyStore mKeyStore;
    private Pref prefsHelper;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class Pref {
        private static final String AESKEY = "a";
        private static final String IV = "i";
        private SharedPreferences sp;

        Pref(Context context) {
            this.sp = context.getSharedPreferences("abctest", 0);
        }

        public String getAESKey() {
            return this.sp.getString("a", "");
        }

        public String getIV() {
            return this.sp.getString(IV, "");
        }

        public void setAESKey(String str) {
            this.sp.edit().putString("a", str).commit();
        }

        public void setIV(String str) {
            this.sp.edit().putString(IV, str).commit();
        }
    }

    public SecUtil(Context context) {
        try {
            this.prefsHelper = new Pref(context);
            this.mKeyStore = KeyStore.getInstance(KEYSTORE_PROVIDER);
            this.mKeyStore.load(null);
            do {
            } while (this.mKeyStore.aliases().hasMoreElements());
            if (TextUtils.isEmpty(this.prefsHelper.getAESKey())) {
                genKeyStoreKey(context);
                genAESKey();
            }
            this.aesKey = getAESKey();
            this.iv = new IvParameterSpec(getIV());
        } catch (IOException e) {
            e.printStackTrace();
        } catch (KeyStoreException e2) {
            e2.printStackTrace();
        } catch (NoSuchAlgorithmException e3) {
            e3.printStackTrace();
        } catch (CertificateException e4) {
            e4.printStackTrace();
        } catch (Exception e5) {
            e5.printStackTrace();
        } catch (Throwable th) {
            th.printStackTrace();
        }
    }

    private void genAESKey() throws Exception {
        byte[] bArr = new byte[16];
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.nextBytes(bArr);
        this.prefsHelper.setIV(Base64.encodeToString(secureRandom.generateSeed(12), 2));
        this.prefsHelper.setAESKey(encryptRSA(bArr));
    }

    private void genKeyStoreKey(Context context) throws Exception {
        if (Build.VERSION.SDK_INT >= 23) {
            generateRSAKeyAboveApi23();
        } else {
            if (Build.VERSION.SDK_INT < 18) {
                throw new RuntimeException("暂时不支持加密");
            }
            generateRSAKeyBelowApi23(context);
        }
    }

    @RequiresApi(api = 23)
    private void generateRSAKeyAboveApi23() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALG_RSA, KEYSTORE_PROVIDER);
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(KEYSTORE_ALIAS, 3).setDigests(McElieceCCA2KeyGenParameterSpec.SHA256, McElieceCCA2KeyGenParameterSpec.SHA512).setEncryptionPaddings("PKCS1Padding").build());
        keyPairGenerator.generateKeyPair();
    }

    @TargetApi(18)
    private void generateRSAKeyBelowApi23(Context context) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(KEYSTORE_ALIAS).setSubject(new X500Principal("CN=gov.dek")).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALG_RSA, KEYSTORE_PROVIDER);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    private SecretKeySpec getAESKey() throws Exception {
        return new SecretKeySpec(decryptRSA(this.prefsHelper.getAESKey()), AES_MODE);
    }

    private byte[] getIV() {
        return Base64.decode(this.prefsHelper.getIV(), 2);
    }

    public String decryptAES(String str) throws Exception {
        byte[] decode = Base64.decode(str.getBytes(), 2);
        Cipher cipher = Cipher.getInstance(AES_MODE);
        cipher.init(2, this.aesKey, this.iv);
        return new String(cipher.doFinal(decode));
    }

    public byte[] decryptRSA(String str) throws Exception {
        PrivateKey privateKey = (PrivateKey) this.mKeyStore.getKey(KEYSTORE_ALIAS, null);
        Cipher cipher = Cipher.getInstance(RSA_MODE);
        cipher.init(2, privateKey);
        return cipher.doFinal(Base64.decode(str, 2));
    }

    public String encryptAES(String str) throws Exception {
        Cipher cipher = Cipher.getInstance(AES_MODE);
        cipher.init(1, this.aesKey, this.iv);
        return Base64.encodeToString(cipher.doFinal(str.getBytes()), 2);
    }

    public String encryptRSA(byte[] bArr) throws Exception {
        PublicKey publicKey = this.mKeyStore.getCertificate(KEYSTORE_ALIAS).getPublicKey();
        Cipher cipher = Cipher.getInstance(RSA_MODE);
        cipher.init(1, publicKey);
        return Base64.encodeToString(cipher.doFinal(bArr), 2);
    }
}
