package com.transsion.security.aosp.hap.base.impl;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProtection;
import com.transsion.kolun.data.DataSecurity;
import com.transsion.security.aosp.hap.base.TranConstantsTmp;
import com.transsion.security.aosp.hap.base.auth.impl.TranHapKeyStoreLite;
import com.transsion.security.aosp.hap.base.interstore.b;
import com.transsion.transvasdk.test.NLUUpstreamHttpForTest;
import ct.d;
import ct.e;
import ct.f;
import d20.f1;
import d20.m;
import d20.p;
import d20.s0;
import d20.z0;
import hyperion.hap.ICryptoManager;
import hyperion.interstore.impl.TranStorePrefs;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Locale;
import java.util.Vector;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import kotlin.collections.j;
import kotlin.jvm.internal.Ref$ObjectRef;
import kotlin.jvm.internal.g;
import l30.c;
import n30.b0;
import n30.h;
import n30.l;
import n30.w;
import n30.y;
import n30.z;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.RuntimeOperatorException;
import org.bouncycastle.util.k;
import w70.q;
import x00.r;
import x00.s;

/* loaded from: classes6.dex */
public final class TranHapCryptoManagerV2Impl implements ICryptoManager {

    /* renamed from: a, reason: collision with root package name */
    @q
    public final ct.a f21457a;

    /* renamed from: b, reason: collision with root package name */
    @q
    public final d f21458b;

    /* renamed from: c, reason: collision with root package name */
    @q
    public final b f21459c;

    /* renamed from: d, reason: collision with root package name */
    @q
    public final com.transsion.security.aosp.hap.base.interstore.a f21460d;

    /* renamed from: e, reason: collision with root package name */
    @q
    public final ct.b f21461e;

    public TranHapCryptoManagerV2Impl(@q Context context, @q e eVar, @q f fVar, @q TranStorePrefs tranStorePrefs, @q TranHapKeyStoreLite tranHapKeyStoreLite) {
        j90.a aVar = j90.a.f31693a;
        g.f(context, "context");
        this.f21457a = eVar;
        this.f21458b = fVar;
        this.f21459c = tranStorePrefs;
        this.f21460d = tranHapKeyStoreLite;
        this.f21461e = aVar;
    }

    public static void a(byte[] bArr, r rVar) {
        if (bArr.length < 16) {
            throw new IllegalArgumentException("incorrect argument size!");
        }
        rVar.invoke(bArr, 0, Integer.valueOf(bArr.length - 16), j.f(bArr.length - 16, bArr.length, bArr));
    }

    public static void b(byte[] bArr, s sVar) {
        int length = bArr.length - 1;
        if (length < 12) {
            throw new IllegalArgumentException("incorrect argument size!");
        }
        byte b11 = bArr[length];
        if (b11 > Byte.MAX_VALUE || b11 < Byte.MIN_VALUE) {
            throw new IllegalArgumentException("incorrect size of aad[${Byte.MIN_VALUE} - ${Byte.MAX_VALUE}");
        }
        int i11 = length - 12;
        byte[] f11 = j.f(i11, length, bArr);
        int i12 = i11 - b11;
        sVar.invoke(bArr, 0, Integer.valueOf(i12), j.f(i12, i11, bArr), f11);
    }

