package de.komoot.android.util;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Pair;
import androidx.annotation.WorkerThread;
import com.google.android.gms.stats.CodePackage;
import de.komoot.android.FailedException;
import de.komoot.android.util.concurrent.ThreadUtil;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import javax.annotation.Nullable;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes3.dex */
public class KmtPrivateKeystore {

    /* renamed from: a, reason: collision with root package name */
    private final String f41286a;

    /* renamed from: b, reason: collision with root package name */
    @Nullable
    private KeyStore f41287b;

    public KmtPrivateKeystore(String str) {
        AssertUtil.O(str, "pAliasName is empty");
        this.f41286a = str;
    }

    private final SecretKey a() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        if (Build.VERSION.SDK_INT < 23) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(512);
            return keyGenerator.generateKey();
        }
        KeyGenerator keyGenerator2 = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(this.f41286a, 3);
        builder.setBlockModes(CodePackage.GCM);
        builder.setEncryptionPaddings("NoPadding");
        keyGenerator2.init(builder.build());
        return keyGenerator2.generateKey();
    }

    @WorkerThread
    private final KeyStore d() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        if (this.f41287b == null) {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            this.f41287b = keyStore;
            keyStore.load(null);
        }
        return this.f41287b;
    }

    private final SecretKey e() throws CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableEntryException, NoSuchProviderException, InvalidAlgorithmParameterException {
        SecretKey f2 = f();
        if (f2 == null) {
            f2 = a();
        }
        return f2;
    }

    @Nullable
    @WorkerThread
    private final SecretKey f() throws CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableEntryException {
        KeyStore.SecretKeyEntry secretKeyEntry;
        SecretKey secretKey = null;
        try {
            secretKeyEntry = (KeyStore.SecretKeyEntry) d().getEntry(this.f41286a, null);
        } catch (KeyStoreException unused) {
        }
        if (secretKeyEntry == null) {
            return null;
        }
        secretKey = secretKeyEntry.getSecretKey();
        return secretKey;
    }

    @WorkerThread
    public final String b(byte[] bArr, byte[] bArr2) throws UnrecoverableEntryException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, CertificateException, FailedException {
        AssertUtil.B(bArr, "pEncryptedData is null");
        AssertUtil.B(bArr2, "pEncryptionInitVector is null");
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr2);
        SecretKey f2 = f();
        if (f2 == null) {
            throw new FailedException("Missing Secret Key");
        }
        try {
            cipher.init(2, f2, gCMParameterSpec);
            return new String(cipher.doFinal(bArr), StandardCharsets.UTF_8);
        } catch (AbstractMethodError e2) {
            throw new FailedException(e2);
        }
    }

    @WorkerThread
    public final Pair<byte[], byte[]> c(String str) throws UnrecoverableEntryException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IOException, InvalidAlgorithmParameterException, BadPaddingException, IllegalBlockSizeException, CertificateException {
        AssertUtil.O(str, "pTextToEncrypt is empty");
        ThreadUtil.c();
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, e());
        return new Pair<>(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)), cipher.getIV());
    }
}
