package com.sankuai.meituan.tte;

import android.annotation.SuppressLint;
import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.annotation.VisibleForTesting;
import android.text.TextUtils;
import com.dianping.picasso.PicassoUpdateIndexPathHelper;
import com.meituan.android.paladin.PaladinManager;
import com.meituan.robust.ChangeQuickRedirect;
import com.meituan.robust.PatchProxy;
import com.meituan.robust.utils.RobustBitConfig;
import com.sankuai.common.utils.y;
import com.sankuai.meituan.tte.q;
import com.sankuai.meituan.tte.r;
import com.sankuai.titans.CryptoManager;
import com.sankuai.waimai.monitor.model.ErrorCode;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.interfaces.RSAKey;
import java.util.Calendar;
import java.util.Date;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes8.dex */
public class o {

    @SuppressLint({"StaticFieldLeak"})
    public static volatile o a;
    public static final Object b;
    public static ChangeQuickRedirect changeQuickRedirect;
    public volatile KeyPair c;
    public final Context d;

    static {
        try {
            PaladinManager.a().a("094d21be550e635883f3ed39db29555e");
        } catch (Throwable unused) {
        }
        b = new Object();
    }

    public o(@NonNull Context context) {
        this.d = context;
    }

    public static o a(Context context) {
        Object[] objArr = {context};
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, null, changeQuickRedirect2, true, "7f239d59522d2b9f4ebb6b65f6f9dd08", RobustBitConfig.DEFAULT_VALUE)) {
            return (o) PatchProxy.accessDispatch(objArr, null, changeQuickRedirect2, true, "7f239d59522d2b9f4ebb6b65f6f9dd08");
        }
        if (a == null) {
            synchronized (o.class) {
                if (a == null) {
                    a = new o(context);
                }
            }
        }
        return a;
    }

    private String b(r.d dVar, r.c cVar) {
        Object[] objArr = {dVar, cVar};
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "b671233457f3da17f29c5891991a699f", RobustBitConfig.DEFAULT_VALUE)) {
            return (String) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "b671233457f3da17f29c5891991a699f");
        }
        return "data_key-2048:" + dVar + ":" + cVar.b;
    }

    private String d() {
        Object[] objArr = new Object[0];
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "6c5089926af5f0ed75262898b64a2b4c", RobustBitConfig.DEFAULT_VALUE)) {
            return (String) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "6c5089926af5f0ed75262898b64a2b4c");
        }
        return "com.sankuai.meituan.tte.master_key-2048:" + y.a(this.d);
    }

    @VisibleForTesting
    @Nullable
    public final g a(r.d dVar, r.c cVar) {
        String b2;
        byte[] doFinal;
        Object[] objArr = {dVar, cVar};
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "d1b3efc27660b4c0e6ee4838ce8e133c", RobustBitConfig.DEFAULT_VALUE)) {
            return (g) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "d1b3efc27660b4c0e6ee4838ce8e133c");
        }
        if (e.a(this.d).b()) {
            p.b("TKeyStore", "get: disable");
            return null;
        }
        q.a a2 = q.a("tte.keyStore.read", "keyStore");
        try {
            try {
                try {
                    a2.a("algo", cVar.c);
                    a2.a("code", "0");
                    b2 = s.a(this.d, "ks").b(b(dVar, cVar), "", com.meituan.android.cipstorage.s.e);
                } catch (Throwable th) {
                    a2.a("code", "1100");
                    p.b("TKeyStore", "get", th);
                }
            } catch (GeneralSecurityException e) {
                a2.a("code", "1004");
                p.b("TKeyStore", "get", e);
            } catch (JSONException e2) {
                a2.a("code", "1003");
                p.b("TKeyStore", "get", e2);
            }
            if (TextUtils.isEmpty(b2)) {
                a2.a("code", "1002");
                a2.b();
                return null;
            }
            g gVar = new g(new JSONObject(b2));
            KeyPair a3 = a();
            if (a3 == null) {
                a2.a("code", ErrorCode.ERROR_CODE_OKHTTP_EXCEPTION);
                p.b("TKeyStore", "get: master key is null", null);
                return null;
            }
            byte[] bArr = gVar.c;
            Object[] objArr2 = {a3, bArr};
            ChangeQuickRedirect changeQuickRedirect3 = changeQuickRedirect;
            if (PatchProxy.isSupport(objArr2, this, changeQuickRedirect3, false, "d2e79488b95288752a504923ce93e23f", RobustBitConfig.DEFAULT_VALUE)) {
                doFinal = (byte[]) PatchProxy.accessDispatch(objArr2, this, changeQuickRedirect3, false, "d2e79488b95288752a504923ce93e23f");
            } else {
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                cipher.init(2, a3.getPrivate());
                doFinal = cipher.doFinal(bArr);
            }
            gVar.c = doFinal;
            return gVar;
        } finally {
            a2.b();
        }
    }