    @q
    public static X509Certificate c(@q KeyPair keyPair) {
        String str;
        n30.a aVar;
        long currentTimeMillis = System.currentTimeMillis();
        Date date = new Date(currentTimeMillis);
        Date date2 = new Date(currentTimeMillis + 31536000000L);
        Locale locale = new Locale(NLUUpstreamHttpForTest.LANGUAGE, "GB");
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        c cVar = new c();
        w k11 = w.k(keyPair.getPublic().getEncoded());
        z zVar = new z(date, locale);
        z zVar2 = new z(date2, locale);
        b0 b0Var = new b0();
        b0Var.f33954b = new m(valueOf);
        b0Var.f33956d = cVar;
        b0Var.f33957e = zVar;
        b0Var.f33958f = zVar2;
        b0Var.f33959g = cVar;
        b0Var.f33960h = k11;
        Hashtable hashtable = new Hashtable();
        Vector vector = new Vector();
        String algorithm = keyPair.getPrivate().getAlgorithm();
        if (g.a(algorithm, "RSA")) {
            str = "SHA256withRSA";
        } else {
            if (!g.a(algorithm, "EC")) {
                throw new IllegalArgumentException(g.k(keyPair.getPrivate().getAlgorithm(), "Unsupported key algorithm: "));
            }
            str = "SHA256withECDSA";
        }
        PrivateKey privateKey = keyPair.getPrivate();
        m50.a aVar2 = new m50.a(new v40.b());
        String e11 = k.e(str);
        p pVar = (p) k50.f.f32239a.get(e11);
        if (pVar == null) {
            throw new IllegalArgumentException("Unknown signature type requested: ".concat(e11));
        }
        if (k50.f.f32240b.contains(pVar)) {
            aVar = new n30.a(pVar);
        } else {
            HashMap hashMap = k50.f.f32241c;
            aVar = hashMap.containsKey(e11) ? new n30.a(pVar, (d20.f) hashMap.get(e11)) : new n30.a(pVar, z0.f24065a);
        }
        try {
            Signature a11 = aVar2.a(aVar);
            a11.initSign(privateKey);
            o40.a aVar3 = new o40.a(a11);
            JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
            b0Var.f33955c = aVar;
            if (!vector.isEmpty()) {
                l[] lVarArr = new l[vector.size()];
                for (int i11 = 0; i11 != vector.size(); i11++) {
                    lVarArr[i11] = (l) hashtable.get(vector.elementAt(i11));
                }
                n30.m mVar = new n30.m(lVarArr);
                b0Var.f33961i = mVar;
                l k12 = mVar.k(l.f34009e);
                if (k12 != null && k12.f34025b) {
                    b0Var.f33962j = true;
                }
            }
            try {
                y a12 = b0Var.a();
                d20.s.a(aVar3, "DER").k(a12);
                aVar3.close();
                try {
                    byte[] sign = a11.sign();
                    d20.g gVar = new d20.g();
                    gVar.a(a12);
                    gVar.a(aVar);
                    gVar.a(new s0(sign));
                    X509Certificate a13 = jcaX509CertificateConverter.a(new X509CertificateHolder(h.k(new f1(gVar))));
                    g.e(a13, "JcaX509CertificateConver…der.build(contentSigner))");
                    return a13;
                } catch (SignatureException e12) {
                    throw new RuntimeOperatorException("exception obtaining signature: " + e12.getMessage(), e12);
                }
            } catch (IOException unused) {
                throw new IllegalArgumentException("cannot produce certificate signature");
            }
        } catch (GeneralSecurityException e13) {
            throw new OperatorCreationException("cannot create signer: " + e13.getMessage(), e13);
        }
    }

    @Override // hyperion.hap.ICryptoManager
    @t0.a
    @w70.r
    public final List<String> aliases() {
        this.f21457a.a();
        return (List) kotlinx.coroutines.g.c(new TranHapCryptoManagerV2Impl$aliases$1(this, null));
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // hyperion.hap.ICryptoManager
    @t0.a
    @w70.r
    public final byte[] decrypt(@q String alias, @q byte[] input) {
        com.transsion.security.aosp.hap.base.interstore.c a11;
        g.f(alias, "alias");
        g.f(input, "input");
        this.f21457a.a();
        com.transsion.security.aosp.hap.base.interstore.a aVar = this.f21460d;
        final KeyStore.Entry b11 = aVar.b(alias);
        if (b11 != null && (a11 = aVar.a(alias)) != null) {
            boolean z11 = b11 instanceof KeyStore.SecretKeyEntry;
            String str = bt.c.a(a11.f21472a).f7848a;
            if (z11) {
                try {
                    if (g.a(str, "AES/CBC/PKCS7Padding")) {
                        final Cipher cipher = Cipher.getInstance(str);
                        final Ref$ObjectRef ref$ObjectRef = new Ref$ObjectRef();
                        a(input, new r<byte[], Integer, Integer, byte[], h00.z>() { // from class: com.transsion.security.aosp.hap.base.impl.TranHapCryptoManagerV2Impl$decrypt$1$1
                            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                            {
                                super(4);
                            }

