package com.amazon.atozm.auth;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.amazon.atozm.exceptions.FailedToDecryptPreferenceValue;
import com.amazon.atozm.exceptions.FailedToEncryptPreferenceValue;
import com.amazon.client.metrics.thirdparty.internal.BasicMetricEvent;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes.dex */
class KeyStoreAdapter {
    private static final String AES_TRANSFORMATION = String.format("%s/%s/%s", "AES", "CBC", "PKCS7Padding");
    private static final String ANDROID_KEY_STORE_PROVIDER_NAME = "AndroidKeyStore";
    private static final int BASE64_MODE = 3;
    private static final int KEY_SIZE = 256;
    private static final String KEY_STORE_AES_KEY_ALIAS = "AtoZAESCBCKeyAlias";
    static final boolean SHOULD_USE_ENCRYPTION;
    private KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER_NAME);

    static {
        SHOULD_USE_ENCRYPTION = Build.VERSION.SDK_INT >= 23;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStoreAdapter() throws KeyStoreException {
        initializeKeyStore();
    }

    private void initializeKeyStore() {
        try {
            this.keyStore.load(null, null);
            if (this.keyStore.containsAlias(KEY_STORE_AES_KEY_ALIAS)) {
                return;
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEY_STORE_PROVIDER_NAME);
            keyGenerator.init(new KeyGenParameterSpec.Builder(KEY_STORE_AES_KEY_ALIAS, 3).setBlockModes("CBC").setKeySize(256).setEncryptionPaddings("PKCS7Padding").build());
            keyGenerator.generateKey();
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e) {
            throw new RuntimeException("Failed to initialize the key store", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String decryptPreferenceValue(String str) throws FailedToDecryptPreferenceValue {
        try {
            Key key = this.keyStore.getKey(KEY_STORE_AES_KEY_ALIAS, null);
            String[] split = str.split(BasicMetricEvent.LIST_DELIMITER);
            byte[] decode = Base64.decode(split[0], 3);
            byte[] decode2 = Base64.decode(split[1], 3);
            Cipher cipher = Cipher.getInstance(AES_TRANSFORMATION);
            cipher.init(2, key, new IvParameterSpec(decode));
            return new String(cipher.doFinal(decode2), StandardCharsets.UTF_8);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new FailedToDecryptPreferenceValue("Failed to decrypt a preference value", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String encryptPreferenceValue(String str) throws FailedToEncryptPreferenceValue {
        try {
            Key key = this.keyStore.getKey(KEY_STORE_AES_KEY_ALIAS, null);
            Cipher cipher = Cipher.getInstance(AES_TRANSFORMATION);
            cipher.init(1, key);
            return String.format("%s,%s", Base64.encodeToString(cipher.getIV(), 3), Base64.encodeToString(cipher.doFinal(str.getBytes()), 3));
        } catch (InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new FailedToEncryptPreferenceValue("Failed to encrypt a preference value", e);
        }
    }
}
