package com.vivo.vcodeimpl.security;

import a5.a;
import android.security.keystore.KeyProtection;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.Keep;
import androidx.annotation.RequiresApi;
import com.vivo.vcodecommon.RuleUtil;
import com.vivo.vcodecommon.io.FileUtil;
import com.vivo.vcodecommon.logcat.LogUtil;
import com.vivo.vcodeimpl.TrackerConfigImpl;
import java.nio.charset.StandardCharsets;
import java.security.AlgorithmParameters;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import t3.b;
import w3.a;

@Keep
/* loaded from: classes.dex */
public class SecUtils {
    private static final String AES_GCM_NO_PADDING = "AES/GCM/NoPadding";
    public static final String DEFAULT_ENCODED = "UTF-8";
    private static final int INIT_ERROR_RESET = 3;
    private static final int IV_LENGTH = 128;
    private static final String KEY_ALGORITHM = "AES";
    private static final int KEY_LENGTH = 256;
    private static final String RSA_ENCRYPTION_ALGORITHM = "RSA/NONE/NoPadding";
    private static String sEncodeKey;
    private static SecretKey sRandomKey;
    private static SecretKey sSecretKey;
    private static final String TAG = RuleUtil.genTag((Class<?>) SecUtils.class);
    private static final AtomicInteger mRetry = new AtomicInteger(0);
    private static final AtomicInteger mRandomRetry = new AtomicInteger(0);

    private static b aesEncrypt(byte[] bArr, SecretKey secretKey) {
        byte[] bArr2 = new byte[128];
        new SecureRandom().nextBytes(bArr2);
        Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);
        cipher.init(1, secretKey, new GCMParameterSpec(128, bArr2));
        return new b(cipher.doFinal(bArr), bArr2);
    }

    private static SecretKey createKey() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_ALGORITHM);
        keyGenerator.init(256);
        return keyGenerator.generateKey();
    }

    private static PublicKey createRSAKey() {
        return a.a(Base64.decode(FileUtil.readAssetsFile(TrackerConfigImpl.getInstance().getContext(), "publicKey.txt"), 0));
    }

    @RequiresApi(api = 23)
    public static String decryptData(b bVar) {
        if (sSecretKey == null) {
            initAesKey();
        }
        if (sSecretKey != null && bVar != null && bVar.a() != null && bVar.b() != null) {
            try {
                Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);
                cipher.init(2, sSecretKey, new GCMParameterSpec(128, bVar.b()));
                return new String(cipher.doFinal(bVar.a()), StandardCharsets.UTF_8);
            } catch (Exception e6) {
                LogUtil.e(TAG, " decryptData error", e6);
            }
        }
        return null;
    }

    private static void decryptKey(String str) {
        String a6 = a.h.a();
        if (TextUtils.isEmpty(a6) || TrackerConfigImpl.getInstance().getContext() == null) {
            return;
        }
        String str2 = "secretKey-vcode-" + TrackerConfigImpl.getInstance().getContext().getPackageName().toUpperCase();
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        SecretKey secretKey = (SecretKey) keyStore.getKey(str2, null);
        Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);
        cipher.init(2, secretKey, new GCMParameterSpec(128, Base64.decode(a6, 0)));
        sSecretKey = new SecretKeySpec(cipher.doFinal(Base64.decode(str, 0)), AES_GCM_NO_PADDING);
    }

    @RequiresApi(api = 23)
    public static b encryptData(String str) {
        if (sSecretKey == null) {
            initAesKey();
        }
        if (sSecretKey == null || TextUtils.isEmpty(str)) {
            return null;
        }
        try {
            return aesEncrypt(str.getBytes(StandardCharsets.UTF_8), sSecretKey);
        } catch (Exception e6) {
            LogUtil.e(TAG, " encryptData error", e6);
            a5.b.f("0", str, null);
            return null;
        }
    }

    public static b encryptData(byte[] bArr, String str) {
        String str2;
        String str3;
        if (sRandomKey == null || (str3 = sEncodeKey) == null || str3.length() == 0) {
            initRandomKey();
        }
        if (sRandomKey != null && (str2 = sEncodeKey) != null && str2.length() != 0) {
            try {
                return aesEncrypt(bArr, sRandomKey);
            } catch (Exception e6) {
                d.a.c().w(str, 0);
                LogUtil.e(TAG, "encryptRandomData error:" + e6.getMessage());
                a5.b.f("5", new String(bArr, StandardCharsets.UTF_8), null);
            }
        }
        return null;
    }

    @RequiresApi(api = 23)
    private static void encryptKey() {
        if (sSecretKey == null) {
            LogUtil.w(TAG, " key null , not encrypt");
            return;
        }
        String str = "secretKey-vcode-" + TrackerConfigImpl.getInstance().getContext().getPackageName().toUpperCase();
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        SecretKey createKey = createKey();
        keyStore.setEntry(str, new KeyStore.SecretKeyEntry(createKey), new KeyProtection.Builder(3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
        Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);
        cipher.init(1, createKey);
        AlgorithmParameters parameters = cipher.getParameters();
        if (parameters == null) {
            LogUtil.w(TAG, " algorithm null , not encrypt");
            return;
        }
        byte[] iv = ((GCMParameterSpec) parameters.getParameterSpec(GCMParameterSpec.class)).getIV();
        a.h.d(Base64.encodeToString(cipher.doFinal(sSecretKey.getEncoded()), 0));
        a.h.b(Base64.encodeToString(iv, 0));
    }

    public static String getEncodeKey() {
        return sEncodeKey;
    }

    @RequiresApi(api = 23)
    private static synchronized void initAesKey() {
        synchronized (SecUtils.class) {
            if (mRetry.get() < 3) {
                try {
                    if (sSecretKey == null) {
                        String c6 = a.h.c();
                        if (!TextUtils.isEmpty(c6)) {
                            decryptKey(c6);
                            if (sSecretKey != null) {
                                return;
                            }
                        }
                        sSecretKey = createKey();
                        encryptKey();
                    }
                } catch (Exception e6) {
                    LogUtil.e(TAG, " initAesKey error", e6);
                    mRetry.incrementAndGet();
                }
            }
        }
    }

    private static synchronized void initRandomKey() {
        synchronized (SecUtils.class) {
            if (mRandomRetry.get() < 3) {
                try {
                    if (sRandomKey == null) {
                        sRandomKey = createKey();
                        sEncodeKey = Base64.encodeToString(a5.a.c(sRandomKey.getEncoded(), createRSAKey(), RSA_ENCRYPTION_ALGORITHM), 0);
                    }
                } catch (Exception e6) {
                    LogUtil.e(TAG, " initAesKey error", e6);
                    mRandomRetry.incrementAndGet();
                }
            }
        }
    }
}
