package com.synology.sylib.security.internal.method;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.annotation.RequiresApi;
import android.support.annotation.VisibleForTesting;
import android.support.annotation.WorkerThread;
import android.util.Base64;
import com.synology.sylib.security.internal.KsManager;
import com.synology.sylib.security.util.Logger;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Calendar;
import java.util.HashMap;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: classes50.dex */
public class RsaHybridMethod extends CryptMethod {
    private static final Method METHOD = Method.RSA_HYBRID;
    private static final int RSA_KEY_BITS = 2048;
    public static final String SZ_ALGORITHM_AES = "AES";
    public static final String SZ_ALGORITHM_RSA = "RSA";

    @VisibleForTesting
    protected static final String SZ_KEY_AES_KEY = "key";
    public static final String SZ_RSA_ECB_PKCS1 = "RSA/ECB/PKCS1Padding";
    private final Context mContext;

    @Nullable
    private String mEncryptedAesKey;

    public RsaHybridMethod(@NonNull String str, @Nullable KeyStore keyStore, @NonNull Context context) {
        this(str, keyStore, null, context);
    }

    public RsaHybridMethod(@NonNull String str, @Nullable KeyStore keyStore, @Nullable HashMap<String, Object> hashMap, @NonNull Context context) {
        super(str, keyStore, hashMap);
        this.mContext = context;
        if (this.mSetting != null) {
            this.mEncryptedAesKey = String.valueOf(this.mSetting.get(SZ_KEY_AES_KEY));
        }
    }

    @Nullable
    private byte[] cryptRSA(int i, @NonNull byte[] bArr) {
        Key key;
        int bitLength;
        KeyStore keyStore = getKeyStore();
        if (keyStore == null) {
            return null;
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            if (i == 1) {
                key = keyStore.getCertificate(getKeyAlias()).getPublicKey();
                bitLength = ((RSAPublicKey) key).getModulus().bitLength();
            } else {
                PublicKey publicKey = keyStore.getCertificate(getKeyAlias()).getPublicKey();
                key = keyStore.getKey(getKeyAlias(), null);
                bitLength = ((RSAPublicKey) publicKey).getModulus().bitLength();
            }
            Cipher cipher = Cipher.getInstance(SZ_RSA_ECB_PKCS1);
            cipher.init(i, key);
            byte[] bArr2 = new byte[(bitLength / 8) - (i == 1 ? 11 : 0)];
            while (true) {
                int read = byteArrayInputStream.read(bArr2, 0, bArr2.length);
                if (read == -1) {
                    byteArrayInputStream.close();
                    byteArrayOutputStream.close();
                    return byteArrayOutputStream.toByteArray();
                }
                if (read != bArr2.length) {
                    bArr2 = Arrays.copyOfRange(bArr2, 0, read);
                }
                byte[] doFinal = cipher.doFinal(bArr2);
                byteArrayOutputStream.write(doFinal, 0, doFinal.length);
            }
        } catch (Exception e) {
            Logger.e("RsaCrypt", "RSA Mode[" + i + "] fail : " + e.getMessage(), e);
            return null;
        }
    }

    private Key generateAesRandomKey() throws Exception {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        return keyGenerator.generateKey();
    }

    private boolean generateRsaKeyStore_api18() throws Exception {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 100);
        KeyPairGeneratorSpec.Builder endDate = new KeyPairGeneratorSpec.Builder(this.mContext).setAlias(getKeyAlias()).setSubject(new X500Principal("CN=" + getKeyAlias())).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime());
        endDate.setKeySize(2048);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(SZ_ALGORITHM_RSA, KsManager.KEYSTORE_PROVIDER);
        keyPairGenerator.initialize(endDate.build());
        keyPairGenerator.generateKeyPair();
        return true;
    }

