package de.schildbach.wallet.security;

import android.content.SharedPreferences;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.dash.wallet.common.util.security.EncryptionProvider;

/* compiled from: ModernEncryptionProvider.kt */
/* loaded from: classes.dex */
public final class ModernEncryptionProvider implements EncryptionProvider {
    public static final Companion Companion = new Companion(null);
    private byte[] encryptionIv;
    private final KeyStore keyStore;
    private final SharedPreferences securityPrefs;

    /* compiled from: ModernEncryptionProvider.kt */
    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public ModernEncryptionProvider(KeyStore keyStore, SharedPreferences securityPrefs) {
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        Intrinsics.checkNotNullParameter(securityPrefs, "securityPrefs");
        this.keyStore = keyStore;
        this.securityPrefs = securityPrefs;
        this.encryptionIv = restoreIv();
    }

    private final SecretKey getSecretKey(String str) throws GeneralSecurityException {
        if (!this.keyStore.containsAlias(str)) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", this.keyStore.getProvider());
            Intrinsics.checkNotNullExpressionValue(keyGenerator, "getInstance(KeyPropertie…M_AES, keyStore.provider)");
            keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
            keyGenerator.generateKey();
        }
        KeyStore.Entry entry = this.keyStore.getEntry(str, null);
        Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.SecretKeyEntry");
        SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
        Intrinsics.checkNotNullExpressionValue(secretKey, "keyStore.getEntry(alias,…SecretKeyEntry).secretKey");
        return secretKey;
    }

    private final byte[] restoreIv() {
        String string = this.securityPrefs.getString("encryption_iv", null);
        if (string != null) {
            return Base64.decode(string, 2);
        }
        return null;
    }

    private final void saveIv(byte[] bArr) {
        this.encryptionIv = bArr;
        this.securityPrefs.edit().putString("encryption_iv", Base64.encodeToString(bArr, 2)).apply();
    }

    @Override // org.dash.wallet.common.util.security.EncryptionProvider
    public String decrypt(String keyAlias, byte[] encryptedData) throws GeneralSecurityException {
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        Intrinsics.checkNotNullParameter(encryptedData, "encryptedData");
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, getSecretKey(keyAlias), new GCMParameterSpec(128, this.encryptionIv));
        byte[] doFinal = cipher.doFinal(encryptedData);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(encryptedData)");
        Charset UTF_8 = StandardCharsets.UTF_8;
        Intrinsics.checkNotNullExpressionValue(UTF_8, "UTF_8");
        return new String(doFinal, UTF_8);
    }

    @Override // org.dash.wallet.common.util.security.EncryptionProvider
    public void deleteKey(String keyAlias) throws KeyStoreException {
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        this.keyStore.deleteEntry(keyAlias);
    }

    @Override // org.dash.wallet.common.util.security.EncryptionProvider
    public byte[] encrypt(String keyAlias, String textToEncrypt) throws GeneralSecurityException {
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        Intrinsics.checkNotNullParameter(textToEncrypt, "textToEncrypt");
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        SecretKey secretKey = getSecretKey(keyAlias);
        if (this.encryptionIv == null) {
            cipher.init(1, secretKey);
            byte[] iv = cipher.getIV();
            Intrinsics.checkNotNullExpressionValue(iv, "cipher.iv");
            saveIv(iv);
        } else {
            cipher.init(1, secretKey, new GCMParameterSpec(128, this.encryptionIv));
        }
        Charset UTF_8 = StandardCharsets.UTF_8;
        Intrinsics.checkNotNullExpressionValue(UTF_8, "UTF_8");
        byte[] bytes = textToEncrypt.getBytes(UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        return cipher.doFinal(bytes);
    }
}
