package com.allawn.cryptography.security.keystore;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import com.allawn.cryptography.EncryptException;
import com.allawn.cryptography.algorithm.AesUtil;
import com.allawn.cryptography.entity.CipherContainer;
import com.allawn.cryptography.entity.CryptoParameters;
import com.allawn.cryptography.exception.InvalidArgumentException;
import com.allawn.cryptography.security.keystore.entity.EcKeyGenParameterSpec;
import com.allawn.cryptography.security.keystore.entity.KeyPairContainer;
import com.allawn.cryptography.util.EnumUtil$hashType;
import com.allawn.cryptography.util.FileUtil;
import com.allawn.cryptography.util.KeyUtil;
import com.allawn.cryptography.util.LogUtil;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Calendar;
import java.util.List;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.json.JSONException;

/* loaded from: classes.dex */
public class CryptoKeyStore {
    public static final ReadWriteLock LOCK = new ReentrantReadWriteLock();

    public static SecretKey createOrGetSecretKey(final Context context, String str, final String str2) throws InvalidAlgorithmParameterException, UnrecoverableEntryException, CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, NoSuchProviderException {
        return createOrGetSecretKey(str, new Runnable() { // from class: com.allawn.cryptography.security.keystore.CryptoKeyStore$$ExternalSyntheticLambda1
            @Override // java.lang.Runnable
            public final void run() {
                CryptoKeyStore.lambda$createOrGetSecretKey$0(str2, context);
            }
        });
    }

    public static SecretKey createOrGetSecretKey(String str, Runnable runnable) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException, UnrecoverableEntryException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias(str)) {
            return ((KeyStore.SecretKeyEntry) keyStore.getEntry(str, null)).getSecretKey();
        }
        if (runnable != null) {
            runnable.run();
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CTR", "GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build());
        return keyGenerator.generateKey();
    }

    public static SecretKey createOrGetSecretKeyToSP(final Context context, String str, final String str2) throws KeyStoreException {
        try {
            return createOrGetSecretKey(str, new Runnable() { // from class: com.allawn.cryptography.security.keystore.CryptoKeyStore$$ExternalSyntheticLambda0
                @Override // java.lang.Runnable
                public final void run() {
                    CryptoKeyStore.lambda$createOrGetSecretKeyToSP$1(str2, context);
                }
            });
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException e) {
            LogUtil.e("CryptoKeyStore", "createOrGetSecretKeyToSP error. " + e);
            throw new KeyStoreException(e);
        }
    }

    public static void deleteEcKeyPair(Context context, String str) throws EncryptException {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(str)) {
                LogUtil.d("CryptoKeyStore", "deleteEcKeyPair key pair is recorded in the android keystore, delete now, alias = " + str);
                keyStore.deleteEntry(str);
                return;
            }
            File file = FileUtil.getFile(FileUtil.concat("eckeypairstore", str), context);
            if (file.exists()) {
                LogUtil.d("CryptoKeyStore", "deleteEcKeyPair key pair is recorded in the private directory, delete now, alias = " + str);
                file.delete();
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new EncryptException(e);
        }
    }

    public static void deleteKeyEntry(String str) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias(str)) {
            keyStore.deleteEntry(str);
        }
    }

    public static KeyPair generateEcKeyPair(Context context, EcKeyGenParameterSpec ecKeyGenParameterSpec) throws EncryptException {
        try {
            String keystoreAlias = ecKeyGenParameterSpec.getKeystoreAlias();
            int i = 64;
            if ((ecKeyGenParameterSpec.getPurposes() & 64) != 0 && Build.VERSION.SDK_INT <= 30) {
                KeyPair generateEcKeyPair = KeyUtil.generateEcKeyPair(ecKeyGenParameterSpec.getStdName());
                String keyPairToJson = Util.keyPairToJson(keystoreAlias, generateEcKeyPair, ecKeyGenParameterSpec.getExpireDate());
                SecretKey createOrGetSecretKey = createOrGetSecretKey(context, "pki_sdk_ecKeyPairGen_key", "eckeypairstore");
                if (createOrGetSecretKey == null) {
                    throw new KeyStoreException("SecretKey generation error, unable to read ec key pair list.");
                }
                CipherContainer encrypt = AesUtil.encrypt(new CryptoParameters.Builder().setAlgorithm(CryptoParameters.AlgorithmEnum.AES_CTR_NoPadding).setKey(createOrGetSecretKey).setCryptoText(keyPairToJson.getBytes(StandardCharsets.UTF_8)).build());
                if (!FileUtil.writeFile(Util.cipherToJsonString(encrypt.getCipher(), encrypt.getIv()), FileUtil.concat("eckeypairstore", keystoreAlias), false, context, LOCK)) {
                    throw new IOException("Failed to save key information to file");
                }
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                if (keyStore.containsAlias(keystoreAlias)) {
                    keyStore.deleteEntry(keystoreAlias);
                }
                LogUtil.d("CryptoKeyStore", "generateEcKeyPair generate success(encrypted storage solution), alias = " + keystoreAlias);
                return generateEcKeyPair;
            }
            if ((ecKeyGenParameterSpec.getPurposes() & 64) == 0 || (ecKeyGenParameterSpec.getPurposes() & 4) == 0) {
                if ((ecKeyGenParameterSpec.getPurposes() & 64) == 0) {
                    i = 4;
                } else if (Build.VERSION.SDK_INT < 31) {
                    throw new KeyStoreException("The minimum required API level is 31 for PURPOSE_AGREE_KEY.");
                }
            } else {
                if (Build.VERSION.SDK_INT < 31) {
                    throw new KeyStoreException("The minimum required API level is 31 for PURPOSE_AGREE_KEY.");
                }
                i = 68;
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder(ecKeyGenParameterSpec.getKeystoreAlias(), i).setAlgorithmParameterSpec(new ECGenParameterSpec(ecKeyGenParameterSpec.getStdName())).setDigests("NONE", "SHA-1", "SHA-224", EnumUtil$hashType.SHA256, EnumUtil$hashType.SHA384, EnumUtil$hashType.SHA512);
            if (ecKeyGenParameterSpec.getExpireDate() != null) {
                digests.setCertificateNotAfter(ecKeyGenParameterSpec.getExpireDate());
            }
            keyPairGenerator.initialize(digests.build());
            File file = FileUtil.getFile(FileUtil.concat("eckeypairstore", keystoreAlias), context);
            if (file.exists()) {
                file.delete();
            }
            LogUtil.d("CryptoKeyStore", "generateEcKeyPair generate success(android keystore solution), alias = " + keystoreAlias);
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidArgumentException | IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException | JSONException e) {
            throw new EncryptException(e);
        }
    }

