package com.oblador.keychain.cipherStorage;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Log;
import com.facebook.react.bridge.ReactApplicationContext;
import com.oblador.keychain.SecurityLevel;
import com.oblador.keychain.cipherStorage.CipherStorage;
import com.oblador.keychain.cipherStorage.CipherStorageBase;
import com.oblador.keychain.cipherStorage.CipherStorageKeystoreAesGcm;
import com.oblador.keychain.exceptions.CryptoFailedException;
import com.oblador.keychain.resultHandler.CryptoContext;
import com.oblador.keychain.resultHandler.CryptoOperation;
import com.oblador.keychain.resultHandler.ResultHandler;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.spec.KeySpec;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;

/* compiled from: CipherStorageKeystoreAesGcm.kt */
@Metadata(d1 = {"\u0000`\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0002\b\u0005\b\u0007\u0018\u0000 (2\u00020\u0001:\u0002()B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J0\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u0010\u001a\u00020\u0011H\u0016J\u0018\u0010\u0012\u001a\u00020\f2\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u000eH\u0016J0\u0010\u0016\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\f2\u0006\u0010\u000f\u001a\u00020\f2\u0006\u0010\u0010\u001a\u00020\u0011H\u0016J\u0018\u0010\u0017\u001a\u00020\u000e2\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0018\u001a\u00020\fH\u0016J\u0010\u0010\u0019\u001a\u00020\u00142\u0006\u0010\u001a\u001a\u00020\u001bH\u0014J\b\u0010\u001c\u001a\u00020\fH\u0016J\b\u0010\u001d\u001a\u00020\fH\u0014J\b\u0010\u001e\u001a\u00020\fH\u0014J\u0010\u0010\u001f\u001a\u00020 2\u0006\u0010\u000b\u001a\u00020\fH\u0014J\u0018\u0010\u001f\u001a\u00020 2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010!\u001a\u00020\u0005H\u0014J\u0010\u0010\"\u001a\u00020#2\u0006\u0010\u0013\u001a\u00020\u0014H\u0014J\b\u0010$\u001a\u00020%H\u0016J\b\u0010&\u001a\u00020\u0005H\u0016J\b\u0010'\u001a\u00020\u0011H\u0016R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006*"}, d2 = {"Lcom/oblador/keychain/cipherStorage/CipherStorageKeystoreAesGcm;", "Lcom/oblador/keychain/cipherStorage/CipherStorageBase;", "reactContext", "Lcom/facebook/react/bridge/ReactApplicationContext;", "requiresBiometricAuth", "", "(Lcom/facebook/react/bridge/ReactApplicationContext;Z)V", "decrypt", "", "handler", "Lcom/oblador/keychain/resultHandler/ResultHandler;", "alias", "", "username", "", "password", "level", "Lcom/oblador/keychain/SecurityLevel;", "decryptBytes", "key", "Ljava/security/Key;", "bytes", "encrypt", "encryptString", "value", "generateKey", "spec", "Landroid/security/keystore/KeyGenParameterSpec;", "getCipherStorageName", "getEncryptionAlgorithm", "getEncryptionTransformation", "getKeyGenSpecBuilder", "Landroid/security/keystore/KeyGenParameterSpec$Builder;", "isForTesting", "getKeyInfo", "Landroid/security/keystore/KeyInfo;", "getMinSupportedApiLevel", "", "isBiometrySupported", "securityLevel", "Companion", "IV", "react-native-keychain_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes7.dex */
public final class CipherStorageKeystoreAesGcm extends CipherStorageBase {
    public static final String ALGORITHM_AES = "AES";
    public static final String BLOCK_MODE_GCM = "GCM";
    public static final int ENCRYPTION_KEY_SIZE = 256;
    public static final String ENCRYPTION_TRANSFORMATION = "AES/GCM/NoPadding";
    public static final String PADDING_NONE = "NoPadding";
    private final boolean requiresBiometricAuth;

