package com.xiaomi.iot.spec_common.securecache;

import android.annotation.TargetApi;
import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.annotation.Nullable;
import com.tencent.mmkv.MMKV;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.eclipse.jetty.util.StringUtil;

/* compiled from: EncryptionManager.java */
/* loaded from: classes6.dex */
public class a {
    private Context A;
    com.xiaomi.iot.spec_common.securecache.b B;

    /* renamed from: j, reason: collision with root package name */
    private final byte[] f17090j;

    /* renamed from: k, reason: collision with root package name */
    private final String f17091k;

    /* renamed from: l, reason: collision with root package name */
    protected final String f17092l;

    /* renamed from: m, reason: collision with root package name */
    protected final String f17093m;

    /* renamed from: s, reason: collision with root package name */
    protected final String f17099s;

    /* renamed from: t, reason: collision with root package name */
    private KeyStore f17100t;

    /* renamed from: u, reason: collision with root package name */
    private SecretKey f17101u;

    /* renamed from: v, reason: collision with root package name */
    private SecretKey f17102v;

    /* renamed from: w, reason: collision with root package name */
    private RSAPublicKey f17103w;

    /* renamed from: x, reason: collision with root package name */
    private RSAPrivateKey f17104x;

    /* renamed from: y, reason: collision with root package name */
    private String f17105y;

    /* renamed from: z, reason: collision with root package name */
    private boolean f17106z;

    /* renamed from: a, reason: collision with root package name */
    private final int f17081a = 2048;

    /* renamed from: b, reason: collision with root package name */
    private final int f17082b = 256;

    /* renamed from: c, reason: collision with root package name */
    private final int f17083c = 256;

    /* renamed from: d, reason: collision with root package name */
    private final int f17084d = 128;

    /* renamed from: e, reason: collision with root package name */
    private final int f17085e = 16;

    /* renamed from: f, reason: collision with root package name */
    private final int f17086f = 12;

    /* renamed from: g, reason: collision with root package name */
    private final String f17087g = "AndroidKeyStore";

    /* renamed from: h, reason: collision with root package name */
    private final String f17088h = "AndroidOpenSSL";

    /* renamed from: i, reason: collision with root package name */
    private final String f17089i = org.bouncycastle.jce.provider.a.PROVIDER_NAME;

    /* renamed from: n, reason: collision with root package name */
    private final String f17094n = "]";

    /* renamed from: o, reason: collision with root package name */
    private final String f17095o = "RSA/ECB/PKCS1Padding";

    /* renamed from: p, reason: collision with root package name */
    private final String f17096p = "AES/GCM/NoPadding";

    /* renamed from: q, reason: collision with root package name */
    private final String f17097q = "AES/CBC/PKCS7Padding";

    /* renamed from: r, reason: collision with root package name */
    private final String f17098r = "HmacSHA256";

    /* compiled from: EncryptionManager.java */
    /* renamed from: com.xiaomi.iot.spec_common.securecache.a$a, reason: collision with other inner class name */
    /* loaded from: classes6.dex */
    public static class C0309a {

        /* renamed from: a, reason: collision with root package name */
        byte[] f17107a = null;

        /* renamed from: b, reason: collision with root package name */
        byte[] f17108b = null;

        /* renamed from: c, reason: collision with root package name */
        byte[] f17109c = null;

        byte[] a() {
            byte[] bArr = this.f17107a;
            byte[] bArr2 = new byte[bArr.length + this.f17108b.length];
            System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
            byte[] bArr3 = this.f17108b;
            System.arraycopy(bArr3, 0, bArr2, this.f17107a.length, bArr3.length);
            return bArr2;
        }
    }

