package com.taobao.weex.security;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.Intent;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.support.annotation.RequiresApi;
import android.support.v4.content.LocalBroadcastManager;
import android.text.TextUtils;
import android.util.Base64;
import com.taobao.weex.common.a;
import com.taobao.weex.utils.WXLogUtils;
import com.taobao.weex.utils.b;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.lang.ref.WeakReference;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidParameterSpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class HbsCryptoEngine {
    public static final String APP_ID = "appid";
    public static final String CLEAR_CRYPTO_DATA = "com.huawei.hbs2.framework.ClearCryptoData";
    private static final String a = "HbsCryptoEngine";
    private static final String g = "cipher_key";
    private static final String h = "AndroidKeyStore";
    private static final String i = "AES";
    private static final String j = "AES/GCM/NoPadding";
    private static final int k = 256;
    private static final int l = 256;
    private static final int m = 256;
    private static final int n = 128;
    private static final int o = 12;
    private static final int p = 1;
    private static volatile HbsCryptoEngine q = null;
    private WeakReference<Context> b = null;
    private String c = "";
    private String d = "";
    private String e = "";
    private boolean f = false;

    private HbsCryptoEngine() {
    }

    @RequiresApi(api = 19)
    private String a(String str) {
        String str2 = null;
        if (TextUtils.isEmpty(str)) {
            WXLogUtils.e(a, "decryptWorkKey cipherValue is null");
        } else {
            try {
                byte[] a2 = b.a(str);
                int length = a2.length;
                byte[] bArr = new byte[12];
                byte[] bArr2 = new byte[1];
                byte[] bArr3 = new byte[(length - 12) - 1];
                System.arraycopy(a2, 0, bArr, 0, 12);
                System.arraycopy(a2, 12, bArr2, 0, 1);
                System.arraycopy(a2, 13, bArr3, 0, (length - 12) - 1);
                GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(bArr2[0] & 255, bArr);
                SecretKey c = c();
                if (c == null) {
                    this.f = true;
                    this.e = "";
                    j();
                    g();
                    a.c("decryptWorkKey", "Can not get the rootkey from KeyStore!", "storage");
                } else {
                    Cipher cipher = Cipher.getInstance(j);
                    cipher.init(2, c, gCMParameterSpec);
                    byte[] doFinal = cipher.doFinal(bArr3);
                    WXLogUtils.i(a, "decrypt work key successful, app:" + this.c);
                    str2 = b.a(doFinal, false);
                }
            } catch (InvalidAlgorithmParameterException e) {
                WXLogUtils.e(a, "decrypt work key failed, app:" + this.c + ", InvalidAlgorithmParameterException:" + e.getMessage());
            } catch (InvalidKeyException e2) {
                WXLogUtils.e(a, "decrypt work key failed, app:" + this.c + ", InvalidKeyException:" + e2.getMessage());
            } catch (NoSuchAlgorithmException e3) {
                WXLogUtils.e(a, "decrypt work key failed, app:" + this.c + ", NoSuchAlgorithmException:" + e3.getMessage());
            } catch (BadPaddingException e4) {
                WXLogUtils.e(a, "decrypt work key failed, app:" + this.c + ", BadPaddingException:" + e4.getMessage());
            } catch (IllegalBlockSizeException e5) {
                WXLogUtils.e(a, "decrypt work key failed, app:" + this.c + ", IllegalBlockSizeException:" + e5.getMessage());
            } catch (NoSuchPaddingException e6) {
                WXLogUtils.e(a, "decrypt work key failed, app:" + this.c + ", NoSuchPaddingException:" + e6.getMessage());
            } catch (Exception e7) {
                WXLogUtils.e(a, "decrypt work key failed, app:" + this.c + ", Exception:" + e7.getMessage());
            }
        }
        return str2;
    }

    private void a() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(i);
            keyGenerator.init(256, new SecureRandom());
            this.e = b.a(keyGenerator.generateKey().getEncoded(), false);
            WXLogUtils.i(a, "generate work key successful, app:" + this.c);
        } catch (NoSuchAlgorithmException e) {
            WXLogUtils.e(a, "generate work key failed, app:" + this.c + ", NoSuchAlgorithmException:" + e.getMessage());
        } catch (Exception e2) {
            WXLogUtils.e(a, "generate work key failed, app:" + this.c + ", NoSuchAlgorithmException:" + e2.getMessage());
        }
    }

