package com.ingeek.nokeeu.security.operator.keystore;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProtection;
import android.security.keystore.WrappedKeyEntry;
import android.util.Log;
import com.ingeek.nokeeu.security.attestation.AttestationApplicationId;
import com.ingeek.nokeeu.security.attestation.AuthorizationList;
import com.ingeek.nokeeu.security.attestation.Optional;
import com.ingeek.nokeeu.security.attestation.ParsedAttestationRecord;
import com.ingeek.nokeeu.security.attestation.RootOfTrust;
import com.ingeek.nokeeu.security.internal.ConstantsInternal;
import com.ingeek.nokeeu.security.operator.SecurityTA;
import java.io.ByteArrayInputStream;
import java.io.PrintStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.jvm.internal.ByteCompanionObject;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: classes2.dex */
public class TKeyStore {
    private static final String ANDROID_OPENSSL = "AndroidOpenSSL";
    private static final String EC_KEY_CURVE = "secp256r1";
    private static String TAG = "TKeyStore";
    private static final byte UNCOMPRESSED_POINT_INDICATOR = 4;
    private static volatile TKeyStore singleton;
    private KeyStore keyStore;
    private IngeekKey mKeyImpl;

    private TKeyStore() {
        init();
    }

    public static TKeyStore get() {
        if (singleton == null) {
            synchronized (TKeyStore.class) {
                if (singleton == null) {
                    singleton = new TKeyStore();
                }
            }
        }
        return singleton;
    }

    private void init() {
        try {
            KeyStore keyStore = KeyStore.getInstance(SecurityTA.ANDROID_KEYSTORE);
            this.keyStore = keyStore;
            keyStore.load(null);
            if (Build.VERSION.SDK_INT >= 28) {
                this.mKeyImpl = new IngeekKeyImpl(this.keyStore);
            } else {
                this.mKeyImpl = new IngeekKeyImplLegacy(this.keyStore);
            }
        } catch (Exception e2) {
            logException(e2, false);
        }
    }

    @TargetApi(28)
    private boolean isSupportWrapKey() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", SecurityTA.ANDROID_KEYSTORE);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder("test_wrap_key", 32).setEncryptionPaddings("OAEPPadding").setBlockModes("ECB").setDigests(McElieceCCA2KeyGenParameterSpec.SHA1, "SHA-256", "SHA-512").build());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            if (generateKeyPair == null || generateKeyPair.getPrivate() == null) {
                return false;
            }
            return generateKeyPair.getPublic() != null;
        } catch (Exception unused) {
            return false;
        }
    }

    private void logException(Exception exc, boolean z) {
        this.mKeyImpl.logKeyException(exc, z);
    }

    private static byte[] m2padding(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length + (bArr.length % 16 != 0 ? (((bArr.length / 16) + 1) * 16) - bArr.length : 16)];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        bArr2[bArr.length] = ByteCompanionObject.MIN_VALUE;
        return bArr2;
    }

    private static byte[] m2unpadding(byte[] bArr) {
        int length = bArr.length;
        do {
            length--;
            if (bArr[length] == Byte.MIN_VALUE) {
                break;
            }
        } while (length > 0);
        if (length <= 0) {
            return null;
        }
        return Arrays.copyOf(bArr, length);
    }

    private static void printAttestationApplicationId(Optional<AttestationApplicationId> optional, String str) {
        if (optional.isPresent()) {
            System.out.println(str + "Package Infos (<package name>, <version>): ");
            for (AttestationApplicationId.AttestationPackageInfo attestationPackageInfo : optional.get().packageInfos) {
                PrintStream printStream = System.out;
                StringBuilder b0 = e.b.a.a.a.b0(str, "\t");
                b0.append(attestationPackageInfo.packageName);
                b0.append(", ");
                b0.append(attestationPackageInfo.version);
                printStream.println(b0.toString());
            }
            System.out.println(str + "Signature Digests:");
            for (byte[] bArr : optional.get().signatureDigests) {
                PrintStream printStream2 = System.out;
                StringBuilder b02 = e.b.a.a.a.b0(str, "\t");
                b02.append(Base64.toBase64String(bArr));
                printStream2.println(b02.toString());
            }
        }
    }

