package com.sankuai.meituan.tte;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.support.annotation.NonNull;
import android.support.annotation.RequiresApi;
import android.support.annotation.VisibleForTesting;
import com.meituan.robust.ChangeQuickRedirect;
import com.meituan.robust.PatchProxy;
import com.meituan.robust.utils.RobustBitConfig;
import com.sankuai.meituan.tte.y;
import com.sankuai.titans.CryptoManager;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.interfaces.RSAKey;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.security.auth.x500.X500Principal;

/* compiled from: SecureBox.java */
/* loaded from: classes12.dex */
public abstract class q<K> {

    /* renamed from: a, reason: collision with root package name */
    @SuppressLint({"StaticFieldLeak"})
    public static volatile q<?> f76884a;
    public static ChangeQuickRedirect changeQuickRedirect;

    /* renamed from: b, reason: collision with root package name */
    public final Context f76885b;
    public final String c;
    public final String d;

    /* renamed from: e, reason: collision with root package name */
    public final String f76886e;
    public volatile K f;

    /* compiled from: SecureBox.java */
    @RequiresApi(api = 23)
    /* loaded from: classes12.dex */
    static class a extends q<SecretKey> {
        public static ChangeQuickRedirect changeQuickRedirect;

        public a(Context context) {
            super(context, "com.sankuai.meituan.tte.master_key-aes-128:", "data_key-aes-128:", "aes");
            Object[] objArr = {context};
            ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
            if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "acc630cb1a935ea7a083357d36aea68e", RobustBitConfig.DEFAULT_VALUE)) {
                PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "acc630cb1a935ea7a083357d36aea68e");
            }
        }

        @Override // com.sankuai.meituan.tte.q
        public byte[] a(byte[] bArr, SecretKey secretKey) throws GeneralSecurityException {
            Object[] objArr = {bArr, secretKey};
            ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
            if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "8a4f0bb90c06562c4c064e23672d0725", RobustBitConfig.DEFAULT_VALUE)) {
                return (byte[]) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "8a4f0bb90c06562c4c064e23672d0725");
            }
            byte[] bArr2 = new byte[12];
            new SecureRandom().nextBytes(bArr2);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKey, new GCMParameterSpec(128, bArr2));
            return z.a(bArr2, cipher.doFinal(bArr));
        }

        @Override // com.sankuai.meituan.tte.q
        /* renamed from: b, reason: merged with bridge method [inline-methods] */
        public SecretKey a(String str) throws GeneralSecurityException {
            Object[] objArr = {str};
            ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
            if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "5be681e2cbaec6e92a9a6c8fb71e77d1", RobustBitConfig.DEFAULT_VALUE)) {
                return (SecretKey) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "5be681e2cbaec6e92a9a6c8fb71e77d1");
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setKeySize(128).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
            return keyGenerator.generateKey();
        }

        @Override // com.sankuai.meituan.tte.q
        /* renamed from: b, reason: merged with bridge method [inline-methods] */
        public SecretKey a(KeyStore keyStore, String str) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException {
            Object[] objArr = {keyStore, str};
            ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
            if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "25d75dbfddf0200ad457ac9c6c337f35", RobustBitConfig.DEFAULT_VALUE)) {
                return (SecretKey) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "25d75dbfddf0200ad457ac9c6c337f35");
            }
            Key key = keyStore.getKey(str, null);
            if (key instanceof SecretKey) {
                return (SecretKey) key;
            }
            return null;
        }

        @Override // com.sankuai.meituan.tte.q
        public byte[] b(byte[] bArr, SecretKey secretKey) throws GeneralSecurityException {
            Object[] objArr = {bArr, secretKey};
            ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
            if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "20f9d7495c903f9f1d3a381fa58fe739", RobustBitConfig.DEFAULT_VALUE)) {
                return (byte[]) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "20f9d7495c903f9f1d3a381fa58fe739");
            }
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, secretKey, new GCMParameterSpec(128, bArr, 0, 12));
            return cipher.doFinal(bArr, 12, bArr.length - 12);
        }
    }

    /* compiled from: SecureBox.java */
    /* loaded from: classes12.dex */
    static class b extends q<KeyPair> {
        public static ChangeQuickRedirect changeQuickRedirect;

        public b(Context context) {
            super(context, "com.sankuai.meituan.tte.master_key-2048:", "data_key-2048:", "rsa");
            Object[] objArr = {context};
            ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
            if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "adbd58a1e9b3d013b6af52db8c74e815", RobustBitConfig.DEFAULT_VALUE)) {
                PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "adbd58a1e9b3d013b6af52db8c74e815");
            }
        }

