package com.xiaomi.accounts.secure;

import android.content.Context;
import android.util.Base64;
import com.xiaomi.accountsdk.utils.AccountLog;
import java.security.GeneralSecurityException;
import java.util.Calendar;
import java.util.Date;

/* compiled from: Proguard,UnknownFile */
/* loaded from: classes13.dex */
public class KeyStoreManager {
    private static final String DERIVE_KEY_ID = "db-key";
    private static final int DERIVE_KEY_LENGTH = 32;
    private static final String FAIL_OVER_KEY = "010203040506070809";
    private static final String PASSPORT_ALIAS = "XMPassport";
    private static final int RSA_KEY_SIZE = 2048;
    private static final int SERIAL_NUMBER = 1;
    private static final String SUBJECT = "CN=Database/O=Xiaomi Corporation";
    private static final String TAG = "SQLCipherManager";
    private static final int VALID_FROM_YEAR = 2000;
    private static final int VALID_TO_YEAR = 2200;
    private static volatile String sCachedDeriveKey;
    private KeyStoreRSA mKeyStoreRSA = new KeyStoreRSA(PASSPORT_ALIAS);

    private String deriveKeyOnlyOnce(Context context) throws GeneralSecurityException {
        AccountLog.i("SQLCipherManager", "deriveKeyOnlyOnce");
        if (!this.mKeyStoreRSA.exists()) {
            AccountLog.w("SQLCipherManager", "generateKey() start");
            generateKey(context);
            AccountLog.w("SQLCipherManager", "generateKey() end");
        }
        byte[] derive = this.mKeyStoreRSA.derive(DERIVE_KEY_ID, 32);
        if (derive != null) {
            return Base64.encodeToString(derive, 2);
        }
        AccountLog.w("SQLCipherManager", "key is null, use fail over key");
        return FAIL_OVER_KEY;
    }

    private void generateKey(Context context) throws GeneralSecurityException {
        try {
            this.mKeyStoreRSA.discard();
        } catch (GeneralSecurityException unused) {
            AccountLog.w("SQLCipherManager", "Failed to discard a key");
        }
        Calendar calendar = Calendar.getInstance();
        calendar.set(1, 2000);
        calendar.set(14, 0);
        calendar.set(13, 0);
        calendar.set(12, 0);
        calendar.set(11, 0);
        Date time = calendar.getTime();
        calendar.set(1, VALID_TO_YEAR);
        this.mKeyStoreRSA.generate(context, 2048, SUBJECT, time, calendar.getTime(), 1, false);
    }

    public synchronized String getDeriveKeyOrCached(Context context) {
        if (sCachedDeriveKey == null) {
            try {
                sCachedDeriveKey = deriveKeyOnlyOnce(context);
            } catch (GeneralSecurityException e) {
                AccountLog.e("SQLCipherManager", "error when deriveKeyOnlyOnce(), maybe android api is lower than 18, use FAIL_OVER_KEY", e);
            }
        }
        if (sCachedDeriveKey == null) {
            sCachedDeriveKey = FAIL_OVER_KEY;
        }
        return sCachedDeriveKey;
    }
}
