package c.a.a.a;

import android.content.Context;
import android.os.Build;
import android.os.Bundle;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import c.a.a.a.d;
import com.unionpay.fasteid.utils.UPException;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.GregorianCalendar;
import javax.security.auth.x500.X500Principal;

/* compiled from: RSAKeyStore.java */
/* loaded from: classes23.dex */
public class c {

    /* renamed from: a, reason: collision with root package name */
    public static final String f99a = "AndroidKeyStore";

    /* renamed from: b, reason: collision with root package name */
    public static final String f100b = "RSA";

    /* renamed from: c, reason: collision with root package name */
    public static final String f101c = "DSA";

    /* renamed from: d, reason: collision with root package name */
    public static final String f102d = "BKS";
    public static final String e = "SHA256withRSA";
    public static final String f = "SHA512withRSA";
    public static final String g = "upSdkDeviceKeyAlias";
    public static final String h = "keyAlias";
    public String i = "upSdkAlias";

    public static KeyPair a(Context context, String str) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        AlgorithmParameterSpec build;
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 1000);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", f99a);
        if (Build.VERSION.SDK_INT < 23) {
            build = new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal("CN=" + str)).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
        } else {
            build = new KeyGenParameterSpec.Builder(str, 4).setCertificateSubject(new X500Principal("CN=" + str)).setDigests("SHA-256").setSignaturePaddings("PKCS1").setCertificateSerialNumber(BigInteger.valueOf(1337L)).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).build();
        }
        keyPairGenerator.initialize(build);
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyStore.Entry a(String str) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableEntryException {
        KeyStore keyStore = KeyStore.getInstance(f99a);
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(str, null);
        if (entry != null) {
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                return entry;
            }
            Log.w("ContentValues", "Not an instance of a PrivateKeyEntry");
            Log.w("ContentValues", "Exiting signData()...");
            return null;
        }
        Log.w("ContentValues", "No key found under alias: " + str);
        Log.w("ContentValues", "Exiting signData()...");
        return null;
    }

    public static PrivateKey a() throws Exception {
        KeyStore keyStore = KeyStore.getInstance(f99a);
        keyStore.load(null);
        if (keyStore.containsAlias(g)) {
            return (PrivateKey) keyStore.getKey(g, null);
        }
        throw new UPException(d.e.a.s, "设备密钥不存在，请初始化设备");
    }

    public static void a(Context context, Bundle bundle) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(f99a);
        keyStore.load(null);
        if (!keyStore.containsAlias(g)) {
            a(context, g);
        }
        String encodeToString = Base64.encodeToString(keyStore.getCertificate(g).getPublicKey().getEncoded(), 2);
        if (TextUtils.isEmpty(encodeToString)) {
            throw new UPException(d.e.a.s, "设备公钥读取失败");
        }
        bundle.putString(d.e.m, encodeToString);
    }

    public static PrivateKey b(String str) throws Exception {
        String str2 = str + h;
        KeyStore keyStore = KeyStore.getInstance(f99a);
        keyStore.load(null);
        if (keyStore.containsAlias(str2)) {
            return (PrivateKey) keyStore.getKey(str2, null);
        }
        throw new UPException(d.e.a.t, "用户私钥获取失败");
    }

    public static void b(Context context, Bundle bundle) throws Exception {
        String str = bundle.getString(d.e.e) + h;
        KeyStore keyStore = KeyStore.getInstance(f99a);
        keyStore.load(null);
        if (!keyStore.containsAlias(str)) {
            a(context, str);
        }
        String encodeToString = Base64.encodeToString(keyStore.getCertificate(str).getPublicKey().getEncoded(), 2);
        if (TextUtils.isEmpty(encodeToString)) {
            throw new UPException(d.e.a.t, "用户公钥读取失败");
        }
        bundle.putString(d.e.o, encodeToString);
    }

    public static String c(String str) throws Exception {
        String str2 = str + h;
        KeyStore keyStore = KeyStore.getInstance(f99a);
        keyStore.load(null);
        if (keyStore.containsAlias(str2)) {
            return Base64.encodeToString(keyStore.getCertificate(str2).getPublicKey().getEncoded(), 2);
        }
        throw new UPException(d.e.a.t, "用户公钥获取失败");
    }

    public boolean a(String str, String str2) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableEntryException, InvalidKeyException, SignatureException {
        byte[] bytes = str.getBytes();
        if (str2 == null) {
            Log.w("ContentValues", "Invalid signature.");
            Log.w("ContentValues", "Exiting verifyData()...");
            return false;
        }
        try {
            byte[] decode = Base64.decode(str2, 0);
            KeyStore keyStore = KeyStore.getInstance(f99a);
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(this.i, null);
            if (entry == null) {
                Log.w("ContentValues", "No key found under alias: " + this.i);
                Log.w("ContentValues", "Exiting verifyData()...");
                return false;
            }
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                Log.w("ContentValues", "Not an instance of a PrivateKeyEntry");
                return false;
            }
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(((KeyStore.PrivateKeyEntry) entry).getCertificate());
            signature.update(bytes);
            return signature.verify(decode);
        } catch (IllegalArgumentException e2) {
            return false;
        }
    }

    public String d(String str) throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, CertificateException {
        byte[] bytes = str.getBytes();
        KeyStore keyStore = KeyStore.getInstance(f99a);
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(this.i, null);
        if (entry == null) {
            Log.w("ContentValues", "No key found under alias: " + this.i);
            Log.w("ContentValues", "Exiting signData()...");
            return null;
        }
        if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
            Log.w("ContentValues", "Not an instance of a PrivateKeyEntry");
            Log.w("ContentValues", "Exiting signData()...");
            return null;
        }
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
        signature.update(bytes);
        return Base64.encodeToString(signature.sign(), 0);
    }
}
