package cn.sekey.silk.ble.chiper;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.text.TextUtils;
import android.util.Base64;
import cn.sekey.silk.MainApplication;
import cn.sekey.silk.ble.utils.AppLog;
import cn.sekey.silk.ble.utils.Config;
import cn.sekey.silk.ble.utils.Stringutils;
import cn.sekey.silk.utils.ecies.AESGCMBlockCipher;
import cn.sekey.silk.utils.ecies.IESCipherGCM;
import cn.sekey.silk.utils.ecies.IESEngineGCM;
import cn.sekey.silk.utils.gmhelper.cert.SM2CertUtil;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Enumeration;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.ECPointUtil;
import org.bouncycastle.jce.interfaces.ECPrivateKey;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECNamedCurveSpec;
import org.bouncycastle.jce.spec.IESParameterSpec;

/* loaded from: classes.dex */
public class CommEncryption {
    public static final int CREATE_NEW_KEY_PAIR_GENERATOR_SUCCESS = 0;
    public static final int KEY_PAIR_GENERATOR_NOT_SUPPORT = 2;
    private static final String PROVIDER = "AndroidKeyStore";
    public static final int SIGNATURE_WITH_ECC_FAIL = 7;
    public static final int SIGNATURE_WITH_ECC_SUCCESS = 5;
    public static final int SIGNATURE_WITH_RSA_FAIL = 6;
    public static final int SIGNATURE_WITH_RSA_SUCCESS = 4;
    public static final int THIS_MOBILE_NOT_SUPPORT_SECURITY_HARDWARE = 3;
    public static final int THIS_MOBILE_SUPPORT_SECURITY_HARDWARE = 1;
    private KeyPair kp;
    private KeyPairGenerator kpg;
    private final String TAG = CommEncryption.class.getSimpleName();
    private final String RSA_MODE_OAEP = "RSA/ECB/PKCS1Padding";

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    private byte[] decryptWithECC(String str, byte[] bArr) throws Exception {
        return decryptWithECC(str.getBytes(), bArr);
    }

    private byte[] decryptWithECC(byte[] bArr, byte[] bArr2) throws Exception {
        ECPrivateKey eCPrivateKey = (ECPrivateKey) KeyFactory.getInstance("EC", new BouncyCastleProvider()).generatePrivate(new PKCS8EncodedKeySpec(bArr2));
        byte[] bArr3 = new byte[16];
        for (int i = 0; i < 15; i++) {
            bArr3[i] = 0;
        }
        IESParameterSpec iESParameterSpec = new IESParameterSpec(null, null, 128, 128, bArr3);
        IESCipherGCM iESCipherGCM = new IESCipherGCM(new IESEngineGCM(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA256Digest()), new AESGCMBlockCipher()), 16);
        iESCipherGCM.engineInit(2, eCPrivateKey, iESParameterSpec, new SecureRandom());
        return iESCipherGCM.engineDoFinal(bArr, 0, bArr.length);
    }

    private void testEcc() {
    }

    public boolean checkExistAliasKeyStore(String str, String str2) {
        try {
            KeyStore keyStore = KeyStore.getInstance(PROVIDER);
            keyStore.load(null);
            if (keyStore.getEntry(str, null) instanceof KeyStore.PrivateKeyEntry) {
                return keyStore.getCertificate(str).getPublicKey().getAlgorithm().equals(str2);
            }
            return false;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    public boolean containKeyAlias(String str) {
        Enumeration<String> alias = getAlias();
        while (alias.hasMoreElements()) {
            if (str.equals(alias.nextElement())) {
                return true;
            }
        }
        return false;
    }

    public void createRsaKey(String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", PROVIDER);
            this.kpg = keyPairGenerator;
            keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(MainApplication.getInstance()).setAlias(str).setSubject(new X500Principal("CN=SILK, OU=RD, O=Sekey Ltd., C=CN")).setSerialNumber(BigInteger.valueOf(87654321L)).setStartDate(new Date()).setEndDate(new SimpleDateFormat("yyyy-MM-dd", Locale.US).parse("2099-12-31")).setKeySize(2048).setKeyType("RSA").build());
            this.kp = this.kpg.generateKeyPair();
        } catch (Exception e) {
            e.printStackTrace();
            AppLog.LOG_E(this.TAG, "createRsaKey err e -> " + e);
        }
    }

