package com.dyadicsec.mobile.crypto.dycrypto;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.AndroidException;
import android.util.Log;
import android.util.Pair;
import com.dyadicsec.mobile.DYMobile;
import com.dyadicsec.mobile.crypto.Convertable;
import com.dyadicsec.mobile.crypto.Converter;
import com.dyadicsec.mobile.crypto.ErrorException;
import com.dyadicsec.mobile.utils.DYLog;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECPoint;
import java.util.GregorianCalendar;
import java.util.UUID;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.security.auth.x500.X500Principal;
import runtime.Strings.StringIndexer;

/* loaded from: classes4.dex */
public final class DYCrypto {
    private static final String a = "DYCrypto";

    /* loaded from: classes4.dex */
    public static class BigIntConverter implements Convertable {
        private BigInteger a = null;

        public BigInteger convert(byte[] bArr) throws ErrorException {
            Converter.convert(this, bArr);
            return this.a;
        }

        @Override // com.dyadicsec.mobile.crypto.Convertable
        public void convert(Converter converter) throws ErrorException {
            this.a = converter.convert(this.a);
        }

        public byte[] convert(BigInteger bigInteger) throws ErrorException {
            this.a = bigInteger;
            return Converter.convert(this);
        }
    }

    private static byte[] a(ECPublicKey eCPublicKey) {
        ECPoint w = eCPublicKey.getW();
        int fieldSize = (eCPublicKey.getParams().getCurve().getField().getFieldSize() + 7) >> 3;
        byte[] a2 = a(w.getAffineX().toByteArray());
        byte[] a3 = a(w.getAffineY().toByteArray());
        if (a2.length > fieldSize || a3.length > fieldSize) {
            throw new RuntimeException("Point coordinates do not match field size");
        }
        int i = (fieldSize << 1) + 1;
        byte[] bArr = new byte[i];
        bArr[0] = 4;
        System.arraycopy(a2, 0, bArr, (fieldSize - a2.length) + 1, a2.length);
        System.arraycopy(a3, 0, bArr, i - a3.length, a3.length);
        return bArr;
    }

    private static byte[] a(byte[] bArr) {
        int i = 0;
        while (i < bArr.length - 1 && bArr[i] == 0) {
            i++;
        }
        if (i == 0) {
            return bArr;
        }
        int length = bArr.length - i;
        byte[] bArr2 = new byte[length];
        System.arraycopy(bArr, i, bArr2, 0, length);
        return bArr2;
    }

    public static byte[][] computeSharedXOR(byte[] bArr) {
        byte[] generateRandomBytes = generateRandomBytes(bArr.length);
        return new byte[][]{generateRandomBytes, xor(bArr, generateRandomBytes)};
    }

    public static byte[] decryptWithKeyPairUsingAndroidKeyStore(String str, byte[] bArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, privateKeyEntry.getPrivateKey());
            byte[] doFinal = cipher.doFinal(bArr);
            DYLog.d(a, "successfully decrypted with keypair using TEE");
            return doFinal;
        } catch (Exception unused) {
            DYLog.e(a, "failed to decrypt with TEE key pair");
            return null;
        }
    }

    public static byte[] decryptWithPrivateKeyUsingAndroidKeyStore(String str, byte[] bArr, byte[] bArr2) {
        try {
            KeyStore keyStore = KeyStore.getInstance(StringIndexer._getString("6468"));
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey(str, null);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, secretKey, new GCMParameterSpec(128, bArr));
            byte[] doFinal = cipher.doFinal(bArr2);
            DYLog.d(a, "successfully decrypted with tee");
            return doFinal;
        } catch (Exception e) {
            DYLog.e(a, "failed to encrypt with TEE", e);
            return null;
        }
    }

    public static void deleteTokenSignKey(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(str)) {
                keyStore.deleteEntry(str);
                DYLog.d(a, "deleted AndroidKeystore entry for token " + str);
            }
        } catch (Exception e) {
            DYLog.e(a, "failed to remove token sign key" + e.getMessage());
        }
    }

    public static byte[] encryptWithKeyPairUsingAndroidKeyStore(String str, byte[] bArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
            byte[] doFinal = cipher.doFinal(bArr);
            DYLog.d(a, "successfully encrypted with keypair using TEE");
            return doFinal;
        } catch (Exception unused) {
            DYLog.e(a, "failed to encrypt with TEE key pair");
            return null;
        }
    }

    public static Pair<byte[], byte[]> encryptWithPrivateKeyUsingAndroidKeyStore(String str, byte[] bArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey(str, null);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKey, new SecureRandom());
            return new Pair<>(cipher.doFinal(bArr), cipher.getIV());
        } catch (Exception e) {
            DYLog.e(a, "failed to encrypt with TEE, retrying", e);
            return null;
        }
    }

    public static final String generateGUID() {
        return UUID.randomUUID().toString();
    }

    public static boolean generateLegacyEncryptDecryptKeyPairWithAndroidKeyStore(String str, Context context) {
        try {
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            gregorianCalendar2.add(1, 3);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            KeyPairGeneratorSpec.Builder builder = new KeyPairGeneratorSpec.Builder(context);
            builder.setAlias(str);
            if (Build.VERSION.SDK_INT >= 19) {
                builder.setKeySize(2048);
            }
            builder.setSerialNumber(BigInteger.valueOf(1337L));
            builder.setSubject(new X500Principal("CN=dyadic"));
            builder.setStartDate(gregorianCalendar.getTime());
            builder.setEndDate(gregorianCalendar2.getTime());
            keyPairGenerator.initialize(builder.build());
            if (keyPairGenerator.generateKeyPair() != null) {
                DYLog.d(a, "successfully created enc / dec keypair in TEE");
                return true;
            }
            DYLog.d(a, "failed to create enc / dec keypair in TEE");
            return false;
        } catch (Exception e) {
            DYLog.e(a, "failed to generate keypair in TEE", e);
            return false;
        }
    }