    public static void printAttestationRecord(ParsedAttestationRecord parsedAttestationRecord) {
        PrintStream printStream = System.out;
        StringBuilder Y = e.b.a.a.a.Y("Attestation version: ");
        Y.append(parsedAttestationRecord.attestationVersion);
        printStream.println(Y.toString());
        PrintStream printStream2 = System.out;
        StringBuilder Y2 = e.b.a.a.a.Y("Attestation Security Level: ");
        Y2.append(parsedAttestationRecord.attestationSecurityLevel.name());
        printStream2.println(Y2.toString());
        PrintStream printStream3 = System.out;
        StringBuilder Y3 = e.b.a.a.a.Y("Keymaster Version: ");
        Y3.append(parsedAttestationRecord.keymasterVersion);
        printStream3.println(Y3.toString());
        PrintStream printStream4 = System.out;
        StringBuilder Y4 = e.b.a.a.a.Y("Keymaster Security Level: ");
        Y4.append(parsedAttestationRecord.keymasterSecurityLevel.name());
        printStream4.println(Y4.toString());
        PrintStream printStream5 = System.out;
        StringBuilder Y5 = e.b.a.a.a.Y("Attestation Challenge: ");
        Y5.append(new String(parsedAttestationRecord.attestationChallenge));
        printStream5.println(Y5.toString());
        PrintStream printStream6 = System.out;
        StringBuilder Y6 = e.b.a.a.a.Y("Unique ID: ");
        Y6.append(Arrays.toString(parsedAttestationRecord.uniqueId));
        printStream6.println(Y6.toString());
        System.out.println("Software Enforced Authorization List:");
        printAuthorizationList(parsedAttestationRecord.softwareEnforced, "\t");
        System.out.println("TEE Enforced Authorization List:");
        printAuthorizationList(parsedAttestationRecord.teeEnforced, "\t");
    }