    @RequiresApi(api = 23)
    private SecretKey b() {
        try {
            String str = "KEY" + this.c;
            KeyStore keyStore = KeyStore.getInstance(h);
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey(str, null);
            if (secretKey == null) {
                WXLogUtils.d(a, "The rootKey of applet " + this.c + " was not yet been created, now creating it...");
                KeyGenerator keyGenerator = KeyGenerator.getInstance(i, h);
                keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build());
                secretKey = keyGenerator.generateKey();
            }
            if (secretKey == null) {
                WXLogUtils.e(a, "generate root key failed, app:" + this.c);
                return secretKey;
            }
            WXLogUtils.i(a, "generate root key successful, app:" + this.c);
            return secretKey;
        } catch (IOException e) {
            WXLogUtils.e(a, "generate root key failed, app:" + this.c + ", genRootKey IOException");
            return null;
        } catch (KeyStoreException e2) {
            WXLogUtils.e(a, "generate root key failed, app:" + this.c + ", KeyStoreException:" + e2.getMessage());
            return null;
        } catch (NoSuchAlgorithmException e3) {
            WXLogUtils.e(a, "generate root key failed, app:" + this.c + ", NoSuchAlgorithmException:" + e3.getMessage());
            return null;
        } catch (NoSuchProviderException e4) {
            WXLogUtils.e(a, "generate root key failed, app:" + this.c + ", NoSuchProviderException:" + e4.getMessage());
            return null;
        } catch (UnrecoverableKeyException e5) {
            WXLogUtils.e(a, "generate root key failed, app:" + this.c + ", UnrecoverableKeyException:" + e5.getMessage());
            return null;
        } catch (CertificateException e6) {
            WXLogUtils.e(a, "generate root key failed, app:" + this.c + ", CertificateException:" + e6.getMessage());
            return null;
        } catch (Exception e7) {
            WXLogUtils.e(a, "generate root key failed, app:" + this.c + ", Exception:" + e7.getMessage());
            return null;
        }
    }

    private SecretKey c() {
        try {
            String str = "KEY" + this.c;
            KeyStore keyStore = KeyStore.getInstance(h);
            keyStore.load(null);
            return (SecretKey) keyStore.getKey(str, null);
        } catch (IOException e) {
            WXLogUtils.e(a, "getRootKey IOException");
            return null;
        } catch (KeyStoreException e2) {
            WXLogUtils.e(a, "getRootKey KeyStoreException:" + e2.getMessage());
            return null;
        } catch (NoSuchAlgorithmException e3) {
            WXLogUtils.e(a, "getRootKey NoSuchAlgorithmException:" + e3.getMessage());
            return null;
        } catch (UnrecoverableKeyException e4) {
            WXLogUtils.e(a, "getRootKey UnrecoverableKeyException:" + e4.getMessage());
            return null;
        } catch (CertificateException e5) {
            WXLogUtils.e(a, "getRootKey CertificateException:" + e5.getMessage());
            return null;
        }
    }

