package m.a.a;

import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.GregorianCalendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
public class m {
    private static final String a = "HKeyStore";
    private static final String b = "AndroidKeyStore";

    /* renamed from: c, reason: collision with root package name */
    private static final String f13296c = "RSA/ECB/PKCS1Padding";

    /* renamed from: d, reason: collision with root package name */
    private static KeyStore f13297d;

    public static String a(String str) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, InvalidAlgorithmParameterException, IOException, UnrecoverableEntryException, NoSuchPaddingException, InvalidKeyException {
        u.e(a, "decrypt: " + str);
        if (str == null || "".equals(str)) {
            return str;
        }
        PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) a().getEntry(b(), null)).getPrivateKey();
        Cipher cipher = Cipher.getInstance(f13296c);
        cipher.init(2, privateKey);
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(Base64.decode(str, 0)), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        int size = arrayList.size();
        byte[] bArr = new byte[size];
        for (int i2 = 0; i2 < size; i2++) {
            bArr[i2] = ((Byte) arrayList.get(i2)).byteValue();
        }
        return new String(bArr, 0, size, i.a.a.a.q.e.d.f8779l);
    }

    public static KeyStore a() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyStoreException, CertificateException, IOException {
        AlgorithmParameterSpec build;
        if (Build.VERSION.SDK_INT < 18) {
            throw new KeyStoreException("Android version too old. Need at least: SDK 18, JELLY_BEAN_MR2 (4.3)");
        }
        if (f13297d != null) {
            u.e(a, "createKeysIfNeeded, get cached keyStore");
            return f13297d;
        }
        KeyStore keyStore = KeyStore.getInstance(b);
        f13297d = keyStore;
        keyStore.load(null);
        String b2 = b();
        if (f13297d.containsAlias(b2)) {
            u.e(a, "createKeysIfNeeded, alias already exists");
            return f13297d;
        }
        u.e(a, "createKeysIfNeeded, generate key store key pair...");
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 99);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", b);
        int i2 = Build.VERSION.SDK_INT;
        if (i2 >= 23) {
            build = new KeyGenParameterSpec.Builder(b2, 3).setCertificateSubject(new X500Principal("CN=" + b2)).setBlockModes("ECB").setEncryptionPaddings("PKCS1Padding").setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).build();
        } else {
            if (i2 < 18) {
                return null;
            }
            build = new KeyPairGeneratorSpec.Builder(a.a()).setAlias(b2).setSubject(new X500Principal("CN=" + b2)).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
        }
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        return f13297d;
    }

    private static String b() {
        return a.a().getPackageName();
    }

    public static String b(String str) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, CertificateException, KeyStoreException, IOException, UnrecoverableEntryException, NoSuchPaddingException, InvalidKeyException {
        u.e(a, "encrypt: " + str);
        if (str == null) {
            return null;
        }
        PublicKey publicKey = ((KeyStore.PrivateKeyEntry) a().getEntry(b(), null)).getCertificate().getPublicKey();
        Cipher cipher = Cipher.getInstance(f13296c);
        cipher.init(1, publicKey);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(str.getBytes(i.a.a.a.q.e.d.f8779l));
        cipherOutputStream.close();
        String encodeToString = Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0);
        u.e(a, "encrypt, result: " + encodeToString);
        return encodeToString;
    }
}
