package com.allawn.cryptography.keymanager;

import android.content.Context;
import android.content.SharedPreferences;
import androidx.annotation.NonNull;
import com.allawn.cryptography.EncryptException;
import com.allawn.cryptography.algorithm.AesUtil;
import com.allawn.cryptography.algorithm.CertUtil;
import com.allawn.cryptography.algorithm.HashUtil;
import com.allawn.cryptography.data.source.memory.BizCertMemoryDataSource;
import com.allawn.cryptography.entity.CertParameters;
import com.allawn.cryptography.entity.CipherContainer;
import com.allawn.cryptography.entity.CryptoParameters;
import com.allawn.cryptography.exception.BizDataNotFoundException;
import com.allawn.cryptography.exception.InvalidArgumentException;
import com.allawn.cryptography.keymanager.entity.LocalBizKeyPairs;
import com.allawn.cryptography.keymanager.entity.UpgradeCertResponse;
import com.allawn.cryptography.security.keystore.CryptoKeyStore;
import com.allawn.cryptography.security.keystore.entity.EcKeyGenParameterSpec;
import com.allawn.cryptography.util.Base64Utils;
import com.allawn.cryptography.util.CipherUtil;
import com.allawn.cryptography.util.DateUtil;
import com.allawn.cryptography.util.FileUtil;
import com.allawn.cryptography.util.LogUtil;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.crypto.SecretKey;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class Util {
    public static int calculateValidSeconds(long j, int i) {
        if (j == -1) {
            return -1;
        }
        return i - ((int) ((DateUtil.now() - j) / 1000));
    }

    public static String decryptARecord(String str, SecretKey secretKey) throws JSONException, InvalidArgumentException, EncryptException {
        CipherContainer unwrap = CipherUtil.unwrap(str);
        return new String(AesUtil.decrypt(new CryptoParameters.Builder().setAlgorithm(CryptoParameters.AlgorithmEnum.AES_GCM_NoPadding).setCryptoText(unwrap.getCipher()).setKey(secretKey).setIV(unwrap.getIv()).build()), StandardCharsets.UTF_8);
    }

    public static JSONObject decryptHashHostToJSONObject(String str, SecretKey secretKey) {
        if (str.equals("")) {
            return null;
        }
        try {
            return new JSONObject(decryptARecord(str, secretKey));
        } catch (EncryptException | InvalidArgumentException | JSONException e) {
            LogUtil.w("Util", "decryptHashHostToJSONObject decrypt error. " + e);
            return null;
        }
    }

    public static void deleteBizVersionCertificateSP(Set<String> set, Context context) {
        for (String str : set) {
            FileUtil.deleteSharedPreferences(context, "pki_sdk_version_certs_sp_" + str);
            try {
                CryptoKeyStore.deleteKeyEntry("pki_sdk_version_certs_alias_" + str);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                LogUtil.w("Util", "deleteBizVersionCertificateSP delete key entry error. " + e);
            }
        }
    }

    public static void deleteLocalBizKeyPairsKeystoreData(Context context, String str, String str2) {
        String spliceKeyAlias = spliceKeyAlias("pki_sdk_key4Encrypt", str, str2);
        String spliceKeyAlias2 = spliceKeyAlias("pki_sdk_key4Sign", str, str2);
        try {
            CryptoKeyStore.deleteEcKeyPair(context, spliceKeyAlias);
            CryptoKeyStore.deleteEcKeyPair(context, spliceKeyAlias2);
        } catch (EncryptException e) {
            LogUtil.w("Util", "deleteLocalBizKeyPairsKeystoreData delete key pair error. " + e);
        }
    }

    public static String encryptABizCertRecord(UpgradeCertResponse upgradeCertResponse, SecretKey secretKey) throws JSONException, EncryptException, InvalidArgumentException, CertificateEncodingException {
        if (upgradeCertResponse == null || upgradeCertResponse.isNull()) {
            return null;
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("bizId", upgradeCertResponse.getBizId());
        jSONObject.put("version", upgradeCertResponse.getVersion());
        jSONObject.put("cert4Sign", Base64Utils.encodeToString(upgradeCertResponse.getCert4Sign().getEncoded()));
        jSONObject.put("cert4Encrypt", Base64Utils.encodeToString(upgradeCertResponse.getCert4Encrypt().getEncoded()));
        return encryptARecord(jSONObject.toString(), secretKey);
    }

