package com.suning.mobilead.biz.storage.preference.secured;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.coloros.mcssdk.c.a;
import com.suning.f.a.a.a.b;
import com.suning.mobilead.biz.storage.preference.secured.SecuredPreferenceStore;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: classes7.dex */
public class EncryptionManager {
    private static final String BLOCK_MODE_CBC = "CBC";
    private static final String BLOCK_MODE_ECB = "ECB";
    private static final String BLOCK_MODE_GCM = "GCM";
    private static final String DEFAULT_CHARSET = "UTF-8";
    private static final String ENCRYPTION_PADDING_NONE = "NoPadding";
    private static final String ENCRYPTION_PADDING_PKCS7 = "PKCS7Padding";
    private static final String ENCRYPTION_PADDING_RSA_PKCS1 = "PKCS1Padding";
    private static final String KEY_ALGORITHM_AES = "AES";
    private static final String KEY_ALGORITHM_RSA = "RSA";
    private static final String MAC_ALGORITHM_HMAC_SHA256 = "HmacSHA256";

    /* renamed from: a, reason: collision with root package name */
    SharedPreferences f34109a;
    private SecretKey aesKey;

    /* renamed from: b, reason: collision with root package name */
    SecuredPreferenceStore.KeyStoreRecoveryNotifier f34110b;
    private boolean isCompatMode;
    private Context mContext;
    private KeyStore mStore;
    private SecretKey macKey;
    private RSAPrivateKey privateKey;
    private RSAPublicKey publicKey;
    private final int RSA_BIT_LENGTH = 2048;
    private final int AES_BIT_LENGTH = 256;
    private final int MAC_BIT_LENGTH = 256;
    private final int GCM_TAG_LENGTH = 128;
    private final String KEYSTORE_PROVIDER = "AndroidKeyStore";
    private final String SSL_PROVIDER = a.e;
    private final String BOUNCY_CASTLE_PROVIDER = "BC";
    private final String RSA_KEY_ALIAS = "sps_rsa_key";
    private final String AES_KEY_ALIAS = "sps_aes_key";
    private final String MAC_KEY_ALIAS = "sps_mac_key";
    private final String DELIMITER = "]";
    private final String RSA_CIPHER = b.f28012b;
    private final String AES_CIPHER = "AES/GCM/NoPadding";
    private final String AES_CIPHER_COMPAT = "AES/CBC/PKCS7Padding";
    private final String MAC_CIPHER = "HmacSHA256";
    private final String IS_COMPAT_MODE_KEY_ALIAS = "sps_data_in_compat";

    /* loaded from: classes7.dex */
    public static class EncryptedData {

        /* renamed from: a, reason: collision with root package name */
        byte[] f34111a;

        /* renamed from: b, reason: collision with root package name */
        byte[] f34112b;

        /* renamed from: c, reason: collision with root package name */
        byte[] f34113c;

        public EncryptedData() {
            this.f34111a = null;
            this.f34112b = null;
            this.f34113c = null;
        }

        public EncryptedData(byte[] bArr, byte[] bArr2, byte[] bArr3) {
            this.f34111a = bArr;
            this.f34112b = bArr2;
            this.f34113c = bArr3;
        }

        byte[] a() {
            byte[] bArr = new byte[this.f34111a.length + this.f34112b.length];
            System.arraycopy(this.f34111a, 0, bArr, 0, this.f34111a.length);
            System.arraycopy(this.f34112b, 0, bArr, this.f34111a.length, this.f34112b.length);
            return bArr;
        }

        public byte[] getEncryptedData() {
            return this.f34112b;
        }

        public byte[] getIV() {
            return this.f34111a;
        }

        public byte[] getMac() {
            return this.f34113c;
        }

        public void setEncryptedData(byte[] bArr) {
            this.f34112b = bArr;
        }

        public void setIV(byte[] bArr) {
            this.f34111a = bArr;
        }

        public void setMac(byte[] bArr) {
            this.f34113c = bArr;
        }
    }

    /* loaded from: classes7.dex */
    public class InvalidMacException extends GeneralSecurityException {
        public InvalidMacException() {
            super("Invalid Mac, failed to verify integrity.");
        }
    }

    public EncryptionManager(Context context, SharedPreferences sharedPreferences, SecuredPreferenceStore.KeyStoreRecoveryNotifier keyStoreRecoveryNotifier) {
        boolean z = false;
        this.isCompatMode = false;
        this.isCompatMode = sharedPreferences.getBoolean(getHashed("sps_data_in_compat"), Build.VERSION.SDK_INT < 23);
        this.f34110b = keyStoreRecoveryNotifier;
        this.mContext = context;
        this.f34109a = sharedPreferences;
        b();
        try {
            a(context, sharedPreferences);
        } catch (Exception e) {
            if (!a((EncryptionManager) e)) {
                throw e;
            }
            z = b((EncryptionManager) e);
        }
        if (z) {
            a(context, sharedPreferences);
        }
    }

    static String a(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b2 : bArr) {
            sb.append(String.format("%02X", Byte.valueOf(b2)));
        }
        return sb.toString();
    }

    public static byte[] base64Decode(String str) {
        return Base64.decode(str, 2);
    }

    public static String base64Encode(byte[] bArr) {
        return Base64.encodeToString(bArr, 2);
    }

    public static String getHashed(String str) {
        return a(MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256).digest(str.getBytes("UTF-8")));
    }

