package com.kbstar.kbsign.android.store;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import com.wizvera.crypto.ksc.jni.RSA;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes4.dex */
public class AndroidKeyStoreCipher {
    private static final String KEY_ALIAS = "AndroidKeyStoreCipher";
    private static SecureRandom secureRandom = new SecureRandom();
    private final Context context;
    private KeyStore.PrivateKeyEntry entry;

    public AndroidKeyStoreCipher(Context context) throws GeneralSecurityException, IOException {
        this.context = context;
        init();
    }

    private byte[] decryptKey(byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, this.entry.getPrivateKey());
        return cipher.doFinal(bArr);
    }

    private byte[] encryptKey(byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, this.entry.getCertificate().getPublicKey());
        return cipher.doFinal(bArr);
    }

    private void generateKeyPair() throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException, NoSuchProviderException, InvalidAlgorithmParameterException {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        if (Build.VERSION.SDK_INT >= 23) {
            String str = KEY_ALIAS;
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 3).setKeySize(2048).setCertificateSubject(new X500Principal("CN=" + str)).setCertificateSerialNumber(BigInteger.valueOf(1L)).setKeyValidityStart(calendar.getTime()).setKeyValidityEnd(calendar2.getTime()).setDigests("SHA-512", "SHA-256").setEncryptionPaddings(RSA.PKCS1_PADDING).setUserAuthenticationRequired(false).build());
        } else {
            KeyPairGeneratorSpec.Builder builder = new KeyPairGeneratorSpec.Builder(this.context);
            String str2 = KEY_ALIAS;
            keyPairGenerator.initialize(builder.setAlias(str2).setSubject(new X500Principal("CN=" + str2)).setSerialNumber(BigInteger.valueOf(1L)).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build());
        }
        keyPairGenerator.generateKeyPair();
    }

    private KeyStore.PrivateKeyEntry getPrivateKeyEntry() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableEntryException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(KEY_ALIAS, null);
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            return (KeyStore.PrivateKeyEntry) entry;
        }
        return null;
    }

    private void init() throws GeneralSecurityException, IOException {
        KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry();
        this.entry = privateKeyEntry;
        if (privateKeyEntry == null) {
            generateKeyPair();
        }
        this.entry = getPrivateKeyEntry();
    }

    private SecretKey unwrapSecretKey(byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(4, this.entry.getPrivateKey());
        return (SecretKey) cipher.unwrap(bArr, "AES", 3);
    }

    private byte[] wrapSecretKey(SecretKey secretKey) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(3, this.entry.getCertificate().getPublicKey());
        return cipher.wrap(secretKey);
    }

    public byte[] decrypt(byte[] bArr) throws GeneralSecurityException {
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        byte[] bArr2 = new byte[256];
        wrap.get(bArr2);
        SecretKey unwrapSecretKey = unwrapSecretKey(bArr2);
        byte[] bArr3 = new byte[16];
        wrap.get(bArr3);
        byte[] bArr4 = new byte[wrap.remaining()];
        wrap.get(bArr4);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(2, unwrapSecretKey, new IvParameterSpec(bArr3));
        return cipher.doFinal(bArr4);
    }

    public byte[] encrypt(byte[] bArr) throws GeneralSecurityException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length + 272 + 16);
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        SecretKey generateKey = keyGenerator.generateKey();
        byteArrayOutputStream.write(wrapSecretKey(generateKey));
        byte[] bArr2 = new byte[16];
        secureRandom.nextBytes(bArr2);
        byteArrayOutputStream.write(bArr2);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(1, generateKey, new IvParameterSpec(bArr2));
        byteArrayOutputStream.write(cipher.doFinal(bArr));
        return byteArrayOutputStream.toByteArray();
    }
}