    public static String encryptALocalKeysRecord(LocalBizKeyPairs localBizKeyPairs, String str, String str2, Context context) throws KeyStoreException, JSONException, InvalidArgumentException, EncryptException {
        if (localBizKeyPairs == null) {
            return null;
        }
        SecretKey createOrGetSecretKeyToSP = CryptoKeyStore.createOrGetSecretKeyToSP(context, "pki_sdk_all_localKeys_alias_v2", "pki_sdk_register_local_key_sp");
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("bizId", localBizKeyPairs.getBizId());
        jSONObject.put("version", localBizKeyPairs.getVersion());
        jSONObject.put("localKey4Sign", Base64Utils.encodeToString(localBizKeyPairs.getLocalKeyPair4Sign().getPublic().getEncoded()));
        jSONObject.put("localKey4Encrypt", Base64Utils.encodeToString(localBizKeyPairs.getLocalKeyPair4Encrypt().getPublic().getEncoded()));
        jSONObject.put("sha256_host", HashUtil.sha256(str));
        jSONObject.put("deviceId", str2);
        return encryptARecord(jSONObject.toString(), createOrGetSecretKeyToSP);
    }

    public static String encryptARecord(String str, SecretKey secretKey) throws JSONException, InvalidArgumentException, EncryptException {
        return CipherUtil.wrap(AesUtil.encrypt(new CryptoParameters.Builder().setAlgorithm(CryptoParameters.AlgorithmEnum.AES_GCM_NoPadding).setKey(secretKey).setCryptoText(str.getBytes(StandardCharsets.UTF_8)).build()));
    }

    public static String encryptHashHost(Map<String, String> map, SecretKey secretKey) throws InvalidArgumentException, JSONException, EncryptException {
        JSONObject jSONObject = new JSONObject();
        for (String str : map.keySet()) {
            try {
                jSONObject.put(str, HashUtil.sha256(map.get(str)));
            } catch (JSONException e) {
                LogUtil.w("Util", "encryptHashHost json put error. " + e);
            }
        }
        return encryptARecord(jSONObject.toString(), secretKey);
    }

    public static boolean extractBizCert(Context context, BizCertMemoryDataSource bizCertMemoryDataSource, String str, String str2, SecretKey secretKey) {
        try {
            UpgradeCertResponse restoreBizCertificate = restoreBizCertificate(decryptARecord(str2, secretKey), str, -1L, context);
            UpgradeCertResponse upgradeCertResponse = bizCertMemoryDataSource.getUpgradeCertResponse(str);
            if (upgradeCertResponse == null || restoreBizCertificate == null) {
                return false;
            }
            upgradeCertResponse.assign(restoreBizCertificate);
            return true;
        } catch (EncryptException | BizDataNotFoundException | InvalidArgumentException | JSONException e) {
            LogUtil.w("Util", "extractBizCert read " + str + " record error. " + e);
            return false;
        }
    }

    public static LocalBizKeyPairs generateLocalBizKeyPairs(Context context, String str, String str2) {
        String spliceKeyAlias = spliceKeyAlias("pki_sdk_key4Encrypt", str, str2);
        String spliceKeyAlias2 = spliceKeyAlias("pki_sdk_key4Sign", str, str2);
        try {
            KeyPair generateEcKeyPair = CryptoKeyStore.generateEcKeyPair(context, new EcKeyGenParameterSpec.Builder(spliceKeyAlias, 64).build());
            KeyPair generateEcKeyPair2 = CryptoKeyStore.generateEcKeyPair(context, new EcKeyGenParameterSpec.Builder(spliceKeyAlias2, 4).build());
            LocalBizKeyPairs localBizKeyPairs = new LocalBizKeyPairs();
            localBizKeyPairs.assign(str, generateEcKeyPair2, generateEcKeyPair, str2);
            return localBizKeyPairs;
        } catch (EncryptException e) {
            LogUtil.e("Util", "generateLocalBizKeyPairs generate " + str + " LocalBizKeyPairs failed. " + e);
            deleteLocalBizKeyPairsKeystoreData(context, str, str2);
            return null;
        }
    }