    public static boolean generatePrivateKeyWithAndroidKeyStore(String str) {
        try {
            if (Build.VERSION.SDK_INT < 23) {
                DYLog.e(a, "trying to use generatePrivateKeyWithAndroidKeyStore with incorrect API");
                return false;
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance(StringIndexer._getString("6469"), "AndroidKeyStore");
            keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setKeySize(256).setEncryptionPaddings("NoPadding").build());
            if (keyGenerator.generateKey() != null) {
                DYLog.d(a, "successfully created secret key in TEE");
            }
            return true;
        } catch (Exception e) {
            DYLog.e(a, "failed to create private key in TEE", e);
            return false;
        }
    }

    public static byte[] generateRandomBytes(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    public static byte[] generateSignKeypairInSecureElement(String str, boolean z, Context context, boolean z2) throws Throwable {
        ECPublicKey eCPublicKey;
        int intValue;
        if (Build.VERSION.SDK_INT < 19) {
            Log.wtf(a, "cannot use AndroidKeyStore with android API that is lower then 19 (KitKat");
            throw new AndroidException();
        }
        String str2 = a;
        DYLog.d(str2, "generating signing keypair in TEE");
        DYLog.d(str2, z ? "keygaurd will be mandated" : "keygaurd will not be mandated");
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 3);
        if (Build.VERSION.SDK_INT >= 23) {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            KeyGenParameterSpec.Builder keySize = new KeyGenParameterSpec.Builder(str, 4).setDigests("SHA-256").setKeySize(256);
            if (z2) {
                int i = 4294900;
                if (z && DYMobile.getInstance().getDYInitParams().initParams != null && DYMobile.getInstance().getDYInitParams().initParams.containsKey("USER_AUTH_DURATION") && (intValue = ((Integer) DYMobile.getInstance().getDYInitParams().initParams.get("USER_AUTH_DURATION")).intValue()) > 0 && intValue < 4294900) {
                    i = intValue;
                }
                keySize.setUserAuthenticationRequired(z).setUserAuthenticationValidityDurationSeconds(i);
            }
            keyPairGenerator.initialize(keySize.build());
            eCPublicKey = (ECPublicKey) keyPairGenerator.generateKeyPair().getPublic();
            DYLog.d(str2, "successfully created sign keypair in TEE with keyguard protection");
        } else {
            KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            KeyPairGeneratorSpec.Builder builder = new KeyPairGeneratorSpec.Builder(context);
            builder.setAlias(str);
            builder.setKeyType("EC");
            if (Build.VERSION.SDK_INT >= 19) {
                builder.setKeySize(256);
            }
            builder.setSerialNumber(BigInteger.valueOf(1337L));
            builder.setSubject(new X500Principal("CN=dyadic"));
            builder.setStartDate(gregorianCalendar.getTime());
            builder.setEndDate(gregorianCalendar2.getTime());
            if (z) {
                builder.setEncryptionRequired();
            }
            keyPairGenerator2.initialize(builder.build());
            eCPublicKey = (ECPublicKey) keyPairGenerator2.generateKeyPair().getPublic();
            DYLog.d(str2, "successfully created sign keypair in TEE with keyguard protection for legacy versions");
        }
        return a(eCPublicKey);
    }

    public static byte[] generateSignKeypairInSecureElementWithUserAuth(String str) {
        String str2 = a;
        DYLog.d(str2, "generating signing keypair in TEE with fingerprint auth");
        if (Build.VERSION.SDK_INT < 23) {
            DYLog.e(str2, "accessed is allowed only in Android M of higher");
            return null;
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(StringIndexer._getString("6470"), "AndroidKeyStore");
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 4).setDigests("SHA-256").setKeySize(256).setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(-1).build());
            return a((ECPublicKey) keyPairGenerator.generateKeyPair().getPublic());
        } catch (Exception e) {
            DYLog.e(a, "failed to generate hw protected keypair for fp auth", e);
            return null;
        }
    }

    public static byte[] getPublicKeyFromSecureElement(String str) {
        DYLog.d(a, "generating public key from TEE");
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            ECPublicKey eCPublicKey = (ECPublicKey) ((KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null)).getCertificate().getPublicKey();
            a(eCPublicKey);
            return a(eCPublicKey);
        } catch (Exception e) {
            DYLog.e(a, "failed to get public key from keystore", e);
            return null;
        }
    }

    public static boolean isEntryExists(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.containsAlias(str);
        } catch (Exception unused) {
            DYLog.e(a, "failed to check if key exists");
            return false;
        }
    }

    public static byte[] signWithAndroidKeyStore(String str, byte[] bArr) throws Throwable {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, null);
        if (privateKey == null) {
            DYLog.w(a, "Not an instance of a PrivateKeyEntry");
            return null;
        }
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);
        signature.update(bArr);
        DYLog.d(a, "successfully signed with AndroidKeyStore");
        return signature.sign();
    }

    public static byte[] xor(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length];
        int length = bArr.length;
        int i = 0;
        int i2 = 0;
        while (i < length) {
            bArr3[i2] = (byte) (bArr[i] ^ bArr2[i2]);
            i++;
            i2++;
        }
        return bArr3;
    }
}