        @Override // com.sankuai.meituan.tte.q
        public byte[] a(byte[] bArr, KeyPair keyPair) throws GeneralSecurityException {
            Object[] objArr = {bArr, keyPair};
            ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
            if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "4a37133c03a6bdd0e9e1feac9aa233ee", RobustBitConfig.DEFAULT_VALUE)) {
                return (byte[]) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "4a37133c03a6bdd0e9e1feac9aa233ee");
            }
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, keyPair.getPublic());
            return cipher.doFinal(bArr);
        }

        @Override // com.sankuai.meituan.tte.q
        /* renamed from: b, reason: merged with bridge method [inline-methods] */
        public KeyPair a(String str) throws GeneralSecurityException {
            Object[] objArr = {str};
            ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
            if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "0687cb72afe25e5d784767c2683ee04e", RobustBitConfig.DEFAULT_VALUE)) {
                return (KeyPair) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "0687cb72afe25e5d784767c2683ee04e");
            }
            KeyPairGenerator d = d();
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 100);
            d.initialize(new KeyPairGeneratorSpec.Builder(this.f76885b).setKeySize(2048).setAlias(str).setSubject(new X500Principal("CN=TTE")).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build());
            return d.generateKeyPair();
        }

        @Override // com.sankuai.meituan.tte.q
        /* renamed from: b, reason: merged with bridge method [inline-methods] */
        public KeyPair a(KeyStore keyStore, String str) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException {
            Object[] objArr = {keyStore, str};
            ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
            if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "c1890c3d7dfced6dfc7a82ab90831057", RobustBitConfig.DEFAULT_VALUE)) {
                return (KeyPair) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "c1890c3d7dfced6dfc7a82ab90831057");
            }
            Key key = keyStore.getKey(str, null);
            PrivateKey privateKey = ((key instanceof PrivateKey) && (key instanceof RSAKey)) ? (PrivateKey) key : null;
            Certificate certificate = keyStore.getCertificate(str);
            PublicKey publicKey = (certificate == null || !(certificate.getPublicKey() instanceof RSAKey)) ? null : certificate.getPublicKey();
            if (privateKey == null || publicKey == null) {
                return null;
            }
            return new KeyPair(publicKey, privateKey);
        }

        @Override // com.sankuai.meituan.tte.q
        public byte[] b(byte[] bArr, KeyPair keyPair) throws GeneralSecurityException {
            Object[] objArr = {bArr, keyPair};
            ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
            if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "cd8c7766cd49984ab699eaa8e026a954", RobustBitConfig.DEFAULT_VALUE)) {
                return (byte[]) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "cd8c7766cd49984ab699eaa8e026a954");
            }
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, keyPair.getPrivate());
            return cipher.doFinal(bArr);
        }

        @VisibleForTesting
        public KeyPairGenerator d() throws NoSuchProviderException, NoSuchAlgorithmException {
            Object[] objArr = new Object[0];
            ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
            return PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "a162ac14910248edb0c148aec0938548", RobustBitConfig.DEFAULT_VALUE) ? (KeyPairGenerator) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "a162ac14910248edb0c148aec0938548") : KeyPairGenerator.getInstance(CryptoManager.RSA_ALGORITHM, "AndroidKeyStore");
        }
    }

    public q(Context context, String str, String str2, String str3) {
        Object[] objArr = {context, str, str2, str3};
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "ce19d0c86d13f4b53098e61ccb1f4f11", RobustBitConfig.DEFAULT_VALUE)) {
            PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "ce19d0c86d13f4b53098e61ccb1f4f11");
            return;
        }
        this.f76885b = context;
        this.c = str;
        this.d = str2;
        this.f76886e = str3;
    }

    public static q<?> a(Context context) {
        q<?> bVar;
        Object[] objArr = {context};
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, null, changeQuickRedirect2, true, "a676ce4233f6a080ea49a16f251d8db3", RobustBitConfig.DEFAULT_VALUE)) {
            return (q) PatchProxy.accessDispatch(objArr, null, changeQuickRedirect2, true, "a676ce4233f6a080ea49a16f251d8db3");
        }
        if (f76884a == null) {
            synchronized (q.class) {
                if (f76884a == null) {
                    if (Build.VERSION.SDK_INT >= 23 && !f.a(context).f76861e) {
                        bVar = new a(context);
                        f76884a = bVar;
                    }
                    bVar = new b(context);
                    f76884a = bVar;
                }
            }
        }
        return f76884a;
    }

