package qw2;

import ae5.i0;
import android.security.keystore.KeyGenParameterSpec;
import com.google.android.gms.common.util.AndroidUtilsLight;
import com.tencent.mm.sdk.platformtools.n2;
import java.io.ByteArrayInputStream;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import kotlin.jvm.internal.o;
import nb5.k;
import nb5.p;
import sa5.j;

/* loaded from: classes12.dex */
public final class e {

    /* renamed from: a, reason: collision with root package name */
    public static final e f320429a = new e();

    public final byte[] a(String keyId, byte[] encrypted, String algorithm) {
        o.h(keyId, "keyId");
        o.h(encrypted, "encrypted");
        o.h(algorithm, "algorithm");
        b a16 = b.f320423f.a(algorithm);
        if (a16 == null) {
            throw new IllegalArgumentException("Unsupported algorithm: ".concat(algorithm));
        }
        int ordinal = a16.ordinal();
        String str = a16.f320426d;
        if (ordinal != 0 && ordinal != 1) {
            if (ordinal != 4) {
                throw new IllegalArgumentException("Unsupported algorithm: ".concat(algorithm));
            }
            if (encrypted.length <= 12) {
                throw new IllegalArgumentException("Invalid encrypted data: too short");
            }
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Key key = keyStore.getKey(keyId, null);
            o.f(key, "null cannot be cast to non-null type javax.crypto.SecretKey");
            byte[] bArr = new byte[12];
            System.arraycopy(encrypted, 0, bArr, 0, 12);
            int length = encrypted.length - 12;
            byte[] bArr2 = new byte[length];
            System.arraycopy(encrypted, 12, bArr2, 0, length);
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(2, (SecretKey) key, new GCMParameterSpec(128, bArr));
            byte[] doFinal = cipher.doFinal(bArr2);
            o.e(doFinal);
            return doFinal;
        }
        try {
            KeyStore keyStore2 = KeyStore.getInstance("AndroidKeyStore");
            keyStore2.load(null);
            c(keyStore2, keyId);
            Key key2 = keyStore2.getKey(keyId, null);
            PrivateKey privateKey = key2 instanceof PrivateKey ? (PrivateKey) key2 : null;
            if (privateKey == null) {
                throw new IllegalStateException("Private key not found for keyId: ".concat(keyId));
            }
            Cipher cipher2 = o.c(str, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding") ? Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding") : Cipher.getInstance("RSA/ECB/PKCS1Padding");
            if (o.c(str, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding")) {
                cipher2.init(2, privateKey, new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT));
            } else {
                cipher2.init(2, privateKey);
            }
            if (encrypted.length == 256) {
                byte[] doFinal2 = cipher2.doFinal(encrypted);
                o.g(doFinal2, "doFinal(...)");
                return doFinal2;
            }
            throw new IllegalArgumentException("Invalid encrypted data size: " + encrypted.length + " bytes. Expected: 256 bytes");
        } catch (Exception e16) {
            n2.e("LiteAppSecureUtil", "rsaDecrypt error: " + e16.getClass().getSimpleName() + ": " + e16.getMessage(), null);
            throw e16;
        }
    }

