package tech.bluespace.android.id_guard.model;

import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.util.Base64;
import androidx.autofill.HintConstants;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.spec.KeySpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import tech.bluespace.android.id_guard.utils.AesEncryptedData;
import tech.bluespace.android.id_guard.utils.CipherUtil;

/* compiled from: HardwareCrypto.kt */
@Metadata(d1 = {"\u0000:\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0004\n\u0002\u0010\u0012\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\n\bÀ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J \u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u00072\u0006\u0010\u0010\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\u000eH\u0002J\u0018\u0010\r\u001a\u0004\u0018\u00010\u000e2\u0006\u0010\u0012\u001a\u00020\u00072\u0006\u0010\u0013\u001a\u00020\u0004J\u0016\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u000f\u001a\u00020\u00072\u0006\u0010\u0010\u001a\u00020\u000eJ\u0016\u0010\u0016\u001a\u00020\u000e2\u0006\u0010\u0010\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\u000eJ\u000e\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u0004J\u000e\u0010\u001a\u001a\u00020\u00152\u0006\u0010\u0010\u001a\u00020\u000eJ\u0006\u0010\u001b\u001a\u00020\tJ\u0010\u0010\u001c\u001a\u0004\u0018\u00010\u00072\u0006\u0010\u001d\u001a\u00020\u0004J\u0016\u0010\u001e\u001a\u00020\u000e2\u0006\u0010\u0010\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\u000eJ\b\u0010\u001f\u001a\u00020\tH\u0002J\u0010\u0010 \u001a\u0004\u0018\u00010\u00072\u0006\u0010\u001d\u001a\u00020\u0004J\u0006\u0010!\u001a\u00020\u0018R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u0010\u0010\u0006\u001a\u0004\u0018\u00010\u0007X\u0082\u000e¢\u0006\u0002\n\u0000R\u0011\u0010\b\u001a\u00020\t8F¢\u0006\u0006\u001a\u0004\b\n\u0010\u000bR\u000e\u0010\f\u001a\u00020\tX\u0082T¢\u0006\u0002\n\u0000¨\u0006\""}, d2 = {"Ltech/bluespace/android/id_guard/model/HardwareCrypto;", "", "()V", "DeviceKeyAlias", "", "androidKeyStoreProvider", "deviceSecretKey", "Ljavax/crypto/SecretKey;", "hasSecretKey", "", "getHasSecretKey", "()Z", "isUsingSecureHardware", "aesDecrypt", "", "secretKey", "data", "nonce", "key", "base64", "aesEncrypt", "Ltech/bluespace/android/id_guard/utils/AesEncryptedData;", "decrypt", "deleteKey", "", "keyName", "encrypt", "ensureSecretKey", "loadAesKey", HintConstants.AUTOFILL_HINT_NAME, "loadAndDecrypt", "loadDeviceSecretKey", "makeAesKey256", "unload", "app_release"}, k = 1, mv = {1, 5, 1}, xi = 48)
/* loaded from: classes2.dex */
public final class HardwareCrypto {
    private static final String DeviceKeyAlias = "tech.bluespace.android.id_guard";
    public static final HardwareCrypto INSTANCE = new HardwareCrypto();
    private static final String androidKeyStoreProvider = "AndroidKeyStore";
    private static SecretKey deviceSecretKey = null;
    private static final boolean isUsingSecureHardware = true;

    private HardwareCrypto() {
    }

    private final byte[] aesDecrypt(SecretKey secretKey, byte[] data, byte[] nonce) throws InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Cipher aesCipher = CipherUtil.INSTANCE.getAesCipher();
        aesCipher.init(2, secretKey, new GCMParameterSpec(128, nonce));
        byte[] doFinal = aesCipher.doFinal(data);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(data)");
        return doFinal;
    }

    private final boolean loadDeviceSecretKey() {
        SecretKey secretKey;
        try {
            secretKey = INSTANCE.loadAesKey("tech.bluespace.android.id_guard");
        } catch (Throwable unused) {
            secretKey = null;
        }
        if (secretKey == null) {
            return false;
        }
        deviceSecretKey = secretKey;
        return secretKey != null;
    }

