package com.skycoin.wallet.encryption;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import android.util.Log;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes.dex */
public class EncryptionManager {
    private static final String AES_MODE = "AES/GCM/NoPadding";
    private static final String AndroidKeyStore = "AndroidKeyStore";
    private static final int GCM_TAG_LENGTH_BITS = 128;
    private static final String KEY_ALIAS = "skycoin.key.aes.gcm";
    private static final String TAG = "com.skycoin.wallet.encryption.EncryptionManager";
    private static final String TOKEN_SEPARATOR = ",";

    public static byte[] decrypt(String str) throws CryptoException {
        String[] split = str.split(TOKEN_SEPARATOR);
        if (split == null || split.length != 2) {
            Log.e(TAG, "could not split param into 'encrypted' and 'iv'");
            throw new CryptoException("Input string seems badly formatted, should be split on a Comma:" + str);
        }
        byte[] decode = Base64.decode(split[0], 2);
        byte[] decode2 = Base64.decode(split[1], 2);
        try {
            Cipher cipher = Cipher.getInstance(AES_MODE);
            cipher.init(2, getSecretKey(), new GCMParameterSpec(128, decode2));
            return cipher.doFinal(decode);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new CryptoException("Could not decrypt", e);
        }
    }

    public static String encrypt(byte[] bArr) throws CryptoException {
        try {
            Cipher cipher = Cipher.getInstance(AES_MODE);
            cipher.init(1, getSecretKey());
            String str = Base64.encodeToString(cipher.doFinal(bArr), 2) + TOKEN_SEPARATOR + Base64.encodeToString(cipher.getIV(), 2);
            Log.d(TAG, "encrypt result: " + str);
            return str;
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new CryptoException("Could not encrypt", e);
        }
    }

    public static void generateKey() throws CryptoException {
        try {
            KeyStore keyStore = KeyStore.getInstance(AndroidKeyStore);
            keyStore.load(null);
            String str = TAG;
            Log.d(str, "getting key from AndroidKeyStore");
            if (keyStore.containsAlias(KEY_ALIAS)) {
                Log.d(str, "encryption key already exists");
                return;
            }
            Log.d(str, "creating new encryption key");
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", AndroidKeyStore);
            keyGenerator.init(new KeyGenParameterSpec.Builder(KEY_ALIAS, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(true).build());
            keyGenerator.generateKey();
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e) {
            throw new CryptoException("Could not generate key", e);
        }
    }

    private static Key getSecretKey() throws CryptoException {
        try {
            KeyStore keyStore = KeyStore.getInstance(AndroidKeyStore);
            keyStore.load(null);
            return keyStore.getKey(KEY_ALIAS, null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new CryptoException("Could not get secret key", e);
        }
    }
}
