package com.alphero.security;

import android.annotation.TargetApi;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.NonNull;
import androidx.annotation.VisibleForTesting;
import androidx.appcompat.view.a;
import com.alphero.security.exception.EncryptionException;
import com.alphero.security.util.EncryptionExtensions;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;

@TargetApi(23)
/* loaded from: classes.dex */
public class AesKeystoreEncrypter extends AndroidKeystoreEncrypter<AesKeystoreEncrypter> {
    private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS7Padding";
    private static final int IV_LEN = 16;
    public static final int KEYSTORE_SDK = 23;
    private static final String SIGNING_ALGORITHM = "HmacSHA256";
    private int keyLength;

    public AesKeystoreEncrypter(String str) throws EncryptionException {
        super(str);
        this.keyLength = 128;
        if (Build.VERSION.SDK_INT < 23) {
            throw new IllegalStateException("Device not supported");
        }
    }

    private Mac getMac() throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, InvalidKeyException {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(this.keyStore.getKey(getSignatureAlias(), null));
        return mac;
    }

    @VisibleForTesting
    public static String getSignatureAlias(String str) {
        return a.a(str, "sig");
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.alphero.security.AndroidKeystoreEncrypter
    public AesKeystoreEncrypter clear() {
        AndroidKeystoreEncrypter.deleteAlias(getSignatureAlias());
        return (AesKeystoreEncrypter) super.clear();
    }

    @Override // com.alphero.security.AndroidKeystoreEncrypter
    public void createKey() throws EncryptionException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", AndroidKeystoreEncrypter.PROVIDER);
            keyGenerator.init(new KeyGenParameterSpec.Builder(this.alias, 3).setKeySize(this.keyLength).setBlockModes(SymmetricEncrypter.BLOCK_MODE_CBC).setEncryptionPaddings(AesEncrypter.PADDING_MODE_PKCS).setRandomizedEncryptionRequired(true).setUserAuthenticationRequired(this.userAuthenticationRequired).setUserAuthenticationValidityDurationSeconds(this.userValiditySeconds).build());
            keyGenerator.generateKey();
            KeyGenerator keyGenerator2 = KeyGenerator.getInstance("HmacSHA256", AndroidKeystoreEncrypter.PROVIDER);
            keyGenerator2.init(new KeyGenParameterSpec.Builder(getSignatureAlias(), 4).build());
            keyGenerator2.generateKey();
        } catch (Exception e7) {
            throw new EncryptionException(e7);
        }
    }

    @Override // com.alphero.security.AndroidKeystoreEncrypter
    public byte[] doDecrypt(@NonNull byte[] bArr) throws EncryptionException {
        try {
            Mac mac = getMac();
            int macLength = mac.getMacLength();
            byte[] bArr2 = new byte[macLength];
            int length = bArr.length - macLength;
            byte[] bArr3 = new byte[length];
            System.arraycopy(bArr, 0, bArr2, 0, macLength);
            System.arraycopy(bArr, macLength, bArr3, 0, length);
            if (!EncryptionExtensions.equalsTimeConstant(bArr2, mac.doFinal(bArr3))) {
                throw new InvalidKeyException();
            }
            byte[] bArr4 = new byte[16];
            System.arraycopy(bArr, macLength, bArr4, 0, 16);
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
            cipher.init(2, this.keyStore.getKey(this.alias, null), new IvParameterSpec(bArr4));
            int i7 = macLength + 16;
            int length2 = bArr.length - i7;
            byte[] bArr5 = new byte[length2];
            System.arraycopy(bArr, i7, bArr5, 0, length2);
            return cipher.doFinal(bArr5);
        } catch (Exception e7) {
            throw new EncryptionException(e7);
        }
    }

    @Override // com.alphero.security.AndroidKeystoreEncrypter
    public byte[] doEncrypt(@NonNull byte[] bArr) throws EncryptionException {
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
            cipher.init(1, this.keyStore.getKey(this.alias, null));
            byte[] doFinal = cipher.doFinal(bArr);
            byte[] iv = cipher.getIV();
            if (iv.length != 16) {
                throw new IllegalStateException(String.format(Locale.ENGLISH, "iv len miss-match (%d, %d)", Integer.valueOf(iv.length), 16));
            }
            byte[] bArr2 = new byte[doFinal.length + 16];
            System.arraycopy(iv, 0, bArr2, 0, 16);
            System.arraycopy(doFinal, 0, bArr2, 16, doFinal.length);
            Mac mac = getMac();
            int macLength = mac.getMacLength();
            byte[] doFinal2 = mac.doFinal(bArr2);
            int i7 = macLength + 16;
            byte[] bArr3 = new byte[doFinal.length + i7];
            System.arraycopy(doFinal2, 0, bArr3, 0, macLength);
            System.arraycopy(iv, 0, bArr3, macLength, 16);
            System.arraycopy(doFinal, 0, bArr3, i7, doFinal.length);
            return bArr3;
        } catch (Exception e7) {
            throw new EncryptionException(e7);
        }
    }

    @VisibleForTesting
    public String getSignatureAlias() {
        return getSignatureAlias(this.alias);
    }

    public AesKeystoreEncrypter withKeyLength(int i7) {
        this.keyLength = i7;
        return this;
    }
}
