package com.huawei.secure.encrypt.mlkit.common.encrypt.keystore.rsa;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.Signature;

/* loaded from: classes3.dex */
public abstract class RSASignKS {
    private static final String A = "AndroidKeyStore";
    private static final int F = 2048;
    private static final String G = "SHA256withRSA/PSS";
    private static final String TAG = "RSASignKS";
    private static final String i = "";

    private static boolean b() {
        return Build.VERSION.SDK_INT >= 23;
    }

    private static KeyPair f(String str) {
        if (i(str)) {
            Log.e(TAG, "Key pair exits");
            return null;
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", A);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256", "SHA-512").setSignaturePaddings("PSS").setKeySize(2048).build());
            return keyPairGenerator.generateKeyPair();
        } catch (GeneralSecurityException e) {
            Log.e(TAG, "generate keypair exception: " + e.getMessage());
            return null;
        }
    }

    private static boolean i(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(A);
            keyStore.load(null);
            return keyStore.getKey(str, null) != null;
        } catch (IOException | GeneralSecurityException e) {
            Log.e(TAG, "key pair exists exciption : " + e.getMessage());
            return false;
        }
    }

    private static KeyStore.Entry j(String str) {
        if (!i(str)) {
            f(str);
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(A);
            keyStore.load(null);
            return keyStore.getEntry(str, null);
        } catch (IOException | GeneralSecurityException e) {
            Log.e(TAG, "load entry exception : " + e.getMessage());
            return null;
        }
    }

    public static String sign(String str, String str2) {
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
            Log.e(TAG, "alias or content is null");
            return "";
        }
        if (!b()) {
            Log.e(TAG, "sdk version is too low");
            return "";
        }
        try {
            KeyStore.Entry j = j(str);
            if (j != null && (j instanceof KeyStore.PrivateKeyEntry)) {
                Signature signature = Signature.getInstance(G);
                signature.initSign(((KeyStore.PrivateKeyEntry) j).getPrivateKey());
                signature.update(str2.getBytes("UTF-8"));
                return Base64.encodeToString(signature.sign(), 0);
            }
            Log.e(TAG, "Not an instance of a PrivateKeyEntry");
            return "";
        } catch (UnsupportedEncodingException | GeneralSecurityException e) {
            Log.e(TAG, "encrypt exception : " + e.getMessage());
            return "";
        }
    }

    public static boolean verifySign(String str, String str2, String str3) {
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2) || TextUtils.isEmpty(str3)) {
            Log.e(TAG, "alias or content or sign value is null");
            return false;
        }
        if (!b()) {
            Log.e(TAG, "sdk version is too low");
            return false;
        }
        try {
            KeyStore.Entry j = j(str);
            if (j != null && (j instanceof KeyStore.PrivateKeyEntry)) {
                Signature signature = Signature.getInstance(G);
                signature.initVerify(((KeyStore.PrivateKeyEntry) j).getCertificate());
                signature.update(str2.getBytes("UTF-8"));
                return signature.verify(Base64.decode(str3, 0));
            }
            Log.e(TAG, "Not an instance of a PrivateKeyEntry");
            return false;
        } catch (UnsupportedEncodingException | GeneralSecurityException e) {
            Log.e(TAG, "verify sign exception : " + e.getMessage());
            return false;
        }
    }
}
