package piuk.blockchain.android.data.biometrics;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import com.facebook.stetho.common.Utf8Charset;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import kotlin.jvm.internal.Intrinsics;

/* loaded from: classes2.dex */
public final class CryptographyManagerImpl implements CryptographyManager {
    public final int KEY_SIZE = 256;
    public final String ANDROID_KEYSTORE = "AndroidKeyStore";
    public final String ENCRYPTION_BLOCK_MODE = "CBC";
    public final String ENCRYPTION_PADDING = "PKCS7Padding";
    public final String ENCRYPTION_ALGORITHM = "AES";

    public static /* synthetic */ CipherState initialiseCipher$default(CryptographyManagerImpl cryptographyManagerImpl, int i, String str, byte[] bArr, int i2, Object obj) {
        if ((i2 & 4) != 0) {
            bArr = null;
        }
        return cryptographyManagerImpl.initialiseCipher(i, str, bArr);
    }

    @Override // piuk.blockchain.android.data.biometrics.CryptographyManager
    public void clearData(String secretKeyName) {
        Intrinsics.checkNotNullParameter(secretKeyName, "secretKeyName");
        removeKey(secretKeyName);
    }

    @Override // piuk.blockchain.android.data.biometrics.CryptographyManager
    public String decryptData(byte[] ciphertext, Cipher cipher) {
        Intrinsics.checkNotNullParameter(ciphertext, "ciphertext");
        Intrinsics.checkNotNullParameter(cipher, "cipher");
        byte[] plaintext = cipher.doFinal(ciphertext);
        Intrinsics.checkNotNullExpressionValue(plaintext, "plaintext");
        Charset forName = Charset.forName(Utf8Charset.NAME);
        Intrinsics.checkNotNullExpressionValue(forName, "Charset.forName(\"UTF-8\")");
        return new String(plaintext, forName);
    }

    @Override // piuk.blockchain.android.data.biometrics.CryptographyManager
    public EncryptedData encryptData(String plaintext, Cipher cipher) {
        Intrinsics.checkNotNullParameter(plaintext, "plaintext");
        Intrinsics.checkNotNullParameter(cipher, "cipher");
        Charset forName = Charset.forName(Utf8Charset.NAME);
        Intrinsics.checkNotNullExpressionValue(forName, "Charset.forName(\"UTF-8\")");
        byte[] bytes = plaintext.getBytes(forName);
        Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
        byte[] ciphertext = cipher.doFinal(bytes);
        Intrinsics.checkNotNullExpressionValue(ciphertext, "ciphertext");
        byte[] iv = cipher.getIV();
        Intrinsics.checkNotNullExpressionValue(iv, "cipher.iv");
        return new EncryptedData(ciphertext, iv);
    }

    public final Cipher getCipher() {
        Cipher cipher = Cipher.getInstance(this.ENCRYPTION_ALGORITHM + '/' + this.ENCRYPTION_BLOCK_MODE + '/' + this.ENCRYPTION_PADDING);
        Intrinsics.checkNotNullExpressionValue(cipher, "Cipher.getInstance(transformation)");
        return cipher;
    }

    @Override // piuk.blockchain.android.data.biometrics.CryptographyManager
    public CipherState getInitializedCipherForDecryption(String keyName, byte[] initializationVector) {
        Intrinsics.checkNotNullParameter(keyName, "keyName");
        Intrinsics.checkNotNullParameter(initializationVector, "initializationVector");
        return initialiseCipher(2, keyName, initializationVector);
    }

    @Override // piuk.blockchain.android.data.biometrics.CryptographyManager
    public CipherState getInitializedCipherForEncryption(String keyName) {
        Intrinsics.checkNotNullParameter(keyName, "keyName");
        return initialiseCipher$default(this, 1, keyName, null, 4, null);
    }

    public final SecretKey getOrCreateSecretKey(String str) {
        KeyStore keyStore = KeyStore.getInstance(this.ANDROID_KEYSTORE);
        keyStore.load(null);
        if (keyStore.containsAlias(str)) {
            Key key = keyStore.getKey(str, null);
            Objects.requireNonNull(key, "null cannot be cast to non-null type javax.crypto.SecretKey");
            return (SecretKey) key;
        }
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(str, 3);
        builder.setBlockModes(this.ENCRYPTION_BLOCK_MODE);
        builder.setEncryptionPaddings(this.ENCRYPTION_PADDING);
        builder.setKeySize(this.KEY_SIZE);
        builder.setUserAuthenticationRequired(true);
        if (Build.VERSION.SDK_INT >= 24) {
            builder.setInvalidatedByBiometricEnrollment(true);
        }
        KeyGenParameterSpec build = builder.build();
        Intrinsics.checkNotNullExpressionValue(build, "paramsBuilder.build()");
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", this.ANDROID_KEYSTORE);
        keyGenerator.init(build);
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "keyGenerator.generateKey()");
        return generateKey;
    }

    public final CipherState initialiseCipher(int i, String str, byte[] bArr) {
        CipherState cipherOtherError;
        Cipher cipher = getCipher();
        try {
            SecretKey orCreateSecretKey = getOrCreateSecretKey(str);
            boolean z = true;
            if (i == 1) {
                cipher.init(i, orCreateSecretKey);
            } else if (i == 2) {
                if (bArr == null) {
                    z = false;
                }
                if (!z) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
                cipher.init(i, orCreateSecretKey, new IvParameterSpec(bArr));
            }
            return new CipherSuccess(cipher);
        } catch (KeyPermanentlyInvalidatedException e) {
            removeKey(str);
            cipherOtherError = new CipherInvalidatedError(e);
            return cipherOtherError;
        } catch (InvalidAlgorithmParameterException e2) {
            removeKey(str);
            cipherOtherError = new CipherNoSuitableBiometrics(e2);
            return cipherOtherError;
        } catch (Exception e3) {
            cipherOtherError = new CipherOtherError(e3);
            return cipherOtherError;
        }
    }

    public final void removeKey(String str) {
        KeyStore keyStore = KeyStore.getInstance(this.ANDROID_KEYSTORE);
        keyStore.load(null);
        if (keyStore.containsAlias(str)) {
            keyStore.deleteEntry(str);
        }
    }
}
