package com.huawei.secure.android.common.encrypt.keystore.rsa; import android.os.Build; import android.security.keystore.KeyGenParameterSpec; import android.text.TextUtils; import android.util.Base64; import android.util.Log; import com.huawei.secure.android.common.encrypt.utils.b; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Signature; import java.security.SignatureException; import java.security.UnrecoverableEntryException; import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; public abstract class RSASignKS { private static final String a = "RSASignKS"; private static final String b = "AndroidKeyStore"; private static final String c = "SHA256withRSA/PSS"; private static final String d = ""; private static final int e = 2048; private static final int f = 3072; private static KeyStore.Entry b(String str, boolean z) { if (!a(str)) { a(str, z); } try { KeyStore instance = KeyStore.getInstance(b); instance.load(null); return instance.getEntry(str, null); } catch (KeyStoreException e2) { String str2 = a; b.b(str2, "KeyStoreException: " + e2.getMessage()); return null; } catch (CertificateException e3) { String str3 = a; b.b(str3, "CertificateException: " + e3.getMessage()); return null; } catch (NoSuchAlgorithmException e4) { String str4 = a; b.b(str4, "NoSuchAlgorithmException: " + e4.getMessage()); return null; } catch (IOException e5) { String str5 = a; b.b(str5, "IOException: " + e5.getMessage()); return null; } catch (UnrecoverableEntryException e6) { String str6 = a; b.b(str6, "UnrecoverableEntryException: " + e6.getMessage()); return null; } } public static boolean isBuildVersionHigherThan22() { return Build.VERSION.SDK_INT >= 23; } @Deprecated public static String sign(String str, String str2) { try { return Base64.encodeToString(sign(str, str2.getBytes("UTF-8")), 0); } catch (UnsupportedEncodingException e2) { String str3 = a; Log.e(str3, "sign UnsupportedEncodingException : " + e2.getMessage()); return ""; } } public static String signNew(String str, String str2) { try { return Base64.encodeToString(signNew(str, str2.getBytes("UTF-8")), 0); } catch (UnsupportedEncodingException e2) { String str3 = a; Log.e(str3, "sign UnsupportedEncodingException : " + e2.getMessage()); return ""; } } @Deprecated public static boolean verifySign(String str, String str2, String str3) { try { return verifySign(str, str2.getBytes("UTF-8"), Base64.decode(str3, 0)); } catch (UnsupportedEncodingException e2) { String str4 = a; Log.e(str4, "verifySign UnsupportedEncodingException: " + e2.getMessage()); return false; } catch (Exception e3) { String str5 = a; b.b(str5, "base64 decode Exception" + e3.getMessage()); return false; } } public static boolean verifySignNew(String str, String str2, String str3) { try { return verifySignNew(str, str2.getBytes("UTF-8"), Base64.decode(str3, 0)); } catch (UnsupportedEncodingException e2) { String str4 = a; Log.e(str4, "verifySign UnsupportedEncodingException: " + e2.getMessage()); return false; } catch (Exception e3) { String str5 = a; b.b(str5, "base64 decode Exception" + e3.getMessage()); return false; } } private static byte[] a(String str, byte[] bArr, boolean z) { byte[] bArr2 = new byte[0]; if (TextUtils.isEmpty(str) || bArr == null) { b.b(a, "alias or content is null"); return bArr2; } else if (!isBuildVersionHigherThan22()) { b.b(a, "sdk version is too low"); return bArr2; } else { KeyStore.Entry b2 = b(str, z); if (!