    @VisibleForTesting
    public final KeyPair a() {
        Object[] objArr = new Object[0];
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "b9dbf572c6a84986fe9306141813e131", RobustBitConfig.DEFAULT_VALUE)) {
            return (KeyPair) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "b9dbf572c6a84986fe9306141813e131");
        }
        if (this.c == null) {
            synchronized (b) {
                if (this.c == null) {
                    this.c = b();
                }
            }
        }
        return this.c;
    }

    @VisibleForTesting
    public final boolean a(g gVar) {
        Object[] objArr = {gVar};
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "68d3b815736a348dc5b920908a715b0b", RobustBitConfig.DEFAULT_VALUE)) {
            return ((Boolean) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "68d3b815736a348dc5b920908a715b0b")).booleanValue();
        }
        if (e.a(this.d).b()) {
            p.b("TKeyStore", "remove: disable");
            return false;
        }
        try {
            return s.a(this.d, "ks").b(b(gVar.a, gVar.b), com.meituan.android.cipstorage.s.e);
        } catch (Throwable th) {
            p.b("TKeyStore", PicassoUpdateIndexPathHelper.REMOVE_ACTION, th);
            return false;
        }
    }

    @VisibleForTesting
    public final KeyPair b() {
        boolean containsAlias;
        Object[] objArr = new Object[0];
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "71ac163adcb859955c3fb38b8bb8cfe3", RobustBitConfig.DEFAULT_VALUE)) {
            return (KeyPair) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "71ac163adcb859955c3fb38b8bb8cfe3");
        }
        String d = d();
        try {
            KeyStore c = c();
            c.load(null);
            try {
                containsAlias = c.containsAlias(d);
            } catch (NullPointerException unused) {
                p.a("TKeyStore", "Keystore is temporarily unavailable.", null);
                try {
                    Thread.sleep(20L);
                } catch (InterruptedException unused2) {
                }
                c = c();
                c.load(null);
                containsAlias = c.containsAlias(d);
            }
            p.c("TKeyStore", "containsAlias[" + d + "]: " + containsAlias);
            if (containsAlias) {
                Key key = c.getKey(d(), null);
                PrivateKey privateKey = ((key instanceof PrivateKey) && (key instanceof RSAKey)) ? (PrivateKey) key : null;
                Certificate certificate = c.getCertificate(d());
                PublicKey publicKey = (certificate == null || !(certificate.getPublicKey() instanceof RSAKey)) ? null : certificate.getPublicKey();
                if (privateKey != null && publicKey != null) {
                    p.b("TKeyStore", "did get master key");
                    return new KeyPair(publicKey, privateKey);
                }
            }
        } catch (KeyStoreException e) {
            p.b("TKeyStore", "getMasterKey", e);
        } catch (UnrecoverableKeyException e2) {
            p.b("TKeyStore", "getMasterKey", e2);
        } catch (GeneralSecurityException e3) {
            p.b("TKeyStore", "getMasterKey", e3);
        } catch (Throwable th) {
            p.b("TKeyStore", "getMasterKey", th);
        }
        try {
            p.b("TKeyStore", "try gen master key");
            Object[] objArr2 = new Object[0];
            ChangeQuickRedirect changeQuickRedirect3 = changeQuickRedirect;
            KeyPairGenerator keyPairGenerator = PatchProxy.isSupport(objArr2, this, changeQuickRedirect3, false, "5668794a33d9340d00963814b419a6c1", RobustBitConfig.DEFAULT_VALUE) ? (KeyPairGenerator) PatchProxy.accessDispatch(objArr2, this, changeQuickRedirect3, false, "5668794a33d9340d00963814b419a6c1") : KeyPairGenerator.getInstance(CryptoManager.RSA_ALGORITHM, "AndroidKeyStore");
            Calendar calendar = Calendar.getInstance();
            calendar.add(1, 100);
            keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(this.d).setKeySize(2048).setAlias(d()).setSubject(new X500Principal("CN=TTE, O=Sankuai")).setSerialNumber(new BigInteger("1101")).setStartDate(new Date()).setEndDate(calendar.getTime()).build());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            p.b("TKeyStore", "did gen master key");
            return generateKeyPair;
        } catch (GeneralSecurityException e4) {
            p.b("TKeyStore", "getMasterKey", e4);
            return null;
        } catch (Throwable th2) {
            p.b("TKeyStore", "getMasterKey", th2);
            return null;
        }
    }

