package com.heytap.ocsp.client.component.okey;

import android.util.Base64;
import android.util.Log;
import com.alibaba.fastjson.JSON;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import okhttp3.internal.cache.DiskLruCache;

/* loaded from: classes.dex */
public class OkeyUtil {
    private static final String AES = "AES";
    private static final int AES_KEY_SIZE = 256;
    private static final String AES_TRANSFORMATION = "AES/GCM/NoPadding";
    private static final String HMAC = "HmacSHA256";
    private static final String PK_HASH_VALUE = "8fa7f52161ddc2bbf27f19b106ba80d3a618334e6b62e6887ccc1053cdf8ea74";
    public static final String RSA = "RSA";
    public static final int RSA_KEY_SIZE = 2048;
    private static final String RSA_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNhaEMWBf4Ooe12zLuT8h0UQQ6HrGeh76t7lfdl1NSk9xJXe/KfhNXlceMt3UDAEz0YNcUFTfGK9A3NY4zr0cv+ZPBy7uuI5EzmH41dyvPim4X74gJDRdEy7jTJ2J/LvPG2EIZWprOlcPMurdncwjHg0XUpXlYlxz4zBhLV06RrTIMumW1dVA+1qfDQS9D/9r3mOFdTxcx2TysydeRI9vA3881dFFBL3fHjTl0j/HeJoz7DK2FlVzWozjKGoBcjlpkX3ZdQePOo3Vr5x75T2bdAR8bUMKv37YkG0yD+qI+zyvwIClATUm15if6Jk34QX5gpjav2AjTYYJnAWradfowIDAQAB";
    public static final String RSA_TRANSFORMATION = "RSA/None/PKCS1Padding";
    private static final String TAG = "OkeyUtil";
    private static String payloadIv = "";
    private static final Charset CHARSET_UTF8 = StandardCharsets.UTF_8;
    private static PublicKey publicKey = null;

    public static byte[] encryptBusinessData(byte[] bArr, String str) throws InvalidAlgorithmParameterException, InvalidKeyException, NoSuchPaddingException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, AES);
        Cipher cipher = Cipher.getInstance(AES_TRANSFORMATION);
        byte[] bArr2 = new byte[12];
        new SecureRandom().nextBytes(bArr2);
        payloadIv = Base64.encodeToString(bArr2, 2);
        cipher.init(1, secretKeySpec, new GCMParameterSpec(128, bArr2));
        return cipher.doFinal(str.getBytes());
    }

    public static byte[] getAesKey() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(AES);
        keyGenerator.init(256);
        return keyGenerator.generateKey().getEncoded();
    }

    public static String getDekPlainHashValue(byte[] bArr) throws NoSuchAlgorithmException {
        return Base64.encodeToString(MessageDigest.getInstance("SHA-256").digest(bArr), 2);
    }

    public static String getEncryptedDek(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        if (publicKey == null) {
            publicKey = getRsaPublicKey();
        }
        Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding");
        cipher.init(1, publicKey);
        return Base64.encodeToString(cipher.doFinal(bArr), 2);
    }

    public static String getHmacData(byte[] bArr, String str) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance(HMAC);
        mac.init(new SecretKeySpec(bArr, mac.getAlgorithm()));
        return Base64.encodeToString(mac.doFinal(Base64.decode(str, 2)), 2);
    }

    public static String getOkeyPack(String str) {
        try {
            byte[] aesKey = getAesKey();
            HashMap hashMap = new HashMap();
            hashMap.put("pk_type", "rsa");
            hashMap.put("pk_bit_length", 2048);
            hashMap.put("pk_hash_value", PK_HASH_VALUE);
            HashMap hashMap2 = new HashMap();
            hashMap2.put("dek_enc_cipher_suite", "RSA/None/PKCS1Padding");
            hashMap2.put("dek_bit_length", 256);
            hashMap2.put("dek_plain_hash_value", getDekPlainHashValue(aesKey));
            hashMap2.put("encrypted_dek", getEncryptedDek(aesKey));
            byte[] encryptBusinessData = encryptBusinessData(aesKey, str);
            byte[] bArr = new byte[16];
            int length = encryptBusinessData.length - 16;
            byte[] bArr2 = new byte[length];
            System.arraycopy(encryptBusinessData, 0, bArr2, 0, length);
            System.arraycopy(encryptBusinessData, length, bArr, 0, 16);
            HashMap hashMap3 = new HashMap();
            hashMap3.put("payload_cipher_suite", AES_TRANSFORMATION);
            hashMap3.put("payload_iv", payloadIv);
            hashMap3.put("payload_aad", "");
            hashMap3.put("payload_tag", Base64.encodeToString(bArr, 2));
            hashMap3.put("encrypted_payload", Base64.encodeToString(bArr2, 2));
            hashMap3.put("encrypted_payload_hmac", getHmacData(aesKey, (String) hashMap3.get("encrypted_payload")));
            HashMap hashMap4 = new HashMap();
            hashMap4.put("version", DiskLruCache.VERSION_1);
            hashMap4.put("work_mode", "mode_envelope_rsa");
            hashMap4.put("app_name", "csp-app-service-user");
            hashMap4.put("pk", hashMap);
            hashMap4.put("dek", hashMap2);
            hashMap4.put("payload", hashMap3);
            HashMap hashMap5 = new HashMap();
            hashMap5.put("app", "csp-app-service-user");
            hashMap5.put("parse_payload", DiskLruCache.VERSION_1);
            hashMap5.put("cms", hashMap4);
            return JSON.toJSONString(hashMap5);
        } catch (Exception e) {
            Log.d(TAG, e.getMessage());
            return null;
        }
    }

    public static PublicKey getRsaPublicKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(RSA_PUBLIC_KEY, 0)));
    }
}
