package com.youyu.securestorage;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.provider.Settings;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import androidx.annotation.NonNull;
import com.google.android.gms.stats.CodePackage;
import h7.b;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes3.dex */
public class AppKeyStore {

    /* renamed from: a, reason: collision with root package name */
    public static Context f18534a = null;

    /* renamed from: b, reason: collision with root package name */
    public static String f18535b = null;

    /* renamed from: c, reason: collision with root package name */
    public static String f18536c = null;

    /* renamed from: d, reason: collision with root package name */
    public static boolean f18537d = false;

    /* loaded from: classes3.dex */
    public static class KeyStoreUnavailableException extends RuntimeException {
        public KeyStoreUnavailableException(String str, Throwable th) {
            super(str, th);
        }
    }

    public static void a() {
        if (f18534a == null) {
            throw new IllegalStateException("Must call AppKeyStore.init() before any operation");
        }
    }

    public static byte[] b(SecretKey secretKey, byte[] bArr, byte[] bArr2) {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, secretKey, h(bArr2));
        return cipher.doFinal(bArr);
    }

    public static SecretKey c(SecretKey secretKey, String str, @NonNull String str2) {
        CiphertextIv ciphertextIv = new CiphertextIv(str);
        return new SecretKeySpec(b(secretKey, ciphertextIv.f18538a, ciphertextIv.f18539b), str2);
    }

    public static byte[] d(SecretKey secretKey, byte[] bArr, byte[] bArr2) {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, secretKey, h(bArr2));
        return cipher.doFinal(bArr);
    }

    public static String e(SecretKey secretKey, @NonNull String str) {
        return Base64.encodeToString(d(secretKey, str.getBytes(StandardCharsets.UTF_8), g()), 2);
    }

    public static String f(SecretKey secretKey, SecretKey secretKey2) {
        byte[] e10 = b.e(12);
        return new CiphertextIv(d(secretKey, secretKey2.getEncoded(), e10), e10).toString();
    }

    public static byte[] g() {
        return Arrays.copyOf(Settings.Secure.getString(f18534a.getContentResolver(), "android_id").getBytes(StandardCharsets.UTF_8), 12);
    }

    public static AlgorithmParameterSpec h(byte[] bArr) {
        return Build.VERSION.SDK_INT < 21 ? new IvParameterSpec(bArr) : new GCMParameterSpec(128, bArr);
    }

    public static SharedPreferences i() {
        return f18534a.getApplicationContext().getSharedPreferences(f18536c, 0);
    }

    @TargetApi(10)
    public static SecretKey j() {
        SharedPreferences i10 = i();
        if (i10.getBoolean("compatible", false)) {
            if (f18537d) {
                Log.d("AppKeyStore", "get MasterKey compatible flag");
            }
            return l();
        }
        if (Build.VERSION.SDK_INT < 23) {
            if (f18537d) {
                Log.d("AppKeyStore", "get MasterKey below Marshmallow");
            }
            i10.edit().putBoolean("compatible", true).apply();
            return l();
        }
        try {
            return k(f18535b);
        } catch (IOException | GeneralSecurityException e10) {
            Log.w("AppKeyStore", "get MasterKey in keystore error, fallback to compat: " + e10.toString());
            i10.edit().putBoolean("compatible", true).apply();
            return l();
        }
    }

    @TargetApi(23)
    public static SecretKey k(String str) {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias(str)) {
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry instanceof KeyStore.SecretKeyEntry) {
                if (f18537d) {
                    Log.d("AppKeyStore", "master key already exist");
                }
                return ((KeyStore.SecretKeyEntry) entry).getSecretKey();
            }
            keyStore.deleteEntry(str);
            Log.w("AppKeyStore", "master key type not match, delete it to recreate");
        }
        if (f18537d) {
            Log.d("AppKeyStore", "create master key in KeyStore");
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").setKeySize(256).setRandomizedEncryptionRequired(false).build());
        return keyGenerator.generateKey();
    }

    public static SecretKey l() {
        return new SecretKeySpec(Arrays.copyOf(Settings.Secure.getString(f18534a.getContentResolver(), "android_id").getBytes(StandardCharsets.UTF_8), 32), "AES");
    }

    public static SecretKey m(@NonNull String str, @NonNull String str2, int i10) {
        a();
        if (i10 % 8 != 0) {
            throw new IllegalArgumentException("key bit size must be multiple of 8");
        }
        SecretKey j10 = j();
        SharedPreferences i11 = i();
        try {
            String e10 = e(j10, str);
            String string = i11.getString(e10, null);
            if (!TextUtils.isEmpty(string)) {
                try {
                    return c(j10, string, str2);
                } catch (GeneralSecurityException unused) {
                    Log.w("AppKeyStore", "decrypt key fail, create new key instead: " + str);
                }
            }
            SecretKeySpec secretKeySpec = new SecretKeySpec(b.e(i10 / 8), str2);
            try {
                i11.edit().putString(e10, f(j10, secretKeySpec)).apply();
                return secretKeySpec;
            } catch (GeneralSecurityException e11) {
                throw new KeyStoreUnavailableException("Failed to encrypt the created secret key, so unable to persist it to storage", e11);
            }
        } catch (GeneralSecurityException e12) {
            throw new KeyStoreUnavailableException("Failed to encrypt key alias, so unable to recover secret key from storage", e12);
        }
    }

    public static void n(@NonNull Context context) {
        o(context, "app_key_store_master_key", "app_key_store");
    }

    public static void o(@NonNull Context context, @NonNull String str, @NonNull String str2) {
        f18534a = context.getApplicationContext();
        f18535b = str;
        f18536c = str2;
    }

    public static void p(boolean z) {
        f18537d = z;
    }
}