    /* compiled from: EncryptionManager.java */
    /* loaded from: classes6.dex */
    public class b extends GeneralSecurityException {
        public b() {
            super("Invalid Mac, failed to verify integrity.");
        }
    }

    public a(Context context, com.xiaomi.iot.spec_common.securecache.b bVar, @Nullable String str, @Nullable byte[] bArr) throws IOException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, NoSuchProviderException, NoSuchPaddingException, CertificateException, KeyStoreException, UnrecoverableEntryException, InvalidKeyException, IllegalStateException {
        this.f17106z = false;
        this.f17090j = bArr;
        String b10 = bVar.b(k(), y("OverridingAlias"), str);
        b10 = b10 == null ? "sps" : b10;
        this.f17105y = b10;
        String format = String.format("%s_%s", b10, "data_in_compat");
        this.f17099s = format;
        this.f17091k = String.format("%s_%s", this.f17105y, "rsa_key");
        this.f17092l = String.format("%s_%s", this.f17105y, "aes_key");
        this.f17093m = String.format("%s_%s", this.f17105y, "mac_key");
        this.f17106z = bVar.j(k(), y(format), false);
        this.A = context;
        this.B = bVar;
        C();
        try {
            E(context, bVar, bArr);
        } catch (Exception e10) {
            throw e10;
        }
    }

    static String F(byte[] bArr) {
        StringBuilder sb2 = new StringBuilder();
        for (byte b10 : bArr) {
            sb2.append(String.format("%02X", Byte.valueOf(b10)));
        }
        return sb2.toString();
    }

    private byte[] J(byte[] bArr, byte[] bArr2) {
        if (bArr2 == null || bArr2.length == 0) {
            return bArr;
        }
        byte[] bArr3 = new byte[bArr.length];
        for (int i10 = 0; i10 < bArr.length; i10++) {
            bArr3[i10] = (byte) (bArr[i10] ^ bArr2[i10 % bArr2.length]);
        }
        return bArr3;
    }

    public static byte[] c(String str) {
        return Base64.decode(str, 2);
    }

    public static String d(byte[] bArr) {
        return Base64.encodeToString(bArr, 2);
    }

    private MMKV k() {
        return MMKV.x("security.cache", 2, "ox23.j3qk");
    }

    public static String y(String str) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        return F(MessageDigest.getInstance("SHA-256").digest(str.getBytes(StringUtil.__UTF8)));
    }

    SecretKey A(com.xiaomi.iot.spec_common.securecache.b bVar) throws IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, NoSuchPaddingException {
        String b10 = bVar.b(k(), y(this.f17093m), null);
        if (b10 != null) {
            return new SecretKeySpec(a(c(b10)), "HmacSHA256");
        }
        return null;
    }

    void B(com.xiaomi.iot.spec_common.securecache.b bVar) throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException, InvalidKeyException, IOException {
        if (this.f17106z) {
            this.f17101u = x(bVar);
            this.f17102v = A(bVar);
        } else if (this.f17100t.containsAlias(this.f17092l)) {
            this.f17101u = (SecretKey) this.f17100t.getKey(this.f17092l, null);
        }
    }

    void C() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        this.f17100t = keyStore;
        keyStore.load(null);
    }

    void D() throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException {
        if (this.f17100t.containsAlias(this.f17091k) && this.f17100t.entryInstanceOf(this.f17091k, KeyStore.PrivateKeyEntry.class)) {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.f17100t.getEntry(this.f17091k, null);
            this.f17103w = (RSAPublicKey) privateKeyEntry.getCertificate().getPublicKey();
            this.f17104x = (RSAPrivateKey) privateKeyEntry.getPrivateKey();
        }
    }

    void E(Context context, com.xiaomi.iot.spec_common.securecache.b bVar, @Nullable byte[] bArr) throws NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableEntryException, NoSuchProviderException, InvalidAlgorithmParameterException, IOException {
        if (s(context, bArr, bVar)) {
            this.B.g(k(), y("OverridingAlias"), this.f17105y);
        }
        B(bVar);
    }

    public byte[] G(C0309a c0309a) throws NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableEntryException, NoSuchProviderException, InvalidKeyException, IOException, BadPaddingException, IllegalBlockSizeException, b {
        try {
            return h(c0309a);
        } catch (Exception e10) {
            throw e10;
        }
    }

    public C0309a H(byte[] bArr) throws NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, BadPaddingException, IllegalBlockSizeException, NoSuchProviderException, InvalidKeyException, KeyStoreException, UnrecoverableEntryException {
        try {
            return m(bArr);
        } catch (Exception e10) {
            throw e10;
        }
    }