                            @Override // x00.r
                            public /* bridge */ /* synthetic */ h00.z invoke(byte[] bArr, Integer num, Integer num2, byte[] bArr2) {
                                invoke(bArr, num.intValue(), num2.intValue(), bArr2);
                                return h00.z.f26537a;
                            }

                            /* JADX WARN: Type inference failed for: r4v1, types: [T, byte[]] */
                            public final void invoke(@q byte[] inb, int i11, int i12, @q byte[] iv2) {
                                g.f(inb, "inb");
                                g.f(iv2, "iv");
                                cipher.init(2, ((KeyStore.SecretKeyEntry) b11).getSecretKey(), new IvParameterSpec(iv2));
                                ref$ObjectRef.element = cipher.doFinal(inb, i11, i12);
                            }
                        });
                        return (byte[]) ref$ObjectRef.element;
                    }
                    if (g.a(str, "AES/GCM/NoPadding")) {
                        final Cipher cipher2 = Cipher.getInstance(str);
                        final Ref$ObjectRef ref$ObjectRef2 = new Ref$ObjectRef();
                        b(input, new s<byte[], Integer, Integer, byte[], byte[], h00.z>() { // from class: com.transsion.security.aosp.hap.base.impl.TranHapCryptoManagerV2Impl$decrypt$1$2
                            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                            {
                                super(5);
                            }

                            @Override // x00.s
                            public /* bridge */ /* synthetic */ h00.z invoke(byte[] bArr, Integer num, Integer num2, byte[] bArr2, byte[] bArr3) {
                                invoke(bArr, num.intValue(), num2.intValue(), bArr2, bArr3);
                                return h00.z.f26537a;
                            }

                            /* JADX WARN: Type inference failed for: r5v1, types: [T, byte[]] */
                            public final void invoke(@q byte[] inb, int i11, int i12, @q byte[] aad, @q byte[] iv2) {
                                g.f(inb, "inb");
                                g.f(aad, "aad");
                                g.f(iv2, "iv");
                                cipher2.init(2, ((KeyStore.SecretKeyEntry) b11).getSecretKey(), new GCMParameterSpec(128, iv2));
                                cipher2.updateAAD(aad);
                                ref$ObjectRef2.element = cipher2.doFinal(inb, i11, i12);
                            }
                        });
                        return (byte[]) ref$ObjectRef2.element;
                    }
                } catch (ArrayIndexOutOfBoundsException unused) {
                    throw new IllegalArgumentException("incorrect argument size!");
                }
            } else if (b11 instanceof KeyStore.PrivateKeyEntry) {
                if (g.a(str, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding")) {
                    PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) b11).getPrivateKey();
                    g.e(privateKey, "keyEntry.privateKey");
                    Cipher cipher3 = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
                    cipher3.init(2, privateKey, new OAEPParameterSpec("SHA-1", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
                    byte[] doFinal = cipher3.doFinal(input);
                    g.e(doFinal, "it.doFinal(cipherText)");
                    return doFinal;
                }
                if (g.a(str, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding")) {
                    PrivateKey privateKey2 = ((KeyStore.PrivateKeyEntry) b11).getPrivateKey();
                    g.e(privateKey2, "keyEntry.privateKey");
                    Cipher cipher4 = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
                    cipher4.init(2, privateKey2, new OAEPParameterSpec(DataSecurity.SHA256_TYPE, "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT));
                    byte[] doFinal2 = cipher4.doFinal(input);
                    g.e(doFinal2, "it.doFinal(cipherText)");
                    return doFinal2;
                }
            }
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // hyperion.hap.ICryptoManager
    @t0.a
    @w70.r
    public final byte[] encrypt(@q String alias, @q byte[] input) {
        com.transsion.security.aosp.hap.base.interstore.c a11;
        g.f(alias, "alias");
        g.f(input, "input");
        this.f21457a.a();
        com.transsion.security.aosp.hap.base.interstore.a aVar = this.f21460d;
        final KeyStore.Entry b11 = aVar.b(alias);
        if (b11 != null && (a11 = aVar.a(alias)) != null) {
            boolean z11 = b11 instanceof KeyStore.SecretKeyEntry;
            String str = bt.c.a(a11.f21472a).f7848a;
            if (z11) {
                try {
                    if (g.a(str, "AES/CBC/PKCS7Padding")) {
                        final Cipher cipher = Cipher.getInstance(str);
                        final Ref$ObjectRef ref$ObjectRef = new Ref$ObjectRef();
                        a(input, new r<byte[], Integer, Integer, byte[], h00.z>() { // from class: com.transsion.security.aosp.hap.base.impl.TranHapCryptoManagerV2Impl$encrypt$1$1
                            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                            {
                                super(4);
                            }