(b2 instanceof KeyStore.PrivateKeyEntry)) { b.b(a, "Not an instance of a PrivateKeyEntry"); return bArr2; } try { Signature instance = Signature.getInstance(c); instance.initSign(((KeyStore.PrivateKeyEntry) b2).getPrivateKey()); instance.update(bArr); return instance.sign(); } catch (NoSuchAlgorithmException e2) { String str2 = a; b.b(str2, "NoSuchAlgorithmException: " + e2.getMessage()); return bArr2; } catch (SignatureException e3) { String str3 = a; b.b(str3, "SignatureException: " + e3.getMessage()); return bArr2; } catch (InvalidKeyException e4) { String str4 = a; b.b(str4, "InvalidKeyException: " + e4.getMessage()); return bArr2; } catch (Exception e5) { String str5 = a; b.b(str5, "Exception: " + e5.getMessage()); return bArr2; } } } @Deprecated public static byte[] sign(String str, byte[] bArr) { return a(str, bArr, false); } public static byte[] signNew(String str, byte[] bArr) { return a(str, bArr, true); } @Deprecated public static boolean verifySign(String str, byte[] bArr, byte[] bArr2) { return a(str, bArr, bArr2, false); } public static boolean verifySignNew(String str, byte[] bArr, byte[] bArr2) { return a(str, bArr, bArr2, true); } private static boolean a(String str, byte[] bArr, byte[] bArr2, boolean z) { if (TextUtils.isEmpty(str) || bArr == null || bArr2 == null) { b.b(a, "alias or content or sign value is null"); return false; } else if (!isBuildVersionHigherThan22()) { b.b(a, "sdk version is too low"); return false; } else { KeyStore.Entry b2 = b(str, z); if (!(b2 instanceof KeyStore.PrivateKeyEntry)) { b.b(a, "Not an instance of a PrivateKeyEntry"); return false; } try { Signature instance = Signature.getInstance(c); instance.initVerify(((KeyStore.PrivateKeyEntry) b2).getCertificate()); instance.update(bArr); return instance.verify(bArr2); } catch (NoSuchAlgorithmException e2) { String str2 = a; b.b(str2, "NoSuchAlgorithmException: " + e2.getMessage()); return false; } catch (SignatureException e3) { String str3 = a; b.b(str3, "SignatureException: " + e3.getMessage()); return false; } catch (InvalidKeyException e4) { String str4 = a; b.b(str4, "InvalidKeyException: " + e4.getMessage()); return false; } catch (Exception e5) { String str5 = a; b.b(str5, "Exception: " + e5.getMessage()); return false; } } } private static synchronized KeyPair a(String str, boolean z) { synchronized (RSASignKS.class) { KeyPair keyPair = null; if (a(str)) { b.b(a, "Key pair exits"); return null; } try { KeyPairGenerator instance = KeyPairGenerator.getInstance("RSA", b); if (!z) { instance.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256", "SHA-512").setSignaturePaddings("PSS").setKeySize(e).build()); } else { instance.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256", "SHA-512").setSignaturePaddings("PSS").setKeySize(f).build()); } keyPair = instance.generateKeyPair(); } catch (NoSuchAlgorithmException e2) { String str2 = a; b.b(str2, "NoSuchAlgorithmException: " + e2.getMessage()); } catch (NoSuchProviderException e3) { String str3 = a; b.b(str3, "NoSuchProviderException: " + e3.getMessage()); } catch (InvalidAlgorithmParameterException e4) { String str4 = a; b.b(str4, "InvalidAlgorithmParameterException: " + e4.getMessage()); } return keyPair; } } private static boolean a(String str) { try { KeyStore instance = KeyStore.getInstance(b); instance.load(null); if (instance.getKey(str, null) != null) { return true; } return false; } catch (KeyStoreException e2) { String str2 = a; b.b(str2, "KeyStoreException: " + e2.getMessage()); return false; } catch (CertificateException e3) { String str3 = a; b.b(str3, "CertificateException: " + e3.getMessage()); return false; } catch (UnrecoverableKeyException e4) { String str4 = a; b.b(str4, "UnrecoverableKeyException: " + e4.getMessage()); return false; } catch (NoSuchAlgorithmException e5) { String str5 = a; b.b(str5, "NoSuchAlgorithmException: " + e5.getMessage()); return false; } catch (IOException e6) { String str6 = a; b.b(str6, "IOException: " + e6.getMessage()); return false; } } }