package vn.com.misa.wesign.common;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import com.google.android.gms.stats.CodePackage;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import com.itextpdf.text.pdf.security.DigestAlgorithms;
import com.itextpdf.text.pdf.security.SecurityConstants;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.PSSParameterSpec;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import org.spongycastle.jcajce.provider.util.DigestFactory;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.pqc.jcajce.spec.McElieceCCA2ParameterSpec;
import retrofit2.Call;
import retrofit2.Callback;
import retrofit2.Response;
import vn.com.misa.wesign.network.model.Signature;
import vn.com.misa.wesign.network.request.PathService;
import vn.com.misa.wesign.network.request.ServiceRetrofit;
import vn.com.misa.wesign.network.response.BaseResponse;
import vn.com.misa.wesign.network.response.KAKInfo;
import vn.com.misa.wesign.network.response.KAKInfoesRes;

/* loaded from: classes5.dex */
public class KeystoreSecure {
    public static KeystoreSecure a;
    public static KeyStore b;

    /* loaded from: classes5.dex */
    public interface ICallbackKAK {
        void callbackKAK(String str);
    }

    /* loaded from: classes5.dex */
    public class a extends TypeToken<ArrayList<KAKInfo>> {
    }

    /* loaded from: classes5.dex */
    public class b extends TypeToken<ArrayList<KAKInfo>> {
    }

    /* loaded from: classes5.dex */
    public class c implements Callback<BaseResponse<KAKInfoesRes>> {
        public final /* synthetic */ ICallbackKAK a;

        public c(ICallbackKAK iCallbackKAK) {
            this.a = iCallbackKAK;
        }

        @Override // retrofit2.Callback
        public final void onFailure(Call<BaseResponse<KAKInfoesRes>> call, Throwable th) {
        }

        @Override // retrofit2.Callback
        public final void onResponse(Call<BaseResponse<KAKInfoesRes>> call, Response<BaseResponse<KAKInfoesRes>> response) {
            if (response != null) {
                try {
                    if (response.body() == null || response.body().code != 0 || response.body().data == null || response.body().data.KAKInfoes.size() <= 0) {
                        return;
                    }
                    List<KAKInfo> list = response.body().data.KAKInfoes;
                    MISACache.getInstance().putString(MISAConstant.PrivateKeyForSign, new Gson().toJson(list));
                    ICallbackKAK iCallbackKAK = this.a;
                    if (iCallbackKAK != null) {
                        iCallbackKAK.callbackKAK(new Gson().toJson(list));
                    }
                } catch (Exception e) {
                    MISACommon.handleException(e, "MainActivity  onResponse");
                }
            }
        }
    }

    public static void a(String str) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        b = keyStore;
        keyStore.load(null);
        if (b.containsAlias(str)) {
            return;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(SecurityConstants.RSA, "AndroidKeyStore");
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 3).setBlockModes(CodePackage.GCM).setEncryptionPaddings("PKCS1Padding").setDigests(DigestAlgorithms.SHA512).build());
        keyPairGenerator.generateKeyPair();
    }

    public static byte[] b(byte[] bArr, String str) throws Exception {
        PrivateKey privateKey = (PrivateKey) b.getKey(str, null);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, privateKey);
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        int size = arrayList.size();
        byte[] bArr2 = new byte[size];
        for (int i = 0; i < size; i++) {
            bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        return bArr2;
    }

