package com.f.core.store;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.aaa.ccmframework.configuration.AppConfig;
import com.f.core.diagnostics.f;
import com.f.security.exceptions.SecureStoreCreationException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* compiled from: AndroidKeyStore.java */
/* loaded from: classes5.dex */
public final class a {

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: AndroidKeyStore.java */
    /* renamed from: com.f.core.store.a$a, reason: collision with other inner class name */
    /* loaded from: classes5.dex */
    public static class C0072a {
        private String a;
        private String b;

        C0072a(String str, String str2) {
            this.a = str;
            this.b = str2;
        }

        public final String a() {
            return this.a;
        }

        public final String b() {
            return this.b;
        }
    }

    public static synchronized String a(String str, String str2) throws GeneralSecurityException, IOException {
        synchronized (a.class) {
            if (Build.VERSION.SDK_INT >= 23) {
                try {
                    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                    cipher.init(1, b());
                    c.a(com.f.security.a.b.a(str + c.c()), a(cipher.getIV()));
                    byte[] doFinal = cipher.doFinal(str2.getBytes());
                    byte[] copyOfRange = Arrays.copyOfRange(doFinal, doFinal.length - 16, doFinal.length);
                    byte[] bArr = new byte[doFinal.length + copyOfRange.length];
                    System.arraycopy(doFinal, 0, bArr, 0, doFinal.length);
                    System.arraycopy(copyOfRange, 0, bArr, doFinal.length, copyOfRange.length);
                    str2 = a(bArr);
                } catch (Exception e) {
                    f.a(AppConfig.ANDROID_KEYSTORE, "aks err", e);
                }
            }
        }
        return str2;
    }

    private static String a(byte[] bArr) {
        return bArr == null ? "" : Base64.encodeToString(bArr, 2);
    }

    private static KeyStore a() throws GeneralSecurityException, IOException {
        KeyStore keyStore = null;
        if (Build.VERSION.SDK_INT >= 23) {
            try {
                if (!"AES/GCM/NoPadding".equals(c.c(AppConfig.ANDROID_KEYSTORE))) {
                    if (Build.VERSION.SDK_INT >= 23) {
                        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("k2", 3).setKeySize(256).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(true).build();
                        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", AppConfig.ANDROID_KEYSTORE);
                        keyGenerator.init(build);
                        keyGenerator.generateKey();
                    }
                    c.a(AppConfig.ANDROID_KEYSTORE, "AES/GCM/NoPadding");
                }
                keyStore = KeyStore.getInstance(AppConfig.ANDROID_KEYSTORE);
                if (keyStore != null) {
                    keyStore.load(null);
                }
            } catch (SecureStoreCreationException e) {
                f.a(AppConfig.ANDROID_KEYSTORE, "aks err", e);
            }
        }
        return keyStore;
    }

    private static byte[] a(String str) {
        return str == null ? new byte[0] : Base64.decode(str, 2);
    }

    public static synchronized String b(String str, String str2) throws GeneralSecurityException, IOException {
        synchronized (a.class) {
            if (Build.VERSION.SDK_INT >= 23) {
                try {
                    try {
                        try {
                            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                            byte[] bArr = new byte[0];
                            C0072a c = c(str, str2);
                            String a = c.a();
                            String b = c.b();
                            byte[] a2 = a(a);
                            int length = a2.length - 16;
                            int i = length >= 0 ? length : 0;
                            byte[] bArr2 = new byte[i];
                            if (a2.length >= bArr2.length) {
                                System.arraycopy(a2, 0, bArr2, 0, bArr2.length);
                            }
                            byte[] bArr3 = new byte[16];
                            if (a2.length >= 16) {
                                System.arraycopy(a2, i, bArr3, 0, 16);
                            }
                            if (!Arrays.equals(bArr3, bArr2.length + (-16) >= 0 ? Arrays.copyOfRange(bArr2, i - 16, i) : null)) {
                                bArr2 = null;
                            }
                            if (bArr2 == null) {
                                throw new GeneralSecurityException();
                            }
                            cipher.init(2, b(), new GCMParameterSpec(128, a(b)));
                            str2 = new String(cipher.doFinal(bArr2));
                        } catch (ProviderException e) {
                            f.a(AppConfig.ANDROID_KEYSTORE, "aks err", e);
                        }
                    } catch (SecureStoreCreationException e2) {
                        f.a(AppConfig.ANDROID_KEYSTORE, "aks err", e2);
                    }
                } catch (IllegalBlockSizeException e3) {
                    f.a(AppConfig.ANDROID_KEYSTORE, "aks err", e3);
                }
            }
        }
        return str2;
    }

    private static SecretKey b() throws GeneralSecurityException, IOException {
        try {
            return (SecretKey) a().getKey("k2", null);
        } catch (Exception e) {
            return (SecretKey) a().getKey("k2", null);
        }
    }

    private static C0072a c(String str, String str2) throws SecureStoreCreationException, GeneralSecurityException, IOException {
        String c;
        boolean z = false;
        byte[] bArr = null;
        try {
            bArr = a(str2);
        } catch (Exception e) {
            f.a(AppConfig.ANDROID_KEYSTORE, "aks err", e);
        }
        String c2 = c.c(com.f.security.a.b.a(str + c.c()));
        if (!c2.trim().isEmpty() && bArr != null) {
            int length = bArr.length - 16;
            if (length < 0) {
                length = 0;
            }
            byte[] bArr2 = new byte[length];
            if (bArr.length >= bArr2.length) {
                System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
                byte[] bArr3 = new byte[16];
                if (bArr.length >= 16) {
                    System.arraycopy(bArr, length, bArr3, 0, 16);
                    if (bArr2.length - 16 >= 0 && Arrays.equals(bArr3, Arrays.copyOfRange(bArr2, length - 16, length))) {
                        z = true;
                    }
                }
            }
            if (z) {
                c = c2;
                return new C0072a(str2, c);
            }
        }
        str2 = a(str, str2);
        c = c.c(com.f.security.a.b.a(str + c.c()));
        c.a(str, str2);
        return new C0072a(str2, c);
    }

    private static PrivateKey c() throws GeneralSecurityException, IOException {
        try {
            return (PrivateKey) a().getKey("k1", null);
        } catch (Exception e) {
            return (PrivateKey) a().getKey("k1", null);
        }
    }

    private static PublicKey d() throws GeneralSecurityException, IOException {
        try {
            return a().getCertificate("k1").getPublicKey();
        } catch (Exception e) {
            return a().getCertificate("k1").getPublicKey();
        }
    }
}
