package com.xiaomi.keychainsdk.storage;

import android.content.Context;
import android.content.SharedPreferences;
import android.micloud.asn1.Asn1Field;
import android.micloud.asn1.Asn1Sequence;
import android.micloud.asn1.exception.Asn1EncodingException;
import android.os.Build;
import android.util.Log;
import com.xiaomi.keychainsdk.compat.KeyGenParameterSpecCompat;
import com.xiaomi.keychainsdk.compat.KeyProtectionCompat;
import com.xiaomi.keychainsdk.compat.WrappedKeyEntryCompat;
import com.xiaomi.keychainsdk.constant.KeyBagKeyConfig;
import com.xiaomi.keychainsdk.exception.CryptoException;
import com.xiaomi.keychainsdk.request.context.TransferPublicKey;
import com.xiaomi.keychainsdk.request.data.WrappedMasterKey;
import com.xiaomi.keychainsdk.util.AndroidKeyStoreUtil;
import com.xiaomi.keychainsdk.util.LogUtil;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.util.Arrays;
import javax.crypto.AEADBadTagException;
import javax.crypto.SecretKey;

/* loaded from: classes2.dex */
public class HardwareMasterKeyStorage implements MasterKeyStorage {
    private static final String MASTER_KEY_PREFIX = "miuikeybag.key.hardstore.mk.";
    private static final String TAG = "KeyBag.MasterKeyStorage";
    private static final String TRANSFER_KEY_INFO_SP_NAME = "miuikeybag.pref.hardkeystore.transferkeyinfo";
    private static final long TRANSFER_KEY_LIFE_TIME_IN_MILLIS = 1800000;
    private static final String TRANSFER_KEY_PREFIX = "miuikeybag.key.hardstore.tk.";
    private static final HardwareMasterKeyStorage sInstance;
    private final Object mTransferKeyLock = new Object();

    /* loaded from: classes2.dex */
    private static class TransferContextInner implements TransferContext {
        private final Certificate[] mAttestationCA;
        private final TransferPublicKey mTransferPublicKey;
        public final int transferKeySlot;

        public TransferContextInner(int i, Certificate[] certificateArr) {
            this.transferKeySlot = i;
            this.mTransferPublicKey = TransferPublicKey.makeX509TransferPublicKey(certificateArr[0]);
            this.mAttestationCA = (Certificate[]) Arrays.copyOfRange(certificateArr, 1, certificateArr.length);
        }

        @Override // com.xiaomi.keychainsdk.storage.TransferContext
        public Certificate[] getAttestationCA() {
            return this.mAttestationCA;
        }

        @Override // com.xiaomi.keychainsdk.storage.TransferContext
        public TransferPublicKey getTransferPublicKey() {
            return this.mTransferPublicKey;
        }
    }

    static {
        if (Build.VERSION.SDK_INT >= 28) {
            sInstance = new HardwareMasterKeyStorage();
        } else {
            sInstance = null;
        }
    }

    private HardwareMasterKeyStorage() {
    }

    public static HardwareMasterKeyStorage getInstanceIfSupport() {
        return sInstance;
    }

    private static String getMasterKeyAlias(String str) {
        return MASTER_KEY_PREFIX + str;
    }

    private int getOrCreateTransferKeyInAndroidKeyStore(Context context) throws CryptoException {
        long currentTimeMillis = System.currentTimeMillis();
        long j = currentTimeMillis % 3600000 < TRANSFER_KEY_LIFE_TIME_IN_MILLIS ? currentTimeMillis / 3600000 : (currentTimeMillis / 3600000) + 1;
        int i = (int) (j % 2);
        SharedPreferences sharedPreferences = context.getSharedPreferences(TRANSFER_KEY_INFO_SP_NAME, 0);
        String transferKeySlotStartSPKey = getTransferKeySlotStartSPKey(i);
        synchronized (this.mTransferKeyLock) {
            updateTransferKeyInAndroidKeyStoreLockedTK(context, i, sharedPreferences.getLong(transferKeySlotStartSPKey, -1L) != j);
            sharedPreferences.edit().putLong(transferKeySlotStartSPKey, j).commit();
        }
        return i;
    }

    private static String getTransferKeyAlias(int i) {
        return TRANSFER_KEY_PREFIX + i;
    }

    private static String getTransferKeySlotStartSPKey(int i) {
        return "slot_start_" + i;
    }

