package com.xiaomi.accounts.secure;

import android.content.Context;
import android.content.SharedPreferences;
import android.content.res.Configuration;
import android.content.res.Resources;
import android.os.SystemClock;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import com.miui.miapm.block.core.MethodRecorder;
import com.xiaomi.accountsdk.utils.AccountLogger;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Locale;
import java.util.WeakHashMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes3.dex */
public class SecureDataManager {
    private static final int AES_CBC_BLOCK_SIZE = 16;
    private static final byte[] AES_IV_BYTES;
    private static final int AES_KEY_SIZE = 128;
    private static final String AES_TRANSFORMATION = "AES/CBC/NoPadding";
    private static final String ALIAS_XIAOMI_PASSPORT = "XiaomiPassport";
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String ENCRYPTED_STRING_PREFIX = "ENCRYPTED@";
    private static final String KEY_BOOL_GENERATE_SECRET_KEY_SUCCESS = "generate_secret_key_success";
    private static final String SP_NAME_GENERATE_SECRET_KEY_RET = "generate_secret_key_ret";
    private static final String TAG = "SecureDataManager";
    private static final WeakHashMap<String, String> sDecryptedDada;
    private static final WeakHashMap<String, String> sEncryptedDada;
    private static volatile KeyStore sKeyStore;
    private static volatile Key sSecureKey;

    static {
        MethodRecorder.i(55880);
        AES_IV_BYTES = "0102030405060708".getBytes();
        sEncryptedDada = new WeakHashMap<>();
        sDecryptedDada = new WeakHashMap<>();
        MethodRecorder.o(55880);
    }

    private static byte[] decodeBase64(String str) {
        MethodRecorder.i(55865);
        if (TextUtils.isEmpty(str)) {
            MethodRecorder.o(55865);
            return null;
        }
        byte[] decode = Base64.decode(str, 10);
        MethodRecorder.o(55865);
        return decode;
    }

    public static String decrypt(Context context, String str) {
        MethodRecorder.i(55878);
        if (!str.startsWith(ENCRYPTED_STRING_PREFIX)) {
            MethodRecorder.o(55878);
            return str;
        }
        String str2 = sDecryptedDada.get(str);
        if (str2 != null) {
            MethodRecorder.o(55878);
            return str2;
        }
        if (sSecureKey == null) {
            initExistingKey(context);
        }
        if (sSecureKey == null) {
            MethodRecorder.o(55878);
            return null;
        }
        String substring = str.substring(10);
        try {
            Cipher cipher = Cipher.getInstance(AES_TRANSFORMATION);
            try {
                cipher.init(2, sSecureKey, new IvParameterSpec(AES_IV_BYTES));
                byte[] bArr = new byte[0];
                try {
                    bArr = cipher.doFinal(decodeBase64(substring));
                } catch (BadPaddingException e) {
                    AccountLogger.log(TAG, "decrypt failed", e);
                    MethodRecorder.o(55878);
                    return str;
                } catch (IllegalBlockSizeException e2) {
                    AccountLogger.log(TAG, "decrypt failed", e2);
                }
                int length = bArr.length;
                int i = 0;
                for (int i2 = 0; i2 < length && bArr[i2] != 0; i2++) {
                    i++;
                }
                String str3 = new String(bArr, 0, i);
                sDecryptedDada.put(str, str3);
                MethodRecorder.o(55878);
                return str3;
            } catch (InvalidAlgorithmParameterException e3) {
                AccountLogger.log(TAG, "init cipher failed", e3);
                MethodRecorder.o(55878);
                return str;
            } catch (InvalidKeyException e4) {
                AccountLogger.log(TAG, "init cipher failed", e4);
                MethodRecorder.o(55878);
                return str;
            }
        } catch (NoSuchAlgorithmException e5) {
            AccountLogger.log(TAG, "get cipher failed", e5);
            MethodRecorder.o(55878);
            return str;
        } catch (NoSuchPaddingException e6) {
            AccountLogger.log(TAG, "get cipher failed", e6);
            MethodRecorder.o(55878);
            return str;
        }
    }

