package com.hktv.android.hktvlib.bg.utils.security;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import com.hktv.android.hktvlib.bg.utils.commons.StringUtils;
import com.hktv.android.hktvlib.main.HKTVLibPreference;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
public class HKTVKeyStoreUtils {
    private static final String ALGORITHM_TYPE_RSA = "RSA";
    private static final String CIPHER_DATA_PRE_M_TRANSFORMATION = "AES/ECB/PKCS7Padding";
    private static final String CIPHER_DATA_PROVIDER = "BC";
    private static final String CIPHER_DATA_TRANSFORMATION = "AES/GCM/NoPadding";
    private static final String CIPHER_PROVIDER_KEY_STORE = "AndroidOpenSSL";
    private static final String CIPHER_TRANSFORMATION = "RSA/ECB/PKCS1Padding";
    private static final int KEY_EXPIRE_YEAR = 70;
    private static final int MAX_DATA_SIZE = 1048576;
    private static final String PRE_M_ENCRYPT_KEY = "rsa_encrypt_key";
    private static final String PRE_M_KEY_ALGORITHM_AES = "AES";
    private static final String PROVIDER_KEY_STORE = "AndroidKeyStore";
    private static final String SECRET_ENCRYPT_KEY = "secret_encrypt_key";
    private static final String SELF_SIGN_CERT_NAME = "CN=HKTVmall, O=Android Authority";
    private static byte[] SecretSalt = null;
    private static final String TAG = "HKTVKeyStoreUtils";
    private static Key encryptKey;

    private static String createNewKeys(Context context, KeyStore keyStore, String str) {
        try {
            if (!keyStore.containsAlias(str)) {
                Calendar calendar = Calendar.getInstance();
                Calendar calendar2 = Calendar.getInstance();
                calendar2.add(1, 70);
                if (Build.VERSION.SDK_INT < 23) {
                    KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal(SELF_SIGN_CERT_NAME)).setSerialNumber(BigInteger.valueOf(2000L)).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM_TYPE_RSA, keyStore.getProvider());
                    keyPairGenerator.initialize(build);
                    keyPairGenerator.generateKeyPair();
                } else {
                    KeyGenParameterSpec build2 = new KeyGenParameterSpec.Builder(str, 3).setEncryptionPaddings("NoPadding").setBlockModes("GCM").setRandomizedEncryptionRequired(false).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).build();
                    KeyGenerator keyGenerator = KeyGenerator.getInstance(PRE_M_KEY_ALGORITHM_AES, keyStore.getProvider());
                    keyGenerator.init(build2);
                    keyGenerator.generateKey();
                }
            }
        } catch (Exception e2) {
            e2.printStackTrace();
        }
        return str;
    }

    public static String decrypt(Context context, String str) {
        ByteBuffer wrap = ByteBuffer.wrap(initCipher(context, 2).doFinal(Base64.decode(str, 0)));
        int i2 = wrap.getInt();
        if (i2 < 0 || i2 >= 1048576 || i2 > wrap.remaining()) {
            return str;
        }
        byte[] bArr = new byte[i2];
        wrap.get(bArr);
        return new String(bArr, Charset.defaultCharset());
    }

    public static String encrypt(Context context, String str) {
        String value = StringUtils.getValue(str);
        Cipher initCipher = initCipher(context, 1);
        byte[] bytes = value.getBytes(Charset.defaultCharset());
        if (bytes.length >= 1048576) {
            return value;
        }
        ByteBuffer allocate = ByteBuffer.allocate(bytes.length + 4);
        allocate.putInt(bytes.length);
        allocate.put(bytes);
        return Base64.encodeToString(initCipher.doFinal(allocate.array()), 0);
    }