    private static void printAuthorizationList(AuthorizationList authorizationList, String str) {
        authorizationList.purpose.get();
        printOptional(authorizationList.purpose, e.b.a.a.a.D(str, "Purpose(s)"));
        printOptional(authorizationList.algorithm, e.b.a.a.a.D(str, "Algorithm"));
        printOptional(authorizationList.keySize, e.b.a.a.a.D(str, "Key Size"));
        printOptional(authorizationList.digest, e.b.a.a.a.D(str, "Digest"));
        printOptional(authorizationList.padding, e.b.a.a.a.D(str, "Padding"));
        printOptional(authorizationList.ecCurve, e.b.a.a.a.D(str, "EC Curve"));
        printOptional(authorizationList.rsaPublicExponent, e.b.a.a.a.D(str, "RSA Public Exponent"));
        PrintStream printStream = System.out;
        StringBuilder b0 = e.b.a.a.a.b0(str, "Rollback Resistance: ");
        b0.append(authorizationList.rollbackResistance);
        printStream.println(b0.toString());
        printOptional(authorizationList.activeDateTime, e.b.a.a.a.D(str, "Active DateTime"));
        printOptional(authorizationList.originationExpireDateTime, e.b.a.a.a.D(str, "Origination Expire DateTime"));
        printOptional(authorizationList.usageExpireDateTime, e.b.a.a.a.D(str, "Usage Expire DateTime"));
        PrintStream printStream2 = System.out;
        StringBuilder b02 = e.b.a.a.a.b0(str, "No Auth Required: ");
        b02.append(authorizationList.noAuthRequired);
        printStream2.println(b02.toString());
        printOptional(authorizationList.userAuthType, e.b.a.a.a.D(str, "User Auth Type"));
        printOptional(authorizationList.authTimeout, e.b.a.a.a.D(str, "Auth Timeout"));
        PrintStream printStream3 = System.out;
        StringBuilder b03 = e.b.a.a.a.b0(str, "Allow While On Body: ");
        b03.append(authorizationList.allowWhileOnBody);
        printStream3.println(b03.toString());
        PrintStream printStream4 = System.out;
        StringBuilder b04 = e.b.a.a.a.b0(str, "Trusted User Presence Required: ");
        b04.append(authorizationList.trustedUserPresenceRequired);
        printStream4.println(b04.toString());
        PrintStream printStream5 = System.out;
        StringBuilder b05 = e.b.a.a.a.b0(str, "Trusted Confirmation Required: ");
        b05.append(authorizationList.trustedConfirmationRequired);
        printStream5.println(b05.toString());
        PrintStream printStream6 = System.out;
        StringBuilder b06 = e.b.a.a.a.b0(str, "Unlocked Device Required: ");
        b06.append(authorizationList.unlockedDeviceRequired);
        printStream6.println(b06.toString());
        PrintStream printStream7 = System.out;
        StringBuilder b07 = e.b.a.a.a.b0(str, "All Applications: ");
        b07.append(authorizationList.allApplications);
        printStream7.println(b07.toString());
        printOptional(authorizationList.applicationId, e.b.a.a.a.D(str, "Application ID"));
        printOptional(authorizationList.creationDateTime, e.b.a.a.a.D(str, "Creation DateTime"));
        printOptional(authorizationList.origin, e.b.a.a.a.D(str, "Origin"));
        PrintStream printStream8 = System.out;
        StringBuilder b08 = e.b.a.a.a.b0(str, "Rollback Resistant: ");
        b08.append(authorizationList.rollbackResistant);
        printStream8.println(b08.toString());
        if (authorizationList.rootOfTrust.isPresent()) {
            System.out.println(str + "Root Of Trust:");
            printRootOfTrust(authorizationList.rootOfTrust, e.b.a.a.a.D(str, "\t"));
        }
        printOptional(authorizationList.osVersion, e.b.a.a.a.D(str, "OS Version"));
        printOptional(authorizationList.osPatchLevel, e.b.a.a.a.D(str, "OS Patch Level"));
        if (authorizationList.attestationApplicationId.isPresent()) {
            System.out.println(str + "Attestation Application ID:");
            printAttestationApplicationId(authorizationList.attestationApplicationId, e.b.a.a.a.D(str, "\t"));
        }
        printOptional(authorizationList.attestationApplicationIdBytes, e.b.a.a.a.D(str, "Attestation Application ID Bytes"));
        printOptional(authorizationList.attestationIdBrand, e.b.a.a.a.D(str, "Attestation ID Brand"));
        printOptional(authorizationList.attestationIdDevice, e.b.a.a.a.D(str, "Attestation ID Device"));
        printOptional(authorizationList.attestationIdProduct, e.b.a.a.a.D(str, "Attestation ID Product"));
        printOptional(authorizationList.attestationIdSerial, e.b.a.a.a.D(str, "Attestation ID Serial"));
        printOptional(authorizationList.attestationIdImei, e.b.a.a.a.D(str, "Attestation ID IMEI"));
        printOptional(authorizationList.attestationIdMeid, e.b.a.a.a.D(str, "Attestation ID MEID"));
        printOptional(authorizationList.attestationIdManufacturer, e.b.a.a.a.D(str, "Attestation ID Manufacturer"));
        printOptional(authorizationList.attestationIdModel, e.b.a.a.a.D(str, "Attestation ID Model"));
        printOptional(authorizationList.vendorPatchLevel, e.b.a.a.a.D(str, "Vendor Patch Level"));
        printOptional(authorizationList.bootPatchLevel, e.b.a.a.a.D(str, "Boot Patch Level"));
    }

    private static <T> void printOptional(Optional<T> optional, String str) {
        if (optional.isPresent()) {
            if (optional.get() instanceof byte[]) {
                PrintStream printStream = System.out;
                StringBuilder b0 = e.b.a.a.a.b0(str, ": ");
                b0.append(Base64.toBase64String((byte[]) optional.get()));
                printStream.println(b0.toString());
                return;
            }
            PrintStream printStream2 = System.out;
            StringBuilder b02 = e.b.a.a.a.b0(str, ": ");
            b02.append(optional.get());
            printStream2.println(b02.toString());
        }
    }

    private static void printRootOfTrust(Optional<RootOfTrust> optional, String str) {
        if (optional.isPresent()) {
            PrintStream printStream = System.out;
            StringBuilder b0 = e.b.a.a.a.b0(str, "Verified Boot Key: ");
            b0.append(Base64.toBase64String(optional.get().verifiedBootKey));
            printStream.println(b0.toString());
            PrintStream printStream2 = System.out;
            StringBuilder b02 = e.b.a.a.a.b0(str, "Device Locked: ");
            b02.append(optional.get().deviceLocked);
            printStream2.println(b02.toString());
            PrintStream printStream3 = System.out;
            StringBuilder b03 = e.b.a.a.a.b0(str, "Verified Boot State: ");
            b03.append(optional.get().verifiedBootState.name());
            printStream3.println(b03.toString());
            PrintStream printStream4 = System.out;
            StringBuilder b04 = e.b.a.a.a.b0(str, "Verified Boot Hash: ");
            b04.append(Base64.toBase64String(optional.get().verifiedBootHash));
            printStream4.println(b04.toString());
        }
    }

