package com.xiaomi.keychainsdk.storage;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.util.Log;
import com.xiaomi.keychainsdk.exception.CryptoException;
import com.xiaomi.keychainsdk.request.context.TransferPublicKey;
import com.xiaomi.keychainsdk.request.data.WrappedMasterKey;
import com.xiaomi.keychainsdk.util.AndroidKeyStoreUtil;
import com.xiaomi.keychainsdk.util.DataUtil;
import com.xiaomi.keychainsdk.util.KeyBagDataUtil;
import com.xiaomi.keychainsdk.util.LogUtil;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class SoftwareMasterKeyStorage implements MasterKeyStorage {
    private static final String MASTERKEY_JSONKEY_HASH = "hash";
    private static final String MASTERKEY_JSONKEY_KEY = "key";
    public static final String PROTECTED_KEY_ALIAS = "miuikeybag.key.softstore.protectedkey";
    private static final String TAG = "KeyBag.MasterKeyStorage";
    private static final SoftwareMasterKeyStorage sInstance = new SoftwareMasterKeyStorage();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class TransferContextInner implements TransferContext {
        private final TransferPublicKey mTransferPublicKey;
        public final RSAPrivateKey rsaPrivateKey;

        public TransferContextInner(KeyPair keyPair) {
            this.rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
            this.mTransferPublicKey = TransferPublicKey.makeRSATransferPublicKey((RSAPublicKey) keyPair.getPublic());
        }

        @Override // com.xiaomi.keychainsdk.storage.TransferContext
        public Certificate[] getAttestationCA() {
            return new Certificate[0];
        }

        @Override // com.xiaomi.keychainsdk.storage.TransferContext
        public TransferPublicKey getTransferPublicKey() {
            return this.mTransferPublicKey;
        }
    }

    private SoftwareMasterKeyStorage() {
    }

    private static byte[] encryptMasterKeyWithProtectKey(PublicKey publicKey, byte[] bArr) throws CryptoException {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            try {
                cipher.init(1, publicKey);
                return cipher.doFinal(bArr);
            } catch (InvalidKeyException e) {
                throw new CryptoException(e);
            } catch (BadPaddingException e2) {
                throw new CryptoException(e2);
            } catch (IllegalBlockSizeException e3) {
                throw new CryptoException(e3);
            }
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("RSA/ECB/PKCS1Padding not supported");
        } catch (NoSuchPaddingException unused2) {
            throw new RuntimeException("RSA/ECB/PKCS1Padding not supported");
        }
    }

    private static KeyPair generateTransferKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("RSA not supported");
        }
    }

    public static SoftwareMasterKeyStorage getInstance() {
        return sInstance;
    }

    private static SharedPreferences getKeyStoreSp(Context context) {
        return context.getSharedPreferences("miuikeybag.pref.softkeystore.key", 0);
    }

    private PublicKey getOrCreateProtectKeyInAndroidKeyStore(Context context) throws CryptoException {
        KeyStore keyStore = AndroidKeyStoreUtil.get();
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(PROTECTED_KEY_ALIAS, null);
            if (privateKeyEntry != null) {
                return privateKeyEntry.getCertificate().getPublicKey();
            }
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 100);
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(PROTECTED_KEY_ALIAS).setSubject(new X500Principal("CN=miuikeybag.key.softstore.protectedkey")).setSerialNumber(BigInteger.TEN).setKeySize(2048).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", AndroidKeyStoreUtil.getKeyGeneratorProvider());
                try {
                    keyPairGenerator.initialize(build);
                    try {
                        synchronized (this) {
                            KeyStore.PrivateKeyEntry privateKeyEntry2 = (KeyStore.PrivateKeyEntry) keyStore.getEntry(PROTECTED_KEY_ALIAS, null);
                            if (privateKeyEntry2 != null) {
                                return privateKeyEntry2.getCertificate().getPublicKey();
                            }
                            return keyPairGenerator.generateKeyPair().getPublic();
                        }
                    } catch (KeyStoreException e) {
                        throw new CryptoException(e);
                    } catch (NoSuchAlgorithmException e2) {
                        throw new CryptoException(e2);
                    } catch (UnrecoverableEntryException e3) {
                        throw new CryptoException(e3);
                    }
                } catch (InvalidAlgorithmParameterException unused) {
                    throw new IllegalStateException("should not reach here");
                }
            } catch (NoSuchAlgorithmException unused2) {
                throw new RuntimeException("Android key store RSA generator not supported");
            } catch (NoSuchProviderException unused3) {
                throw new RuntimeException("Android key store RSA generator not supported");
            }
        } catch (KeyStoreException e4) {
            throw new CryptoException(e4);
        } catch (NoSuchAlgorithmException e5) {
            throw new CryptoException(e5);
        } catch (UnrecoverableEntryException e6) {
            throw new CryptoException(e6);
        }
    }

    private static byte[] unwrapMasterKey(TransferContextInner transferContextInner, WrappedMasterKey wrappedMasterKey) throws CryptoException {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
            Cipher cipher2 = Cipher.getInstance("AES/GCM/NoPadding");
            try {
                cipher.init(2, transferContextInner.rsaPrivateKey);
                byte[] doFinal = cipher.doFinal(wrappedMasterKey.encryptedSymKey);
                cipher2.init(2, new SecretKeySpec(doFinal, "AES"), new GCMParameterSpec(128, wrappedMasterKey.iv));
                cipher2.updateAAD(wrappedMasterKey.aad);
                return cipher2.doFinal(wrappedMasterKey.encryptedMasterKey);
            } catch (InvalidAlgorithmParameterException e) {
                throw new CryptoException(e);
            } catch (InvalidKeyException e2) {
                throw new CryptoException(e2);
            } catch (BadPaddingException e3) {
                throw new CryptoException(e3);
            } catch (IllegalBlockSizeException e4) {
                throw new CryptoException(e4);
            }
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("RSA/ECB/OAEPPadding or AES/GCM/NoPadding not supported");
        } catch (NoSuchPaddingException unused2) {
            throw new RuntimeException("RSA/ECB/OAEPPadding or AES/GCM/NoPadding not supported");
        }
    }