    public byte[] decryptDataWithAES2(String str, byte[] bArr) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(Stringutils.hex2Byte(str), "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(2, secretKeySpec, new IvParameterSpec(Stringutils.hex2Byte("A0A1A2A3A4A5A6A7A8A9AAABACADAEAF")));
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public byte[] decryptWithRsa(String str, String str2) {
        try {
            KeyStore keyStore = KeyStore.getInstance(PROVIDER);
            keyStore.load(null);
            if (!(keyStore.getEntry(str, null) instanceof KeyStore.PrivateKeyEntry)) {
                return null;
            }
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, (PrivateKey) keyStore.getKey(str, null));
            return cipher.doFinal(Stringutils.hex2Byte(str2));
        } catch (Exception e) {
            e.printStackTrace();
            AppLog.LOG_E(this.TAG, "decryptWithRsa err e -> " + e);
            return null;
        }
    }

    public void deleteAlias(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(PROVIDER);
            keyStore.load(null);
            keyStore.deleteEntry(str);
        } catch (Exception unused) {
        }
    }

    public byte[] encryptDataWithAES2(String str, byte[] bArr) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(Stringutils.hex2Byte(str), "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(1, secretKeySpec, new IvParameterSpec(Stringutils.hex2Byte("A0A1A2A3A4A5A6A7A8A9AAABACADAEAF")));
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            e.printStackTrace();
            AppLog.LOG_E(this.TAG, "encryptDataWithAES2 err e -> " + e);
            return null;
        }
    }

    public byte[] encryptWithECC(String str, byte[] bArr, String str2) throws Exception {
        return encryptWithECC(str.getBytes(), bArr, str2);
    }

    public byte[] encryptWithECC(byte[] bArr, byte[] bArr2, String str) throws Exception {
        byte[] bArr3 = new byte[65];
        if (bArr2.length > 65) {
            System.arraycopy(bArr2, bArr2.length - 65, bArr3, 0, 65);
            bArr2 = bArr3;
        }
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(str);
        KeyFactory keyFactory = KeyFactory.getInstance("EC", new BouncyCastleProvider());
        ECNamedCurveSpec eCNamedCurveSpec = new ECNamedCurveSpec(str, parameterSpec.getCurve(), parameterSpec.getG(), parameterSpec.getN());
        ECPublicKey eCPublicKey = (ECPublicKey) keyFactory.generatePublic(new ECPublicKeySpec(ECPointUtil.decodePoint(eCNamedCurveSpec.getCurve(), bArr2), eCNamedCurveSpec));
        byte[] bArr4 = new byte[16];
        for (int i = 0; i < 15; i++) {
            bArr4[i] = 0;
        }
        IESParameterSpec iESParameterSpec = new IESParameterSpec(null, null, 128, 128, bArr4);
        IESCipherGCM iESCipherGCM = new IESCipherGCM(new IESEngineGCM(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA256Digest()), new AESGCMBlockCipher()), 16);
        iESCipherGCM.engineInit(1, eCPublicKey, iESParameterSpec, new SecureRandom());
        return iESCipherGCM.engineDoFinal(bArr, 0, bArr.length);
    }

    public byte[] encryptWithRsa(String str, byte[] bArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance(PROVIDER);
            keyStore.load(null);
            if (!(keyStore.getEntry(str, null) instanceof KeyStore.PrivateKeyEntry)) {
                return null;
            }
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, keyStore.getCertificate(str).getPublicKey());
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            e.printStackTrace();
            AppLog.LOG_E(this.TAG, "encryptWithRsa err e -> " + e);
            return null;
        }
    }

    public byte[] enrollPublicKey(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(PROVIDER);
            keyStore.load(null);
            PublicKey publicKey = keyStore.getCertificate(str).getPublicKey();
            if (publicKey != null) {
                return publicKey.getEncoded();
            }
            return null;
        } catch (Exception e) {
            AppLog.LOG_E(this.TAG, "该手机不支持---->AndroidKeyStore,publicKey is null");
            e.printStackTrace();
            return null;
        }
    }

    public String generateAesKey() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return Base64.encodeToString(bArr, 2);
    }