    @RequiresApi(api = 23)
    private String d() {
        if (!isInitialized()) {
            WXLogUtils.e(a, "encryptWorkKey mPlaintextWorkKey is null");
            return null;
        }
        SecretKey b = b();
        if (b == null) {
            WXLogUtils.e(a, "encryptWorkKey generate root key failed");
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance(j);
            cipher.init(1, b);
            GCMParameterSpec gCMParameterSpec = (GCMParameterSpec) cipher.getParameters().getParameterSpec(GCMParameterSpec.class);
            byte[] doFinal = cipher.doFinal(b.a(this.e));
            String str = b.a(gCMParameterSpec.getIV(), false) + b.a(gCMParameterSpec.getTLen()) + b.a(doFinal, false);
            WXLogUtils.i(a, "encrypt WorkKey successful, app:" + this.c);
            return str;
        } catch (InvalidKeyException e) {
            WXLogUtils.e(a, "encrypt WorkKey failed, app:" + this.c + ", InvalidKeyException:" + e.getMessage());
            return null;
        } catch (NoSuchAlgorithmException e2) {
            WXLogUtils.e(a, "encrypt WorkKey failed, app:" + this.c + ",NoSuchAlgorithmException:" + e2.getMessage());
            return null;
        } catch (InvalidParameterSpecException e3) {
            WXLogUtils.e(a, "encrypt WorkKey failed, app:" + this.c + ", InvalidParameterSpecException:" + e3.getMessage());
            return null;
        } catch (BadPaddingException e4) {
            WXLogUtils.e(a, "encrypt WorkKey failed, app:" + this.c + ", BadPaddingException:" + e4.getMessage());
            return null;
        } catch (IllegalBlockSizeException e5) {
            WXLogUtils.e(a, "encrypt WorkKey failed, app:" + this.c + ", IllegalBlockSizeException:" + e5.getMessage());
            return null;
        } catch (NoSuchPaddingException e6) {
            WXLogUtils.e(a, "encrypt WorkKey failed, app:" + this.c + ",NoSuchPaddingException:" + e6.getMessage());
            return null;
        } catch (Exception e7) {
            WXLogUtils.e(a, "encrypt WorkKey failed, app:" + this.c + ", Exception:" + e7.getMessage());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:55:0x012e  */
    /* JADX WARN: Removed duplicated region for block: B:58:0x0133 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Type inference failed for: r0v0, types: [java.io.FileOutputStream] */
    /* JADX WARN: Type inference failed for: r0v1 */
    /* JADX WARN: Type inference failed for: r0v16 */
    /* JADX WARN: Type inference failed for: r0v21 */
    /* JADX WARN: Type inference failed for: r0v23 */
    /* JADX WARN: Type inference failed for: r0v27 */
    /* JADX WARN: Type inference failed for: r0v3 */
    /* JADX WARN: Type inference failed for: r0v30 */
    /* JADX WARN: Type inference failed for: r0v31 */
    /* JADX WARN: Type inference failed for: r0v32 */
    /* JADX WARN: Type inference failed for: r0v33 */
    /* JADX WARN: Type inference failed for: r0v34 */
    /* JADX WARN: Type inference failed for: r0v35 */
    /* JADX WARN: Type inference failed for: r0v36 */
    /* JADX WARN: Type inference failed for: r0v4 */
    /* JADX WARN: Type inference failed for: r0v5, types: [java.io.FileOutputStream] */
    @android.support.annotation.RequiresApi(api = 23)
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void e() {
        /*
            Method dump skipped, instructions count: 356
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.taobao.weex.security.HbsCryptoEngine.e():void");
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:54:0x0113 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    @android.support.annotation.RequiresApi(api = 23)
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void f() {
        /*
            Method dump skipped, instructions count: 298
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.taobao.weex.security.HbsCryptoEngine.f():void");
    }

    private void g() {
        Context h2 = h();
        if (h2 != null) {
            Intent intent = new Intent(CLEAR_CRYPTO_DATA);
            intent.putExtra("appid", this.c);
            LocalBroadcastManager.getInstance(h2).sendBroadcast(intent);
        }
    }

    public static HbsCryptoEngine getInstance() {
        if (q == null) {
            synchronized (HbsCryptoEngine.class) {
                if (q == null) {
                    q = new HbsCryptoEngine();
                }
            }
        }
        return q;
    }

    private Context h() {
        if (this.b != null) {
            return this.b.get();
        }
        return null;
    }