    @Override // com.xiaomi.keychainsdk.storage.MasterKeyStorage
    public void clearMasterKey(Context context, String str) {
        getKeyStoreSp(context).edit().remove(str).commit();
    }

    @Override // com.xiaomi.keychainsdk.storage.MasterKeyStorage
    public TransferContext generateTransferContext(Context context) {
        return new TransferContextInner(generateTransferKeyPair());
    }

    @Override // com.xiaomi.keychainsdk.storage.MasterKeyStorage
    public SecretKey getMasterKey(Context context, String str) {
        String string = getKeyStoreSp(context).getString(str, null);
        if (string == null) {
            Log.i(TAG, "getKey: no key " + LogUtil.logHash(str));
            return null;
        }
        try {
            JSONObject jSONObject = new JSONObject(string);
            String string2 = jSONObject.getString("key");
            String string3 = jSONObject.getString("hash");
            try {
                byte[] decodeBase64 = KeyBagDataUtil.decodeBase64(string2);
                byte[] decodeBase642 = KeyBagDataUtil.decodeBase64(string3);
                try {
                    try {
                        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) AndroidKeyStoreUtil.get().getEntry(PROTECTED_KEY_ALIAS, null);
                        if (privateKeyEntry == null) {
                            Log.e(TAG, "getKey: no protect key for " + LogUtil.logHash(str));
                            return null;
                        }
                        PrivateKey privateKey = privateKeyEntry.getPrivateKey();
                        try {
                            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                            try {
                                cipher.init(2, privateKey);
                                byte[] doFinal = cipher.doFinal(decodeBase64);
                                if (Arrays.equals(decodeBase642, DataUtil.sha256(doFinal))) {
                                    return new SecretKeySpec(doFinal, "AES");
                                }
                                Log.e(TAG, "getKey: bad master key " + LogUtil.logHash(str) + ", bad hash");
                                return null;
                            } catch (InvalidKeyException e) {
                                Log.e(TAG, "getKey: failed to unprotect key " + LogUtil.logHash(str), e);
                                return null;
                            } catch (BadPaddingException e2) {
                                Log.e(TAG, "getKey: failed to unprotect key " + LogUtil.logHash(str), e2);
                                return null;
                            } catch (IllegalBlockSizeException e3) {
                                Log.e(TAG, "getKey: failed to unprotect key " + LogUtil.logHash(str), e3);
                                return null;
                            }
                        } catch (NoSuchAlgorithmException unused) {
                            throw new RuntimeException("RSA/ECB/PKCS1Padding not supported");
                        } catch (NoSuchPaddingException unused2) {
                            throw new RuntimeException("RSA/ECB/PKCS1Padding not supported");
                        }
                    } catch (KeyStoreException e4) {
                        Log.e(TAG, "getKey: bad protect key for " + LogUtil.logHash(str), e4);
                        return null;
                    } catch (NoSuchAlgorithmException e5) {
                        Log.e(TAG, "getKey: bad protect key for " + LogUtil.logHash(str), e5);
                        return null;
                    } catch (UnrecoverableEntryException e6) {
                        Log.e(TAG, "getKey: bad protect key for " + LogUtil.logHash(str), e6);
                        return null;
                    }
                } catch (CryptoException e7) {
                    Log.e(TAG, "getKey: Android key store error", e7);
                    return null;
                }
            } catch (KeyBagDataUtil.BadBase64DataException e8) {
                Log.e(TAG, "getKey: bad key info " + LogUtil.logHash(str), e8);
                return null;
            }
        } catch (JSONException e9) {
            Log.e(TAG, "getKey: bad key info " + LogUtil.logHash(str), e9);
            return null;
        }
    }

    @Override // com.xiaomi.keychainsdk.storage.MasterKeyStorage
    public void importMasterKey(Context context, String str, TransferContext transferContext, WrappedMasterKey wrappedMasterKey) throws CryptoException {
        byte[] unwrapMasterKey = unwrapMasterKey((TransferContextInner) transferContext, wrappedMasterKey);
        byte[] sha256 = DataUtil.sha256(unwrapMasterKey);
        byte[] encryptMasterKeyWithProtectKey = encryptMasterKeyWithProtectKey(getOrCreateProtectKeyInAndroidKeyStore(context), unwrapMasterKey);
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("key", KeyBagDataUtil.encodeBase64(encryptMasterKeyWithProtectKey));
            jSONObject.put("hash", KeyBagDataUtil.encodeBase64(sha256));
            if (getKeyStoreSp(context).edit().putString(str, jSONObject.toString()).commit()) {
                return;
            }
            Log.i(TAG, "put masterKey to sp return fales");
            throw new CryptoException("importMasterKey failed.");
        } catch (JSONException unused) {
            throw new IllegalStateException("won't reach here");
        }
    }

    @Override // com.xiaomi.keychainsdk.storage.MasterKeyStorage
    public List<String> listMasterKey(Context context) {
        return new ArrayList(getKeyStoreSp(context).getAll().keySet());
    }
}
