package com.android.sdk.bdticketguard;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.util.Base64;
import android.util.Log;
import java.io.StringWriter;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.PKCS8EncodedKeySpec;
import org.bouncycastle.asn1.f;
import org.bouncycastle.asn1.r.k;
import org.bouncycastle.asn1.x.c;
import org.bouncycastle.asn1.x509.g;
import org.bouncycastle.asn1.x509.p;
import org.bouncycastle.asn1.x509.r;
import org.bouncycastle.operator.a;
import org.bouncycastle.util.io.pem.b;
import org.bouncycastle.util.io.pem.d;

/* loaded from: classes.dex */
public class TicketGuardKeyHelper {
    public static final String CN_PATTERN = "CN=%s, OU=%s, O=%s, C=%s";
    public static final String KEY_PAIR_ALGORITHM = "EC";
    public static final String KEY_STORE_PROVIDER_ANDROID = "AndroidKeyStore";
    public static final String KEY_STORE_PROVIDER_BC = "BC";
    public static final String SIGNATURE_ALGORITHM = "SHA256withECDSA";
    public static final String SP_KEY_PRIVATE_KEY = "sp_key_private_key";
    public static final String SP_KEY_PUBLIC_KEY = "sp_key_public_key";
    public static final String SP_NAME = "sp_TicketGuardHelper";
    private static final String TAG = "TicketGuardHelper";
    private final String keystoreAlias;
    private final String principal;
    private volatile PrivateKey privateKey;
    private final SharedPreferences sp;

    public TicketGuardKeyHelper(Context context, String str, String str2) {
        this.sp = context.getSharedPreferences(SP_NAME, 0);
        this.keystoreAlias = str;
        this.principal = str2;
    }

    private static String base64EncodeKey(Key key) {
        return Base64.encodeToString(key.getEncoded(), 0);
    }

    public static String getPrincipal(String str, String str2, String str3, String str4) {
        return String.format(CN_PATTERN, str, str2, str3, str4);
    }

    private String getSpKeyPrivateKey() {
        return "sp_key_private_key_" + this.keystoreAlias;
    }

    private String getSpKeyPublicKey() {
        return "sp_key_public_key_" + this.keystoreAlias;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static int keySecurityLevel(PrivateKey privateKey) {
        int i = 0;
        try {
            KeyFactory keyFactory = KeyFactory.getInstance(privateKey.getAlgorithm());
            if (Build.VERSION.SDK_INT >= 23) {
                KeyInfo keyInfo = (KeyInfo) keyFactory.getKeySpec(privateKey, KeyInfo.class);
                i = Build.VERSION.SDK_INT >= 31 ? keyInfo.getSecurityLevel() : keyInfo.isInsideSecureHardware();
            }
            th = null;
        } catch (Throwable th) {
            th = th;
        }
        TicketGuardEventHelper.monitorGetKeyLevel(i, th);
        return i;
    }

    public String genCsr() {
        return genCsr(genKeyPair());
    }

    public String genCsr(KeyPair keyPair) {
        if (keyPair == null) {
            TicketGuardManager.INSTANCE.log("生成 csr 失败, key pair为空");
            TicketGuardEventHelper.monitorGenCsr(3000, null);
            return null;
        }
        try {
            a a2 = new org.bouncycastle.operator.jcajce.a(SIGNATURE_ALGORITHM).a(keyPair.getPrivate());
            org.bouncycastle.pkcs.a.a aVar = new org.bouncycastle.pkcs.a.a(new c(this.principal), keyPair.getPublic());
            r rVar = new r();
            rVar.a(p.g, true, (f) new g(true));
            aVar.a(k.ah, rVar.a());
            b bVar = new b("CERTIFICATE REQUEST", aVar.a(a2).b());
            StringWriter stringWriter = new StringWriter();
            d dVar = new d(stringWriter);
            dVar.a(bVar);
            dVar.close();
            stringWriter.close();
            String stringWriter2 = stringWriter.toString();
            TicketGuardManager.INSTANCE.log("生成 csr 成功");
            TicketGuardEventHelper.monitorGenCsr(0, null);
            return stringWriter2;
        } catch (Throwable th) {
            TicketGuardManager.INSTANCE.log("生成 csr 失败, exception=" + Log.getStackTraceString(th));
            TicketGuardEventHelper.monitorGenCsr(TicketGuardEventHelper.ERROR_CODE_GEN_CSR_GEN_CSR_ERROR, th);
            return null;
        }
    }

    public KeyPair genKeyPair() {
        KeyPair generateKeyPair;
        long currentTimeMillis = System.currentTimeMillis();
        try {
            if (Build.VERSION.SDK_INT >= 23) {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_PAIR_ALGORITHM, KEY_STORE_PROVIDER_ANDROID);
                keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(this.keystoreAlias, 4).setDigests("SHA-256").build());
                generateKeyPair = keyPairGenerator.generateKeyPair();
            } else {
                KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance(KEY_PAIR_ALGORITHM, "BC");
                keyPairGenerator2.initialize(256, new SecureRandom());
                generateKeyPair = keyPairGenerator2.generateKeyPair();
                SharedPreferences.Editor edit = this.sp.edit();
                edit.putString(getSpKeyPublicKey(), base64EncodeKey(generateKeyPair.getPublic()));
                edit.putString(getSpKeyPrivateKey(), base64EncodeKey(generateKeyPair.getPrivate()));
                edit.apply();
            }
            TicketGuardManager.INSTANCE.log("生成 Key pair 成功");
            TicketGuardEventHelper.monitorGetKeyPair(keySecurityLevel(generateKeyPair.getPrivate()), 0, null, System.currentTimeMillis() - currentTimeMillis);
            return generateKeyPair;
        } catch (Throwable th) {
            TicketGuardManager.INSTANCE.log("生成 Key pair 失败, exception=" + Log.getStackTraceString(th));
            TicketGuardEventHelper.monitorGetKeyPair(0, -1, th, System.currentTimeMillis() - currentTimeMillis);
            return null;
        }
    }

    public PrivateKey loadPrivateKey() {
        if (this.privateKey != null) {
            return this.privateKey;
        }
        long currentTimeMillis = System.currentTimeMillis();
        try {
            if (Build.VERSION.SDK_INT >= 23) {
                KeyStore keyStore = KeyStore.getInstance(KEY_STORE_PROVIDER_ANDROID);
                keyStore.load(null);
                this.privateKey = ((KeyStore.PrivateKeyEntry) keyStore.getEntry(this.keystoreAlias, null)).getPrivateKey();
            } else {
                this.privateKey = KeyFactory.getInstance(KEY_PAIR_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(this.sp.getString(getSpKeyPrivateKey(), null), 0)));
            }
            TicketGuardManager.INSTANCE.log("load private key success");
            TicketGuardEventHelper.monitorGetKeyPair(keySecurityLevel(this.privateKey), 0, null, System.currentTimeMillis() - currentTimeMillis, false);
        } catch (Exception e) {
            TicketGuardManager.INSTANCE.log("load private key error, exception=" + Log.getStackTraceString(e));
            TicketGuardEventHelper.monitorGetKeyPair(keySecurityLevel(this.privateKey), -1, e, System.currentTimeMillis() - currentTimeMillis, false);
        }
        return this.privateKey;
    }

    public byte[] sign(PrivateKey privateKey, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        try {
            Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (Throwable th) {
            TicketGuardManager.INSTANCE.log("sign: sign failed, exception=" + Log.getStackTraceString(th));
            throw th;
        }
    }
}