                            @Override // x00.r
                            public /* bridge */ /* synthetic */ h00.z invoke(byte[] bArr, Integer num, Integer num2, byte[] bArr2) {
                                invoke(bArr, num.intValue(), num2.intValue(), bArr2);
                                return h00.z.f26537a;
                            }

                            /* JADX WARN: Type inference failed for: r4v1, types: [T, byte[]] */
                            public final void invoke(@q byte[] inb, int i11, int i12, @q byte[] iv2) {
                                g.f(inb, "inb");
                                g.f(iv2, "iv");
                                cipher.init(1, ((KeyStore.SecretKeyEntry) b11).getSecretKey(), new IvParameterSpec(iv2));
                                ref$ObjectRef.element = cipher.doFinal(inb, i11, i12);
                            }
                        });
                        return (byte[]) ref$ObjectRef.element;
                    }
                    if (g.a(str, "AES/GCM/NoPadding")) {
                        final Cipher cipher2 = Cipher.getInstance(str);
                        final Ref$ObjectRef ref$ObjectRef2 = new Ref$ObjectRef();
                        b(input, new s<byte[], Integer, Integer, byte[], byte[], h00.z>() { // from class: com.transsion.security.aosp.hap.base.impl.TranHapCryptoManagerV2Impl$encrypt$1$2
                            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                            {
                                super(5);
                            }

                            @Override // x00.s
                            public /* bridge */ /* synthetic */ h00.z invoke(byte[] bArr, Integer num, Integer num2, byte[] bArr2, byte[] bArr3) {
                                invoke(bArr, num.intValue(), num2.intValue(), bArr2, bArr3);
                                return h00.z.f26537a;
                            }

                            /* JADX WARN: Type inference failed for: r5v1, types: [T, byte[]] */
                            public final void invoke(@q byte[] inb, int i11, int i12, @q byte[] aad, @q byte[] iv2) {
                                g.f(inb, "inb");
                                g.f(aad, "aad");
                                g.f(iv2, "iv");
                                cipher2.init(1, ((KeyStore.SecretKeyEntry) b11).getSecretKey(), new GCMParameterSpec(128, iv2));
                                cipher2.updateAAD(aad);
                                ref$ObjectRef2.element = cipher2.doFinal(inb, i11, i12);
                            }
                        });
                        return (byte[]) ref$ObjectRef2.element;
                    }
                } catch (ArrayIndexOutOfBoundsException unused) {
                    throw new IllegalArgumentException("incorrect argument size!");
                }
            } else if (b11 instanceof KeyStore.PrivateKeyEntry) {
                if (g.a(str, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding")) {
                    PublicKey publicKey = ((KeyStore.PrivateKeyEntry) b11).getCertificate().getPublicKey();
                    g.e(publicKey, "keyEntry.certificate.publicKey");
                    Cipher cipher3 = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
                    cipher3.init(1, publicKey, new OAEPParameterSpec("SHA-1", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
                    byte[] doFinal = cipher3.doFinal(input);
                    g.e(doFinal, "it.doFinal(plainText)");
                    return doFinal;
                }
                if (g.a(str, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding")) {
                    PublicKey publicKey2 = ((KeyStore.PrivateKeyEntry) b11).getCertificate().getPublicKey();
                    g.e(publicKey2, "keyEntry.certificate.publicKey");
                    Cipher cipher4 = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
                    cipher4.init(1, publicKey2, new OAEPParameterSpec(DataSecurity.SHA256_TYPE, "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT));
                    byte[] doFinal2 = cipher4.doFinal(input);
                    g.e(doFinal2, "it.doFinal(plainText)");
                    return doFinal2;
                }
            }
        }
        return null;
    }