    public Enumeration<String> getAlias() {
        try {
            KeyStore keyStore = KeyStore.getInstance(PROVIDER);
            keyStore.load(null);
            return keyStore.aliases();
        } catch (Exception e) {
            e.printStackTrace();
            AppLog.LOG_E(this.TAG, "该手机不支持---->AndroidKeyStore，获取不到秘钥信息");
            return null;
        }
    }

    public byte[] getECCPrivateKey(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(PROVIDER);
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                return ((KeyStore.PrivateKeyEntry) entry).getPrivateKey().getEncoded();
            }
            return null;
        } catch (Exception e) {
            AppLog.LOG_E(this.TAG, "该手机不支持ECC SHA256withECDSA 签名算法---->AndroidKeyStore" + e);
            return null;
        }
    }

    public String getLocalAesKey(String str, int i, Context context) {
        String userInfoStringValue = Config.getUserInfoStringValue(Config.USER_UNIQUE_ID);
        String str2 = Config.USER_KEYSTORE_AES_KEY + userInfoStringValue;
        if (i == 1) {
            str2 = Config.USER_DOE_AES_KEY + userInfoStringValue;
        }
        AppLog.LOG_D(this.TAG, "getLocalAesKey getKey : " + str2);
        String userInfoStringValue2 = Config.getUserInfoStringValue(str2);
        AppLog.LOG_D(this.TAG, "getLocalAesKey aesKey : " + userInfoStringValue2);
        if (TextUtils.isEmpty(userInfoStringValue2)) {
            if (checkExistAliasKeyStore(str + str, "RSA")) {
                String readMainFile = Stringutils.readMainFile(context, str + "rsa.txt");
                if (MainApplication.getInstance().DEBUG) {
                    AppLog.LOG_D(this.TAG, "获取密文数据：" + readMainFile);
                }
                byte[] decryptWithRsa = decryptWithRsa(str + str, readMainFile);
                if (decryptWithRsa != null) {
                    userInfoStringValue2 = Stringutils.byte2Hex(decryptWithRsa);
                }
            }
            if (TextUtils.isEmpty(userInfoStringValue2)) {
                byte[] bArr = new byte[32];
                new SecureRandom().nextBytes(bArr);
                userInfoStringValue2 = Stringutils.byte2Hex(bArr);
            }
            Config.saveUserInfoStringValue(str2, userInfoStringValue2);
        }
        return userInfoStringValue2;
    }

    public boolean initEccKeyPair(String str) {
        try {
            if (Build.VERSION.SDK_INT < 23) {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", PROVIDER);
                this.kpg = keyPairGenerator;
                keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(MainApplication.getInstance()).setAlias(str).setSubject(new X500Principal("CN=SILK, OU=RD, O=Sekey Ltd., C=CN")).setSerialNumber(BigInteger.valueOf(12345678L)).setStartDate(new Date()).setEndDate(new SimpleDateFormat("yyyy-MM-dd", Locale.US).parse("2099-12-31")).setKeySize(256).setKeyType("EC").build());
            } else {
                KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("EC", PROVIDER);
                this.kpg = keyPairGenerator2;
                keyPairGenerator2.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256", "SHA-512").setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).build());
            }
            this.kp = this.kpg.generateKeyPair();
            return true;
        } catch (Exception e) {
            AppLog.LOG_E(this.TAG, "initEccKeyPair e -> " + e.getLocalizedMessage() + e);
            return false;
        }
    }

    public int initRsaKeyPair(String str) {
        try {
            if (Build.VERSION.SDK_INT < 23) {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", PROVIDER);
                this.kpg = keyPairGenerator;
                keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(MainApplication.getInstance()).setAlias(str).setSubject(new X500Principal("CN=SILK, OU=RD, O=Sekey Ltd., C=CN")).setSerialNumber(BigInteger.valueOf(12345678L)).setStartDate(new Date()).setEndDate(new SimpleDateFormat("yyyy-MM-dd", Locale.US).parse("2099-12-31")).setKeySize(256).setKeyType("EC").build());
            } else {
                KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", PROVIDER);
                this.kpg = keyPairGenerator2;
                keyPairGenerator2.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256", "SHA-512").setSignaturePaddings("PKCS1").setKeySize(2048).build());
            }
            this.kp = this.kpg.generateKeyPair();
            return 0;
        } catch (Exception e) {
            AppLog.LOG_E(this.TAG, e.getLocalizedMessage() + e);
            return 2;
        }
    }