    @TargetApi(19)
    EncryptedData a(byte[] bArr, byte[] bArr2) {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, this.aesKey, new GCMParameterSpec(128, bArr2));
        EncryptedData encryptedData = new EncryptedData();
        encryptedData.f34111a = cipher.getIV();
        encryptedData.f34112b = cipher.doFinal(bArr);
        return encryptedData;
    }

    String a(EncryptedData encryptedData) {
        return encryptedData.f34113c != null ? base64Encode(encryptedData.f34111a) + "]" + base64Encode(encryptedData.f34112b) + "]" + base64Encode(encryptedData.f34113c) : base64Encode(encryptedData.f34111a) + "]" + base64Encode(encryptedData.f34112b);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String a(String str) {
        if (str == null || str.length() <= 0) {
            return null;
        }
        return a(tryEncrypt(str.getBytes("UTF-8")));
    }

    List<String> a() {
        return Arrays.asList("sps_aes_key", "sps_rsa_key");
    }

    void a(Context context) {
        if (this.mStore.containsAlias("sps_rsa_key")) {
            return;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(Build.VERSION.SDK_INT >= 19 ? new KeyPairGeneratorSpec.Builder(context).setAlias("sps_rsa_key").setKeySize(2048).setKeyType("RSA").setSerialNumber(BigInteger.ONE).setSubject(new X500Principal("CN = Secured Preference Store, O = Devliving Online")).build() : new KeyPairGeneratorSpec.Builder(context).setAlias("sps_rsa_key").setSerialNumber(BigInteger.ONE).setSubject(new X500Principal("CN = Secured Preference Store, O = Devliving Online")).build());
        keyPairGenerator.generateKeyPair();
    }

    void a(Context context, SharedPreferences sharedPreferences) {
        b(context, sharedPreferences);
        a(sharedPreferences);
    }

    void a(SharedPreferences sharedPreferences) {
        if (this.isCompatMode) {
            this.aesKey = d(sharedPreferences);
            this.macKey = e(sharedPreferences);
        } else if (this.mStore.containsAlias("sps_aes_key") && this.mStore.entryInstanceOf("sps_aes_key", KeyStore.SecretKeyEntry.class)) {
            this.aesKey = ((KeyStore.SecretKeyEntry) this.mStore.getEntry("sps_aes_key", null)).getSecretKey();
        }
    }

    <T extends Exception> boolean a(T t) {
        return (t instanceof KeyStoreException) || (t instanceof UnrecoverableEntryException) || (t instanceof InvalidKeyException) || (t instanceof IllegalStateException) || ((t instanceof IOException) && t.getCause() != null && (t.getCause() instanceof BadPaddingException));
    }

    EncryptedData b(byte[] bArr, byte[] bArr2) {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
        cipher.init(1, this.aesKey, new IvParameterSpec(bArr2));
        EncryptedData encryptedData = new EncryptedData();
        encryptedData.f34111a = cipher.getIV();
        encryptedData.f34112b = cipher.doFinal(bArr);
        encryptedData.f34113c = b(encryptedData.a());
        return encryptedData;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String b(String str) {
        if (str == null || str.length() <= 0) {
            return null;
        }
        byte[] tryDecrypt = tryDecrypt(c(str));
        return new String(tryDecrypt, 0, tryDecrypt.length, "UTF-8");
    }

    void b() {
        this.mStore = KeyStore.getInstance("AndroidKeyStore");
        this.mStore.load(null);
    }

    void b(Context context, SharedPreferences sharedPreferences) {
        if (!this.isCompatMode) {
            d();
            return;
        }
        a(context);
        e();
        b(sharedPreferences);
        c(sharedPreferences);
    }

    boolean b(SharedPreferences sharedPreferences) {
        String hashed = getHashed("sps_aes_key");
        if (sharedPreferences.contains(hashed)) {
            return false;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        boolean commit = sharedPreferences.edit().putString(hashed, base64Encode(c(keyGenerator.generateKey().getEncoded()))).commit();
        sharedPreferences.edit().putBoolean(getHashed("sps_data_in_compat"), true).apply();
        return commit;
    }

    <T extends Exception> boolean b(T t) {
        return this.f34110b != null && this.f34110b.onRecoveryRequired(t, this.mStore, a());
    }

    @TargetApi(19)
    byte[] b(EncryptedData encryptedData) {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, this.aesKey, new GCMParameterSpec(128, encryptedData.f34111a));
        return cipher.doFinal(encryptedData.f34112b);
    }

    byte[] b(byte[] bArr) {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(this.macKey);
        return mac.doFinal(bArr);
    }

