package com.his_j.shop.wallet.utility;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.util.Base64;
import android.util.Log;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.ECGenParameterSpec;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public final class EncryptUtil {
    private static final String ALIAS_ENCRYPTION_AES = "hensim_aes_encryption";
    private static final String ALIAS_ENCRYPTION_RSA = "hensim_rsa_encryption";
    private static final String ALIAS_SIGNATURE = "hensim_signature";
    private static final String CIPHER_AES = "AES/CBC/PKCS7Padding";
    private static final String CIPHER_ECDSA = "SHA256withECDSA";
    private static final String CIPHER_RSA = "RSA";
    private static final String CIPHER_RSA_BLOCK = "RSA/ECB/PKCS1Padding";
    private static final String CLASS_NAME = "EncryptUtil";
    private static final String CN_TEMPLATE = "CN=%s";
    private static final String ECPARAM_SPEC = "secp256r1";
    private static final String IVKEY = "hensimencryption";
    private static final String KEYSTORE = "AndroidKeyStore";

    private static void createEncryptionKey(@NonNull Context context) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        if (Build.VERSION.SDK_INT >= 23) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", KEYSTORE);
            keyGenerator.init(createKeyGeneratorSpec());
            keyGenerator.generateKey();
        } else {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(CIPHER_RSA, KEYSTORE);
            keyPairGenerator.initialize(createKeyPairGeneratorSpec(context));
            keyPairGenerator.generateKeyPair();
        }
    }

    @NonNull
    @TargetApi(23)
    private static KeyGenParameterSpec createKeyGeneratorSpec() {
        return new KeyGenParameterSpec.Builder(ALIAS_ENCRYPTION_AES, 3).setCertificateSubject(new X500Principal(String.format(CN_TEMPLATE, ALIAS_ENCRYPTION_AES))).setCertificateSerialNumber(BigInteger.ONE).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setRandomizedEncryptionRequired(false).build();
    }

    @NonNull
    @TargetApi(23)
    private static KeyGenParameterSpec createKeyGeneratorSpecForSign() {
        return new KeyGenParameterSpec.Builder(ALIAS_SIGNATURE, 4).setAlgorithmParameterSpec(new ECGenParameterSpec(ECPARAM_SPEC)).setDigests("SHA-256", "SHA-384", "SHA-512").setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(300).build();
    }

    @NonNull
    private static KeyPairGeneratorSpec createKeyPairGeneratorSpec(@NonNull Context context) {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 10);
        return new KeyPairGeneratorSpec.Builder(context).setAlias(ALIAS_ENCRYPTION_RSA).setSubject(new X500Principal(String.format(CN_TEMPLATE, ALIAS_ENCRYPTION_RSA))).setSerialNumber(BigInteger.valueOf(1000000L)).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
    }

    @Nullable
    public static String decrypt(@NonNull String str) {
        Cipher cipher;
        String str2 = Build.VERSION.SDK_INT >= 23 ? ALIAS_ENCRYPTION_AES : ALIAS_ENCRYPTION_RSA;
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE);
            keyStore.load(null);
            if (!keyStore.containsAlias(str2)) {
                return null;
            }
            if (Build.VERSION.SDK_INT >= 23) {
                SecretKey secretKey = (SecretKey) keyStore.getKey(str2, null);
                cipher = Cipher.getInstance(CIPHER_AES);
                cipher.init(2, secretKey, new IvParameterSpec(IVKEY.getBytes()));
            } else {
                PrivateKey privateKey = (PrivateKey) keyStore.getKey(str2, null);
                cipher = Cipher.getInstance(CIPHER_RSA_BLOCK);
                cipher.init(2, privateKey);
            }
            CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(Base64.decode(str, 2)), cipher);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (true) {
                int read = cipherInputStream.read();
                if (read == -1) {
                    byteArrayOutputStream.close();
                    return new String(byteArrayOutputStream.toByteArray(), StandardCharsets.UTF_8);
                }
                byteArrayOutputStream.write(read);
            }
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException | NoSuchPaddingException e) {
            Log.e(CLASS_NAME, "decrypt failure", e);
            return null;
        }
    }

    @Nullable
    public static String encrypt(@NonNull Context context, @NonNull String str) {
        Cipher cipher;
        String str2 = Build.VERSION.SDK_INT >= 23 ? ALIAS_ENCRYPTION_AES : ALIAS_ENCRYPTION_RSA;
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE);
            keyStore.load(null);
            if (!keyStore.containsAlias(str2)) {
                createEncryptionKey(context);
            }
            if (Build.VERSION.SDK_INT >= 23) {
                SecretKey secretKey = (SecretKey) keyStore.getKey(str2, null);
                cipher = Cipher.getInstance(CIPHER_AES);
                cipher.init(1, secretKey, new IvParameterSpec(IVKEY.getBytes()));
            } else {
                PublicKey publicKey = keyStore.getCertificate(str2).getPublicKey();
                cipher = Cipher.getInstance(CIPHER_RSA_BLOCK);
                cipher.init(1, publicKey);
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(str.getBytes(StandardCharsets.UTF_8));
            cipherOutputStream.close();
            return Base64.encodeToString(byteArrayOutputStream.toByteArray(), 2);
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException | CertificateException | NoSuchPaddingException e) {
            Log.e(CLASS_NAME, "encrypt failure", e);
            return null;
        }
    }
}
