package com.sankuai.meituan.tte;

import android.annotation.SuppressLint;
import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.annotation.VisibleForTesting;
import android.text.TextUtils;
import com.meituan.robust.common.CommonConstant;
import com.sankuai.meituan.tte.TTE;
import com.sankuai.meituan.tte.o;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.interfaces.RSAKey;
import java.util.Calendar;
import java.util.Date;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;
import org.json.JSONException;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: TKeyStore.java */
/* loaded from: classes3.dex */
public class m {

    @SuppressLint({"StaticFieldLeak"})
    private static volatile m a;
    private static final Object b;
    private volatile KeyPair c;
    private final Context d;

    static {
        com.meituan.android.paladin.b.a(-8449090968322886138L);
        b = new Object();
    }

    public m(@NonNull Context context) {
        this.d = context;
    }

    public static m a(Context context) {
        if (a == null) {
            synchronized (m.class) {
                if (a == null) {
                    a = new m(context);
                }
            }
        }
        return a;
    }

    private String c(TTE.Env env, TTE.DataCipher dataCipher) {
        return "data_key:" + env + CommonConstant.Symbol.COLON + dataCipher.cipherType;
    }

    private com.meituan.android.cipstorage.p e() {
        return p.a(this.d, "ks");
    }

    private String f() {
        return "com.sankuai.meituan.tte.master_key:" + com.sankuai.common.utils.n.a(this.d);
    }

    @Nullable
    public f a(TTE.Env env, TTE.DataCipher dataCipher) {
        f b2 = b(env, dataCipher);
        StringBuilder sb = new StringBuilder();
        sb.append("[get][");
        sb.append(env);
        sb.append(", ");
        sb.append(dataCipher);
        sb.append("] null?: ");
        sb.append(b2 == null);
        n.a("TKeyStore", sb.toString());
        return b2;
    }

    @VisibleForTesting
    KeyPair a() {
        if (this.c == null) {
            synchronized (b) {
                if (this.c == null) {
                    this.c = b();
                }
            }
        }
        return this.c;
    }

    public boolean a(f fVar) {
        boolean b2 = b(fVar);
        n.a("TKeyStore", "[set][" + fVar.a + ", " + fVar.b + "]: " + b2);
        return b2;
    }

    @VisibleForTesting
    byte[] a(KeyPair keyPair, byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, keyPair.getPublic());
        return cipher.doFinal(bArr);
    }

    @VisibleForTesting
    @Nullable
    f b(TTE.Env env, TTE.DataCipher dataCipher) {
        String b2;
        if (d.a(this.d).c()) {
            n.b("TKeyStore", "get: disable");
            return null;
        }
        o.a a2 = o.a("tte.keyStore.read", "keyStore");
        try {
            try {
                try {
                    try {
                        a2.a("algo", dataCipher.cipherName);
                        a2.a("code", "0");
                        b2 = e().b(c(env, dataCipher), "");
                    } catch (JSONException e) {
                        a2.a("code", "1003");
                        n.b("TKeyStore", "get", e);
                    }
                } catch (Throwable th) {
                    a2.a("code", "1100");
                    n.b("TKeyStore", "get", th);
                }
            } catch (GeneralSecurityException e2) {
                a2.a("code", "1004");
                n.b("TKeyStore", "get", e2);
            }
            if (TextUtils.isEmpty(b2)) {
                a2.a("code", "1002");
                return null;
            }
            f fVar = new f(new JSONObject(b2));
            KeyPair a3 = a();
            if (a3 != null) {
                fVar.c = b(a3, fVar.c);
                return fVar;
            }
            a2.a("code", "1001");
            n.b("TKeyStore", "get: master key is null", null);
            return null;
        } finally {
            a2.b();
        }
    }

