package de.niklasmerz.cordova.biometric;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import com.microsoft.identity.common.java.crypto.key.AES256KeyLoader;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
class CryptographyManagerImpl implements CryptographyManager {
    private static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    private static final String ENCRYPTION_ALGORITHM = "AES";
    private static final String ENCRYPTION_BLOCK_MODE = "GCM";
    private static final String ENCRYPTION_PADDING = "NoPadding";
    private static final String KEY_ALGORITHM_AES = "AES";
    private static final int KEY_SIZE = 256;

    private Cipher getCipher() throws NoSuchPaddingException, NoSuchAlgorithmException {
        return Cipher.getInstance("AES/GCM/NoPadding");
    }

    private SecretKey getOrCreateSecretKey(String str, boolean z, Context context) throws CryptoException {
        return Build.VERSION.SDK_INT >= 23 ? getOrCreateSecretKeyNew(str, z) : getOrCreateSecretKeyOld(str, context);
    }

    private SecretKey getOrCreateSecretKeyNew(String str, boolean z) throws CryptoException {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey(str, null);
            if (secretKey != null) {
                return secretKey;
            }
            KeyGenParameterSpec.Builder userAuthenticationRequired = new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings(ENCRYPTION_PADDING).setKeySize(256).setUserAuthenticationRequired(true);
            if (Build.VERSION.SDK_INT >= 24) {
                userAuthenticationRequired.setInvalidatedByBiometricEnrollment(z);
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance(AES256KeyLoader.AES_ALGORITHM, ANDROID_KEYSTORE);
            keyGenerator.init(userAuthenticationRequired.build());
            return keyGenerator.generateKey();
        } catch (Exception e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    private SecretKey getOrCreateSecretKeyOld(String str, Context context) throws CryptoException {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 1);
        try {
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal("CN=FINGERPRINT_AIO , O=FINGERPRINT_AIO C=World")).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            KeyGenerator keyGenerator = KeyGenerator.getInstance(AES256KeyLoader.AES_ALGORITHM, ANDROID_KEYSTORE);
            keyGenerator.init(build);
            return keyGenerator.generateKey();
        } catch (Exception e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    private void handleException(Exception exc, String str) throws CryptoException {
        if (Build.VERSION.SDK_INT < 23 || !(exc instanceof KeyPermanentlyInvalidatedException)) {
            return;
        }
        removeKey(str);
        throw new KeyInvalidatedException();
    }

    private void removeKey(String str) throws CryptoException {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            keyStore.load(null);
            keyStore.deleteEntry(str);
        } catch (Exception e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    @Override // de.niklasmerz.cordova.biometric.CryptographyManager
    public String decryptData(byte[] bArr, Cipher cipher) throws CryptoException {
        try {
            return new String(cipher.doFinal(bArr), StandardCharsets.UTF_8);
        } catch (Exception e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    @Override // de.niklasmerz.cordova.biometric.CryptographyManager
    public EncryptedData encryptData(String str, Cipher cipher) throws CryptoException {
        try {
            return new EncryptedData(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)), cipher.getIV());
        } catch (Exception e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    @Override // de.niklasmerz.cordova.biometric.CryptographyManager
    public Cipher getInitializedCipherForDecryption(String str, byte[] bArr, Context context) throws CryptoException {
        try {
            Cipher cipher = getCipher();
            cipher.init(2, getOrCreateSecretKey(str, true, context), new GCMParameterSpec(128, bArr));
            return cipher;
        } catch (Exception e) {
            handleException(e, str);
            throw new CryptoException(e.getMessage(), e);
        }
    }

    @Override // de.niklasmerz.cordova.biometric.CryptographyManager
    public Cipher getInitializedCipherForEncryption(String str, boolean z, Context context) throws CryptoException {
        try {
            Cipher cipher = getCipher();
            cipher.init(1, getOrCreateSecretKey(str, z, context));
            return cipher;
        } catch (Exception e) {
            try {
                handleException(e, str);
                throw new CryptoException(e.getMessage(), e);
            } catch (KeyInvalidatedException e2) {
                return getInitializedCipherForEncryption(str, z, context);
            }
        }
    }
}
