package com.amazon.identity.auth.device.datastore;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public final class b {
    private static b e = null;
    private static final int f = 256;
    private static final int g = 2048;
    private static final String h = "AES_00";
    private static final String i = "LWA_KEYSTORE_ALIAS";
    private static final String j = "RSA";
    private static final String k = "AES";
    private static final String l = "AndroidKeyStore";
    private static final String m = "AES/CBC/PKCS5Padding";
    private static final String n = "RSA/ECB/PKCS1Padding";
    private static final String o = "b";
    public static final int p = 16;

    /* renamed from: a, reason: collision with root package name */
    private final Context f2955a;

    /* renamed from: b, reason: collision with root package name */
    private final byte[] f2956b;

    /* renamed from: c, reason: collision with root package name */
    private final SecretKeySpec f2957c;

    /* renamed from: d, reason: collision with root package name */
    private KeyStore f2958d;

    private b(Context context) {
        if (context == null) {
            throw new IllegalArgumentException("Context can not be null");
        }
        this.f2955a = context;
        this.f2958d = KeyStore.getInstance(l);
        this.f2958d.load(null);
        a(context);
        this.f2956b = a();
        this.f2957c = b();
    }

    public b(Context context, byte[] bArr, SecretKeySpec secretKeySpec, KeyStore keyStore) {
        this.f2955a = context;
        this.f2956b = bArr;
        this.f2957c = secretKeySpec;
        this.f2958d = keyStore;
    }

    private Cipher a(int i2, String str, Key key) {
        Cipher cipher = Cipher.getInstance(str);
        cipher.init(i2, key);
        return cipher;
    }

    private Cipher a(int i2, String str, AlgorithmParameterSpec algorithmParameterSpec) {
        Cipher cipher = Cipher.getInstance(str);
        cipher.init(i2, this.f2957c, algorithmParameterSpec);
        return cipher;
    }

    public static byte[] a(Cipher cipher, byte[] bArr) {
        if (cipher == null) {
            return null;
        }
        return cipher.doFinal(bArr);
    }

    public static byte[] a(Cipher cipher, byte[] bArr, int i2, int i3) {
        if (cipher == null) {
            return null;
        }
        return cipher.doFinal(bArr, i2, i3);
    }

    public static synchronized b b(Context context) {
        b bVar;
        synchronized (b.class) {
            if (e == null) {
                com.amazon.identity.auth.map.device.utils.a.a(o, "Creating AESEncryptor for encrypting data");
                e = new b(context);
            }
            bVar = e;
        }
        return bVar;
    }

    private static byte[] c() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    public String a(String str) {
        com.amazon.identity.auth.map.device.utils.a.a(o, "Decrypting data with AES key");
        if (str == null) {
            throw new IllegalArgumentException("cipherText is null!");
        }
        byte[] c2 = g.c(str.substring(7));
        return g.b(a(a(2, "AES/CBC/PKCS5Padding", new IvParameterSpec(c2, 0, 16)), c2, 16, c2.length - 16));
    }

    public String a(byte[] bArr) {
        com.amazon.identity.auth.map.device.utils.a.a(o, "Encrypting AES encryption key with RSA public key");
        return g.a(a(a(1, n, this.f2958d.getCertificate(i).getPublicKey()), bArr));
    }

    public String a(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return "AES_00|" + g.a(bArr3);
    }

    @TargetApi(18)
    public void a(Context context) {
        KeyStore keyStore = this.f2958d;
        if (keyStore == null) {
            throw new IllegalArgumentException("Keystore is null!");
        }
        if (keyStore.containsAlias(i)) {
            com.amazon.identity.auth.map.device.utils.a.d(o, "RSA keypair is already generated, returning");
            return;
        }
        com.amazon.identity.auth.map.device.utils.a.d(o, "Generating RSA keypair...");
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        KeyPairGeneratorSpec build = Build.VERSION.SDK_INT >= 19 ? new KeyPairGeneratorSpec.Builder(context).setAlias(i).setSubject(new X500Principal("CN=LWA_KEYSTORE_ALIAS")).setSerialNumber(BigInteger.TEN).setKeySize(2048).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build() : new KeyPairGeneratorSpec.Builder(context).setAlias(i).setSubject(new X500Principal("CN=LWA_KEYSTORE_ALIAS")).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(j, l);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    public byte[] a() {
        String a2 = com.amazon.identity.auth.device.g.a(this.f2955a);
        if (a2 != null) {
            return c(a2);
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        byte[] encoded = keyGenerator.generateKey().getEncoded();
        com.amazon.identity.auth.device.g.b(this.f2955a, a(encoded));
        return encoded;
    }

    public String b(String str) {
        com.amazon.identity.auth.map.device.utils.a.a(o, "Encrypting data with AES key");
        if (str == null) {
            throw new IllegalArgumentException("The data to be encrypted is null!");
        }
        byte[] c2 = c();
        byte[] d2 = g.d(str);
        return a(c2, a(a(1, "AES/CBC/PKCS5Padding", new IvParameterSpec(c2)), d2, 0, d2.length));
    }

    public SecretKeySpec b() {
        if (this.f2956b == null) {
            throw new IllegalArgumentException("Encryption key is null!");
        }
        com.amazon.identity.auth.map.device.utils.a.a(o, "Generate keyspec with given encryption key");
        return new SecretKeySpec(this.f2956b, "AES");
    }

    public byte[] c(String str) {
        com.amazon.identity.auth.map.device.utils.a.a(o, "Decrypting AES key with RSA private key");
        return a(a(2, n, (PrivateKey) this.f2958d.getKey(i, null)), g.c(str));
    }
}