    /* compiled from: CipherStorageKeystoreAesGcm.kt */
    @Metadata(d1 = {"\u0000$\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u0011\u0010\u0006\u001a\u00020\u0007¢\u0006\b\n\u0000\u001a\u0004\b\b\u0010\tR\u0011\u0010\n\u001a\u00020\u000b¢\u0006\b\n\u0000\u001a\u0004\b\f\u0010\r¨\u0006\u000e"}, d2 = {"Lcom/oblador/keychain/cipherStorage/CipherStorageKeystoreAesGcm$IV;", "", "()V", "IV_LENGTH", "", "TAG_LENGTH", "decrypt", "Lcom/oblador/keychain/cipherStorage/CipherStorageBase$DecryptBytesHandler;", "getDecrypt", "()Lcom/oblador/keychain/cipherStorage/CipherStorageBase$DecryptBytesHandler;", "encrypt", "Lcom/oblador/keychain/cipherStorage/CipherStorageBase$EncryptStringHandler;", "getEncrypt", "()Lcom/oblador/keychain/cipherStorage/CipherStorageBase$EncryptStringHandler;", "react-native-keychain_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes7.dex */
    public static final class IV {
        public static final int IV_LENGTH = 12;
        public static final int TAG_LENGTH = 128;
        public static final IV INSTANCE = new IV();
        private static final CipherStorageBase.EncryptStringHandler encrypt = new CipherStorageBase.EncryptStringHandler() { // from class: com.oblador.keychain.cipherStorage.CipherStorageKeystoreAesGcm$IV$$ExternalSyntheticLambda0
            @Override // com.oblador.keychain.cipherStorage.CipherStorageBase.EncryptStringHandler
            public final void initialize(Cipher cipher, Key key, OutputStream outputStream) {
                CipherStorageKeystoreAesGcm.IV.encrypt$lambda$0(cipher, key, outputStream);
            }
        };
        private static final CipherStorageBase.DecryptBytesHandler decrypt = new CipherStorageBase.DecryptBytesHandler() { // from class: com.oblador.keychain.cipherStorage.CipherStorageKeystoreAesGcm$IV$$ExternalSyntheticLambda1
            @Override // com.oblador.keychain.cipherStorage.CipherStorageBase.DecryptBytesHandler
            public final void initialize(Cipher cipher, Key key, InputStream inputStream) {
                CipherStorageKeystoreAesGcm.IV.decrypt$lambda$1(cipher, key, inputStream);
            }
        };

        private IV() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static final void decrypt$lambda$1(Cipher cipher, Key key, InputStream input) {
            Intrinsics.checkNotNullParameter(cipher, "cipher");
            Intrinsics.checkNotNullParameter(key, "key");
            Intrinsics.checkNotNullParameter(input, "input");
            byte[] bArr = new byte[12];
            if (input.read(bArr, 0, 12) != 12) {
                throw new IOException("Input stream has insufficient data.");
            }
            cipher.init(2, key, new GCMParameterSpec(128, bArr));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static final void encrypt$lambda$0(Cipher cipher, Key key, OutputStream output) {
            Intrinsics.checkNotNullParameter(cipher, "cipher");
            Intrinsics.checkNotNullParameter(key, "key");
            Intrinsics.checkNotNullParameter(output, "output");
            cipher.init(1, key);
            byte[] iv = cipher.getIV();
            output.write(iv, 0, iv.length);
        }

        public final CipherStorageBase.DecryptBytesHandler getDecrypt() {
            return decrypt;
        }

