package com.philips.platform.sdkutil.securestorage;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.StrongBoxUnavailableException;
import android.text.TextUtils;
import android.util.Base64;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.MGF1ParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes11.dex */
public class SSKeyProvider23Impl extends SSKeyProvider {
    public static final String AES = "AES";
    public static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String CIPHER_ALGORITHM = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    public static final String MGF_1 = "MGF1";
    public static final String SHA_1 = "SHA-1";
    public static final String SHA_256 = "SHA-256";
    private static final String SS_KEY_23_IMPL_ALIAS = "ss_key_23_impl_alias";
    private SSFileCache ssFileCache;

    public SSKeyProvider23Impl(SSFileCache sSFileCache) {
        this.ssFileCache = sSFileCache;
    }

    private void initAndGenerateKeyPair(KeyPairGenerator keyPairGenerator, KeyGenParameterSpec keyGenParameterSpec) throws GeneralSecurityException {
        keyPairGenerator.initialize(keyGenParameterSpec);
        keyPairGenerator.generateKeyPair();
    }

    private KeyGenParameterSpec initStrongBoxDisabledKeyGen() {
        return new KeyGenParameterSpec.Builder(SS_KEY_23_IMPL_ALIAS, 2).setDigests("SHA-256", "SHA-512").setEncryptionPaddings("OAEPPadding").setKeySize(2048).build();
    }

    protected boolean a(String str) throws SSKeyProviderException {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (!keyStore.containsAlias(SS_KEY_23_IMPL_ALIAS)) {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                if (Build.VERSION.SDK_INT >= 28) {
                    try {
                        initAndGenerateKeyPair(keyPairGenerator, new KeyGenParameterSpec.Builder(SS_KEY_23_IMPL_ALIAS, 2).setDigests("SHA-256", "SHA-512").setEncryptionPaddings("OAEPPadding").setKeySize(2048).setIsStrongBoxBacked(true).build());
                    } catch (StrongBoxUnavailableException unused) {
                        initAndGenerateKeyPair(keyPairGenerator, initStrongBoxDisabledKeyGen());
                    }
                } else {
                    initAndGenerateKeyPair(keyPairGenerator, initStrongBoxDisabledKeyGen());
                }
            }
            PublicKey publicKey = keyStore.getCertificate(SS_KEY_23_IMPL_ALIAS).getPublicKey();
            OAEPParameterSpec oAEPParameterSpec = new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT);
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
            cipher.init(3, publicKey, oAEPParameterSpec);
            this.ssFileCache.putRSAWrappedAESKeyInFileCache(str, Base64.encodeToString(cipher.wrap(generateAESKey()), 0));
            return true;
        } catch (IOException unused2) {
            throw new SSKeyProviderException("Error while loading keystore");
        } catch (GeneralSecurityException unused3) {
            throw new SSKeyProviderException("Exception while creating key.");
        }
    }

    protected SecretKey b(String str) throws SSKeyProviderException {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(SS_KEY_23_IMPL_ALIAS, null);
            OAEPParameterSpec oAEPParameterSpec = new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT);
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
            cipher.init(4, privateKey, oAEPParameterSpec);
            return new SecretKeySpec(((SecretKey) cipher.unwrap(Base64.decode(str, 0), "AES", 3)).getEncoded(), "AES");
        } catch (IOException unused) {
            throw new SSKeyProviderException("Error while loading keystore");
        } catch (GeneralSecurityException unused2) {
            throw new SSKeyProviderException("Exception while creating key.");
        }
    }

    @Override // com.philips.platform.sdkutil.securestorage.SSKeyProvider
    public SecretKey getSecureKey(String str) throws SSKeyProviderException {
        if (TextUtils.isEmpty(this.ssFileCache.getRSAWrappedAESKeyFromFileCache(str))) {
            a(str);
        }
        return b(this.ssFileCache.getRSAWrappedAESKeyFromFileCache(str));
    }
}