    private String d() {
        Object[] objArr = new Object[0];
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "c53392908fd154bea2a3ffc177076b7f", RobustBitConfig.DEFAULT_VALUE)) {
            return (String) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "c53392908fd154bea2a3ffc177076b7f");
        }
        return this.c + com.sankuai.common.utils.q.a(this.f76885b);
    }

    @VisibleForTesting
    @NonNull
    public K a() throws KeyStoreException {
        Object[] objArr = new Object[0];
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "af06e98ba03658aed317730fb46114e4", RobustBitConfig.DEFAULT_VALUE)) {
            return (K) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "af06e98ba03658aed317730fb46114e4");
        }
        if (this.f == null) {
            synchronized (q.class) {
                if (this.f == null) {
                    this.f = b();
                }
            }
        }
        return this.f;
    }

    public abstract K a(String str) throws GeneralSecurityException;

    public abstract K a(KeyStore keyStore, String str) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException;

    public String a(y.d dVar, y.c cVar) {
        Object[] objArr = {dVar, cVar};
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "3d6045abd74ba138c134df859d02a928", RobustBitConfig.DEFAULT_VALUE)) {
            return (String) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "3d6045abd74ba138c134df859d02a928");
        }
        return this.d + dVar + ":" + cVar.c;
    }

    public byte[] a(byte[] bArr) throws GeneralSecurityException {
        Object[] objArr = {bArr};
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        return PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "14a710b6931356eae46c56aa5e313077", RobustBitConfig.DEFAULT_VALUE) ? (byte[]) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "14a710b6931356eae46c56aa5e313077") : a(bArr, (byte[]) a());
    }

    public abstract byte[] a(byte[] bArr, K k) throws GeneralSecurityException;

    @VisibleForTesting
    @NonNull
    public K b() throws KeyStoreException {
        boolean containsAlias;
        K a2;
        Object[] objArr = new Object[0];
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "ac38c400a7755c131309c28c770d0bc0", RobustBitConfig.DEFAULT_VALUE)) {
            return (K) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "ac38c400a7755c131309c28c770d0bc0");
        }
        String d = d();
        try {
            KeyStore c = c();
            c.load(null);
            try {
                containsAlias = c.containsAlias(d);
            } catch (NullPointerException unused) {
                v.a("SecureBox", "Keystore is temporarily unavailable.", null);
                try {
                    Thread.sleep(20L);
                } catch (InterruptedException unused2) {
                }
                c = c();
                c.load(null);
                containsAlias = c.containsAlias(d);
            }
            v.c("SecureBox", "containsAlias[" + d + "]: " + containsAlias);
            if (containsAlias && (a2 = a(c, d)) != null) {
                v.b("SecureBox", "did get master key");
                return a2;
            }
        } catch (Throwable th) {
            v.b("SecureBox", "get master key", th);
            com.sankuai.meituan.tte.a.a(th);
        }
        try {
            v.b("SecureBox", "try gen master key");
            K a3 = a(d);
            v.b("SecureBox", "did gen master key");
            return a3;
        } catch (Throwable th2) {
            throw new KeyStoreException("gen master key", th2);
        }
    }

    public byte[] b(byte[] bArr) throws GeneralSecurityException {
        Object[] objArr = {bArr};
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        return PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "a7e5ad7d6f8cac584b3de8d41cef660c", RobustBitConfig.DEFAULT_VALUE) ? (byte[]) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "a7e5ad7d6f8cac584b3de8d41cef660c") : b(bArr, a());
    }

    public abstract byte[] b(byte[] bArr, K k) throws GeneralSecurityException;

    @VisibleForTesting
    public KeyStore c() throws KeyStoreException {
        Object[] objArr = new Object[0];
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        return PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "6046d553d3afcb60e51a9f5e1cbb3f0b", RobustBitConfig.DEFAULT_VALUE) ? (KeyStore) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "6046d553d3afcb60e51a9f5e1cbb3f0b") : KeyStore.getInstance("AndroidKeyStore");
    }
}