    public byte[] convertToUncompressedPoint(ECPublicKey eCPublicKey) {
        int bitLength = ((eCPublicKey.getParams().getOrder().bitLength() + 8) - 1) / 8;
        byte[] bArr = new byte[(bitLength * 2) + 1];
        bArr[0] = 4;
        byte[] byteArray = eCPublicKey.getW().getAffineX().toByteArray();
        if (byteArray.length <= bitLength) {
            System.arraycopy(byteArray, 0, bArr, (1 + bitLength) - byteArray.length, byteArray.length);
        } else {
            if (byteArray.length != bitLength + 1 || byteArray[0] != 0) {
                throw new IllegalStateException("x value is too large");
            }
            System.arraycopy(byteArray, 1, bArr, 1, bitLength);
        }
        int i = 1 + bitLength;
        byte[] byteArray2 = eCPublicKey.getW().getAffineY().toByteArray();
        if (byteArray2.length <= bitLength) {
            System.arraycopy(byteArray2, 0, bArr, (i + bitLength) - byteArray2.length, byteArray2.length);
        } else {
            if (byteArray2.length != bitLength + 1 || byteArray2[0] != 0) {
                throw new IllegalStateException("y value is too large");
            }
            System.arraycopy(byteArray2, 1, bArr, i, bitLength);
        }
        return bArr;
    }

    public byte[] createHmacSignature(byte[] bArr) {
        try {
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) getKeyStore().getEntry(ConstantsInternal.hmac_gataAerew0o1hi, null)).getSecretKey();
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKey);
            return mac.doFinal(bArr);
        } catch (Exception e2) {
            String str = TAG;
            StringBuilder Y = e.b.a.a.a.Y("import signature key failed: ");
            Y.append(e2.toString());
            Log.e(str, Y.toString());
            return null;
        }
    }

    public void createSecretKey(String str) {
        if (hasAlias(str)) {
            return;
        }
        Log.d(TAG, "createSecretKey start");
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", SecurityTA.ANDROID_KEYSTORE);
            keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
            SecretKey generateKey = keyGenerator.generateKey();
            Log.d(TAG, "createSecretKey result " + generateKey);
        } catch (Exception e2) {
            logException(e2, false);
        }
    }

    public KeyPair createWrapKeyPair(Context context, String str, byte[] bArr) {
        try {
            if (hasAlias(str)) {
                return getWrappingKeyPair(str);
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", SecurityTA.ANDROID_KEYSTORE);
            boolean hasStrongBox = TKeyStoreExtension.hasStrongBox(context);
            int i = 3;
            int i2 = Build.VERSION.SDK_INT;
            if (i2 >= 28 && isSupportWrapKey()) {
                i = 35;
            }
            KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder(str, i).setEncryptionPaddings("OAEPPadding").setBlockModes("ECB").setDigests(McElieceCCA2KeyGenParameterSpec.SHA1, "SHA-256", "SHA-512");
            if (i2 >= 28) {
                digests.setIsStrongBoxBacked(hasStrongBox);
            }
            if (i2 >= 24 && bArr != null) {
                digests.setAttestationChallenge(bArr);
            }
            keyPairGenerator.initialize(digests.build());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            PublicKey publicKey = generateKeyPair.getPublic();
            Log.d(TAG, "public key is " + android.util.Base64.encodeToString(publicKey.getEncoded(), 0));
            Log.d(TAG, "createWrapKeyPair >> PrivateKey:" + generateKeyPair.getPrivate().toString() + ", PublicKey:" + generateKeyPair.getPublic().toString());
            return generateKeyPair;
        } catch (Exception e2) {
            logException(e2, false);
            return null;
        }
    }

    public void deleteEntry(String str) throws KeyStoreException {
        getKeyStore().deleteEntry(str);
    }