    private static boolean isMasterKeyAlias(String str) {
        return str.startsWith(MASTER_KEY_PREFIX);
    }

    private static String removeMasterKeyAliasPrefix(String str) {
        return str.substring(28);
    }

    private static byte[] toANS1WrappedMasterKey(WrappedMasterKey wrappedMasterKey) throws CryptoException {
        int length = wrappedMasterKey.encryptedMasterKey.length;
        if (length < 16) {
            throw new CryptoException(new AEADBadTagException("Input too short - need tag"));
        }
        int i = length - 16;
        byte[] copyOfRange = Arrays.copyOfRange(wrappedMasterKey.encryptedMasterKey, i, length);
        byte[] copyOfRange2 = Arrays.copyOfRange(wrappedMasterKey.encryptedMasterKey, 0, i);
        Asn1Sequence asn1Sequence = new Asn1Sequence();
        asn1Sequence.fieldList.add(new Asn1Field(1, 0));
        asn1Sequence.fieldList.add(new Asn1Field(2, wrappedMasterKey.encryptedSymKey));
        asn1Sequence.fieldList.add(new Asn1Field(2, wrappedMasterKey.iv));
        asn1Sequence.fieldList.add(new Asn1Field(4, wrappedMasterKey.aad));
        asn1Sequence.fieldList.add(new Asn1Field(2, copyOfRange2));
        asn1Sequence.fieldList.add(new Asn1Field(2, copyOfRange));
        try {
            return asn1Sequence.getDerEncode();
        } catch (Asn1EncodingException e) {
            throw new CryptoException(e);
        }
    }

    private void updateTransferKeyInAndroidKeyStoreLockedTK(Context context, int i, boolean z) throws CryptoException {
        KeyStore keyStore;
        String transferKeyAlias = getTransferKeyAlias(i);
        try {
            keyStore = AndroidKeyStoreUtil.get();
        } catch (KeyStoreException unused) {
            Log.e(TAG, "delete transferKey failed, ignore");
        }
        if (!keyStore.containsAlias(transferKeyAlias) || z) {
            keyStore.deleteEntry(transferKeyAlias);
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", AndroidKeyStoreUtil.getKeyGeneratorProvider());
                try {
                    keyPairGenerator.initialize(new KeyGenParameterSpecCompat(transferKeyAlias, 40).setKeySize(2048).setDigests("SHA-1").setBlockModes(KeyBagKeyConfig.TRANSFER_KEY_MODE).setEncryptionPaddings(KeyBagKeyConfig.TRANSFER_KEY_PADDING).setAttestationChallenge(new byte[0]).build());
                    try {
                        keyPairGenerator.generateKeyPair();
                    } catch (RuntimeException e) {
                        if (!"android.security.keystore.SecureKeyImportUnavailableException".equals(e.getClass().getName())) {
                            throw e;
                        }
                        throw new CryptoException("Generate attestation chain not supported");
                    }
                } catch (InvalidAlgorithmParameterException e2) {
                    throw new CryptoException(e2);
                }
            } catch (NoSuchAlgorithmException unused2) {
                throw new RuntimeException("Android keystore RSA not supported");
            } catch (NoSuchProviderException unused3) {
                throw new RuntimeException("Android keystore RSA not supported");
            }
        }
    }

    @Override // com.xiaomi.keychainsdk.storage.MasterKeyStorage
    public void clearMasterKey(Context context, String str) {
        try {
            AndroidKeyStoreUtil.get().deleteEntry(getMasterKeyAlias(str));
        } catch (CryptoException e) {
            Log.e(TAG, "clearMasterKey: failed to clear master key " + LogUtil.logHash(str), e);
        } catch (KeyStoreException e2) {
            Log.e(TAG, "clearMasterKey: failed to clear master key " + LogUtil.logHash(str), e2);
        }
    }

    @Override // com.xiaomi.keychainsdk.storage.MasterKeyStorage
    public TransferContext generateTransferContext(Context context) throws CryptoException {
        int orCreateTransferKeyInAndroidKeyStore = getOrCreateTransferKeyInAndroidKeyStore(context);
        try {
            return new TransferContextInner(orCreateTransferKeyInAndroidKeyStore, AndroidKeyStoreUtil.get().getCertificateChain(getTransferKeyAlias(orCreateTransferKeyInAndroidKeyStore)));
        } catch (KeyStoreException e) {
            throw new CryptoException(e);
        }
    }