    public static KeyPair getEcKeyPair(Context context, String str) throws EncryptException {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(str)) {
                LogUtil.d("CryptoKeyStore", "getEcKeyPair key pair is recorded in the android keystore, alias = " + str);
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
                if (!x509Certificate.getNotAfter().before(Calendar.getInstance().getTime())) {
                    return new KeyPair(x509Certificate.getPublicKey(), (PrivateKey) keyStore.getKey(str, null));
                }
                LogUtil.d("CryptoKeyStore", "getEcKeyPair certificate has expired and has been deleted, alias = " + str);
                keyStore.deleteEntry(str);
                return null;
            }
            File file = FileUtil.getFile(FileUtil.concat("eckeypairstore", str), context);
            if (file.exists()) {
                LogUtil.d("CryptoKeyStore", "getEcKeyPair key pair is recorded in the private directory, alias = " + str);
                KeyPairContainer readKeyPairFile = readKeyPairFile(context, str);
                if (readKeyPairFile != null) {
                    if (!readKeyPairFile.isExpired()) {
                        return readKeyPairFile.getKeyPair();
                    }
                    LogUtil.d("CryptoKeyStore", "getEcKeyPair key pair has expired and has been deleted, alias = " + str);
                    file.delete();
                    return null;
                }
            }
            return null;
        } catch (InvalidArgumentException | IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException | InvalidKeySpecException | JSONException e) {
            throw new EncryptException(e);
        }
    }

    public static /* synthetic */ void lambda$createOrGetSecretKey$0(String str, Context context) {
        if (str != null) {
            File file = FileUtil.getFile(FileUtil.concat(str), context);
            if (file.exists()) {
                file.delete();
            }
        }
    }

    public static /* synthetic */ void lambda$createOrGetSecretKeyToSP$1(String str, Context context) {
        if (str != null) {
            FileUtil.deleteSharedPreferences(context, str);
        }
    }

    public static KeyPairContainer readKeyPairFile(Context context, String str) throws CertificateException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, UnrecoverableEntryException, JSONException, InvalidArgumentException, InvalidKeySpecException, IOException, EncryptException {
        List<String> readFile;
        KeyPairContainer jsonToKeyPair;
        SecretKey createOrGetSecretKey = createOrGetSecretKey(context, "pki_sdk_ecKeyPairGen_key", "eckeypairstore");
        if (createOrGetSecretKey == null) {
            throw new KeyStoreException("SecretKey generation error, unable to read key pair list.");
        }
        File file = FileUtil.getFile(FileUtil.concat("eckeypairstore", str), context);
        if (file.exists() && (readFile = FileUtil.readFile(file, LOCK)) != null) {
            for (String str2 : readFile) {
                CipherContainer jsonToCipherContainer = Util.jsonToCipherContainer(str2);
                if (jsonToCipherContainer != null && (jsonToKeyPair = Util.jsonToKeyPair(new String(AesUtil.decrypt(new CryptoParameters.Builder().setCryptoText(jsonToCipherContainer.getCipher()).setKey(createOrGetSecretKey).setIV(jsonToCipherContainer.getIv()).build()), StandardCharsets.UTF_8))) != null) {
                    jsonToKeyPair.setCipherInfo(str2);
                    return jsonToKeyPair;
                }
            }
        }
        return null;
    }
}