    @VisibleForTesting
    public final boolean b(g gVar) {
        byte[] doFinal;
        Object[] objArr = {gVar};
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "a5ab3f91d67a07ec0cc7262ec5be8a6c", RobustBitConfig.DEFAULT_VALUE)) {
            return ((Boolean) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "a5ab3f91d67a07ec0cc7262ec5be8a6c")).booleanValue();
        }
        if (e.a(this.d).b()) {
            p.b("TKeyStore", "set: disable");
            return false;
        }
        q.a a2 = q.a("tte.keyStore.write", "keyStore");
        try {
            try {
                try {
                    a2.a("algo", gVar.b.c);
                    a2.a("code", "0");
                    KeyPair a3 = a();
                    if (a3 == null) {
                        p.b("TKeyStore", "set: master key is null", null);
                        a2.a("code", ErrorCode.ERROR_CODE_OKHTTP_EXCEPTION);
                        return false;
                    }
                    JSONObject jSONObject = new JSONObject();
                    jSONObject.put("env", gVar.a.ordinal());
                    jSONObject.put("cipherType", gVar.b.b);
                    jSONObject.put("dk", s.a(gVar.c));
                    jSONObject.put("edk", s.a(gVar.d));
                    jSONObject.put("retrievedAt", gVar.e);
                    byte[] bArr = gVar.c;
                    Object[] objArr2 = {a3, bArr};
                    ChangeQuickRedirect changeQuickRedirect3 = changeQuickRedirect;
                    if (PatchProxy.isSupport(objArr2, this, changeQuickRedirect3, false, "95e683f20433751d9f855c0cb6405d20", RobustBitConfig.DEFAULT_VALUE)) {
                        doFinal = (byte[]) PatchProxy.accessDispatch(objArr2, this, changeQuickRedirect3, false, "95e683f20433751d9f855c0cb6405d20");
                    } else {
                        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                        cipher.init(1, a3.getPublic());
                        doFinal = cipher.doFinal(bArr);
                    }
                    jSONObject.put("dk", s.a(doFinal));
                    s.a(this.d, "ks").a(b(gVar.a, gVar.b), jSONObject.toString(), com.meituan.android.cipstorage.s.e);
                    a2.b();
                    return true;
                } catch (JSONException e) {
                    a2.a("code", "1003");
                    p.b("TKeyStore", "set", e);
                    a2.b();
                    return false;
                }
            } catch (GeneralSecurityException e2) {
                a2.a("code", "1004");
                p.b("TKeyStore", "set", e2);
                a2.b();
                return false;
            } catch (Throwable th) {
                a2.a("code", "1100");
                p.b("TKeyStore", "set", th);
                a2.b();
                return false;
            }
        } finally {
            a2.b();
        }
    }

    @VisibleForTesting
    public final KeyStore c() throws KeyStoreException {
        Object[] objArr = new Object[0];
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        return PatchProxy.isSupport(objArr, this, changeQuickRedirect2, false, "b0f518e9eec6156bb88763cc92d75487", RobustBitConfig.DEFAULT_VALUE) ? (KeyStore) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, false, "b0f518e9eec6156bb88763cc92d75487") : KeyStore.getInstance("AndroidKeyStore");
    }
}