    public static boolean getReusableBizList(JSONObject jSONObject, Map<String, String> map, Set<String> set, Set<String> set2) {
        HashMap hashMap = new HashMap(map);
        Iterator<String> keys = jSONObject.keys();
        while (keys.hasNext()) {
            String next = keys.next();
            try {
                String string = jSONObject.getString(next);
                if (hashMap.containsKey(next) && string.equals(HashUtil.sha256((String) hashMap.get(next)))) {
                    set.add(next);
                } else {
                    set2.add(next);
                }
            } catch (JSONException unused) {
                set2.add(next);
            }
            hashMap.remove(next);
        }
        set2.addAll(hashMap.keySet());
        return set2.isEmpty();
    }

    public static Set<String> loadAllBizCertRecordInSP(Context context, BizCertMemoryDataSource bizCertMemoryDataSource, Map<String, String> map) {
        File file = FileUtil.getFile("allbizcerts", context);
        if (file.exists()) {
            LogUtil.d("Util", "loadAllBizCertRecordInSP old BIZ_CERTS_FILE delete: " + file.delete());
        }
        SecretKey secretKey = null;
        try {
            secretKey = CryptoKeyStore.createOrGetSecretKeyToSP(context, "pki_sdk_all_bizCerts_alias_v2", "pki_sdk_biz_certs_sp");
        } catch (KeyStoreException e) {
            LogUtil.w("Util", "loadAllBizCertRecordInSP secretKey get error, unable to read biz certs. " + e);
        }
        if (secretKey != null) {
            return loadAllBizCertRecordInSP(secretKey, context, bizCertMemoryDataSource, map);
        }
        deleteBizVersionCertificateSP(map.keySet(), context);
        return new HashSet();
    }

    public static Set<String> loadAllBizCertRecordInSP(SecretKey secretKey, Context context, BizCertMemoryDataSource bizCertMemoryDataSource, Map<String, String> map) {
        HashSet hashSet = new HashSet();
        SharedPreferences sharedPreferences = context.getSharedPreferences("pki_sdk_biz_certs_sp", 0);
        String string = sharedPreferences.getString("sha256_host", "");
        JSONObject decryptHashHostToJSONObject = decryptHashHostToJSONObject(string, secretKey);
        if (decryptHashHostToJSONObject == null) {
            decryptHashHostToJSONObject = new JSONObject();
        }
        HashSet<String> hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        boolean reusableBizList = getReusableBizList(decryptHashHostToJSONObject, map, hashSet2, hashSet3);
        HashMap hashMap = new HashMap();
        if (!reusableBizList) {
            try {
                string = encryptHashHost(map, secretKey);
            } catch (EncryptException | InvalidArgumentException | JSONException e) {
                LogUtil.e("Util", "loadAllBizCertRecordInSP re-encrypt hash host error. " + e);
                string = "";
            }
            deleteBizVersionCertificateSP(hashSet3, context);
        }
        if (!string.equals("")) {
            hashMap.put("sha256_host", string);
        }
        for (String str : hashSet2) {
            String string2 = sharedPreferences.getString(str, "");
            if (!string2.equals("") && extractBizCert(context, bizCertMemoryDataSource, str, string2, secretKey)) {
                hashMap.put(str, string2);
                hashSet.add(str);
            }
        }
        String string3 = sharedPreferences.getString("modifiedDate", "");
        if (!string3.equals("")) {
            try {
                long parseLong = Long.parseLong(decryptARecord(string3, secretKey));
                if (parseLong != 0) {
                    bizCertMemoryDataSource.setBizUpgradeTime(parseLong);
                    hashMap.put("modifiedDate", string3);
                }
            } catch (EncryptException | InvalidArgumentException | NumberFormatException | JSONException e2) {
                LogUtil.w("Util", "loadAllBizCertRecordInSP load modified date fail. " + e2);
            }
        }
        if (!reusableBizList || hashMap.size() != sharedPreferences.getAll().size()) {
            updateSP(sharedPreferences, hashMap);
        }
        return hashSet;
    }

