package com.xiaomi.continuity.identity.crypto;

import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.appcompat.widget.c;
import com.xiaomi.android.ble.i0;
import com.xiaomi.continuity.netbus.utils.Log;
import com.xiaomi.miconnect.security.network.Constants;
import java.io.StringWriter;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.Signature;
import java.security.spec.ECGenParameterSpec;
import java.util.Objects;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemObjectGenerator;

/* loaded from: classes.dex */
public class CryptoUtil {
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String TAG = "NetBusCryptoUtil";

    public static void deleteEcdsaKeyPair(@NonNull String str) {
        Objects.requireNonNull(str);
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            if (keyStore.containsAlias(str)) {
                keyStore.deleteEntry(str);
            }
        } catch (Exception e10) {
            Log.e(TAG, c.b(e10, new StringBuilder("deleteEcdsaKeypair: ")), new Object[0]);
        }
    }

    @Nullable
    public static String generateCsr(@NonNull String str, @NonNull String str2, @NonNull String str3, int i10) {
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2) || TextUtils.isEmpty(str3)) {
            Log.e(TAG, "generateCsr: uid or did is null", new Object[0]);
            return null;
        }
        KeyPair keyPair = getKeyPair(str);
        if (keyPair == null) {
            Log.e(TAG, "generateCsr: keyPair is null", new Object[0]);
            return null;
        }
        StringBuilder b10 = i0.b("CN=lyra.", str2, Constants.LIST_ELEMENT_DIVIDER, str3, Constants.LIST_ELEMENT_DIVIDER);
        b10.append(i10);
        try {
            X500Principal x500Principal = new X500Principal(b10.toString());
            PemObject pemObject = new PemObject(PEMParser.TYPE_CERTIFICATE_REQUEST, new JcaPKCS10CertificationRequestBuilder(x500Principal, keyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256withECDSA").build(keyPair.getPrivate())).getEncoded());
            StringWriter stringWriter = new StringWriter();
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            jcaPEMWriter.writeObject((PemObjectGenerator) pemObject);
            jcaPEMWriter.close();
            stringWriter.close();
            return stringWriter.toString();
        } catch (Exception e10) {
            Log.e(TAG, c.b(e10, new StringBuilder("generateCsr: ")), new Object[0]);
            return null;
        }
    }

    public static void generateEcdsaKeyPair(@NonNull String str) {
        Objects.requireNonNull(str);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", ANDROID_KEY_STORE);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests(McElieceCCA2KeyGenParameterSpec.SHA256, McElieceCCA2KeyGenParameterSpec.SHA512).setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).build());
            keyPairGenerator.generateKeyPair();
        } catch (Exception e10) {
            Log.e(TAG, c.b(e10, new StringBuilder("generateEcdsaKeyPair: ")), new Object[0]);
        }
    }

    @Nullable
    private static KeyPair generateKeyPair(@NonNull String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", ANDROID_KEY_STORE);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests(McElieceCCA2KeyGenParameterSpec.SHA256, McElieceCCA2KeyGenParameterSpec.SHA512).setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).build());
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e10) {
            Log.e(TAG, c.b(e10, new StringBuilder("generateKeyPair: ")), new Object[0]);
            return null;
        }
    }

    @Nullable
    private static KeyPair getKeyPair(@NonNull String str) {
        KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(str);
        if (privateKeyEntry != null) {
            return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
        }
        return null;
    }

    @Nullable
    private static KeyStore.PrivateKeyEntry getPrivateKeyEntry(@NonNull String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            if (!keyStore.containsAlias(str)) {
                return null;
            }
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                return (KeyStore.PrivateKeyEntry) entry;
            }
            return null;
        } catch (Exception e10) {
            Log.e(TAG, c.b(e10, new StringBuilder("getPrivateKeyEntry: ")), new Object[0]);
            return null;
        }
    }

    @Nullable
    public static byte[] getPublicKey(@NonNull String str) {
        Objects.requireNonNull(str);
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(str);
            if (privateKeyEntry == null) {
                return null;
            }
            return privateKeyEntry.getCertificate().getPublicKey().getEncoded();
        } catch (Exception e10) {
            Log.e(TAG, c.b(e10, new StringBuilder("getPublicKey: ")), new Object[0]);
            return null;
        }
    }

    @Nullable
    public static byte[] sign(@NonNull String str, @NonNull byte[] bArr) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(bArr);
        KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(str);
        if (privateKeyEntry == null) {
            return null;
        }
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(privateKeyEntry.getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (Exception e10) {
            Log.e(TAG, c.b(e10, new StringBuilder("Ecdsa sign: ")), new Object[0]);
            return null;
        }
    }

    public static boolean verifySign(@NonNull String str, @NonNull byte[] bArr, @NonNull byte[] bArr2) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(bArr);
        Objects.requireNonNull(bArr2);
        KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(str);
        if (privateKeyEntry == null) {
            return false;
        }
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initVerify(privateKeyEntry.getCertificate());
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (Exception e10) {
            Log.e(TAG, c.b(e10, new StringBuilder("Ecdsa verify: ")), new Object[0]);
            return false;
        }
    }
}