    @Override // hyperion.hap.ICryptoManager
    @t0.a
    @w70.r
    public final byte[] exportKey(@q String alias) {
        g.f(alias, "alias");
        this.f21457a.a();
        return (byte[]) kotlinx.coroutines.g.c(new TranHapCryptoManagerV2Impl$exportKey$1(this, alias, null));
    }

    @Override // hyperion.hap.ICryptoManager
    public final void generateKey(@q String alias, int i11) {
        KeyStore.Entry privateKeyEntry;
        KeyProtection.Builder digests;
        KeyProtection build;
        KeyProtection.Builder encryptionPaddings;
        g.f(alias, "alias");
        this.f21457a.a();
        this.f21458b.a();
        if (((Boolean) kotlinx.coroutines.g.c(new TranHapCryptoManagerV2Impl$generateKey$1(this, alias, null))).booleanValue()) {
            return;
        }
        String str = bt.c.a(i11).f7848a;
        boolean a11 = g.a(str, "AES/CBC/PKCS7Padding");
        com.transsion.security.aosp.hap.base.interstore.a aVar = this.f21460d;
        if (a11) {
            Charset charset = TranConstantsTmp.f21454a;
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidOpenSSL");
            g.e(new KeyGenParameterSpec.Builder(alias, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setRandomizedEncryptionRequired(false).setKeySize(bt.c.a(i11).f7849b).build(), "Builder(alias,\n         …                 .build()");
            keyGenerator.init(bt.c.a(i11).f7849b);
            privateKeyEntry = new KeyStore.SecretKeyEntry(keyGenerator.generateKey());
            encryptionPaddings = new KeyProtection.Builder(3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding");
        } else {
            if (!g.a(str, "AES/GCM/NoPadding")) {
                if (g.a(str, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding")) {
                    Charset charset2 = TranConstantsTmp.f21454a;
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidOpenSSL");
                    keyPairGenerator.initialize(bt.c.a(i11).f7849b);
                    KeyPair genKeyPair = keyPairGenerator.genKeyPair();
                    privateKeyEntry = new KeyStore.PrivateKeyEntry(genKeyPair.getPrivate(), new X509Certificate[]{c(genKeyPair)});
                    digests = new KeyProtection.Builder(3 | (Build.VERSION.SDK_INT >= 28 ? 32 : 0)).setEncryptionPaddings("OAEPPadding").setDigests("SHA-1");
                } else if (g.a(str, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding")) {
                    Charset charset3 = TranConstantsTmp.f21454a;
                    KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "AndroidOpenSSL");
                    keyPairGenerator2.initialize(bt.c.a(i11).f7849b);
                    KeyPair genKeyPair2 = keyPairGenerator2.genKeyPair();
                    privateKeyEntry = new KeyStore.PrivateKeyEntry(genKeyPair2.getPrivate(), new X509Certificate[]{c(genKeyPair2)});
                    digests = new KeyProtection.Builder(3 | (Build.VERSION.SDK_INT >= 28 ? 32 : 0)).setBlockModes("ECB").setEncryptionPaddings("OAEPPadding").setDigests(DataSecurity.SHA256_TYPE);
                } else {
                    if (g.a(str, "HmacSHA256")) {
                        Charset charset4 = TranConstantsTmp.f21454a;
                        KeyGenerator keyGenerator2 = KeyGenerator.getInstance("HmacSHA256", "AndroidOpenSSL");
                        keyGenerator2.init(bt.c.a(i11).f7849b);
                        privateKeyEntry = new KeyStore.SecretKeyEntry(keyGenerator2.generateKey());
                        build = new KeyProtection.Builder(4).build();
                        g.e(build, "Builder(KeyProperties.PU…                 .build()");
                        aVar.c(alias, i11, privateKeyEntry, build);
                    }
                    if (!g.a(str, "SHA256withECDSA")) {
                        return;
                    }
                    Charset charset5 = TranConstantsTmp.f21454a;
                    KeyPairGenerator keyPairGenerator3 = KeyPairGenerator.getInstance("EC", "AndroidOpenSSL");
                    keyPairGenerator3.initialize(new ECGenParameterSpec("secp256r1"));
                    KeyPair genKeyPair3 = keyPairGenerator3.genKeyPair();
                    privateKeyEntry = new KeyStore.PrivateKeyEntry(genKeyPair3.getPrivate(), new X509Certificate[]{c(genKeyPair3)});
                    digests = new KeyProtection.Builder(12).setDigests(DataSecurity.SHA256_TYPE);
                }
                build = digests.build();
                g.e(build, "Builder(\n               …                 .build()");
                aVar.c(alias, i11, privateKeyEntry, build);
            }
            Charset charset6 = TranConstantsTmp.f21454a;
            KeyGenerator keyGenerator3 = KeyGenerator.getInstance("AES", "AndroidOpenSSL");
            keyGenerator3.init(bt.c.a(i11).f7849b);
            privateKeyEntry = new KeyStore.SecretKeyEntry(keyGenerator3.generateKey());
            encryptionPaddings = new KeyProtection.Builder(3).setBlockModes("GCM").setEncryptionPaddings("NoPadding");
        }
        digests = encryptionPaddings.setRandomizedEncryptionRequired(false);
        build = digests.build();
        g.e(build, "Builder(\n               …                 .build()");
        aVar.c(alias, i11, privateKeyEntry, build);
    }

