package com.samsclub.biometrics.impl;

import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import androidx.annotation.VisibleForTesting;
import com.samsclub.core.ExcludeFromGeneratedCoverageReport;
import java.security.KeyStore;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.collections.ArraysKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;

@Metadata(d1 = {"\u0000*\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\b\t\b\u0000\u0018\u0000 \u00192\u00020\u0001:\u0001\u0019B\u0005¢\u0006\u0002\u0010\u0002J\r\u0010\u000b\u001a\u00020\fH\u0001¢\u0006\u0002\b\rJ\u0016\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u000fJ\u0016\u0010\u0013\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u000fJ\u0006\u0010\u0014\u001a\u00020\u0011J\u0006\u0010\u0015\u001a\u00020\u0011J\r\u0010\u0016\u001a\u00020\fH\u0001¢\u0006\u0002\b\u0017J\u0015\u0010\u0007\u001a\n \u0005*\u0004\u0018\u00010\u00040\u0004H\u0001¢\u0006\u0002\b\u0018R)\u0010\u0003\u001a\n \u0005*\u0004\u0018\u00010\u00040\u00048BX\u0083\u0084\u0002¢\u0006\u0012\n\u0004\b\t\u0010\n\u0012\u0004\b\u0006\u0010\u0002\u001a\u0004\b\u0007\u0010\b¨\u0006\u001a"}, d2 = {"Lcom/samsclub/biometrics/impl/CryptoManager;", "", "()V", "keyStore", "Ljava/security/KeyStore;", "kotlin.jvm.PlatformType", "getKeyStore$annotations", "getKeyStore", "()Ljava/security/KeyStore;", "keyStore$delegate", "Lkotlin/Lazy;", "createKey", "Ljavax/crypto/SecretKey;", "createKey$sams_biometrics_impl_prodRelease", "decrypt", "", "cipher", "Ljavax/crypto/Cipher;", "bytes", "encrypt", "getDecryptCipher", "getEncryptCipher", "getKey", "getKey$sams_biometrics_impl_prodRelease", "getKeyStore$sams_biometrics_impl_prodRelease", "Companion", "sams-biometrics-impl_prodRelease"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes8.dex */
public final class CryptoManager {

    @NotNull
    private static final String ALGORITHM = "AES";

    @NotNull
    private static final String BLOCK_MODE = "CBC";

    @NotNull
    private static final String KEYSTORE_ALIAS = "biometric_secret";

    @NotNull
    private static final String KEYSTORE_TYPE = "AndroidKeyStore";

    @NotNull
    private static final String PADDING = "PKCS7Padding";

    @NotNull
    private static final String TRANSFORMATION = "AES/CBC/PKCS7Padding";

    /* renamed from: keyStore$delegate, reason: from kotlin metadata */
    @NotNull
    private final Lazy keyStore = LazyKt.lazy(new Function0<KeyStore>() { // from class: com.samsclub.biometrics.impl.CryptoManager$keyStore$2
        @Override // kotlin.jvm.functions.Function0
        /* renamed from: invoke, reason: avoid collision after fix types in other method */
        public final KeyStore invoke2() {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        }
    });

    private final KeyStore getKeyStore() {
        return (KeyStore) this.keyStore.getValue();
    }

    @ExcludeFromGeneratedCoverageReport
    private static /* synthetic */ void getKeyStore$annotations() {
    }

    @VisibleForTesting
    @NotNull
    public final SecretKey createKey$sams_biometrics_impl_prodRelease() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(ALGORITHM);
        keyGenerator.init(new KeyGenParameterSpec.Builder(KEYSTORE_ALIAS, 3).setBlockModes(BLOCK_MODE).setEncryptionPaddings(PADDING).setUserAuthenticationRequired(true).setRandomizedEncryptionRequired(true).build());
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "generateKey(...)");
        return generateKey;
    }

    @NotNull
    public final byte[] decrypt(@NotNull Cipher cipher, @NotNull byte[] bytes) {
        Intrinsics.checkNotNullParameter(cipher, "cipher");
        Intrinsics.checkNotNullParameter(bytes, "bytes");
        byte[] doFinal = cipher.doFinal(bytes);
        Intrinsics.checkNotNull(doFinal);
        return ArraysKt.copyOfRange(doFinal, cipher.getIV().length, doFinal.length);
    }

    @NotNull
    public final byte[] encrypt(@NotNull Cipher cipher, @NotNull byte[] bytes) {
        Intrinsics.checkNotNullParameter(cipher, "cipher");
        Intrinsics.checkNotNullParameter(bytes, "bytes");
        byte[] doFinal = cipher.doFinal(bytes);
        byte[] iv = cipher.getIV();
        Intrinsics.checkNotNullExpressionValue(iv, "getIV(...)");
        Intrinsics.checkNotNull(doFinal);
        return ArraysKt.plus(iv, doFinal);
    }

    @NotNull
    public final Cipher getDecryptCipher() {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        cipher.init(2, getKey$sams_biometrics_impl_prodRelease(), new IvParameterSpec(getEncryptCipher().getIV()));
        Intrinsics.checkNotNullExpressionValue(cipher, "apply(...)");
        return cipher;
    }

    @NotNull
    public final Cipher getEncryptCipher() {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        try {
            cipher.init(1, getKey$sams_biometrics_impl_prodRelease());
        } catch (KeyPermanentlyInvalidatedException unused) {
            getKeyStore$sams_biometrics_impl_prodRelease().deleteEntry(KEYSTORE_ALIAS);
            cipher.init(1, getKey$sams_biometrics_impl_prodRelease());
        }
        Intrinsics.checkNotNullExpressionValue(cipher, "apply(...)");
        return cipher;
    }

    @VisibleForTesting
    @NotNull
    public final SecretKey getKey$sams_biometrics_impl_prodRelease() {
        KeyStore.Entry entry = getKeyStore$sams_biometrics_impl_prodRelease().getEntry(KEYSTORE_ALIAS, null);
        KeyStore.SecretKeyEntry secretKeyEntry = entry instanceof KeyStore.SecretKeyEntry ? (KeyStore.SecretKeyEntry) entry : null;
        SecretKey secretKey = secretKeyEntry != null ? secretKeyEntry.getSecretKey() : null;
        return secretKey == null ? createKey$sams_biometrics_impl_prodRelease() : secretKey;
    }

    @VisibleForTesting
    public final KeyStore getKeyStore$sams_biometrics_impl_prodRelease() {
        return getKeyStore();
    }
}
