package defpackage;

import android.security.keystore.KeyGenParameterSpec;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.util.Arrays;
import java.util.Locale;
import javax.crypto.KeyGenerator;

/* compiled from: PG */
/* loaded from: classes.dex */
public final class jpz {
    private static final Object a = new Object();

    public jpz() throws GeneralSecurityException {
        if (!a.h()) {
            throw new IllegalStateException("need Android Keystore on Android M or newer");
        }
    }

    public static jpj a() throws GeneralSecurityException, IOException {
        jpy jpyVar;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec build;
        if (!"android-keystore://com.google.android.apps.work.clouddpc_wifikey".toLowerCase(Locale.US).startsWith("android-keystore://")) {
            throw new IllegalArgumentException(String.format("key URI must start with %s", "android-keystore://"));
        }
        synchronized (a) {
            if (!iob.m().containsAlias("com.google.android.apps.work.clouddpc_wifikey")) {
                keySize = new KeyGenParameterSpec.Builder("com.google.android.apps.work.clouddpc_wifikey", 3).setKeySize(256);
                blockModes = keySize.setBlockModes("GCM");
                encryptionPaddings = blockModes.setEncryptionPaddings("NoPadding");
                build = encryptionPaddings.build();
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                keyGenerator.init(build);
                keyGenerator.generateKey();
            }
            jpyVar = new jpy("com.google.android.apps.work.clouddpc_wifikey");
            byte[] b = jrg.b(10);
            byte[] bArr = new byte[0];
            if (!Arrays.equals(b, jpyVar.a(jpyVar.b(b, bArr), bArr))) {
                throw new KeyStoreException("cannot use Android Keystore: encryption/decryption of non-empty message and empty aad returns an incorrect result");
            }
        }
        return jpyVar;
    }
}