    public byte[] doCipherWithNoPadding(byte[] bArr, Key key, byte[] bArr2, boolean z) {
        if (z && (bArr = m2padding(bArr)) == null) {
            return null;
        }
        int i = z ? 1 : 2;
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            cipher.init(i, key, new IvParameterSpec(bArr2));
            byte[] doFinal = cipher.doFinal(bArr);
            if (doFinal == null) {
                return null;
            }
            return !z ? m2unpadding(doFinal) : doFinal;
        } catch (Exception e2) {
            Log.e(TAG, e2.toString());
            return null;
        }
    }

    public byte[] doCipherWithNoPadding(byte[] bArr, byte[] bArr2, byte[] bArr3, boolean z) {
        if (z && (bArr = m2padding(bArr)) == null) {
            return null;
        }
        int i = z ? 1 : 2;
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            cipher.init(i, new SecretKeySpec(bArr2, "AES"), new IvParameterSpec(bArr3));
            byte[] doFinal = cipher.doFinal(bArr);
            if (doFinal == null) {
                return null;
            }
            return !z ? m2unpadding(doFinal) : doFinal;
        } catch (Exception e2) {
            Log.e(TAG, e2.toString());
            return null;
        }
    }

    public byte[] ecdh(PrivateKey privateKey, PublicKey publicKey) {
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(privateKey);
            keyAgreement.doPhase(publicKey, true);
            return keyAgreement.generateSecret();
        } catch (Exception e2) {
            Log.e(TAG, e2.toString());
            return null;
        }
    }

    public int genECKeyPair(String str) {
        try {
            if (hasAlias(str)) {
                deleteEntry(str);
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", SecurityTA.ANDROID_KEYSTORE);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 12).setAlgorithmParameterSpec(new ECGenParameterSpec(EC_KEY_CURVE)).setDigests("SHA-256", McElieceCCA2KeyGenParameterSpec.SHA384).build());
            keyPairGenerator.generateKeyPair();
            return 0;
        } catch (Exception e2) {
            Log.e(TAG, e2.toString());
            return -1;
        }
    }

    public KeyPair genEphemeralECKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", ANDROID_OPENSSL);
            keyPairGenerator.initialize(new ECGenParameterSpec(EC_KEY_CURVE));
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e2) {
            Log.e(TAG, e2.toString());
            return null;
        }
    }

    public Certificate[] getAttestationCertChain(String str) {
        try {
            return this.keyStore.getCertificateChain(str);
        } catch (Exception unused) {
            return null;
        }
    }

    public ParsedAttestationRecord getAttestationRecord(Certificate certificate) {
        try {
            return new ParsedAttestationRecord(ParsedAttestationRecord.extractAttestationSequence((X509Certificate) certificate));
        } catch (Exception unused) {
            return null;
        }
    }

    public Certificate getCertificate(String str) {
        return this.mKeyImpl.getCertificate(str);
    }

    public byte[] getECPubKeyData(String str) {
        try {
            PublicKey publicKeyByPrivateKey = getPublicKeyByPrivateKey(str);
            if (publicKeyByPrivateKey == null) {
                return null;
            }
            return convertToUncompressedPoint((ECPublicKey) publicKeyByPrivateKey);
        } catch (Exception unused) {
            return null;
        }
    }

    public ECPublicKey getECPublicKey(byte[] bArr, ECParameterSpec eCParameterSpec) throws Exception {
        if (bArr[0] != 4) {
            throw new IllegalArgumentException("Invalid uncompressedPoint encoding, no uncompressed point indicator");
        }
        int bitLength = ((eCParameterSpec.getOrder().bitLength() + 8) - 1) / 8;
        if (bArr.length != (bitLength * 2) + 1) {
            throw new IllegalArgumentException("Invalid uncompressedPoint encoding, not the correct size");
        }
        int i = 1 + bitLength;
        return (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Arrays.copyOfRange(bArr, 1, i)), new BigInteger(1, Arrays.copyOfRange(bArr, i, bitLength + i))), eCParameterSpec));
    }

    public KeyStore getKeyStore() {
        if (this.keyStore == null) {
            init();
        }
        return this.keyStore;
    }

