package com.ingeek.nokeeu.security.operator.keystore;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyInfo;
import android.util.Log;
import com.ingeek.nokeeu.security.internal.ConstantsInternal;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERTaggedObject;

/* loaded from: classes2.dex */
public class TKeyStoreExtension {
    private static final int GCM_TAG_SIZE = 128;
    public static final int KM_ALGORITHM_3DES = 33;
    public static final int KM_ALGORITHM_AES = 32;
    public static final int KM_ALGORITHM_EC = 3;
    public static final int KM_ALGORITHM_HMAC = 128;
    public static final int KM_ALGORITHM_RSA = 1;
    public static final int KM_KEY_FORMAT_PKCS8 = 1;
    public static final int KM_KEY_FORMAT_RAW = 3;
    public static final int KM_KEY_FORMAT_X509 = 0;
    public static final int KM_MODE_CBC = 2;
    public static final int KM_MODE_CTR = 3;
    public static final int KM_MODE_ECB = 1;
    public static final int KM_MODE_GCM = 32;
    public static final int KM_PAD_NONE = 1;
    public static final int KM_PAD_PKCS7 = 64;
    public static final int KM_PAD_RSA_OAEP = 2;
    public static final int KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4;
    public static final int KM_PAD_RSA_PKCS1_1_5_SIGN = 5;
    public static final int KM_PAD_RSA_PSS = 3;
    public static final int KM_PURPOSE_DECRYPT = 1;
    public static final int KM_PURPOSE_ENCRYPT = 0;
    public static final int KM_PURPOSE_SIGN = 2;
    public static final int KM_PURPOSE_VERIFY = 3;
    public static final int KM_PURPOSE_WRAP = 5;
    private static final String TAG = "TKeyStoreExtension";
    private static final int WRAPPED_FORMAT_VERSION = 0;
    private static SecureRandom random = new SecureRandom();

    private static boolean checkSecureHardware(KeyStore keyStore, String str) {
        try {
            return ((KeyInfo) SecretKeyFactory.getInstance("AES", keyStore.getProvider()).getKeySpec((SecretKey) keyStore.getKey(str, null), KeyInfo.class)).isInsideSecureHardware();
        } catch (Exception e2) {
            Log.d(TAG, "catch error when checkSecureHardware, cause " + e2.getMessage());
            return false;
        }
    }

    private static byte[] generateWrappedKey(PublicKey publicKey, byte[] bArr, byte[] bArr2, DERSequence dERSequence) throws Exception {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new ASN1Integer(3L));
        aSN1EncodableVector.add(dERSequence);
        DERSequence dERSequence2 = new DERSequence(aSN1EncodableVector);
        byte[] bArr3 = new byte[12];
        random.nextBytes(bArr3);
        byte[] bArr4 = new byte[32];
        random.nextBytes(bArr4);
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
        cipher.init(1, publicKey);
        byte[] doFinal = cipher.doFinal(bArr4);
        Cipher cipher2 = Cipher.getInstance("AES/GCM/NoPadding");
        cipher2.init(1, new SecretKeySpec(bArr4, "AES"), new GCMParameterSpec(128, bArr3));
        cipher2.updateAAD(dERSequence2.getEncoded());
        byte[] doFinal2 = cipher2.doFinal(bArr);
        int length = doFinal2.length;
        int i2 = length - 16;
        byte[] copyOfRange = Arrays.copyOfRange(doFinal2, i2, length);
        byte[] copyOfRange2 = Arrays.copyOfRange(doFinal2, 0, i2);
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(new ASN1Integer(0L));
        aSN1EncodableVector2.add(new DEROctetString(doFinal));
        aSN1EncodableVector2.add(new DEROctetString(bArr3));
        aSN1EncodableVector2.add(dERSequence2);
        aSN1EncodableVector2.add(new DEROctetString(copyOfRange2));
        aSN1EncodableVector2.add(new DEROctetString(copyOfRange));
        return new DERSequence(aSN1EncodableVector2).getEncoded(ASN1Encoding.DER);
    }

    public static boolean hasSecureHardware() {
        if (TKeyStore.get().hasAlias(ConstantsInternal.fadl8932nnr328r32nr)) {
            return checkSecureHardware(TKeyStore.get().getKeyStore(), ConstantsInternal.fadl8932nnr328r32nr);
        }
        TKeyStore.get().createSecretKey(ConstantsInternal.fadl8932nnr328r32nr);
        return checkSecureHardware(TKeyStore.get().getKeyStore(), ConstantsInternal.fadl8932nnr328r32nr);
    }

    @TargetApi(28)
    public static boolean hasStrongBox(Context context) {
        return context.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore");
    }

    public static void importTestWrappedKey(Context context) {
        byte[] bArr = new byte[32];
        random.nextBytes(bArr);
        try {
            try {
                TKeyStore.get().importWrappedKey(context, generateWrappedKey(TKeyStore.get().getWrappingKeyPair(ConstantsInternal.BAo0O01I532oil).getPublic(), bArr, new byte[32], makeAuthList(256, 32)), ConstantsInternal.BAo0O01I532oil, ConstantsInternal.o0O3248VFOJ3Rfda144ao);
            } catch (Exception e2) {
                Log.d(TAG, "catch error when importWrappedKey, cause " + e2.getMessage());
            }
        } catch (Exception e3) {
            Log.e(TAG, "catch exception when get wrapped keyPair " + e3.getMessage());
        }
    }

