package net.zetetic.strip.security;

import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import com.google.android.gms.stats.CodePackage;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import net.zetetic.strip.repositories.LocalSettingsRepository;
import timber.log.a;
import y1.AbstractC1043f;
import y1.AbstractC1044g;
import y1.AbstractC1045h;

/* loaded from: classes.dex */
public class BiometricCryptoManager {
    public static final String CIPHERTEXT_KEY_NAME = "MASTER_PASS";
    public static final String SECRET_KEY_NAME = "codebook_master_key";
    private final String ANDROID_KEYSTORE;
    private final String IV_KEY_NAME;
    private final String TAG;
    private final LocalSettingsRepository localSettingsRepository;

    public BiometricCryptoManager() {
        this(new LocalSettingsRepository());
    }

    public BiometricCryptoManager(LocalSettingsRepository localSettingsRepository) {
        this.ANDROID_KEYSTORE = "AndroidKeyStore";
        this.IV_KEY_NAME = "MASTER_PASS_IV";
        this.TAG = getClass().getSimpleName();
        this.localSettingsRepository = localSettingsRepository;
    }

    private Cipher getCipher() {
        try {
            return Cipher.getInstance("AES/GCM/NoPadding");
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new RuntimeException("Failed to get Cipher", e2);
        }
    }

    private SecretKey getOrCreateSecretKey(String str) {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder userAuthenticationRequired;
        KeyGenParameterSpec.Builder encryptionPaddings;
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey(str, null);
            if (secretKey != null) {
                return secretKey;
            }
            AbstractC1045h.a();
            blockModes = AbstractC1044g.a(str, 3).setBlockModes(CodePackage.GCM);
            userAuthenticationRequired = blockModes.setUserAuthenticationRequired(true);
            encryptionPaddings = userAuthenticationRequired.setEncryptionPaddings("NoPadding");
            keyGenerator.init(AbstractC1043f.a(encryptionPaddings));
            return keyGenerator.generateKey();
        } catch (Exception e2) {
            a.f(this.TAG).e(e2, "Failed to get or create secret key", new Object[0]);
            return null;
        }
    }

    public String decrypt(String str, Cipher cipher) {
        try {
            return new String(cipher.doFinal(Base64.decode(str.getBytes(Charset.forName("UTF-8")), 0)), Charset.forName("UTF-8"));
        } catch (Exception e2) {
            a.f(this.TAG).e(e2, "Failed to decrypt ciphertext", new Object[0]);
            return null;
        }
    }

    public void encrypt(String str, Cipher cipher) {
        try {
            this.localSettingsRepository.setEncryptedData(Base64.encodeToString(cipher.doFinal(str.getBytes(Charset.forName("UTF-8"))), 0), CIPHERTEXT_KEY_NAME);
        } catch (Exception e2) {
            a.f(this.TAG).e(e2, "Failed to encrypt plaintext", new Object[0]);
        }
    }

    public Cipher getInitializedCipherForDecryption() {
        return getInitializedCipherForDecryption(SECRET_KEY_NAME);
    }

    public Cipher getInitializedCipherForDecryption(String str) {
        Cipher cipher;
        try {
            try {
                cipher = getCipher();
            } catch (KeyPermanentlyInvalidatedException e2) {
                removeKeyFromKeyStore(str);
                throw e2;
            }
        } catch (Exception e3) {
            e = e3;
            cipher = null;
        }
        try {
            cipher.init(2, getOrCreateSecretKey(str), new GCMParameterSpec(128, Base64.decode(this.localSettingsRepository.getIv("MASTER_PASS_IV").getBytes(), 0)));
        } catch (Exception e4) {
            e = e4;
            a.f(this.TAG).e(e, "Failed to initialize cipher for decryption", new Object[0]);
            return cipher;
        }
        return cipher;
    }

    public Cipher getInitializedCipherForEncryption() {
        return getInitializedCipherForEncryption(SECRET_KEY_NAME);
    }

    public Cipher getInitializedCipherForEncryption(String str) {
        Cipher cipher;
        try {
            try {
                cipher = getCipher();
            } catch (KeyPermanentlyInvalidatedException e2) {
                removeKeyFromKeyStore(str);
                throw e2;
            }
        } catch (Exception e3) {
            e = e3;
            cipher = null;
        }
        try {
            cipher.init(1, getOrCreateSecretKey(str));
            this.localSettingsRepository.setIv(((GCMParameterSpec) cipher.getParameters().getParameterSpec(GCMParameterSpec.class)).getIV(), "MASTER_PASS_IV");
            return cipher;
        } catch (Exception e4) {
            e = e4;
            a.f(this.TAG).e(e, "Failed to initialize cipher for encryption", new Object[0]);
            return cipher;
        }
    }

    public void removeKeyFromKeyStore(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(str);
        } catch (Exception e2) {
            a.f(this.TAG).i(e2, "Failed to remove key from keystore", new Object[0]);
        }
    }
}