    private void i() {
        new Thread(new Runnable() { // from class: com.taobao.weex.security.HbsCryptoEngine.2
            @Override // java.lang.Runnable
            @RequiresApi(api = 23)
            public void run() {
                HbsCryptoEngine.this.f();
            }
        }).start();
    }

    private void j() {
        File k2 = k();
        if (k2.exists()) {
            if (k2.delete()) {
                WXLogUtils.i(a, "remove work key successful, app:" + this.c);
            } else {
                WXLogUtils.e(a, "remove work key failed, app:" + this.c);
            }
        }
    }

    private File k() {
        return new File((this.d + '/' + this.c + '/' + g).trim());
    }

    public String decryptValue(String str) {
        if (this.f) {
            WXLogUtils.e(a, "decryptValue KeyStore Null");
            return null;
        }
        if (!isInitialized()) {
            WXLogUtils.e(a, "decryptValue Engine is not initialized");
            return null;
        }
        if (TextUtils.isEmpty(str)) {
            WXLogUtils.e(a, "decryptValue cipherValue is null");
            return null;
        }
        if (Build.VERSION.SDK_INT < 23) {
            return null;
        }
        try {
            byte[] a2 = b.a(str.substring(0, 2));
            byte[] a3 = b.a(str.substring(2, 4));
            byte[] decode = Base64.decode(str.substring(4, (a3[0] & 255) + 4), 0);
            byte[] decode2 = Base64.decode(str.substring((a3[0] & 255) + 4), 0);
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(a2[0] & 255, decode);
            SecretKeySpec secretKeySpec = new SecretKeySpec(b.a(this.e), i);
            Cipher cipher = Cipher.getInstance(j);
            cipher.init(2, secretKeySpec, gCMParameterSpec);
            return new String(cipher.doFinal(decode2), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            WXLogUtils.e(a, "decryptValue UnsupportedEncodingException:" + e.getMessage());
            return null;
        } catch (InvalidAlgorithmParameterException e2) {
            WXLogUtils.e(a, "decryptValue InvalidAlgorithmParameterException:" + e2.getMessage());
            return null;
        } catch (InvalidKeyException e3) {
            WXLogUtils.e(a, "decryptValue InvalidKeyException:" + e3.getMessage());
            return null;
        } catch (NoSuchAlgorithmException e4) {
            WXLogUtils.e(a, "decryptValue NoSuchAlgorithmException:" + e4.getMessage());
            return null;
        } catch (BadPaddingException e5) {
            WXLogUtils.e(a, "decryptValue BadPaddingException:" + e5.getMessage());
            return null;
        } catch (IllegalBlockSizeException e6) {
            WXLogUtils.e(a, "decryptValue IllegalBlockSizeException:" + e6.getMessage());
            return null;
        } catch (NoSuchPaddingException e7) {
            WXLogUtils.e(a, "decryptValue NoSuchPaddingException:" + e7.getMessage());
            return null;
        } catch (Exception e8) {
            WXLogUtils.e(a, "decryptValue Exception:" + e8.getMessage());
            return null;
        }
    }

    public boolean deleteRootKey(String str) {
        try {
            String str2 = "KEY" + str;
            KeyStore keyStore = KeyStore.getInstance(h);
            keyStore.load(null);
            if (keyStore.containsAlias(str2)) {
                keyStore.deleteEntry(str2);
            }
            WXLogUtils.d(a, "delete root key success, app:" + str);
            return true;
        } catch (IOException e) {
            WXLogUtils.e(a, "delete root key failed, app:" + str + ", IOException:" + e.getMessage());
            return false;
        } catch (KeyStoreException e2) {
            WXLogUtils.e(a, "delete root key failed, app:" + str + ", KeyStoreException:" + e2.getMessage());
            return false;
        } catch (NoSuchAlgorithmException e3) {
            WXLogUtils.e(a, "delete root key failed, app:" + str + ", NoSuchAlgorithmException:" + e3.getMessage());
            return false;
        } catch (CertificateException e4) {
            WXLogUtils.e(a, "delete root key failed, app:" + str + ", IOException:" + e4.getMessage());
            return false;
        } catch (Exception e5) {
            WXLogUtils.e(a, "delete root key failed, app:" + str + ", IOException:" + e5.getMessage());
            return false;
        }
    }