    public final byte[] b(String keyId, byte[] data, String algorithm) {
        o.h(keyId, "keyId");
        o.h(data, "data");
        o.h(algorithm, "algorithm");
        b a16 = b.f320423f.a(algorithm);
        if (a16 == null) {
            throw new IllegalArgumentException("Unsupported algorithm: ".concat(algorithm));
        }
        int ordinal = a16.ordinal();
        String str = a16.f320426d;
        if (ordinal != 0 && ordinal != 1) {
            if (ordinal != 4) {
                throw new IllegalArgumentException("Unsupported algorithm: ".concat(algorithm));
            }
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Key key = keyStore.getKey(keyId, null);
            o.f(key, "null cannot be cast to non-null type javax.crypto.SecretKey");
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(1, (SecretKey) key);
            byte[] iv5 = cipher.getIV();
            byte[] doFinal = cipher.doFinal(data);
            byte[] bArr = new byte[iv5.length + doFinal.length];
            System.arraycopy(iv5, 0, bArr, 0, iv5.length);
            System.arraycopy(doFinal, 0, bArr, iv5.length, doFinal.length);
            return bArr;
        }
        try {
            KeyStore keyStore2 = KeyStore.getInstance("AndroidKeyStore");
            keyStore2.load(null);
            c(keyStore2, keyId);
            PublicKey publicKey = keyStore2.getCertificate(keyId).getPublicKey();
            Cipher cipher2 = Cipher.getInstance(str);
            if (o.c(str, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding")) {
                cipher2.init(1, publicKey, new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT));
            } else {
                cipher2.init(1, publicKey);
            }
            int i16 = o.c(str, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding") ? 190 : 245;
            if (data.length <= i16) {
                byte[] doFinal2 = cipher2.doFinal(data);
                o.g(doFinal2, "doFinal(...)");
                return doFinal2;
            }
            throw new IllegalArgumentException("Input data too long: " + data.length + " bytes. Maximum allowed: " + i16 + " bytes");
        } catch (Exception e16) {
            n2.e("LiteAppSecureUtil", "rsaEncrypt error: ", e16);
            throw e16;
        }
    }

    public final void c(KeyStore keyStore, String str) {
        if (keyStore.containsAlias(str)) {
            return;
        }
        n2.e("LiteAppSecureUtil", "Key does not exist: " + str, null);
        throw new Exception("Key does not exist: " + str);
    }

    public final String d(String algorithm, int i16) {
        o.h(algorithm, "algorithm");
        String e16 = e(algorithm);
        a aVar = b.f320423f;
        if (o.c(algorithm, "AES-GCM")) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            KeyGenParameterSpec.Builder randomizedEncryptionRequired = new KeyGenParameterSpec.Builder(e16, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(i16).setRandomizedEncryptionRequired(true);
            o.g(randomizedEncryptionRequired, "setRandomizedEncryptionRequired(...)");
            keyGenerator.init(randomizedEncryptionRequired.build());
            keyGenerator.generateKey();
            return e16;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder(e16, 15).setKeySize(i16).setDigests("SHA-256", AndroidUtilsLight.DIGEST_ALGORITHM_SHA512);
        o.g(digests, "setDigests(...)");
        b a16 = b.f320423f.a(algorithm);
        int i17 = a16 == null ? -1 : d.f320428a[a16.ordinal()];
        if (i17 == -1) {
            digests.setEncryptionPaddings("PKCS1Padding");
            digests.setSignaturePaddings("PKCS1");
        } else if (i17 == 1) {
            digests.setEncryptionPaddings("PKCS1Padding");
        } else if (i17 == 2) {
            digests.setEncryptionPaddings("OAEPPadding");
        } else if (i17 == 3) {
            digests.setEncryptionPaddings("NoPadding");
            digests.setBlockModes("GCM");
        } else if (i17 == 4) {
            digests.setSignaturePaddings("PKCS1");
        } else if (i17 == 5) {
            digests.setSignaturePaddings("PSS");
        }
        KeyGenParameterSpec build = digests.build();
        o.g(build, "build(...)");
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        return e16;
    }

    public final String e(String str) {
        return "key_" + str + '_' + System.currentTimeMillis() + '_' + i0.O(String.valueOf(p.i(new k(0, 999999), lb5.e.f266326d)), 6, '0');
    }

    public final byte[] f(String keyId, String algorithm) {
        o.h(keyId, "keyId");
        o.h(algorithm, "algorithm");
        b a16 = b.f320423f.a(algorithm);
        if (a16 == null) {
            throw new IllegalArgumentException("Unsupported algorithm: ".concat(algorithm));
        }
        int ordinal = a16.ordinal();
        if (ordinal != 0 && ordinal != 1) {
            throw new IllegalArgumentException("Unsupported algorithm: ".concat(algorithm));
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            c(keyStore, keyId);
            byte[] encoded = keyStore.getCertificate(keyId).getPublicKey().getEncoded();
            o.g(encoded, "getEncoded(...)");
            return encoded;
        } catch (Exception e16) {
            n2.e("LiteAppSecureUtil", "rsaGetPublicKey error, error=" + e16.getMessage(), null);
            throw e16;
        }
    }