    EncryptedData c(String str) {
        EncryptedData encryptedData = new EncryptedData();
        String[] split = str.split("]");
        encryptedData.f34111a = base64Decode(split[0]);
        encryptedData.f34112b = base64Decode(split[1]);
        if (split.length > 2) {
            encryptedData.f34113c = base64Decode(split[2]);
        }
        return encryptedData;
    }

    boolean c(SharedPreferences sharedPreferences) {
        String hashed = getHashed("sps_mac_key");
        if (sharedPreferences.contains(hashed)) {
            return false;
        }
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return sharedPreferences.edit().putString(hashed, base64Encode(c(bArr))).commit();
    }

    boolean c(byte[] bArr, byte[] bArr2) {
        if (bArr == null || bArr2 == null) {
            return false;
        }
        byte[] b2 = b(bArr2);
        if (b2.length != bArr.length) {
            return false;
        }
        int i = 0;
        for (int i2 = 0; i2 < b2.length; i2++) {
            i |= b2[i2] ^ bArr[i2];
        }
        return i == 0;
    }

    byte[] c() {
        byte[] bArr = !this.isCompatMode ? new byte[12] : new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    byte[] c(EncryptedData encryptedData) {
        if (!c(encryptedData.f34113c, encryptedData.a())) {
            throw new InvalidMacException();
        }
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
        cipher.init(2, this.aesKey, new IvParameterSpec(encryptedData.f34111a));
        return cipher.doFinal(encryptedData.f34112b);
    }

    byte[] c(byte[] bArr) {
        Cipher cipher = Cipher.getInstance(b.f28012b, a.e);
        cipher.init(1, this.publicKey);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    SecretKey d(SharedPreferences sharedPreferences) {
        String string = sharedPreferences.getString(getHashed("sps_aes_key"), null);
        if (string != null) {
            return new SecretKeySpec(d(base64Decode(string)), "AES");
        }
        return null;
    }

    @TargetApi(23)
    boolean d() {
        if (this.mStore.containsAlias("sps_aes_key")) {
            return false;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder("sps_aes_key", 3).setCertificateSubject(new X500Principal("CN = Secured Preference Store, O = Devliving Online")).setCertificateSerialNumber(BigInteger.ONE).setKeySize(256).setBlockModes(BLOCK_MODE_GCM).setEncryptionPaddings(ENCRYPTION_PADDING_NONE).setRandomizedEncryptionRequired(false).build());
        keyGenerator.generateKey();
        return true;
    }

    byte[] d(byte[] bArr) {
        Cipher cipher = Cipher.getInstance(b.f28012b, a.e);
        cipher.init(2, this.privateKey);
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        byte[] bArr2 = new byte[arrayList.size()];
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= bArr2.length) {
                cipherInputStream.close();
                return bArr2;
            }
            bArr2[i2] = ((Byte) arrayList.get(i2)).byteValue();
            i = i2 + 1;
        }
    }

    public byte[] decrypt(EncryptedData encryptedData) {
        if (encryptedData == null || encryptedData.f34112b == null) {
            return null;
        }
        return this.isCompatMode ? c(encryptedData) : b(encryptedData);
    }

    SecretKey e(SharedPreferences sharedPreferences) {
        String string = sharedPreferences.getString(getHashed("sps_mac_key"), null);
        if (string != null) {
            return new SecretKeySpec(d(base64Decode(string)), "HmacSHA256");
        }
        return null;
    }

    void e() {
        if (this.mStore.containsAlias("sps_rsa_key") && this.mStore.entryInstanceOf("sps_rsa_key", KeyStore.PrivateKeyEntry.class)) {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.mStore.getEntry("sps_rsa_key", null);
            this.publicKey = (RSAPublicKey) privateKeyEntry.getCertificate().getPublicKey();
            this.privateKey = (RSAPrivateKey) privateKeyEntry.getPrivateKey();
        }
    }

    public EncryptedData encrypt(byte[] bArr) {
        if (bArr == null || bArr.length <= 0) {
            return null;
        }
        byte[] c2 = c();
        return this.isCompatMode ? b(bArr, c2) : a(bArr, c2);
    }

    public byte[] tryDecrypt(EncryptedData encryptedData) {
        byte[] bArr;
        boolean z;
        try {
            bArr = decrypt(encryptedData);
            z = false;
        } catch (Exception e) {
            if (!a((EncryptionManager) e)) {
                throw e;
            }
            boolean b2 = b((EncryptionManager) e);
            bArr = null;
            z = b2;
        }
        if (!z) {
            return bArr;
        }
        a(this.mContext, this.f34109a);
        return decrypt(encryptedData);
    }

    public EncryptedData tryEncrypt(byte[] bArr) {
        EncryptedData encryptedData;
        boolean z;
        try {
            encryptedData = encrypt(bArr);
            z = false;
        } catch (Exception e) {
            if (!a((EncryptionManager) e)) {
                throw e;
            }
            boolean b2 = b((EncryptionManager) e);
            encryptedData = null;
            z = b2;
        }
        if (!z) {
            return encryptedData;
        }
        a(this.mContext, this.f34109a);
        return encrypt(bArr);
    }
}