    @SuppressLint({"TrulyRandom"})
    public String encryptValue(String str) {
        if (this.f) {
            WXLogUtils.e(a, "encryptValue KeyStore Null");
            return null;
        }
        if (!isInitialized()) {
            WXLogUtils.e(a, "encryptValue Engine is not initialized");
            return null;
        }
        if (TextUtils.isEmpty(str)) {
            WXLogUtils.e(a, "encryptValue plaintextValue is null");
            return null;
        }
        if (Build.VERSION.SDK_INT < 23) {
            return null;
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(b.a(this.e), i);
            byte[] bArr = new byte[12];
            new SecureRandom().nextBytes(bArr);
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr);
            Cipher cipher = Cipher.getInstance(j);
            cipher.init(1, secretKeySpec, gCMParameterSpec);
            byte[] doFinal = cipher.doFinal(str.getBytes("UTF-8"));
            String a2 = b.a(128);
            String encodeToString = Base64.encodeToString(doFinal, 0);
            String encodeToString2 = Base64.encodeToString(bArr, 0);
            return a2 + b.a(encodeToString2.length()) + encodeToString2 + encodeToString;
        } catch (UnsupportedEncodingException e) {
            WXLogUtils.e(a, "encryptValue UnsupportedEncodingException:" + e.getMessage());
            return null;
        } catch (InvalidAlgorithmParameterException e2) {
            WXLogUtils.e(a, "encryptValue InvalidAlgorithmParameterException:" + e2.getMessage());
            return null;
        } catch (InvalidKeyException e3) {
            WXLogUtils.e(a, "encryptValue InvalidKeyException:" + e3.getMessage());
            return null;
        } catch (NoSuchAlgorithmException e4) {
            WXLogUtils.e(a, "encryptValue NoSuchAlgorithmException:" + e4.getMessage());
            return null;
        } catch (BadPaddingException e5) {
            WXLogUtils.e(a, "encryptValue BadPaddingException:" + e5.getMessage());
            return null;
        } catch (IllegalBlockSizeException e6) {
            WXLogUtils.e(a, "encryptValue IllegalBlockSizeException:" + e6.getMessage());
            return null;
        } catch (NoSuchPaddingException e7) {
            WXLogUtils.e(a, "encryptValue NoSuchPaddingException:" + e7.getMessage());
            return null;
        } catch (Exception e8) {
            WXLogUtils.e(a, "encryptValue Exception:" + e8.getMessage());
            return null;
        }
    }

    public void initHbsCryptoEngine(Context context, String str, String str2) {
        WXLogUtils.d(a, "initHbsCryptoEngine");
        if (Build.VERSION.SDK_INT < 23) {
            WXLogUtils.w(a, "Hbs Crypto Engine do not support version before level 23");
            return;
        }
        if (context != null) {
            this.b = new WeakReference<>(context.getApplicationContext());
        }
        this.c = str;
        this.d = str2;
        this.e = "";
        if (!isExistKeyFile()) {
            a();
        } else if (c() != null) {
            i();
        }
        this.f = false;
    }

    public boolean isExistKeyFile() {
        WXLogUtils.d(a, "isExistKeyFile");
        return k().exists();
    }

    public boolean isInitialized() {
        if (!TextUtils.isEmpty(this.e)) {
            return true;
        }
        WXLogUtils.e(a, "Hbs Crypto Engine initialized failed!");
        return false;
    }

    public void saveWorkKeyAsync() {
        new Thread(new Runnable() { // from class: com.taobao.weex.security.HbsCryptoEngine.1
            @Override // java.lang.Runnable
            @RequiresApi(api = 23)
            public void run() {
                HbsCryptoEngine.this.e();
            }
        }).start();
    }
}