    public static synchronized void deleteKey() {
        synchronized (SecureDataManager.class) {
            MethodRecorder.i(55850);
            KeyStore initedKeyStore = getInitedKeyStore();
            try {
                if (initedKeyStore != null) {
                    initedKeyStore.deleteEntry(ALIAS_XIAOMI_PASSPORT);
                } else {
                    AccountLogger.log(TAG, "get null android key store");
                }
                MethodRecorder.o(55850);
            } catch (KeyStoreException e) {
                IllegalStateException illegalStateException = new IllegalStateException(e);
                MethodRecorder.o(55850);
                throw illegalStateException;
            }
        }
    }

    private static String encodeBase64(byte[] bArr) {
        MethodRecorder.i(55864);
        if (bArr == null || bArr.length == 0) {
            MethodRecorder.o(55864);
            return null;
        }
        String encodeToString = Base64.encodeToString(bArr, 10);
        MethodRecorder.o(55864);
        return encodeToString;
    }

    public static String encrypt(Context context, String str) {
        MethodRecorder.i(55874);
        String str2 = sEncryptedDada.get(str);
        if (str2 != null) {
            MethodRecorder.o(55874);
            return str2;
        }
        if (sSecureKey == null) {
            initExistingKey(context);
        }
        if (sSecureKey == null) {
            MethodRecorder.o(55874);
            return str;
        }
        try {
            Cipher cipher = Cipher.getInstance(AES_TRANSFORMATION);
            try {
                cipher.init(1, sSecureKey, new IvParameterSpec(AES_IV_BYTES));
                try {
                    byte[] bytes = str.getBytes();
                    if (bytes.length % 16 != 0) {
                        byte[] bArr = new byte[((bytes.length / 16) + 1) * 16];
                        for (int i = 0; i < bytes.length; i++) {
                            bArr[i] = bytes[i];
                        }
                        bytes = bArr;
                    }
                    String str3 = ENCRYPTED_STRING_PREFIX + encodeBase64(cipher.doFinal(bytes));
                    sEncryptedDada.put(str, str3);
                    MethodRecorder.o(55874);
                    return str3;
                } catch (BadPaddingException e) {
                    AccountLogger.log(TAG, "encrypt failed", e);
                    MethodRecorder.o(55874);
                    return str;
                } catch (IllegalBlockSizeException e2) {
                    AccountLogger.log(TAG, "encrypt failed", e2);
                    MethodRecorder.o(55874);
                    return str;
                }
            } catch (InvalidAlgorithmParameterException e3) {
                AccountLogger.log(TAG, "init cipher failed", e3);
                MethodRecorder.o(55874);
                return str;
            } catch (InvalidKeyException e4) {
                AccountLogger.log(TAG, "init cipher failed", e4);
                MethodRecorder.o(55874);
                return str;
            }
        } catch (NoSuchAlgorithmException e5) {
            AccountLogger.log(TAG, "get cipher failed", e5);
            MethodRecorder.o(55874);
            return str;
        } catch (NoSuchPaddingException e6) {
            AccountLogger.log(TAG, "get cipher failed", e6);
            MethodRecorder.o(55874);
            return str;
        }
    }