    @Override // com.xiaomi.keychainsdk.storage.MasterKeyStorage
    public SecretKey getMasterKey(Context context, String str) {
        try {
            return (SecretKey) AndroidKeyStoreUtil.get().getKey(getMasterKeyAlias(str), null);
        } catch (CryptoException e) {
            Log.e(TAG, "getMasterKey: failed to get key " + LogUtil.logHash(str), e);
            return null;
        } catch (KeyStoreException e2) {
            Log.e(TAG, "getMasterKey: failed to get key " + LogUtil.logHash(str), e2);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            Log.e(TAG, "getMasterKey: failed to get key " + LogUtil.logHash(str), e3);
            return null;
        } catch (UnrecoverableEntryException e4) {
            Log.e(TAG, "getMasterKey: failed to get key " + LogUtil.logHash(str), e4);
            return null;
        }
    }

    @Override // com.xiaomi.keychainsdk.storage.MasterKeyStorage
    public void importMasterKey(Context context, String str, TransferContext transferContext, WrappedMasterKey wrappedMasterKey) throws CryptoException {
        String transferKeyAlias = getTransferKeyAlias(((TransferContextInner) transferContext).transferKeySlot);
        try {
            AndroidKeyStoreUtil.get().setEntry(getMasterKeyAlias(str), new WrappedKeyEntryCompat(toANS1WrappedMasterKey(wrappedMasterKey), transferKeyAlias, "RSA/ECB/OAEPPadding", new KeyGenParameterSpecCompat(transferKeyAlias, 32).setDigests("SHA-1").build()).build(), null);
        } catch (RuntimeException e) {
            if (!"android.security.keystore.SecureKeyImportUnavailableException".equals(e.getClass().getName())) {
                throw e;
            }
            throw new CryptoException("Set wrapped key entry not supported");
        } catch (KeyStoreException e2) {
            throw new CryptoException(e2);
        }
    }

    public void importMasterKey(Context context, String str, SecretKey secretKey) throws CryptoException {
        try {
            AndroidKeyStoreUtil.get().setEntry(getMasterKeyAlias(str), new KeyStore.SecretKeyEntry(secretKey), new KeyProtectionCompat(3).setBlockModes(KeyBagKeyConfig.MASTER_KEY_MODE).setEncryptionPaddings(KeyBagKeyConfig.MASTER_KEY_PADDING).build());
        } catch (KeyStoreException e) {
            throw new CryptoException(e);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:6:0x001e A[LOOP:0: B:6:0x001e->B:13:0x001e, LOOP_START] */
    @Override // com.xiaomi.keychainsdk.storage.MasterKeyStorage
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.util.List<java.lang.String> listMasterKey(android.content.Context r4) {
        /*
            r3 = this;
            java.lang.String r4 = "listMasterKey: failed to get master key alias list"
            java.lang.String r0 = "KeyBag.MasterKeyStorage"
            java.security.KeyStore r1 = com.xiaomi.keychainsdk.util.AndroidKeyStoreUtil.get()     // Catch: java.security.KeyStoreException -> Ld com.xiaomi.keychainsdk.exception.CryptoException -> L12
            java.util.Enumeration r4 = r1.aliases()     // Catch: java.security.KeyStoreException -> Ld com.xiaomi.keychainsdk.exception.CryptoException -> L12
            goto L17
        Ld:
            r1 = move-exception
            android.util.Log.e(r0, r4, r1)
            goto L16
        L12:
            r1 = move-exception
            android.util.Log.e(r0, r4, r1)
        L16:
            r4 = 0
        L17:
            java.util.ArrayList r0 = new java.util.ArrayList
            r0.<init>()
            if (r4 == 0) goto L38
        L1e:
            boolean r1 = r4.hasMoreElements()
            if (r1 == 0) goto L38
            java.lang.Object r1 = r4.nextElement()
            java.lang.String r1 = (java.lang.String) r1
            boolean r2 = isMasterKeyAlias(r1)
            if (r2 == 0) goto L1e
            java.lang.String r1 = removeMasterKeyAliasPrefix(r1)
            r0.add(r1)
            goto L1e
        L38:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.xiaomi.keychainsdk.storage.HardwareMasterKeyStorage.listMasterKey(android.content.Context):java.util.List");
    }
}