    public static boolean isSupportImportWrappedKey() {
        if (Build.VERSION.SDK_INT < 28) {
            return false;
        }
        try {
            KeyStore keyStore = TKeyStore.get().getKeyStore();
            if (TKeyStore.get().hasAlias(ConstantsInternal.o0O3248VFOJ3Rfda144ao)) {
                return verifySecretKey(keyStore, ConstantsInternal.o0O3248VFOJ3Rfda144ao);
            }
        } catch (Exception e2) {
            Log.d(TAG, "catch error when call isSupportImportWrappedKey, cause " + e2.getMessage());
        }
        return false;
    }

    private static DERSequence makeAuthList(int i2, int i3) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new ASN1Integer(0L));
        aSN1EncodableVector.add(new ASN1Integer(1L));
        DERTaggedObject dERTaggedObject = new DERTaggedObject(true, 1, new DERSet(aSN1EncodableVector));
        DERTaggedObject dERTaggedObject2 = new DERTaggedObject(true, 2, new ASN1Integer(i3));
        DERTaggedObject dERTaggedObject3 = new DERTaggedObject(true, 3, new ASN1Integer(i2));
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(new ASN1Integer(1L));
        aSN1EncodableVector2.add(new ASN1Integer(2L));
        DERTaggedObject dERTaggedObject4 = new DERTaggedObject(true, 4, new DERSet(aSN1EncodableVector2));
        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
        aSN1EncodableVector3.add(new ASN1Integer(64L));
        aSN1EncodableVector3.add(new ASN1Integer(1L));
        DERTaggedObject dERTaggedObject5 = new DERTaggedObject(true, 6, new DERSet(aSN1EncodableVector3));
        DERNull dERNull = DERNull.INSTANCE;
        DERTaggedObject dERTaggedObject6 = new DERTaggedObject(true, 7, dERNull);
        DERTaggedObject dERTaggedObject7 = new DERTaggedObject(true, 503, dERNull);
        ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
        aSN1EncodableVector4.add(dERTaggedObject);
        aSN1EncodableVector4.add(dERTaggedObject2);
        aSN1EncodableVector4.add(dERTaggedObject3);
        aSN1EncodableVector4.add(dERTaggedObject4);
        aSN1EncodableVector4.add(dERTaggedObject5);
        aSN1EncodableVector4.add(dERTaggedObject6);
        aSN1EncodableVector4.add(dERTaggedObject7);
        return new DERSequence(aSN1EncodableVector4);
    }

    public static byte[] unwrapAESKey(PrivateKey privateKey, byte[] bArr) {
        try {
            ASN1Primitive readObject = new ASN1InputStream(bArr).readObject();
            if (readObject != null) {
                ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(readObject);
                ASN1Integer.getInstance(aSN1Sequence.getObjectAt(0));
                ASN1OctetString aSN1OctetString = ASN1OctetString.getInstance(aSN1Sequence.getObjectAt(1));
                ASN1OctetString aSN1OctetString2 = ASN1OctetString.getInstance(aSN1Sequence.getObjectAt(2));
                ASN1Sequence aSN1Sequence2 = ASN1Sequence.getInstance(aSN1Sequence.getObjectAt(3));
                ASN1OctetString aSN1OctetString3 = ASN1OctetString.getInstance(aSN1Sequence.getObjectAt(4));
                ASN1OctetString aSN1OctetString4 = ASN1OctetString.getInstance(aSN1Sequence.getObjectAt(5));
                Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
                cipher.init(2, privateKey);
                byte[] doFinal = cipher.doFinal(aSN1OctetString.getOctets());
                Cipher cipher2 = Cipher.getInstance("AES/GCM/NoPadding");
                cipher2.init(2, new SecretKeySpec(doFinal, "AES"), new GCMParameterSpec(128, aSN1OctetString2.getOctets()));
                cipher2.updateAAD(aSN1Sequence2.getEncoded());
                byte[] bArr2 = new byte[aSN1OctetString3.getOctets().length + aSN1OctetString4.getOctets().length];
                System.arraycopy(aSN1OctetString3.getOctets(), 0, bArr2, 0, aSN1OctetString3.getOctets().length);
                System.arraycopy(aSN1OctetString4.getOctets(), 0, bArr2, aSN1OctetString3.getOctets().length, aSN1OctetString4.getOctets().length);
                return cipher2.doFinal(bArr2);
            }
        } catch (Exception unused) {
        }
        return null;
    }

    private static boolean verifySecretKey(KeyStore keyStore, String str) {
        try {
            Key key = keyStore.getKey(str, null);
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            cipher.init(1, key);
            byte[] doFinal = cipher.doFinal("D07J4yI5E3IuezWpIwBck07hN5UmlCBM".getBytes());
            IvParameterSpec ivParameterSpec = new IvParameterSpec(cipher.getIV());
            Cipher cipher2 = Cipher.getInstance("AES/CBC/NoPadding");
            cipher2.init(2, key, ivParameterSpec);
            return new String(cipher2.doFinal(doFinal)).equals("D07J4yI5E3IuezWpIwBck07hN5UmlCBM");
        } catch (Exception e2) {
            Log.d(TAG, "catch error when verifySecretKey, cause " + e2.getMessage());
            return false;
        }
    }

    public static byte[] wrapAESKey(PublicKey publicKey, byte[] bArr) {
        try {
            return generateWrappedKey(publicKey, bArr, null, makeAuthList(bArr.length * 8, 32));
        } catch (Exception unused) {
            return null;
        }
    }
}