    public Key getLocalCryptoKey(String str) {
        try {
            if (hasAlias(str)) {
                return this.keyStore.getKey(str, null);
            }
            createSecretKey(str);
            return this.keyStore.getKey(str, null);
        } catch (Exception unused) {
            return null;
        }
    }

    public PrivateKey getPrivateKey(String str) {
        return this.mKeyImpl.getPrivateKey(str);
    }

    public PublicKey getPublicKeyByCert(String str) {
        return this.mKeyImpl.getPublicKeyByCert(str);
    }

    public PublicKey getPublicKeyByPrivateKey(String str) {
        return this.mKeyImpl.getPublicKeyByPrivateKey(str);
    }

    public KeyPair getWrappingKeyPair(String str) throws KeyStoreException {
        try {
            KeyStore.Entry entry = getKeyStore().getEntry(str, null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new KeyStoreException("Not an instance of a PrivateKeyEntry");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
        } catch (Exception e2) {
            logException(e2, false);
            throw new KeyStoreException(e2.getMessage());
        }
    }

    public boolean hasAlias(String str) {
        return this.mKeyImpl.hasAlias(str);
    }

    public boolean importAESKey(String str, byte[] bArr) {
        try {
            getKeyStore().setEntry(str, new KeyStore.SecretKeyEntry(new SecretKeySpec(bArr, "AES")), new KeyProtection.Builder(3).setBlockModes("CBC").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
            return true;
        } catch (Exception e2) {
            String str2 = TAG;
            StringBuilder Y = e.b.a.a.a.Y("import key failed: ");
            Y.append(e2.toString());
            Log.e(str2, Y.toString());
            return false;
        }
    }

    public int importHmacSignatureKey(byte[] bArr) {
        try {
            getKeyStore().setEntry(ConstantsInternal.hmac_gataAerew0o1hi, new KeyStore.SecretKeyEntry(new SecretKeySpec(bArr, "HmacSHA256")), new KeyProtection.Builder(4).build());
            return 0;
        } catch (Exception e2) {
            String str = TAG;
            StringBuilder Y = e.b.a.a.a.Y("import signature key failed: ");
            Y.append(e2.toString());
            Log.e(str, Y.toString());
            return -2;
        }
    }

    @TargetApi(28)
    public void importWrappedKey(Context context, byte[] bArr, String str, String str2) throws Exception {
        int i = Build.VERSION.SDK_INT;
        if (i < 28) {
            return;
        }
        KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder(str, 32).setEncryptionPaddings("OAEPPadding").setBlockModes("ECB").setDigests(McElieceCCA2KeyGenParameterSpec.SHA1, "SHA-256", "SHA-512");
        boolean hasSystemFeature = context.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore");
        if (i >= 28 && hasSystemFeature) {
            digests.setIsStrongBoxBacked(true);
        }
        getKeyStore().setEntry(str2, new WrappedKeyEntry(bArr, str, "RSA/ECB/OAEPPadding", digests.build()), null);
    }

    public int loadCertificate(String str, byte[] bArr) {
        try {
            getKeyStore().setCertificateEntry(str, CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr)));
            return 0;
        } catch (Exception e2) {
            e2.printStackTrace();
            return -1;
        }
    }

    public byte[] sha256(byte[] bArr) {
        try {
            return MessageDigest.getInstance("SHA256").digest(bArr);
        } catch (Exception e2) {
            Log.e(TAG, e2.toString());
            return null;
        }
    }

    public byte[] sha256Mac(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr2, "HmacSHA256"));
            return mac.doFinal(bArr);
        } catch (Exception e2) {
            Log.e(TAG, e2.toString());
            return null;
        }
    }

    public byte[] signWithECDSA(String str, byte[] bArr) {
        return this.mKeyImpl.signWithECDSA(str, bArr);
    }

    public byte[] signWithECDSA(PrivateKey privateKey, byte[] bArr) {
        return this.mKeyImpl.signWithECDSA(privateKey, bArr);
    }

    public boolean verifyWithECDSA(String str, byte[] bArr, byte[] bArr2) {
        return this.mKeyImpl.verifyWithECDSA(str, bArr, bArr2);
    }

    public boolean verifyWithECDSA(PublicKey publicKey, byte[] bArr, byte[] bArr2) {
        return this.mKeyImpl.verifyWithECDSA(publicKey, bArr, bArr2);
    }
}