    boolean I(byte[] bArr, byte[] bArr2) throws InvalidKeyException, NoSuchAlgorithmException {
        if (bArr == null || bArr2 == null) {
            return false;
        }
        byte[] e10 = e(bArr2);
        if (e10.length != bArr.length) {
            return false;
        }
        int i10 = 0;
        for (int i11 = 0; i11 < e10.length; i11++) {
            i10 |= e10[i11] ^ bArr[i11];
        }
        return i10 == 0;
    }

    byte[] a(byte[] bArr) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
        cipher.init(2, this.f17104x);
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        int size = arrayList.size();
        byte[] bArr2 = new byte[size];
        for (int i10 = 0; i10 < size; i10++) {
            bArr2[i10] = ((Byte) arrayList.get(i10)).byteValue();
        }
        cipherInputStream.close();
        return bArr2;
    }

    byte[] b(byte[] bArr) throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IOException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
        cipher.init(1, this.f17103w);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    byte[] e(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(this.f17102v);
        return mac.doFinal(bArr);
    }

    C0309a f(String str) {
        C0309a c0309a = new C0309a();
        String[] split = str.split("]");
        c0309a.f17107a = c(split[0]);
        c0309a.f17108b = c(split[1]);
        if (split.length > 2) {
            c0309a.f17109c = c(split[2]);
        }
        return c0309a;
    }

    public String g(String str) throws IOException, NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, b, NoSuchProviderException, InvalidAlgorithmParameterException, KeyStoreException, UnrecoverableEntryException {
        if (str == null || str.length() <= 0) {
            return null;
        }
        byte[] G = G(f(str));
        return new String(G, 0, G.length, StringUtil.__UTF8);
    }

    public byte[] h(C0309a c0309a) throws IOException, NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, b, NoSuchProviderException, InvalidKeyException {
        if (c0309a == null || c0309a.f17108b == null) {
            return null;
        }
        return this.f17106z ? j(c0309a) : i(c0309a);
    }

    @TargetApi(19)
    byte[] i(C0309a c0309a) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException {
        return v(c0309a.f17107a, false).doFinal(c0309a.f17108b);
    }

    byte[] j(C0309a c0309a) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, NoSuchPaddingException, InvalidAlgorithmParameterException, BadPaddingException, IllegalBlockSizeException, b {
        if (I(c0309a.f17109c, c0309a.a())) {
            return w(c0309a.f17107a, false).doFinal(c0309a.f17108b);
        }
        throw new b();
    }

    String l(C0309a c0309a) {
        if (c0309a.f17109c == null) {
            return d(c0309a.f17107a) + "]" + d(c0309a.f17108b);
        }
        return d(c0309a.f17107a) + "]" + d(c0309a.f17108b) + "]" + d(c0309a.f17109c);
    }

    public C0309a m(byte[] bArr) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IOException, BadPaddingException, NoSuchProviderException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        if (bArr == null || bArr.length <= 0) {
            return null;
        }
        byte[] z10 = z();
        return this.f17106z ? p(bArr, z10) : o(bArr, z10);
    }

    public String n(String str) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IOException, IllegalBlockSizeException, InvalidAlgorithmParameterException, NoSuchProviderException, BadPaddingException, KeyStoreException, UnrecoverableEntryException {
        if (str == null || str.length() <= 0) {
            return null;
        }
        return l(H(str.getBytes(StringUtil.__UTF8)));
    }

    @TargetApi(19)
    C0309a o(byte[] bArr, byte[] bArr2) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException {
        Cipher v10 = v(bArr2, true);
        C0309a c0309a = new C0309a();
        c0309a.f17107a = v10.getIV();
        c0309a.f17108b = v10.doFinal(bArr);
        return c0309a;
    }

