package de.starface.service.passphrase;

import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.RequiresApi;
import de.starface.utils.extensions.ExtensionsKt;
import java.io.File;
import java.security.Key;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.jvm.internal.Intrinsics;
import okio.BufferedSink;
import okio.BufferedSource;
import okio.Okio;
import org.jetbrains.annotations.NotNull;
import timber.log.Timber;

/* compiled from: KeyStorePassphraseProvider.kt */
@RequiresApi(23)
@Metadata(bv = {1, 0, 3}, d1 = {"\u00002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u0019\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0004\b\u0007\u0018\u0000 \u00112\u00020\u0001:\u0001\u0011B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u0010\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\fH\u0002J\u0018\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\u0004\u001a\u00020\u0005H\u0002J\b\u0010\u000f\u001a\u00020\nH\u0016J\u0010\u0010\u0010\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\fH\u0002R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0012"}, d2 = {"Lde/starface/service/passphrase/KeyStorePassphraseProvider;", "Lde/starface/service/passphrase/PassphraseProvider;", "encryptedFile", "Ljava/io/File;", "keyName", "", "(Ljava/io/File;Ljava/lang/String;)V", "blockSize", "", "create", "", "ks", "Ljava/security/KeyStore;", "createKey", "", "get", "load", "Companion", "app_release"}, k = 1, mv = {1, 1, 13})
/* loaded from: classes2.dex */
public final class KeyStorePassphraseProvider implements PassphraseProvider {
    private static final String BASE36_SYMBOLS = "abcdefghijklmnopqrstuvwxyz0123456789";
    private static final String KEYSTORE = "AndroidKeyStore";
    private final int blockSize;
    private final File encryptedFile;
    private final String keyName;

    public KeyStorePassphraseProvider(@NotNull File encryptedFile, @NotNull String keyName) {
        int i;
        Intrinsics.checkParameterIsNotNull(encryptedFile, "encryptedFile");
        Intrinsics.checkParameterIsNotNull(keyName, "keyName");
        this.encryptedFile = encryptedFile;
        this.keyName = keyName;
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            Intrinsics.checkExpressionValueIsNotNull(cipher, "Cipher.getInstance(\"AES/CBC/PKCS7Padding\")");
            i = cipher.getBlockSize();
        } catch (Exception e) {
            Timber.e(e, "Could not get AES/CBC/PKCS7Padding cipher", new Object[0]);
            i = -1;
        }
        this.blockSize = i;
    }

    private final char[] create(KeyStore ks) throws Exception {
        SecureRandom secureRandom = new SecureRandom();
        char[] cArr = new char[128];
        int length = cArr.length;
        for (int i = 0; i < length; i++) {
            cArr[i] = BASE36_SYMBOLS.charAt(secureRandom.nextInt(36));
        }
        createKey(ks, this.keyName);
        Key key = ks.getKey(this.keyName, null);
        if (key == null) {
            throw new TypeCastException("null cannot be cast to non-null type javax.crypto.SecretKey");
        }
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        byte[] bArr = new byte[this.blockSize];
        secureRandom.nextBytes(bArr);
        cipher.init(1, (SecretKey) key, new IvParameterSpec(bArr));
        byte[] doFinal = cipher.doFinal(ExtensionsKt.toBytes(cArr));
        BufferedSink buffer = Okio.buffer(Okio.sink(this.encryptedFile));
        buffer.write(bArr);
        buffer.write(doFinal);
        buffer.close();
        return cArr;
    }

    private final void createKey(KeyStore ks, String keyName) throws Exception {
        if (ks.getEntry(keyName, null) == null) {
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(keyName, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setUserAuthenticationRequired(false).setRandomizedEncryptionRequired(false).build();
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", KEYSTORE);
            keyGenerator.init(build);
            keyGenerator.generateKey();
        }
    }

    private final char[] load(KeyStore ks) throws Exception {
        BufferedSource buffer = Okio.buffer(Okio.source(this.encryptedFile));
        byte[] readByteArray = buffer.readByteArray(this.blockSize);
        byte[] readByteArray2 = buffer.readByteArray();
        buffer.close();
        Key key = ks.getKey(this.keyName, null);
        if (key == null) {
            throw new TypeCastException("null cannot be cast to non-null type javax.crypto.SecretKey");
        }
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        cipher.init(2, (SecretKey) key, new IvParameterSpec(readByteArray));
        byte[] decrypted = cipher.doFinal(readByteArray2);
        Intrinsics.checkExpressionValueIsNotNull(decrypted, "decrypted");
        return ExtensionsKt.toChars(decrypted);
    }

    @Override // de.starface.service.passphrase.PassphraseProvider
    @NotNull
    public char[] get() {
        KeyStore ks = KeyStore.getInstance(KEYSTORE);
        ks.load(null);
        if (this.encryptedFile.exists()) {
            Intrinsics.checkExpressionValueIsNotNull(ks, "ks");
            return load(ks);
        }
        Intrinsics.checkExpressionValueIsNotNull(ks, "ks");
        return create(ks);
    }
}