    @VisibleForTesting
    KeyPair b() {
        boolean containsAlias;
        String f = f();
        try {
            KeyStore c = c();
            c.load(null);
            try {
                containsAlias = c.containsAlias(f);
            } catch (NullPointerException unused) {
                n.a("TKeyStore", "Keystore is temporarily unavailable.", null);
                try {
                    Thread.sleep(20L);
                } catch (InterruptedException unused2) {
                }
                c = c();
                c.load(null);
                containsAlias = c.containsAlias(f);
            }
            n.c("TKeyStore", "containsAlias[" + f + "]: " + containsAlias);
            if (containsAlias) {
                Key key = c.getKey(f(), null);
                PrivateKey privateKey = ((key instanceof PrivateKey) && (key instanceof RSAKey)) ? (PrivateKey) key : null;
                Certificate certificate = c.getCertificate(f());
                PublicKey publicKey = (certificate == null || !(certificate.getPublicKey() instanceof RSAKey)) ? null : certificate.getPublicKey();
                if (privateKey != null && publicKey != null) {
                    n.b("TKeyStore", "did get master key");
                    return new KeyPair(publicKey, privateKey);
                }
            }
        } catch (KeyStoreException e) {
            n.b("TKeyStore", "getMasterKey", e);
        } catch (UnrecoverableKeyException e2) {
            n.b("TKeyStore", "getMasterKey", e2);
        } catch (GeneralSecurityException e3) {
            n.b("TKeyStore", "getMasterKey", e3);
        } catch (Throwable th) {
            n.b("TKeyStore", "getMasterKey", th);
        }
        try {
            n.b("TKeyStore", "try gen master key");
            KeyPairGenerator d = d();
            Calendar calendar = Calendar.getInstance();
            calendar.add(1, 100);
            d.initialize(new KeyPairGeneratorSpec.Builder(this.d).setKeySize(4096).setAlias(f()).setSubject(new X500Principal("CN=TTE, O=Sankuai")).setSerialNumber(new BigInteger("1101")).setStartDate(new Date()).setEndDate(calendar.getTime()).build());
            KeyPair generateKeyPair = d.generateKeyPair();
            n.b("TKeyStore", "did gen master key");
            return generateKeyPair;
        } catch (GeneralSecurityException e4) {
            n.b("TKeyStore", "getMasterKey", e4);
            return null;
        } catch (Throwable th2) {
            n.b("TKeyStore", "getMasterKey", th2);
            return null;
        }
    }

    @VisibleForTesting
    boolean b(f fVar) {
        if (d.a(this.d).c()) {
            n.b("TKeyStore", "set: disable");
            return false;
        }
        o.a a2 = o.a("tte.keyStore.write", "keyStore");
        try {
            try {
                try {
                    try {
                        a2.a("algo", fVar.b.cipherName);
                        a2.a("code", "0");
                        KeyPair a3 = a();
                        if (a3 == null) {
                            n.b("TKeyStore", "set: master key is null", null);
                            a2.a("code", "1001");
                            return false;
                        }
                        JSONObject a4 = fVar.a();
                        a4.put("dk", p.a(a(a3, fVar.c)));
                        e().a(c(fVar.a, fVar.b), a4.toString());
                        return true;
                    } catch (JSONException e) {
                        a2.a("code", "1003");
                        n.b("TKeyStore", "set", e);
                        return false;
                    }
                } catch (GeneralSecurityException e2) {
                    a2.a("code", "1004");
                    n.b("TKeyStore", "set", e2);
                    return false;
                }
            } catch (Throwable th) {
                a2.a("code", "1100");
                n.b("TKeyStore", "set", th);
                return false;
            }
        } finally {
            a2.b();
        }
    }

    @VisibleForTesting
    byte[] b(KeyPair keyPair, byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, keyPair.getPrivate());
        return cipher.doFinal(bArr);
    }

    @VisibleForTesting
    protected KeyStore c() throws KeyStoreException {
        return KeyStore.getInstance("AndroidKeyStore");
    }

    @VisibleForTesting
    protected KeyPairGenerator d() throws NoSuchProviderException, NoSuchAlgorithmException {
        return KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
    }
}
