package com.rayark.keystoretool;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class AesKeyManagement {
    private static final int AES_BLOCK_SIZE_BIT = 128;
    private static final int AES_KEY_SIZE_BIT = 256;
    static final String AES_MODE = "AES/CBC/PKCS7Padding";
    private static final String ALIAS_SUFFIX = "Aes";
    private static final String TAG = "AesKeyManagement";

    AesKeyManagement() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String _appendSuffix(String str) {
        return str + ALIAS_SUFFIX;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretKey _generateAESKeyWithCBC(String str) {
        KeyGenerator keyGenerator;
        if (!Utilities._canStoreSymmetricKeyInKeyStore()) {
            throw new UnsupportedOperationException();
        }
        try {
            keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        } catch (NoSuchAlgorithmException e) {
            Log.e(TAG, "Exception should not happen", e);
            throw new RuntimeException(e);
        } catch (NoSuchProviderException e2) {
            Log.w(TAG, "AndroidKeyStore provider does not exist, try default one", e2);
            try {
                keyGenerator = KeyGenerator.getInstance("AES");
            } catch (NoSuchAlgorithmException e3) {
                Log.e(TAG, "Exception should not happen", e3);
                throw new RuntimeException(e3);
            }
        }
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(str, 3);
        builder.setKeySize(256).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding");
        try {
            keyGenerator.init(builder.build());
            return keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException e4) {
            Log.e(TAG, "Exception should not happen", e4);
            throw new RuntimeException(e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretKey _generateAESKeyWithSecureRandom() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return new SecretKeySpec(bArr, "AES");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretKey _retrieveAESKeyFromKeyStore(String str) {
        if (str == null) {
            throw new NullPointerException("alias must not be null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("alias must not be empty");
        }
        if (!Utilities._canStoreSymmetricKeyInKeyStore()) {
            throw new UnsupportedOperationException();
        }
        try {
            KeyStore _loadKeyStore = Utilities._loadKeyStore();
            if (!Utilities._containKey(_loadKeyStore, str)) {
                String str2 = "AES key with alias " + str + " does not exist";
                Log.e(TAG, str2);
                throw new IllegalArgumentException(str2);
            }
            try {
                Key key = _loadKeyStore.getKey(str, null);
                if (key instanceof SecretKey) {
                    return (SecretKey) key;
                }
                String str3 = "A different type of key exists with same alias " + str;
                Log.e(TAG, str3);
                throw new IllegalArgumentException(str3);
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                Log.e(TAG, "Exception should not happen", e);
                throw new RuntimeException(e);
            }
        } catch (IOException | CertificateException e2) {
            Log.w(TAG, "Cannot load KeyStore", e2);
            throw new RuntimeException(e2);
        }
    }
}