    private static Key getSecretKey(Context context, KeyStore keyStore) {
        if (encryptKey == null) {
            if (Build.VERSION.SDK_INT >= 23) {
                try {
                    encryptKey = keyStore.getKey(createNewKeys(context, keyStore, SECRET_ENCRYPT_KEY), null);
                } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e2) {
                    e2.printStackTrace();
                }
            }
            if (encryptKey == null) {
                encryptKey = new SecretKeySpec(secretRandomSalt(context, keyStore), PRE_M_KEY_ALGORITHM_AES);
            }
        }
        return encryptKey;
    }

    private static String getSecretKeyPreference() {
        return Build.VERSION.SDK_INT < 23 ? HKTVLibPreference.KEY_PRE_M_SECRET_RANDOM_SALT : HKTVLibPreference.KEY_SECRET_RANDOM_SALT;
    }

    private static Cipher initCipher(Context context, int i2) {
        KeyStore keyStore = KeyStore.getInstance(PROVIDER_KEY_STORE);
        keyStore.load(null);
        if (Build.VERSION.SDK_INT < 23) {
            Cipher cipher = Cipher.getInstance(CIPHER_DATA_PRE_M_TRANSFORMATION, CIPHER_DATA_PROVIDER);
            cipher.init(i2, getSecretKey(context, keyStore));
            return cipher;
        }
        Cipher cipher2 = Cipher.getInstance(CIPHER_DATA_TRANSFORMATION);
        cipher2.init(i2, getSecretKey(context, keyStore), new GCMParameterSpec(128, secretRandomSalt(context, keyStore)));
        return cipher2;
    }

    private static byte[] rsaDecrypt(Context context, KeyStore keyStore, String str) {
        if (Build.VERSION.SDK_INT >= 23) {
            return Base64.decode(str, 0);
        }
        try {
            PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) keyStore.getEntry(createNewKeys(context, keyStore, PRE_M_ENCRYPT_KEY), null)).getPrivateKey();
            Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORMATION, CIPHER_PROVIDER_KEY_STORE);
            cipher.init(2, privateKey);
            CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(Base64.decode(str, 0)), cipher);
            ArrayList arrayList = new ArrayList();
            while (true) {
                int read = cipherInputStream.read();
                if (read == -1) {
                    break;
                }
                arrayList.add(Byte.valueOf((byte) read));
            }
            int size = arrayList.size();
            byte[] bArr = new byte[size];
            for (int i2 = 0; i2 < size; i2++) {
                bArr[i2] = ((Byte) arrayList.get(i2)).byteValue();
            }
            return bArr;
        } catch (Exception unused) {
            return str.getBytes(Charset.defaultCharset());
        }
    }

    private static String rsaEncrypt(Context context, KeyStore keyStore, byte[] bArr) {
        if (Build.VERSION.SDK_INT >= 23) {
            return Base64.encodeToString(bArr, 0);
        }
        try {
            PublicKey publicKey = ((KeyStore.PrivateKeyEntry) keyStore.getEntry(createNewKeys(context, keyStore, PRE_M_ENCRYPT_KEY), null)).getCertificate().getPublicKey();
            Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORMATION, CIPHER_PROVIDER_KEY_STORE);
            cipher.init(1, publicKey);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(bArr);
            cipherOutputStream.close();
            return Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0);
        } catch (Exception e2) {
            e2.printStackTrace();
            return new String(bArr, Charset.defaultCharset());
        }
    }

    private static byte[] secretRandomSalt(Context context, KeyStore keyStore) {
        if (SecretSalt == null) {
            String str = HKTVLibPreference.get(getSecretKeyPreference(), "");
            if (TextUtils.isEmpty(str)) {
                byte[] bArr = new byte[Build.VERSION.SDK_INT < 23 ? 16 : 12];
                new SecureRandom().nextBytes(bArr);
                str = rsaEncrypt(context, keyStore, bArr);
                HKTVLibPreference.setAndCommit(getSecretKeyPreference(), str);
            }
            SecretSalt = rsaDecrypt(context, keyStore, str);
        }
        return SecretSalt;
    }
}