    public static LocalBizKeyPairs parseLocalKeysRecord(String str, Context context, Set<String> set, Map<String, String> map, String str2) throws JSONException {
        JSONObject jSONObject = new JSONObject(str);
        String string = jSONObject.getString("bizId");
        String string2 = jSONObject.getString("version");
        if (set.contains(string)) {
            String optString = jSONObject.optString("deviceId", "");
            if (optString.equals("") || !optString.equals(str2)) {
                LogUtil.d("Util", "parseLocalKeysRecord device id has changed, biz = " + string);
                deleteLocalBizKeyPairsKeystoreData(context, string, string2);
                return null;
            }
            String optString2 = jSONObject.optString("sha256_host", "");
            if (optString2.equals("") || !optString2.equals(HashUtil.sha256(map.get(string)))) {
                LogUtil.d("Util", "parseLocalKeysRecord host name has changed, biz = " + string);
                deleteLocalBizKeyPairsKeystoreData(context, string, string2);
                return null;
            }
            try {
                String string3 = jSONObject.getString("localKey4Sign");
                String string4 = jSONObject.getString("localKey4Encrypt");
                KeyPair ecKeyPair = CryptoKeyStore.getEcKeyPair(context, spliceKeyAlias("pki_sdk_key4Encrypt", string, string2));
                KeyPair ecKeyPair2 = CryptoKeyStore.getEcKeyPair(context, spliceKeyAlias("pki_sdk_key4Sign", string, string2));
                if (ecKeyPair != null && ecKeyPair2 != null) {
                    if (!string4.equals(Base64Utils.encodeToString(ecKeyPair.getPublic().getEncoded()))) {
                        LogUtil.w("Util", "parseLocalKeysRecord public key record for encrypt does not match, biz = " + string);
                        return null;
                    }
                    if (!string3.equals(Base64Utils.encodeToString(ecKeyPair2.getPublic().getEncoded()))) {
                        LogUtil.w("Util", "parseLocalKeysRecord public key record for sign does not match, biz = " + string);
                        return null;
                    }
                    LocalBizKeyPairs localBizKeyPairs = new LocalBizKeyPairs();
                    localBizKeyPairs.assign(string, ecKeyPair2, ecKeyPair, string2);
                    LogUtil.d("Util", "parseLocalKeysRecord successfully read a record, biz = " + string + ", version = " + string2);
                    return localBizKeyPairs;
                }
                LogUtil.d("Util", "parseLocalKeysRecord key pair is lost, biz = " + string + ", version = " + string2);
            } catch (EncryptException | JSONException e) {
                deleteLocalBizKeyPairsKeystoreData(context, string, string2);
                LogUtil.w("Util", "parseLocalKeysRecord failed to get key data. " + e);
            }
        } else {
            LogUtil.d("Util", "parseLocalKeysRecord the record that is no longer used, biz = " + string);
            deleteLocalBizKeyPairsKeystoreData(context, string, string2);
        }
        return null;
    }

