package com.huawei.networkenergy.appplatform.logical.crypto;

import android.content.Context;
import android.text.TextUtils;
import android.util.Base64;
import com.huawei.inverterapp.wifi.socket.util.CharsetUtil;
import com.huawei.networkenergy.appplatform.common.log.Log;
import com.huawei.secure.android.common.encrypt.keystore.rsa.RSASignKS;
import com.huawei.secure.android.common.util.HexUtil;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Signature;

/* compiled from: TbsSdkJava */
/* loaded from: classes3.dex */
class RsaSignKsByPlatform {
    private static final String EMPTY = "";
    private static final int KEY_LENGTH = 2048;
    private static final String RSA_MODE_SIGN = "SHA256withRSA";
    private static final String TAG = "RSASignKS";

    RsaSignKsByPlatform() {
    }

    private static boolean keyPairExists(Context context, String str) {
        try {
            return RsaEncryptKsByPlatform.getKeyStore(context).getKey(str, null) != null;
        } catch (IOException | GeneralSecurityException e2) {
            Log.error(TAG, "key pair exists exciption : " + e2.getMessage());
            return false;
        }
    }

    private static KeyStore.Entry loadEntry(Context context, String str) {
        if (!keyPairExists(context, str)) {
            RsaEncryptKsByPlatform.generateKeyPair(context, str);
        }
        try {
            return RsaEncryptKsByPlatform.getKeyStore(context).getEntry(str, null);
        } catch (IOException | GeneralSecurityException e2) {
            Log.error(TAG, "load entry exception : " + e2.getMessage());
            return null;
        }
    }

    public static String rsaSignWithKeyStore(Context context, String str, byte[] bArr) {
        String byteArray2HexStr = HexUtil.byteArray2HexStr(bArr);
        return true == EncryptCommon.isBuildVersionHigherThan22() ? RSASignKS.sign(str, byteArray2HexStr) : sign(context, str, byteArray2HexStr);
    }

    public static boolean rsaVerifyWithKeyStore(Context context, String str, byte[] bArr, String str2) {
        String byteArray2HexStr = HexUtil.byteArray2HexStr(bArr);
        return true == EncryptCommon.isBuildVersionHigherThan22() ? RSASignKS.verifySign(str, byteArray2HexStr, str2) : verifySign(context, str, byteArray2HexStr, str2);
    }

    public static String sign(Context context, String str, String str2) {
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
            Log.error(TAG, "alias or content is null");
            return "";
        }
        try {
            KeyStore.Entry loadEntry = loadEntry(context, str);
            if (loadEntry != null && (loadEntry instanceof KeyStore.PrivateKeyEntry)) {
                Signature signature = Signature.getInstance(RSA_MODE_SIGN);
                signature.initSign(((KeyStore.PrivateKeyEntry) loadEntry).getPrivateKey());
                signature.update(str2.getBytes(CharsetUtil.CHARASET_UTF_8));
                return Base64.encodeToString(signature.sign(), 0);
            }
            Log.error(TAG, "Not an instance of a PrivateKeyEntry");
            return "";
        } catch (UnsupportedEncodingException | GeneralSecurityException e2) {
            Log.error(TAG, "encrypt exception : " + e2.getMessage());
            return "";
        }
    }

    public static boolean verifySign(Context context, String str, String str2, String str3) {
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2) || TextUtils.isEmpty(str3)) {
            Log.error(TAG, "alias or content or sign value is null");
            return false;
        }
        Log.error(TAG, "input sign result:" + str3);
        try {
            KeyStore.Entry loadEntry = loadEntry(context, str);
            if (loadEntry != null && (loadEntry instanceof KeyStore.PrivateKeyEntry)) {
                Signature signature = Signature.getInstance(RSA_MODE_SIGN);
                signature.initVerify(((KeyStore.PrivateKeyEntry) loadEntry).getCertificate());
                signature.update(str2.getBytes(CharsetUtil.CHARASET_UTF_8));
                return signature.verify(Base64.decode(str3, 0));
            }
            Log.error(TAG, "Not an instance of a PrivateKeyEntry");
            return false;
        } catch (UnsupportedEncodingException | GeneralSecurityException e2) {
            Log.error(TAG, "verify sign exception : " + e2.getMessage());
            return false;
        }
    }
}