    C0309a p(byte[] bArr, byte[] bArr2) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException, InvalidAlgorithmParameterException {
        Cipher w10 = w(bArr2, true);
        C0309a c0309a = new C0309a();
        c0309a.f17107a = w10.getIV();
        c0309a.f17108b = w10.doFinal(bArr);
        c0309a.f17109c = e(c0309a.a());
        return c0309a;
    }

    @TargetApi(23)
    boolean q(@Nullable byte[] bArr) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        if (this.f17100t.containsAlias(this.f17092l)) {
            return false;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(this.f17092l, 3).setCertificateSubject(new X500Principal("CN = Secured Preference Store, O = Devliving Online")).setCertificateSerialNumber(BigInteger.ONE).setKeySize(256).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build();
        if (bArr == null || bArr.length <= 0) {
            keyGenerator.init(build);
        } else {
            keyGenerator.init(build, new SecureRandom(bArr));
        }
        keyGenerator.generateKey();
        return true;
    }

    boolean r(com.xiaomi.iot.spec_common.securecache.b bVar, @Nullable byte[] bArr) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, KeyStoreException, NoSuchProviderException, UnrecoverableEntryException {
        String y10 = y(this.f17092l);
        if (bVar.i(k(), y10)) {
            return false;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        if (bArr == null || bArr.length <= 0) {
            keyGenerator.init(256);
        } else {
            keyGenerator.init(256, new SecureRandom(bArr));
        }
        boolean g10 = bVar.g(k(), y10, d(b(J(keyGenerator.generateKey().getEncoded(), this.f17090j))));
        bVar.d(k(), y(this.f17099s), true);
        return g10;
    }

    boolean s(Context context, @Nullable byte[] bArr, com.xiaomi.iot.spec_common.securecache.b bVar) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, UnrecoverableEntryException, NoSuchPaddingException, InvalidKeyException, IOException {
        if (!this.f17106z) {
            return q(bArr);
        }
        boolean u10 = u(context, bArr);
        D();
        return t(bVar, bArr) || (r(bVar, bArr) || u10);
    }

    boolean t(com.xiaomi.iot.spec_common.securecache.b bVar, @Nullable byte[] bArr) throws NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, UnrecoverableEntryException, IOException {
        String y10 = y(this.f17093m);
        if (bVar.i(k(), y10)) {
            return false;
        }
        byte[] bArr2 = new byte[32];
        ((bArr == null || bArr.length <= 0) ? new SecureRandom() : new SecureRandom(bArr)).nextBytes(bArr2);
        return bVar.g(k(), y10, d(b(bArr2)));
    }

    boolean u(Context context, @Nullable byte[] bArr) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyStoreException {
        if (this.f17100t.containsAlias(this.f17091k)) {
            return false;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        Calendar calendar = Calendar.getInstance();
        calendar.add(11, -26);
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 100);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(this.f17091k).setKeySize(2048).setKeyType("RSA").setSerialNumber(BigInteger.ONE).setSubject(new X500Principal("CN = Secured Preference Store, O = Devliving Online")).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        if (bArr == null || bArr.length <= 0) {
            keyPairGenerator.initialize(build);
        } else {
            keyPairGenerator.initialize(build, new SecureRandom(bArr));
        }
        keyPairGenerator.generateKeyPair();
        return true;
    }

    @TargetApi(19)
    Cipher v(byte[] bArr, boolean z10) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(z10 ? 1 : 2, this.f17101u, new GCMParameterSpec(128, bArr));
        return cipher;
    }

    Cipher w(byte[] bArr, boolean z10) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, InvalidKeyException {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", org.bouncycastle.jce.provider.a.PROVIDER_NAME);
        cipher.init(z10 ? 1 : 2, this.f17101u, new IvParameterSpec(bArr));
        return cipher;
    }

    SecretKey x(com.xiaomi.iot.spec_common.securecache.b bVar) throws IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, NoSuchPaddingException {
        String b10 = bVar.b(k(), y(this.f17092l), null);
        if (b10 != null) {
            return new SecretKeySpec(J(a(c(b10)), this.f17090j), "AES");
        }
        return null;
    }

    byte[] z() throws UnsupportedEncodingException {
        byte[] bArr = !this.f17106z ? new byte[12] : new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }
}