    public static void readAllLocalKeysRecordInSP(Context context, Set<String> set, BizCertMemoryDataSource bizCertMemoryDataSource, Map<String, String> map, String str) {
        File file = FileUtil.getFile("allregisterkeysrecord", context);
        if (file.exists()) {
            LogUtil.d("Util", "readAllLocalKeysRecordInSP old REGISTER_KEY_FILE delete: " + file.delete());
        }
        try {
            SecretKey createOrGetSecretKeyToSP = CryptoKeyStore.createOrGetSecretKeyToSP(context, "pki_sdk_all_localKeys_alias_v2", "pki_sdk_register_local_key_sp");
            SharedPreferences sharedPreferences = context.getSharedPreferences("pki_sdk_register_local_key_sp", 0);
            Map<String, ?> all = sharedPreferences.getAll();
            if (all.isEmpty()) {
                return;
            }
            HashMap hashMap = new HashMap();
            for (String str2 : all.keySet()) {
                String string = sharedPreferences.getString(str2, "");
                if (string.equals("")) {
                    LogUtil.w("Util", "readAllLocalKeysRecordInSP corrupted data, discard this record.");
                } else {
                    try {
                        String decryptARecord = decryptARecord(string, createOrGetSecretKeyToSP);
                        if (str2.equals("modifiedDate")) {
                            long parseLong = Long.parseLong(decryptARecord);
                            if (parseLong != 0) {
                                bizCertMemoryDataSource.setKeysRegisterTime(parseLong);
                                hashMap.put(str2, string);
                            }
                        } else {
                            try {
                                LocalBizKeyPairs parseLocalKeysRecord = parseLocalKeysRecord(decryptARecord, context, set, map, str);
                                if (parseLocalKeysRecord != null) {
                                    String bizId = parseLocalKeysRecord.getBizId();
                                    if (str2.equals(bizId)) {
                                        bizCertMemoryDataSource.setLocalBizKeyPairs(bizId, parseLocalKeysRecord);
                                        hashMap.put(bizId, string);
                                    } else {
                                        LogUtil.e("Util", "readAllLocalKeysRecordInSP the record have been illegally altered, biz = " + bizId + ", k = " + str2);
                                    }
                                }
                            } catch (EncryptException | InvalidArgumentException | NumberFormatException | JSONException e) {
                                e = e;
                                LogUtil.w("Util", "readAllLocalKeysRecordInSP error parsing a record. " + e);
                            }
                        }
                    } catch (EncryptException | InvalidArgumentException | NumberFormatException | JSONException e2) {
                        e = e2;
                    }
                }
            }
            if (hashMap.isEmpty() || (hashMap.size() == 1 && hashMap.containsKey("modifiedDate"))) {
                FileUtil.deleteSharedPreferences(context, "pki_sdk_register_local_key_sp");
            } else if (hashMap.size() != all.size()) {
                updateSP(sharedPreferences, hashMap);
            }
        } catch (KeyStoreException e3) {
            LogUtil.w("Util", "readAllLocalKeysRecordInSP secretKey generation error, unable to read register pub key record. " + e3);
        }
    }

    public static int registerKeysInSeconds(long j) {
        return calculateValidSeconds(j, 15724800);
    }

    public static UpgradeCertResponse restoreBizCertificate(String str, String str2, long j, Context context) {
        JSONObject jSONObject;
        String string;
        try {
            jSONObject = new JSONObject(str);
            string = jSONObject.getString("bizId");
        } catch (EncryptException | InvalidArgumentException | IOException | CertificateException | JSONException e) {
            LogUtil.w("Util", "restoreBizCertificate error parsing a record. " + e);
        }
        if (!string.equals(str2)) {
            LogUtil.d("Util", "restoreBizCertificate non-specified biz, get biz id = " + string);
            return null;
        }
        long j2 = jSONObject.getLong("version");
        if (j != -1 && j2 != j) {
            LogUtil.d("Util", "restoreBizCertificate non-specified version, get version = " + j2);
            return null;
        }
        X509Certificate readCertificate = CertUtil.readCertificate(Base64Utils.decodeFromString(jSONObject.getString("cert4Sign")));
        X509Certificate readCertificate2 = CertUtil.readCertificate(Base64Utils.decodeFromString(jSONObject.getString("cert4Encrypt")));
        CertParameters build = new CertParameters.Builder().setContext(context).setEndCertificate(readCertificate).build();
        CertParameters build2 = new CertParameters.Builder().setContext(context).setEndCertificate(readCertificate2).build();
        if (CertUtil.checkCertChain(build) && CertUtil.checkCertChain(build2)) {
            UpgradeCertResponse upgradeCertResponse = new UpgradeCertResponse();
            upgradeCertResponse.assign(str2, readCertificate, readCertificate2, j2);
            LogUtil.d("Util", "restoreBizCertificate successfully read " + str2 + "(" + j2 + ") certificate.");
            return upgradeCertResponse;
        }
        return null;
    }