    public static void c(String str, String str2) {
        try {
            byte[] bytes = str2.getBytes();
            PublicKey publicKey = b.getCertificate(str).getPublicKey();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, publicKey);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(bytes);
            cipherOutputStream.close();
            String encodeToString = Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0);
            LogUtil.e("NTHUY", encodeToString);
            MISACache.getInstance().putString(str, encodeToString);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public static String decrypt(String str) {
        try {
            return new String(b(Base64.decode(MISACache.getInstance().getString(str, null), 0), str));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static void encrypt(Context context, String str, String str2) {
        try {
            a(str);
            c(str, str2);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public static String getAuthorization(Signature signature, String str) throws Exception {
        List<KAKInfo> list = (List) new Gson().fromJson(str, new a().getType());
        if (list != null && list.size() > 0) {
            for (KAKInfo kAKInfo : list) {
                if (TextUtils.equals(kAKInfo.UId.toUpperCase(), signature.agreementUUID.toUpperCase())) {
                    Security.insertProviderAt(new BouncyCastleProvider(), 1);
                    byte[] decode = Base64.decode(signature.authorizationNonce, 0);
                    PrivateKey generatePrivate = KeyFactory.getInstance(SecurityConstants.RSA).generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(kAKInfo.KeyAuthorizeKey, 0)));
                    int digestSize = DigestFactory.getDigest(McElieceCCA2ParameterSpec.DEFAULT_MD).getDigestSize();
                    java.security.Signature signature2 = java.security.Signature.getInstance("NONEWITHRSASSA-PSS", BouncyCastleProvider.PROVIDER_NAME);
                    signature2.setParameter(new PSSParameterSpec(McElieceCCA2ParameterSpec.DEFAULT_MD, "MGF1", new MGF1ParameterSpec(McElieceCCA2ParameterSpec.DEFAULT_MD), digestSize, 1));
                    signature2.initSign(generatePrivate);
                    signature2.update(decode);
                    String encodeToString = Base64.encodeToString(signature2.sign(), 0);
                    LogUtil.e("NTHUY", encodeToString);
                    return encodeToString;
                }
            }
        }
        return "";
    }

    public static void getKAK(ICallbackKAK iCallbackKAK) {
        try {
            if (MISACommon.checkNetwork()) {
                ServiceRetrofit.newInstance(PathService.BASE_URL).getKAK().enqueue(new c(iCallbackKAK));
            }
        } catch (Exception e) {
            MISACommon.handleException(e, "MainActivity  getKAK");
        }
    }

    public static String getSignatureKAK(String str) throws Exception {
        return getAuthorization((Signature) new Gson().fromJson(MISACommon.decodeBase64(str), Signature.class), MISACache.getInstance().getString(MISAConstant.PrivateKeyForSign));
    }

    public static KeystoreSecure init(Context context) {
        if (a == null) {
            a = new KeystoreSecure();
        }
        return a;
    }

    public static String signSHA256RSA(String str, String str2) throws Exception {
        PrivateKey generatePrivate = KeyFactory.getInstance(SecurityConstants.RSA).generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(str2, 0)));
        java.security.Signature signature = java.security.Signature.getInstance("SHA256withRSA");
        signature.initSign(generatePrivate);
        signature.update(str.getBytes(StandardCharsets.UTF_8));
        return Base64.encodeToString(signature.sign(), 0);
    }

    public static void updateKAK(KAKInfo kAKInfo) {
        try {
            String string = MISACache.getInstance().getString(MISAConstant.PrivateKeyForSign);
            if (TextUtils.isEmpty(string)) {
                return;
            }
            List<KAKInfo> list = (List) new Gson().fromJson(string, new b().getType());
            if (list == null || list.size() <= 0) {
                return;
            }
            for (KAKInfo kAKInfo2 : list) {
                if (TextUtils.equals(kAKInfo2.UId.toUpperCase(), kAKInfo.UId.toUpperCase())) {
                    kAKInfo2.CertId = kAKInfo.CertId;
                    kAKInfo2.KeyAuthorizeKey = kAKInfo.KeyAuthorizeKey;
                    kAKInfo2.UId = kAKInfo.UId;
                }
            }
            MISACache.getInstance().putString(MISAConstant.PrivateKeyForSign, new Gson().toJson(list));
        } catch (Exception e) {
            MISACommon.handleException(e, "KeystoreSecure  updateKAK");
        }
    }
}