    @Override // hyperion.hap.ICryptoManager
    @t0.a
    @q
    public final byte[] getImportKeyAAD(int i11) {
        this.f21457a.a();
        return this.f21461e.a(i11);
    }

    @Override // hyperion.hap.ICryptoManager
    @t0.a
    public final void importKey(@q String alias, int i11, @q String decryptKeyalias, @q byte[] encryptedTmpKey, @q byte[] encryptedKey, @q byte[] iv2, @q byte[] aad, @q byte[] tag) {
        g.f(alias, "alias");
        g.f(decryptKeyalias, "decryptKeyalias");
        g.f(encryptedTmpKey, "encryptedTmpKey");
        g.f(encryptedKey, "encryptedKey");
        g.f(iv2, "iv");
        g.f(aad, "aad");
        g.f(tag, "tag");
        this.f21457a.a();
        this.f21458b.a();
        if (((Boolean) kotlinx.coroutines.g.c(new TranHapCryptoManagerV2Impl$importKey$1(this, alias, null))).booleanValue()) {
            return;
        }
        com.transsion.security.aosp.hap.base.interstore.a aVar = this.f21460d;
        KeyStore.Entry b11 = aVar.b(decryptKeyalias);
        if (b11 == null) {
            throw new IllegalArgumentException("specified key not exist!!");
        }
        if (!(b11 instanceof KeyStore.PrivateKeyEntry)) {
            throw new IllegalArgumentException("specified key type not correct!!");
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(decrypt(decryptKeyalias, encryptedTmpKey), "AES");
        byte[] h11 = j.h(encryptedKey, tag);
        byte[] aad2 = getImportKeyAAD(i11 == 1050 ? 2 : 1);
        g.f(aad2, "aad");
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, secretKeySpec, new GCMParameterSpec(128, iv2));
        cipher.updateAAD(aad2);
        byte[] doFinal = cipher.doFinal(h11);
        g.e(doFinal, "cipher.doFinal(cipherText)");
        String str = bt.c.a(i11).f7848a;
        KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(new SecretKeySpec(doFinal, kotlin.text.q.p(str, "mac", true) ? str : "AES"));
        KeyProtection build = new KeyProtection.Builder(7).setBlockModes("CBC", "GCM").setEncryptionPaddings("PKCS7Padding", "NoPadding").setRandomizedEncryptionRequired(false).build();
        g.e(build, "Builder(KeyProperties.PU…\n                .build()");
        aVar.c(alias, i11, secretKeyEntry, build);
    }