    public static void saveBizCertRecordInSP(Context context, Set<String> set, BizCertMemoryDataSource bizCertMemoryDataSource, long j) throws KeyStoreException {
        SecretKey createOrGetSecretKeyToSP = CryptoKeyStore.createOrGetSecretKeyToSP(context, "pki_sdk_all_bizCerts_alias_v2", "pki_sdk_biz_certs_sp");
        SharedPreferences sharedPreferences = context.getSharedPreferences("pki_sdk_biz_certs_sp", 0);
        if (j == -1 && sharedPreferences.getString("modifiedDate", "").equals("")) {
            j = DateUtil.now();
        }
        SharedPreferences.Editor edit = sharedPreferences.edit();
        ArrayList arrayList = new ArrayList();
        for (String str : set) {
            try {
                String encryptABizCertRecord = encryptABizCertRecord(bizCertMemoryDataSource.getUpgradeCertResponse(str), createOrGetSecretKeyToSP);
                if (encryptABizCertRecord != null) {
                    edit.putString(str, encryptABizCertRecord);
                    arrayList.add(encryptABizCertRecord);
                }
            } catch (EncryptException | BizDataNotFoundException | InvalidArgumentException | CertificateEncodingException | JSONException e) {
                LogUtil.w("Util", "saveBizCertRecordInSP pack " + str + " record error. " + e);
            }
        }
        if (arrayList.isEmpty()) {
            return;
        }
        if (j != -1) {
            bizCertMemoryDataSource.setBizUpgradeTime(j);
            try {
                edit.putString("modifiedDate", encryptARecord(String.valueOf(j), createOrGetSecretKeyToSP));
            } catch (EncryptException | InvalidArgumentException | JSONException e2) {
                LogUtil.w("Util", "saveBizCertRecordInSP encrypt upgrade time error. " + e2);
            }
        }
        edit.apply();
    }

    public static void saveLocalKeysRecordInSP(Context context, @NonNull Map<String, String> map, long j) {
        if (map.isEmpty()) {
            return;
        }
        SharedPreferences sharedPreferences = context.getSharedPreferences("pki_sdk_register_local_key_sp", 0);
        if (j == -1 && sharedPreferences.getString("modifiedDate", "").equals("")) {
            j = DateUtil.now();
        }
        SharedPreferences.Editor edit = sharedPreferences.edit();
        for (String str : map.keySet()) {
            edit.putString(str, map.get(str));
        }
        if (j != -1) {
            try {
                edit.putString("modifiedDate", encryptARecord(String.valueOf(j), CryptoKeyStore.createOrGetSecretKeyToSP(context, "pki_sdk_all_localKeys_alias_v2", "pki_sdk_register_local_key_sp")));
            } catch (EncryptException | InvalidArgumentException | KeyStoreException | JSONException e) {
                LogUtil.w("Util", "saveLocalKeysRecordInSP encrypt upgrade time error. " + e);
            }
        }
        edit.apply();
    }

    public static String spliceKeyAlias(String... strArr) {
        return splicing("&", strArr);
    }

    public static String splicing(String str, String... strArr) {
        StringBuilder sb = new StringBuilder();
        for (String str2 : strArr) {
            sb.append(str2);
            sb.append(str);
        }
        sb.delete(sb.length() - str.length(), sb.length());
        return new String(sb);
    }

    public static void updateSP(SharedPreferences sharedPreferences, Map<String, String> map) {
        if (map.isEmpty()) {
            sharedPreferences.edit().clear().apply();
            return;
        }
        SharedPreferences.Editor edit = sharedPreferences.edit();
        edit.clear();
        for (String str : map.keySet()) {
            edit.putString(str, map.get(str));
        }
        edit.apply();
    }

    public static int upgradeCertInSeconds(long j, int i) {
        return calculateValidSeconds(j, i);
    }
}
