package com.amazon.aws.argon.crypto;

import android.security.keystore.KeyGenParameterSpec;
import com.amazon.aws.argon.logging.ArgonLogger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import javax.crypto.KeyGenerator;
import lombok.NonNull;

/* loaded from: classes.dex */
public class KeystoreWrapper {
    private static final String TAG = KeystoreWrapper.class.getSimpleName();
    private final String ARGON_KEY_NAME = "argon_key_name";
    private final KeyGenerator keyGenerator;
    private final KeyStore keyStore;

    public KeystoreWrapper(@NonNull KeyStore keyStore, @NonNull KeyGenerator keyGenerator) {
        if (keyStore == null) {
            throw new NullPointerException("keyStore");
        }
        if (keyGenerator == null) {
            throw new NullPointerException("keyGenerator");
        }
        this.keyStore = keyStore;
        this.keyGenerator = keyGenerator;
        try {
            if (keyStore.containsAlias("argon_key_name")) {
                return;
            }
            createArgonKey();
        } catch (GeneralSecurityException e) {
            ArgonLogger.e(TAG, "Failed to initialize Keystore. Keystore is not functional.", e);
            throw new RuntimeException(e);
        }
    }

    private void createArgonKey() {
        this.keyGenerator.init(new KeyGenParameterSpec.Builder("argon_key_name", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
        this.keyGenerator.generateKey();
    }

    public Key getSecretKey() {
        try {
            return this.keyStore.getKey("argon_key_name", null);
        } catch (GeneralSecurityException e) {
            ArgonLogger.e(TAG, "Failed to get the secret key. Keystore is not functional.", e);
            throw new CryptoToolException("Could not get secret key");
        }
    }

    public String getTransformation() {
        return "AES/GCM/NoPadding";
    }

    public void renewSecretKey() {
        try {
            this.keyStore.deleteEntry("argon_key_name");
            createArgonKey();
        } catch (GeneralSecurityException e) {
            ArgonLogger.e(TAG, "Failed to renew secret key", e);
            throw new RuntimeException(e);
        }
    }
}