    @Override // hyperion.hap.ICryptoManager
    public final void removeKey(@q String alias) {
        g.f(alias, "alias");
        ct.a aVar = this.f21457a;
        aVar.a();
        aVar.a();
        kotlinx.coroutines.g.c(new TranHapCryptoManagerV2Impl$removeCKey$1(this, alias, null));
    }

    @Override // hyperion.hap.ICryptoManager
    @t0.a
    @w70.r
    public final byte[] sign(@q String alias, @q byte[] input) {
        com.transsion.security.aosp.hap.base.interstore.c a11;
        g.f(alias, "alias");
        g.f(input, "input");
        this.f21457a.a();
        com.transsion.security.aosp.hap.base.interstore.a aVar = this.f21460d;
        KeyStore.Entry b11 = aVar.b(alias);
        if (b11 != null && (a11 = aVar.a(alias)) != null) {
            String str = bt.c.a(a11.f21472a).f7848a;
            if (g.a(str, "HmacSHA256") ? true : g.a(str, "AES")) {
                if (b11 instanceof KeyStore.SecretKeyEntry) {
                    SecretKey secretKey = ((KeyStore.SecretKeyEntry) b11).getSecretKey();
                    g.e(secretKey, "keyEntry.secretKey");
                    Mac mac = Mac.getInstance("HmacSHA256");
                    mac.init(secretKey);
                    byte[] doFinal = mac.doFinal(input);
                    g.e(doFinal, "mac.doFinal(data)");
                    return doFinal;
                }
            } else if (g.a(str, "SHA256withECDSA") && (b11 instanceof KeyStore.PrivateKeyEntry)) {
                PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) b11).getPrivateKey();
                g.e(privateKey, "keyEntry.privateKey");
                Signature signature = Signature.getInstance("SHA256withECDSA");
                signature.initSign(privateKey);
                signature.update(input);
                byte[] sign = signature.sign();
                g.e(sign, "signature_.sign()");
                return sign;
            }
        }
        return null;
    }

    @Override // hyperion.hap.ICryptoManager
    @t0.a
    public final void updateKey(@q String alias, int i11) {
        g.f(alias, "alias");
        this.f21457a.a();
        this.f21458b.a();
        removeKey(alias);
        generateKey(alias, i11);
    }

    @Override // hyperion.hap.ICryptoManager
    @t0.a
    public final boolean verify(@q String alias, @q byte[] input, @q byte[] signature) {
        com.transsion.security.aosp.hap.base.interstore.c a11;
        g.f(alias, "alias");
        g.f(input, "input");
        g.f(signature, "signature");
        this.f21457a.a();
        com.transsion.security.aosp.hap.base.interstore.a aVar = this.f21460d;
        KeyStore.Entry b11 = aVar.b(alias);
        if (b11 != null && (a11 = aVar.a(alias)) != null) {
            String str = bt.c.a(a11.f21472a).f7848a;
            if (g.a(str, "HmacSHA256")) {
                if (b11 instanceof KeyStore.SecretKeyEntry) {
                    SecretKey secretKey = ((KeyStore.SecretKeyEntry) b11).getSecretKey();
                    g.e(secretKey, "keyEntry.secretKey");
                    Mac mac = Mac.getInstance("HmacSHA256");
                    mac.init(secretKey);
                    byte[] doFinal = mac.doFinal(input);
                    g.e(doFinal, "mac.doFinal(data)");
                    return Arrays.equals(doFinal, signature);
                }
            } else if (g.a(str, "SHA256withECDSA") && (b11 instanceof KeyStore.PrivateKeyEntry)) {
                PublicKey publicKey = ((KeyStore.PrivateKeyEntry) b11).getCertificate().getPublicKey();
                g.e(publicKey, "keyEntry.certificate.publicKey");
                Signature signature2 = Signature.getInstance("SHA256withECDSA");
                signature2.initVerify(publicKey);
                signature2.update(input);
                return signature2.verify(signature);
            }
        }
        return false;
    }
}