    public final byte[] aesDecrypt(SecretKey key, String base64) {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(base64, "base64");
        byte[] data = Base64.decode(base64, 2);
        AesEncryptedData.Companion companion = AesEncryptedData.INSTANCE;
        Intrinsics.checkNotNullExpressionValue(data, "data");
        AesEncryptedData tryMake = companion.tryMake(data);
        if (tryMake == null) {
            return null;
        }
        AesEncryptedData java = tryMake.getJava();
        return aesDecrypt(key, java.getData(), java.getIv());
    }

    public final AesEncryptedData aesEncrypt(SecretKey secretKey, byte[] data) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Intrinsics.checkNotNullParameter(secretKey, "secretKey");
        Intrinsics.checkNotNullParameter(data, "data");
        Cipher aesCipher = CipherUtil.INSTANCE.getAesCipher();
        aesCipher.init(1, secretKey);
        byte[] doFinal = aesCipher.doFinal(data);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(data)");
        byte[] iv = aesCipher.getIV();
        Intrinsics.checkNotNullExpressionValue(iv, "cipher.iv");
        return new AesEncryptedData(doFinal, iv, null, 4, null);
    }

    public final byte[] decrypt(byte[] data, byte[] nonce) throws InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Intrinsics.checkNotNullParameter(data, "data");
        Intrinsics.checkNotNullParameter(nonce, "nonce");
        Cipher aesCipher = CipherUtil.INSTANCE.getAesCipher();
        aesCipher.init(2, deviceSecretKey, new GCMParameterSpec(128, nonce));
        byte[] doFinal = aesCipher.doFinal(data);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(data)");
        return doFinal;
    }

    public final void deleteKey(String keyName) {
        Intrinsics.checkNotNullParameter(keyName, "keyName");
        KeyStore keyStore = KeyStore.getInstance(androidKeyStoreProvider);
        keyStore.load(null);
        keyStore.deleteEntry(keyName);
    }

    public final AesEncryptedData encrypt(byte[] data) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Intrinsics.checkNotNullParameter(data, "data");
        Cipher aesCipher = CipherUtil.INSTANCE.getAesCipher();
        aesCipher.init(1, deviceSecretKey);
        byte[] doFinal = aesCipher.doFinal(data);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(data)");
        byte[] iv = aesCipher.getIV();
        Intrinsics.checkNotNullExpressionValue(iv, "cipher.iv");
        return new AesEncryptedData(doFinal, iv, null, 4, null);
    }

    public final boolean ensureSecretKey() {
        if (getHasSecretKey()) {
            return true;
        }
        SecretKey secretKey = null;
        try {
            secretKey = INSTANCE.makeAesKey256("tech.bluespace.android.id_guard");
        } catch (Throwable unused) {
        }
        if (secretKey == null) {
            return false;
        }
        deviceSecretKey = secretKey;
        return true;
    }

    public final boolean getHasSecretKey() {
        return deviceSecretKey != null;
    }

    public final SecretKey loadAesKey(String name) {
        Intrinsics.checkNotNullParameter(name, "name");
        KeyStore keyStore = KeyStore.getInstance(androidKeyStoreProvider);
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(name, null);
        KeyStore.SecretKeyEntry secretKeyEntry = entry instanceof KeyStore.SecretKeyEntry ? (KeyStore.SecretKeyEntry) entry : null;
        if (secretKeyEntry == null) {
            return null;
        }
        return secretKeyEntry.getSecretKey();
    }

    public final byte[] loadAndDecrypt(byte[] data, byte[] nonce) throws GeneralSecurityException {
        Intrinsics.checkNotNullParameter(data, "data");
        Intrinsics.checkNotNullParameter(nonce, "nonce");
        if (loadDeviceSecretKey()) {
            return decrypt(data, nonce);
        }
        throw new DeviceSecretKeyChangedException();
    }

    public final SecretKey makeAesKey256(String name) {
        Intrinsics.checkNotNullParameter(name, "name");
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", androidKeyStoreProvider);
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(name, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(name,\n          …\n                .build()");
        keyGenerator.init(build);
        SecretKey generateKey = keyGenerator.generateKey();
        KeySpec keySpec = SecretKeyFactory.getInstance(generateKey.getAlgorithm(), androidKeyStoreProvider).getKeySpec(generateKey, KeyInfo.class);
        if (keySpec == null) {
            throw new NullPointerException("null cannot be cast to non-null type android.security.keystore.KeyInfo");
        }
        if (((KeyInfo) keySpec).isInsideSecureHardware()) {
            return generateKey;
        }
        return null;
    }

    public final void unload() {
        deviceSecretKey = null;
    }
}
