package org.thoughtcrime.securesms.crypto;

import X1.F;
import Y1.c;
import Y1.f;
import Y1.k;
import a3.AbstractC0280a;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import b2.h;
import f2.l;
import g2.AbstractC0507E;
import g2.AbstractC0513f;
import g2.AbstractC0517j;
import g2.C0519l;
import g2.p;
import g2.u;
import h2.e;
import h2.j;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes.dex */
public final class KeyStoreHelper {
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String KEY_ALIAS = "DeltaSecret";

    /* loaded from: classes.dex */
    public static class SealedData {

        @F
        @e(using = ByteArrayDeserializer.class)
        @j(using = ByteArraySerializer.class)
        private byte[] data;

        @F
        @e(using = ByteArrayDeserializer.class)
        @j(using = ByteArraySerializer.class)
        private byte[] iv;

        /* loaded from: classes.dex */
        public static class ByteArrayDeserializer extends AbstractC0517j {
            private ByteArrayDeserializer() {
            }

            @Override // g2.AbstractC0517j
            public byte[] deserialize(Y1.j jVar, AbstractC0513f abstractC0513f) {
                return Base64.decode(jVar.Q(), 3);
            }
        }

        /* loaded from: classes.dex */
        public static class ByteArraySerializer extends p {
            private ByteArraySerializer() {
            }

            @Override // g2.p
            public void serialize(byte[] bArr, f fVar, AbstractC0507E abstractC0507E) {
                fVar.Z(Base64.encodeToString(bArr, 3));
            }
        }

        public SealedData() {
        }

        public SealedData(byte[] bArr, byte[] bArr2) {
            this.iv = bArr;
            this.data = bArr2;
        }

        public static SealedData fromString(String str) {
            try {
                return (SealedData) Y6.j.a(SealedData.class, str);
            } catch (IOException e8) {
                throw new AssertionError(e8);
            }
        }

        public String serialize() {
            try {
                u uVar = Y6.j.f7081a;
                uVar.getClass();
                c cVar = uVar.f10539a;
                h hVar = new h(cVar.z0());
                try {
                    uVar.b(cVar.B0(hVar), this);
                    l lVar = hVar.f8394a;
                    String h5 = lVar.h();
                    lVar.n();
                    return h5;
                } catch (k e8) {
                    throw e8;
                } catch (IOException e9) {
                    throw C0519l.e(e9);
                }
            } catch (IOException e10) {
                throw new AssertionError(e10);
            }
        }
    }

    private static SecretKey createKeyStoreEntry() {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec build;
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEY_STORE);
            AbstractC0280a.j();
            blockModes = AbstractC0280a.c().setBlockModes("GCM");
            encryptionPaddings = blockModes.setEncryptionPaddings("NoPadding");
            build = encryptionPaddings.build();
            keyGenerator.init(build);
            return keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e8) {
            throw new AssertionError(e8);
        }
    }

    private static KeyStore getKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e8) {
            throw new AssertionError(e8);
        }
    }

    private static SecretKey getKeyStoreEntry() {
        KeyStore keyStore = getKeyStore();
        try {
            try {
                return getSecretKey(keyStore);
            } catch (UnrecoverableKeyException unused) {
                return getSecretKey(keyStore);
            }
        } catch (UnrecoverableKeyException e8) {
            throw new AssertionError(e8);
        }
    }

    private static SecretKey getOrCreateKeyStoreEntry() {
        return hasKeyStoreEntry() ? getKeyStoreEntry() : createKeyStoreEntry();
    }

    private static SecretKey getSecretKey(KeyStore keyStore) {
        try {
            return ((KeyStore.SecretKeyEntry) keyStore.getEntry(KEY_ALIAS, null)).getSecretKey();
        } catch (KeyStoreException e8) {
            e = e8;
            throw new AssertionError(e);
        } catch (NoSuchAlgorithmException e9) {
            e = e9;
            throw new AssertionError(e);
        } catch (UnrecoverableKeyException e10) {
            throw e10;
        } catch (UnrecoverableEntryException e11) {
            e = e11;
            throw new AssertionError(e);
        }
    }

    private static boolean hasKeyStoreEntry() {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            if (keyStore.containsAlias(KEY_ALIAS)) {
                if (keyStore.entryInstanceOf(KEY_ALIAS, KeyStore.SecretKeyEntry.class)) {
                    return true;
                }
            }
            return false;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e8) {
            throw new AssertionError(e8);
        }
    }

    public static SealedData seal(byte[] bArr) {
        SecretKey orCreateKeyStoreEntry = getOrCreateKeyStoreEntry();
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, orCreateKeyStoreEntry);
            return new SealedData(cipher.getIV(), cipher.doFinal(bArr));
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e8) {
            throw new AssertionError(e8);
        }
    }

    public static byte[] unseal(SealedData sealedData) {
        SecretKey keyStoreEntry = getKeyStoreEntry();
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, keyStoreEntry, new GCMParameterSpec(128, sealedData.iv));
            return cipher.doFinal(sealedData.data);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e8) {
            throw new AssertionError(e8);
        }
    }
}