    @RequiresApi(api = 23)
    private boolean generateRsaKeyStore_api23() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(SZ_ALGORITHM_RSA, KsManager.KEYSTORE_PROVIDER);
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(getKeyAlias(), 3).setBlockModes("ECB").setDigests("SHA-256", MessageDigestAlgorithms.SHA_512).setEncryptionPaddings("PKCS1Padding").setKeySize(2048).build());
        keyPairGenerator.generateKeyPair();
        return true;
    }

    private String getEncryptedAesKey(Key key) throws Exception {
        return Base64.encodeToString(cryptRSA(1, key.getEncoded()), 2);
    }

    @Override // com.synology.sylib.security.internal.method.CryptMethod
    @Nullable
    Key getAesKey() {
        byte[] cryptRSA;
        try {
            if (getKeyStore() == null || this.mEncryptedAesKey == null || (cryptRSA = cryptRSA(2, Base64.decode(this.mEncryptedAesKey, 2))) == null) {
                return null;
            }
            return new SecretKeySpec(cryptRSA, "AES");
        } catch (Exception e) {
            Logger.e("RsaCrypt", "getKey : " + e.getMessage(), e);
            return null;
        }
    }

    @Override // com.synology.sylib.security.internal.method.CryptMethod
    @NonNull
    public Method getMethod() {
        return METHOD;
    }

    @Override // com.synology.sylib.security.internal.method.CryptMethod
    public boolean isNeedValidateAfterLoad() {
        return true;
    }

    @Override // com.synology.sylib.security.internal.method.CryptMethod
    @WorkerThread
    boolean onCreateKey(String str) {
        boolean generateRsaKeyStore_api18;
        KeyStore keyStore = getKeyStore();
        if (keyStore == null) {
            return false;
        }
        try {
            if (keyStore.containsAlias(getKeyAlias())) {
                Logger.w("RsaCrypt", "create : Key alias is already existed.");
                return true;
            }
            if (Build.VERSION.SDK_INT >= 23) {
                generateRsaKeyStore_api18 = generateRsaKeyStore_api23();
                Logger.dev("RsaCrypt", "Gen RAS 23 : " + generateRsaKeyStore_api18);
            } else {
                generateRsaKeyStore_api18 = generateRsaKeyStore_api18();
                Logger.dev("RsaCrypt", "Gen RAS 18 : " + generateRsaKeyStore_api18);
            }
            if (!generateRsaKeyStore_api18) {
                return false;
            }
            this.mEncryptedAesKey = getEncryptedAesKey(generateAesRandomKey());
            Logger.dev("RsaCrypt", "Gen Random AES : " + this.mEncryptedAesKey);
            return this.mEncryptedAesKey != null;
        } catch (InterruptedException e) {
            Logger.e("RasCrypt", "create interrupted : " + e.getMessage());
            return false;
        } catch (Exception e2) {
            Logger.e("RasCrypt", "create :  " + e2.getMessage(), e2);
            return false;
        }
    }

    @Override // com.synology.sylib.security.internal.method.CryptMethod
    @Nullable
    HashMap<String, Object> onCreateSettings() {
        if (this.mEncryptedAesKey == null) {
            return null;
        }
        HashMap<String, Object> hashMap = new HashMap<>();
        hashMap.put(SZ_KEY_AES_KEY, this.mEncryptedAesKey);
        return hashMap;
    }

    @Override // com.synology.sylib.security.internal.method.CryptMethod
    public void onDelete() {
    }

    @Override // com.synology.sylib.security.internal.method.CryptMethod
    boolean onValidate() {
        KeyStore keyStore = getKeyStore();
        if (this.mEncryptedAesKey == null || this.mEncryptedAesKey.length() <= 0 || keyStore == null) {
            Logger.d("RsaCrypt", "validate : aeskey = " + this.mEncryptedAesKey + " , keyStore = " + keyStore);
        } else {
            try {
                boolean equalsIgnoreCase = SZ_ALGORITHM_RSA.equalsIgnoreCase(keyStore.getKey(getKeyAlias(), null).getAlgorithm());
                Logger.d("RsaCrypt", "validate : algorithm match = " + equalsIgnoreCase);
                return equalsIgnoreCase;
            } catch (Exception e) {
                Logger.e("RsaCrypt", "validate : " + e.getMessage(), e);
            }
        }
        return false;
    }
}
