package com.allawn.cryptography.security.keystore;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import com.allawn.cryptography.g.d;
import com.allawn.cryptography.g.g;
import com.allawn.cryptography.h.c;
import com.allawn.cryptography.util.e;
import com.allawn.cryptography.util.h;
import com.allawn.cryptography.util.i;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Calendar;
import java.util.List;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.json.JSONException;

/* compiled from: CryptoKeyStore.java */
/* loaded from: classes.dex */
public class a {

    /* renamed from: a, reason: collision with root package name */
    private static final ReadWriteLock f1669a = new ReentrantReadWriteLock();

    public static KeyPair a(Context context, com.allawn.cryptography.security.keystore.entity.a aVar) {
        try {
            String a2 = aVar.a();
            int i = 64;
            if ((aVar.b() & 64) != 0 && Build.VERSION.SDK_INT <= 30) {
                KeyPair a3 = h.a(aVar.c());
                String a4 = b.a(a2, a3, aVar.d());
                SecretKey a5 = a(context, "pki_sdk_ecKeyPairGen_key", "eckeypairstore");
                if (a5 == null) {
                    throw new KeyStoreException("SecretKey generation error, unable to read ec key pair list.");
                }
                d a6 = com.allawn.cryptography.a.a.a(new g.b().a(g.a.AES_CTR_NoPadding).a(a5).c(a4.getBytes(StandardCharsets.UTF_8)).a());
                if (!e.a(b.a(a6.a(), a6.b()), e.a("eckeypairstore", a2), false, context, f1669a)) {
                    throw new IOException("Failed to save key information to file");
                }
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                if (keyStore.containsAlias(a2)) {
                    keyStore.deleteEntry(a2);
                }
                i.a("CryptoKeyStore", "generateEcKeyPair generate success(encrypted storage solution), alias = " + a2);
                return a3;
            }
            if ((aVar.b() & 64) == 0 || (aVar.b() & 4) == 0) {
                if ((aVar.b() & 64) == 0) {
                    i = 4;
                } else if (Build.VERSION.SDK_INT < 31) {
                    throw new KeyStoreException("The minimum required API level is 31 for PURPOSE_AGREE_KEY.");
                }
            } else {
                if (Build.VERSION.SDK_INT < 31) {
                    throw new KeyStoreException("The minimum required API level is 31 for PURPOSE_AGREE_KEY.");
                }
                i = 68;
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder(aVar.a(), i).setAlgorithmParameterSpec(new ECGenParameterSpec(aVar.c())).setDigests("NONE", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512");
            if (aVar.d() != null) {
                digests.setCertificateNotAfter(aVar.d());
            }
            keyPairGenerator.initialize(digests.build());
            File a7 = e.a(e.a("eckeypairstore", a2), context);
            if (a7.exists()) {
                a7.delete();
            }
            i.a("CryptoKeyStore", "generateEcKeyPair generate success(android keystore solution), alias = " + a2);
            return keyPairGenerator.generateKeyPair();
        } catch (c | IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException | JSONException e) {
            throw new com.allawn.cryptography.c(e);
        }
    }

    public static KeyPair a(Context context, String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(str)) {
                i.a("CryptoKeyStore", "getEcKeyPair key pair is recorded in the android keystore, alias = " + str);
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
                if (!x509Certificate.getNotAfter().before(Calendar.getInstance().getTime())) {
                    return new KeyPair(x509Certificate.getPublicKey(), (PrivateKey) keyStore.getKey(str, null));
                }
                i.a("CryptoKeyStore", "getEcKeyPair certificate has expired and has been deleted, alias = " + str);
                keyStore.deleteEntry(str);
                return null;
            }
            File a2 = e.a(e.a("eckeypairstore", str), context);
            if (a2.exists()) {
                i.a("CryptoKeyStore", "getEcKeyPair key pair is recorded in the private directory, alias = " + str);
                com.allawn.cryptography.security.keystore.entity.b c = c(context, str);
                if (c != null) {
                    if (!c.b()) {
                        return c.a();
                    }
                    i.a("CryptoKeyStore", "getEcKeyPair key pair has expired and has been deleted, alias = " + str);
                    a2.delete();
                    return null;
                }
            }
            return null;
        } catch (c | IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException | InvalidKeySpecException | JSONException e) {
            throw new com.allawn.cryptography.c(e);
        }
    }

    public static SecretKey a(final Context context, String str, final String str2) {
        return a(str, new Runnable() { // from class: com.allawn.cryptography.security.keystore.-$$Lambda$a$WBacLqPN0BgGBbJPuNH_8vuFuxM
            @Override // java.lang.Runnable
            public final void run() {
                a.b(str2, context);
            }
        });
    }

    private static SecretKey a(String str, Runnable runnable) {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias(str)) {
            return ((KeyStore.SecretKeyEntry) keyStore.getEntry(str, null)).getSecretKey();
        }
        if (runnable != null) {
            runnable.run();
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CTR", "GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build());
        return keyGenerator.generateKey();
    }

    public static void a(String str) {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias(str)) {
            keyStore.deleteEntry(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void a(String str, Context context) {
        if (str != null) {
            e.a(context, str);
        }
    }

    public static SecretKey b(final Context context, String str, final String str2) {
        try {
            return a(str, new Runnable() { // from class: com.allawn.cryptography.security.keystore.-$$Lambda$a$r5UY94Q_MayPaqTCZ_pJwblfbnI
                @Override // java.lang.Runnable
                public final void run() {
                    a.a(str2, context);
                }
            });
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException e) {
            i.c("CryptoKeyStore", "createOrGetSecretKeyToSP error. " + e);
            throw new KeyStoreException(e);
        }
    }

    public static void b(Context context, String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(str)) {
                i.a("CryptoKeyStore", "deleteEcKeyPair key pair is recorded in the android keystore, delete now, alias = " + str);
                keyStore.deleteEntry(str);
                return;
            }
            File a2 = e.a(e.a("eckeypairstore", str), context);
            if (a2.exists()) {
                i.a("CryptoKeyStore", "deleteEcKeyPair key pair is recorded in the private directory, delete now, alias = " + str);
                a2.delete();
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new com.allawn.cryptography.c(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void b(String str, Context context) {
        if (str != null) {
            File a2 = e.a(e.a(str), context);
            if (a2.exists()) {
                a2.delete();
            }
        }
    }

    private static com.allawn.cryptography.security.keystore.entity.b c(Context context, String str) {
        List<String> a2;
        com.allawn.cryptography.security.keystore.entity.b a3;
        SecretKey a4 = a(context, "pki_sdk_ecKeyPairGen_key", "eckeypairstore");
        if (a4 == null) {
            throw new KeyStoreException("SecretKey generation error, unable to read key pair list.");
        }
        File a5 = e.a(e.a("eckeypairstore", str), context);
        if (a5.exists() && (a2 = e.a(a5, f1669a)) != null) {
            for (String str2 : a2) {
                d b2 = b.b(str2);
                if (b2 != null && (a3 = b.a(new String(com.allawn.cryptography.a.a.b(new g.b().c(b2.a()).a(a4).a(b2.b()).a()), StandardCharsets.UTF_8))) != null) {
                    a3.a(str2);
                    return a3;
                }
            }
        }
        return null;
    }
}
