package com.huawei.wisesecurity.keyindex.utils;

import android.security.keystore.KeyGenParameterSpec;
import c.a.a.a.a;
import com.huawei.wisesecurity.keyindex.crypto.WKEnum;
import com.huawei.wisesecurity.keyindex.exception.KiCryptoException;
import com.huawei.wisesecurity.keyindex.exception.KiErrorCode;
import com.huawei.wisesecurity.keyindex.exception.KiException;
import com.huawei.wisesecurity.keyindex.log.LogKi;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.cipher.aes.AESCipher;
import com.huawei.wisesecurity.kfs.exception.CryptoException;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.KeyGenerator;

/* loaded from: classes.dex */
public class KeyStoreUtil {
    public static final String PROVIDER_ANDROID_KEYSTORE = "AndroidKeyStore";
    public static final String TAG = "KeyStoreUtil";
    public static KeyStore keyStore;
    public Map<String, Key> keyMap = new ConcurrentHashMap();
    public static KeyStoreUtil instance = new KeyStoreUtil();
    public static final Object OBJECT = new Object();

    public static KeyStoreUtil getInstance() throws KiException {
        if (keyStore == null) {
            initKeyStore();
        }
        return instance;
    }

    private Key getKey(String str) throws KiException {
        if (this.keyMap.containsKey(str)) {
            return this.keyMap.get(str);
        }
        try {
            Key key = keyStore.getKey(str, null);
            this.keyMap.put(str, key);
            return key;
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e2) {
            StringBuilder a2 = a.a("getSecretKey failed, ");
            a2.append(e2.getMessage());
            String sb = a2.toString();
            LogKi.e(TAG, sb);
            throw new KiException(KiErrorCode.KEY_STORE_ERROR, sb);
        }
    }

    private boolean hasAlias(String str) throws KiException {
        try {
            if (keyStore != null) {
                if (keyStore.containsAlias(str)) {
                    return true;
                }
            }
            return false;
        } catch (KeyStoreException e2) {
            StringBuilder a2 = a.a("hasAlias failed, ");
            a2.append(e2.getMessage());
            String sb = a2.toString();
            LogKi.e(TAG, sb);
            throw new KiException(KiErrorCode.KEY_STORE_ERROR, sb);
        }
    }

    public static void initKeyStore() throws KiException {
        try {
            keyStore = KeyStore.getInstance(PROVIDER_ANDROID_KEYSTORE);
            keyStore.load(null);
            LogKi.i(TAG, "initKeyStore OK");
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            StringBuilder a2 = a.a("initKeyStore failed, ");
            a2.append(e2.getMessage());
            String sb = a2.toString();
            LogKi.e(TAG, sb);
            throw new KiException(KiErrorCode.KEY_STORE_ERROR, sb);
        }
    }

    public void createSecretKey(String str, WKEnum wKEnum) throws KiException {
        if (hasAlias(str)) {
            LogKi.i(TAG, "alias already exists");
            return;
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(wKEnum.getAlgorithm(), PROVIDER_ANDROID_KEYSTORE);
            keyGenerator.init(new KeyGenParameterSpec.Builder(str, 15).setBlockModes(wKEnum.getBlockMode()).setEncryptionPaddings(wKEnum.getEncryptionPadding()).setDigests(wKEnum.getDigest()).setRandomizedEncryptionRequired(false).setKeySize(wKEnum.getKeySize()).build());
            keyGenerator.generateKey();
            StringBuilder sb = new StringBuilder();
            sb.append("create secretKey for alias(");
            sb.append(str);
            sb.append(") OK");
            LogKi.i(TAG, sb.toString());
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            StringBuilder a2 = a.a("createSecretKey failed, ");
            a2.append(e2.getMessage());
            throw new KiException(KiErrorCode.KEY_STORE_ERROR, a2.toString());
        }
    }

    public byte[] decryptWithSecretKey(CipherAlg cipherAlg, String str, String str2, String str3) throws KiException {
        byte[] bArr;
        synchronized (OBJECT) {
            try {
                try {
                    bArr = new AESCipher.Builder().withAlg(cipherAlg).withKey(getKey(str)).withIv(Base64Util.decode(str3)).build().getDecryptHandler().from(Base64Util.decode(str2)).to();
                } catch (CryptoException e2) {
                    StringBuilder sb = new StringBuilder();
                    sb.append("decryptKeyPairSk failed, ");
                    sb.append(e2.getMessage());
                    String sb2 = sb.toString();
                    LogKi.e(TAG, sb2);
                    throw new KiCryptoException(sb2);
                }
            } catch (Throwable th) {
                throw th;
            }
        }
        return bArr;
    }

    public String encryptWithSecretKey(CipherAlg cipherAlg, String str, byte[] bArr, byte[] bArr2) throws KiException {
        String base64;
        synchronized (OBJECT) {
            try {
                try {
                    base64 = new AESCipher.Builder().withAlg(cipherAlg).withKey(getKey(str)).withIv(bArr2).build().getEncryptHandler().from(bArr).toBase64();
                } catch (CryptoException e2) {
                    StringBuilder sb = new StringBuilder();
                    sb.append("encryptWithSkWorkKey failed, ");
                    sb.append(e2.getMessage());
                    String sb2 = sb.toString();
                    LogKi.e(TAG, sb2);
                    throw new KiCryptoException(sb2);
                }
            } catch (Throwable th) {
                throw th;
            }
        }
        return base64;
    }
}