        public final CipherStorageBase.EncryptStringHandler getEncrypt() {
            return encrypt;
        }
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public CipherStorageKeystoreAesGcm(ReactApplicationContext reactContext, boolean z) {
        super(reactContext);
        Intrinsics.checkNotNullParameter(reactContext, "reactContext");
        this.requiresBiometricAuth = z;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public void decrypt(ResultHandler handler, String alias, byte[] username, byte[] password, SecurityLevel level) throws CryptoFailedException {
        Key key;
        Key extractGeneratedKey;
        Intrinsics.checkNotNullParameter(handler, "handler");
        Intrinsics.checkNotNullParameter(alias, "alias");
        Intrinsics.checkNotNullParameter(username, "username");
        Intrinsics.checkNotNullParameter(password, "password");
        Intrinsics.checkNotNullParameter(level, "level");
        throwIfInsufficientLevel(level);
        String defaultAliasIfEmpty = CipherStorageBase.INSTANCE.getDefaultAliasIfEmpty(alias, getDefaultAliasServiceName());
        try {
            try {
                extractGeneratedKey = extractGeneratedKey(defaultAliasIfEmpty, level, new AtomicInteger(1));
            } catch (UserNotAuthenticatedException e) {
                e = e;
                key = null;
            }
            try {
                handler.onDecrypt(new CipherStorage.DecryptionResult(decryptBytes(extractGeneratedKey, username), decryptBytes(extractGeneratedKey, password), null, 4, null), null);
            } catch (UserNotAuthenticatedException e2) {
                e = e2;
                key = extractGeneratedKey;
                Log.d(getLOG_TAG(), "Unlock of keystore is needed. Error: " + e.getMessage(), e);
                Intrinsics.checkNotNull(key);
                handler.askAccessPermissions(new CryptoContext(defaultAliasIfEmpty, key, password, username, CryptoOperation.DECRYPT));
            }
        } catch (Throwable th) {
            handler.onDecrypt(null, th);
        }
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    public String decryptBytes(Key key, byte[] bytes) throws GeneralSecurityException, IOException {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(bytes, "bytes");
        return decryptBytes(key, bytes, IV.INSTANCE.getDecrypt());
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public void encrypt(ResultHandler handler, String alias, String username, String password, SecurityLevel level) throws CryptoFailedException {
        Key key;
        Key extractGeneratedKey;
        Intrinsics.checkNotNullParameter(handler, "handler");
        Intrinsics.checkNotNullParameter(alias, "alias");
        Intrinsics.checkNotNullParameter(username, "username");
        Intrinsics.checkNotNullParameter(password, "password");
        Intrinsics.checkNotNullParameter(level, "level");
        throwIfInsufficientLevel(level);
        String defaultAliasIfEmpty = CipherStorageBase.INSTANCE.getDefaultAliasIfEmpty(alias, getDefaultAliasServiceName());
        try {
            try {
                extractGeneratedKey = extractGeneratedKey(defaultAliasIfEmpty, level, new AtomicInteger(1));
            } catch (UserNotAuthenticatedException e) {
                e = e;
                key = null;
            }
            try {
                handler.onEncrypt(new CipherStorage.EncryptionResult(encryptString(extractGeneratedKey, username), encryptString(extractGeneratedKey, password), this), null);
            } catch (UserNotAuthenticatedException e2) {
                e = e2;
                key = extractGeneratedKey;
                Log.d(getLOG_TAG(), "Unlock of keystore is needed. Error: " + e.getMessage(), e);
                Intrinsics.checkNotNull(key);
                byte[] bytes = password.getBytes(Charsets.UTF_8);
                Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
                byte[] bytes2 = username.getBytes(Charsets.UTF_8);
                Intrinsics.checkNotNullExpressionValue(bytes2, "getBytes(...)");
                handler.askAccessPermissions(new CryptoContext(defaultAliasIfEmpty, key, bytes, bytes2, CryptoOperation.ENCRYPT));
            }
        } catch (Throwable th) {
            handler.onEncrypt(null, th);
        }
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    public byte[] encryptString(Key key, String value) throws GeneralSecurityException, IOException {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(value, "value");
        return encryptString(key, value, IV.INSTANCE.getEncrypt());
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    protected Key generateKey(KeyGenParameterSpec spec) throws GeneralSecurityException {
        Intrinsics.checkNotNullParameter(spec, "spec");
        KeyGenerator keyGenerator = KeyGenerator.getInstance(getEncryptionAlgorithm(), CipherStorageBase.KEYSTORE_TYPE);
        keyGenerator.init(spec);
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "generateKey(...)");
        return generateKey;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public String getCipherStorageName() {
        boolean z = this.requiresBiometricAuth;
        if (z) {
            return "KeystoreAESGCM";
        }
        if (z) {
            throw new NoWhenBranchMatchedException();
        }
        return "KeystoreAESGCM_NoAuth";
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    protected String getEncryptionAlgorithm() {
        return "AES";
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    protected String getEncryptionTransformation() {
        return "AES/GCM/NoPadding";
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    protected KeyGenParameterSpec.Builder getKeyGenSpecBuilder(String alias) throws GeneralSecurityException {
        Intrinsics.checkNotNullParameter(alias, "alias");
        return getKeyGenSpecBuilder(alias, false);
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    protected KeyGenParameterSpec.Builder getKeyGenSpecBuilder(String alias, boolean isForTesting) throws GeneralSecurityException {
        Intrinsics.checkNotNullParameter(alias, "alias");
        KeyGenParameterSpec.Builder keySize = new KeyGenParameterSpec.Builder(alias, 3).setBlockModes("GCM").setEncryptionPaddings(PADDING_NONE).setRandomizedEncryptionRequired(true).setKeySize(256);
        Intrinsics.checkNotNullExpressionValue(keySize, "setKeySize(...)");
        if (this.requiresBiometricAuth) {
            keySize.setUserAuthenticationRequired(true);
            if (Build.VERSION.SDK_INT >= 30) {
                keySize.setUserAuthenticationParameters(5, 2);
            } else {
                keySize.setUserAuthenticationValidityDurationSeconds(5);
            }
        }
        return keySize;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    protected KeyInfo getKeyInfo(Key key) throws GeneralSecurityException {
        Intrinsics.checkNotNullParameter(key, "key");
        KeySpec keySpec = SecretKeyFactory.getInstance(key.getAlgorithm(), CipherStorageBase.KEYSTORE_TYPE).getKeySpec((SecretKey) key, KeyInfo.class);
        Intrinsics.checkNotNullExpressionValue(keySpec, "getKeySpec(...)");
        return (KeyInfo) keySpec;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public int getMinSupportedApiLevel() {
        return 23;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    /* renamed from: isBiometrySupported, reason: from getter */
    public boolean getRequiresBiometricAuth() {
        return this.requiresBiometricAuth;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase, com.oblador.keychain.cipherStorage.CipherStorage
    public SecurityLevel securityLevel() {
        return SecurityLevel.SECURE_HARDWARE;
    }
}