    private static void generateKeyAboveM(Context context) {
        MethodRecorder.i(55818);
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEY_STORE);
            Locale locale = Locale.getDefault();
            setLocale(context, Locale.ENGLISH);
            try {
                try {
                    keyGenerator.init(new KeyGenParameterSpec.Builder(ALIAS_XIAOMI_PASSPORT, 3).setBlockModes("CBC").setEncryptionPaddings("NoPadding").setKeySize(128).setRandomizedEncryptionRequired(false).setUserAuthenticationRequired(false).build());
                    setLocale(context, locale);
                    SecretKey generateKey = keyGenerator.generateKey();
                    KeyStore initedKeyStore = getInitedKeyStore();
                    if (generateKey != null && initedKeyStore != null) {
                        sSecureKey = generateKey;
                    }
                    MethodRecorder.o(55818);
                } catch (InvalidAlgorithmParameterException e) {
                    AccountLogger.log(TAG, "init keypair generator failed", e);
                    setLocale(context, locale);
                    MethodRecorder.o(55818);
                }
            } catch (Throwable th) {
                setLocale(context, locale);
                MethodRecorder.o(55818);
                throw th;
            }
        } catch (NoSuchAlgorithmException e2) {
            AccountLogger.log(TAG, "get key generator failed", e2);
            MethodRecorder.o(55818);
        } catch (NoSuchProviderException e3) {
            AccountLogger.log(TAG, "get key generator failed", e3);
            MethodRecorder.o(55818);
        }
    }

    private static synchronized KeyStore getInitedKeyStore() {
        synchronized (SecureDataManager.class) {
            MethodRecorder.i(55848);
            if (sKeyStore != null) {
                KeyStore keyStore = sKeyStore;
                MethodRecorder.o(55848);
                return keyStore;
            }
            try {
                KeyStore keyStore2 = KeyStore.getInstance(ANDROID_KEY_STORE);
                try {
                    keyStore2.load(null);
                    sKeyStore = keyStore2;
                    MethodRecorder.o(55848);
                    return keyStore2;
                } catch (IOException e) {
                    AccountLogger.log(TAG, "init android keystore failed", e);
                    MethodRecorder.o(55848);
                    return null;
                } catch (NoSuchAlgorithmException e2) {
                    AccountLogger.log(TAG, "init android keystore failed", e2);
                    MethodRecorder.o(55848);
                    return null;
                } catch (CertificateException e3) {
                    AccountLogger.log(TAG, "init android keystore failed", e3);
                    MethodRecorder.o(55848);
                    return null;
                }
            } catch (KeyStoreException e4) {
                AccountLogger.log(TAG, "get android keystore failed", e4);
                MethodRecorder.o(55848);
                return null;
            }
        }
    }

    private static SharedPreferences getSp(Context context) {
        MethodRecorder.i(55819);
        SharedPreferences sharedPreferences = context.getSharedPreferences(SP_NAME_GENERATE_SECRET_KEY_RET, 0);
        MethodRecorder.o(55819);
        return sharedPreferences;
    }

    public static boolean hasGeneratedSecretKey(Context context) {
        MethodRecorder.i(55822);
        boolean contains = getSp(context).contains(KEY_BOOL_GENERATE_SECRET_KEY_SUCCESS);
        MethodRecorder.o(55822);
        return contains;
    }

    public static synchronized void initExistingKey(Context context) {
        synchronized (SecureDataManager.class) {
            MethodRecorder.i(55862);
            if (hasGeneratedSecretKey(context) && !isGenerateSecretKeySuccess(context)) {
                AccountLogger.log(TAG, "not gen success, do not get");
                MethodRecorder.o(55862);
                return;
            }
            if (sSecureKey != null) {
                AccountLogger.log(TAG, "key is not null, skip");
                MethodRecorder.o(55862);
                return;
            }
            long elapsedRealtime = SystemClock.elapsedRealtime();
            KeyStore initedKeyStore = getInitedKeyStore();
            if (initedKeyStore == null) {
                AccountLogger.log(TAG, "initExistingKey#get null android key store");
                MethodRecorder.o(55862);
                return;
            }
            try {
                if (!initedKeyStore.containsAlias(ALIAS_XIAOMI_PASSPORT)) {
                    AccountLogger.log(TAG, "initExistingKey#has not generate key yet");
                    MethodRecorder.o(55862);
                    return;
                }
                try {
                    sSecureKey = initedKeyStore.getKey(ALIAS_XIAOMI_PASSPORT, null);
                    StringBuilder sb = new StringBuilder();
                    sb.append("get key null? ");
                    sb.append(sSecureKey == null);
                    AccountLogger.log(TAG, sb.toString());
                } catch (KeyStoreException e) {
                    IllegalStateException illegalStateException = new IllegalStateException(e);
                    MethodRecorder.o(55862);
                    throw illegalStateException;
                } catch (NoSuchAlgorithmException e2) {
                    AccountLogger.log(TAG, "get key failed", e2);
                } catch (UnrecoverableKeyException e3) {
                    AccountLogger.log(TAG, "get key failed", e3);
                }
                AccountLogger.log(TAG, "initExistingKey#init existing key cost " + (SystemClock.elapsedRealtime() - elapsedRealtime) + " ms");
                MethodRecorder.o(55862);
                return;
            } catch (KeyStoreException e4) {
                IllegalStateException illegalStateException2 = new IllegalStateException(e4);
                MethodRecorder.o(55862);
                throw illegalStateException2;
            }
        }
    }