    public final String g(byte[] publicKeyBytes, byte[] privateKeyBytes, byte[] certificateBytes, String algorithm) {
        o.h(publicKeyBytes, "publicKeyBytes");
        o.h(privateKeyBytes, "privateKeyBytes");
        o.h(certificateBytes, "certificateBytes");
        o.h(algorithm, "algorithm");
        try {
            KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(privateKeyBytes);
            PublicKey generatePublic = keyFactory.generatePublic(new X509EncodedKeySpec(publicKeyBytes));
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificateBytes));
            o.f(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            X509Certificate x509Certificate = (X509Certificate) generateCertificate;
            if (!Arrays.equals(x509Certificate.getPublicKey().getEncoded(), generatePublic.getEncoded())) {
                throw new RuntimeException("Certificate's public key does not match the provided public key");
            }
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            String e16 = e(algorithm);
            keyStore.setKeyEntry(e16, keyFactory.generatePrivate(pKCS8EncodedKeySpec), null, new X509Certificate[]{x509Certificate});
            return e16;
        } catch (Exception e17) {
            throw new RuntimeException("Invalid key format: " + e17.getMessage());
        }
    }

    public final byte[] h(String keyId, byte[] data, String algorithm) {
        o.h(keyId, "keyId");
        o.h(data, "data");
        o.h(algorithm, "algorithm");
        b a16 = b.f320423f.a(algorithm);
        if (a16 == null) {
            throw new IllegalArgumentException("Unsupported algorithm: ".concat(algorithm));
        }
        int ordinal = a16.ordinal();
        if (ordinal == 0 || ordinal == 1) {
            throw new IllegalArgumentException("Unsupported algorithm: ".concat(algorithm));
        }
        if (ordinal != 2 && ordinal != 3) {
            if (ordinal != 4) {
                throw new j();
            }
            throw new IllegalArgumentException("Unsupported algorithm: ".concat(algorithm));
        }
        String str = a16.f320426d;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            c(keyStore, keyId);
            Key key = keyStore.getKey(keyId, null);
            o.f(key, "null cannot be cast to non-null type java.security.PrivateKey");
            Signature signature = Signature.getInstance(str);
            signature.initSign((PrivateKey) key);
            signature.update(data);
            byte[] sign = signature.sign();
            o.g(sign, "sign(...)");
            return sign;
        } catch (Exception e16) {
            n2.e("LiteAppSecureUtil", "rsaSign error: ", e16);
            throw e16;
        }
    }

    public final boolean i(String keyId, byte[] data, byte[] signature, String algorithm) {
        o.h(keyId, "keyId");
        o.h(data, "data");
        o.h(signature, "signature");
        o.h(algorithm, "algorithm");
        b a16 = b.f320423f.a(algorithm);
        if (a16 == null) {
            throw new IllegalArgumentException("Unsupported algorithm: ".concat(algorithm));
        }
        int ordinal = a16.ordinal();
        if (ordinal == 0 || ordinal == 1) {
            throw new IllegalArgumentException("Unsupported algorithm: ".concat(algorithm));
        }
        if (ordinal != 2 && ordinal != 3) {
            if (ordinal != 4) {
                throw new j();
            }
            throw new IllegalArgumentException("Unsupported algorithm: ".concat(algorithm));
        }
        String str = a16.f320426d;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            c(keyStore, keyId);
            PublicKey publicKey = keyStore.getCertificate(keyId).getPublicKey();
            Signature signature2 = Signature.getInstance(str);
            signature2.initVerify(publicKey);
            signature2.update(data);
            return signature2.verify(signature);
        } catch (Exception e16) {
            n2.e("LiteAppSecureUtil", "rsaVerify error: ", e16);
            throw e16;
        }
    }
}