    public boolean isInsideSecurityHardware(String str) {
        if (Build.VERSION.SDK_INT < 23) {
            return false;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(PROVIDER);
            keyStore.load(null);
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, null);
            return ((KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), PROVIDER).getKeySpec(privateKey, KeyInfo.class)).isInsideSecureHardware();
        } catch (Exception e) {
            AppLog.LOG_E(this.TAG, e.getLocalizedMessage() + e);
            return false;
        }
    }

    public String sha256Hex(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            return Stringutils.byte2Hex(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            return "";
        }
    }

    public byte[] signWithEcc(String str, byte[] bArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance(PROVIDER);
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                return null;
            }
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (Exception e) {
            AppLog.LOG_E(this.TAG, "该手机不支持ECC SHA256withECDSA 签名算法---->AndroidKeyStore" + e);
            return null;
        }
    }

    public byte[] signWithRsa(String str, byte[] bArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance(PROVIDER);
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                return null;
            }
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (Exception e) {
            AppLog.LOG_E(this.TAG, "该手机不支持---->AndroidKeyStore");
            e.printStackTrace();
            return null;
        }
    }

    public BCECPublicKey verifyTDMCert(String str, String str2, Context context) throws Exception {
        InputStream open = context.getAssets().open("cert/vsm2root.cer");
        BCECPublicKey bCECPublicKey = SM2CertUtil.getBCECPublicKey(SM2CertUtil.getX509Certificate(open));
        X509Certificate x509Certificate = SM2CertUtil.getX509Certificate(Base64.decode(str, 2));
        if (!SM2CertUtil.verifyCertificate(bCECPublicKey, x509Certificate)) {
            AppLog.LOG_E("verifyTDMCert tdmCaCert is failed! ");
            throw new Exception("verifyTDMCert bcRootPub issuer tdmCACert failed !");
        }
        BCECPublicKey bCECPublicKey2 = SM2CertUtil.getBCECPublicKey(x509Certificate);
        X509Certificate x509Certificate2 = SM2CertUtil.getX509Certificate(Base64.decode(str2, 2));
        if (!SM2CertUtil.verifyCertificate(bCECPublicKey2, x509Certificate2)) {
            AppLog.LOG_E("verifyTDMCert tdmCert is failed! ");
            throw new Exception("verifyTDMCert tdmCaPub issuer tdmCert failed !");
        }
        open.close();
        AppLog.LOG_I("verifyTDMCert is Success!");
        return SM2CertUtil.getBCECPublicKey(x509Certificate2);
    }

    public boolean verifyWithEcc(byte[] bArr, byte[] bArr2, byte[] bArr3, String str) {
        try {
            byte[] bArr4 = new byte[65];
            if (bArr3.length > 65) {
                System.arraycopy(bArr3, bArr3.length - 65, bArr4, 0, 65);
                bArr3 = bArr4;
            }
            ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(str);
            KeyFactory keyFactory = KeyFactory.getInstance("EC", new BouncyCastleProvider());
            ECNamedCurveSpec eCNamedCurveSpec = new ECNamedCurveSpec(str, parameterSpec.getCurve(), parameterSpec.getG(), parameterSpec.getN());
            ECPublicKey eCPublicKey = (ECPublicKey) keyFactory.generatePublic(new ECPublicKeySpec(ECPointUtil.decodePoint(eCNamedCurveSpec.getCurve(), bArr3), eCNamedCurveSpec));
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initVerify(eCPublicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (Exception e) {
            AppLog.LOG_E(this.TAG, "该手机不支持ECC verifyWithEcc SHA256withECDSA 签名算法---->AndroidKeyStore" + e);
            return false;
        }
    }

    public boolean vertifyWithRsa(String str, byte[] bArr, byte[] bArr2) {
        try {
            KeyStore keyStore = KeyStore.getInstance(PROVIDER);
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                return false;
            }
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(((KeyStore.PrivateKeyEntry) entry).getCertificate());
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (Exception e) {
            AppLog.LOG_E(this.TAG, "该手机不支持---->AndroidKeyStore");
            e.printStackTrace();
            return false;
        }
    }
}