    public static boolean isEncrypted(String str) {
        MethodRecorder.i(55879);
        boolean startsWith = str.startsWith(ENCRYPTED_STRING_PREFIX);
        MethodRecorder.o(55879);
        return startsWith;
    }

    public static boolean isGenerateSecretKeySuccess(Context context) {
        MethodRecorder.i(55824);
        boolean z = getSp(context).getBoolean(KEY_BOOL_GENERATE_SECRET_KEY_SUCCESS, false);
        MethodRecorder.o(55824);
        return z;
    }

    public static synchronized void safeGenerateOrInitKey(Context context) {
        KeyStore initedKeyStore;
        synchronized (SecureDataManager.class) {
            MethodRecorder.i(55833);
            if (sSecureKey != null) {
                MethodRecorder.o(55833);
                return;
            }
            if (hasGeneratedSecretKey(context)) {
                initExistingKey(context);
                AccountLogger.log(TAG, "already generate key");
                MethodRecorder.o(55833);
                return;
            }
            AccountLogger.log(TAG, "start safe generate key");
            long elapsedRealtime = SystemClock.elapsedRealtime();
            boolean z = true;
            try {
                try {
                    initedKeyStore = getInitedKeyStore();
                } catch (Exception e) {
                    AccountLogger.log(TAG, "generate key failed", e);
                    if (sSecureKey == null) {
                        z = false;
                    }
                }
                if (initedKeyStore != null && initedKeyStore.containsAlias(ALIAS_XIAOMI_PASSPORT)) {
                    AccountLogger.log(TAG, "contains key already, init existing key");
                    initExistingKey(context);
                    return;
                }
                generateKeyAboveM(context);
                initExistingKey(context);
                if (sSecureKey == null) {
                    z = false;
                }
                setGenerateSecretKeySuccess(context, z);
                AccountLogger.log(TAG, "generate key cost " + (SystemClock.elapsedRealtime() - elapsedRealtime) + " ms");
                MethodRecorder.o(55833);
            } finally {
                if (sSecureKey == null) {
                    z = false;
                }
                setGenerateSecretKeySuccess(context, z);
                MethodRecorder.o(55833);
            }
        }
    }

    private static void setGenerateSecretKeySuccess(Context context, boolean z) {
        MethodRecorder.i(55821);
        getSp(context).edit().putBoolean(KEY_BOOL_GENERATE_SECRET_KEY_SUCCESS, z).commit();
        MethodRecorder.o(55821);
    }

    private static void setLocale(Context context, Locale locale) {
        MethodRecorder.i(55838);
        Locale.setDefault(locale);
        Resources resources = context.getResources();
        Configuration configuration = resources.getConfiguration();
        configuration.locale = locale;
        resources.updateConfiguration(configuration, resources.getDisplayMetrics());
        MethodRecorder.o(55838);
    }
}
