package de.monocles.chat.pinnedmessage;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import org.conscrypt.PSKKeyManager;

/* loaded from: classes.dex */
public class CryptoUtils {
    private static KeyStore keyStoreInstance;

    /* loaded from: classes.dex */
    public static class EncryptionResult {
        public final byte[] ciphertext;
        public final byte[] iv;

        public EncryptionResult(byte[] bArr, byte[] bArr2) {
            this.iv = bArr;
            this.ciphertext = bArr2;
        }
    }

    static {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStoreInstance = keyStore;
            keyStore.load(null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            Log.e("PinnedMsgCrypto", "Failed to initialize Android KeyStore", e);
        }
    }

    public static byte[] decrypt(byte[] bArr, byte[] bArr2) {
        if (bArr == null || bArr2 == null || keyStoreInstance == null) {
            Log.e("PinnedMsgCrypto", "Decryption pre-conditions not met (iv, ciphertext, or keystore is null).");
            return null;
        }
        try {
            SecretKey orCreateSecretKey = getOrCreateSecretKey();
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, orCreateSecretKey, new GCMParameterSpec(128, bArr));
            return cipher.doFinal(bArr2);
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            Log.e("PinnedMsgCrypto", "Decryption failed", e);
            return null;
        }
    }

    public static EncryptionResult encrypt(byte[] bArr) {
        if (bArr == null || keyStoreInstance == null) {
            Log.e("PinnedMsgCrypto", "Encryption pre-conditions not met (data or keystore is null).");
            return null;
        }
        try {
            SecretKey orCreateSecretKey = getOrCreateSecretKey();
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, orCreateSecretKey);
            byte[] iv = cipher.getIV();
            if (iv != null) {
                return new EncryptionResult(iv, cipher.doFinal(bArr));
            }
            Log.e("PinnedMsgCrypto", "Cipher failed to generate an IV.");
            return null;
        } catch (IOException e) {
            e = e;
            Log.e("PinnedMsgCrypto", "Encryption failed", e);
            return null;
        } catch (InvalidAlgorithmParameterException e2) {
            e = e2;
            Log.e("PinnedMsgCrypto", "Encryption failed", e);
            return null;
        } catch (InvalidKeyException e3) {
            e = e3;
            Log.e("PinnedMsgCrypto", "Encryption failed", e);
            return null;
        } catch (KeyStoreException e4) {
            e = e4;
            Log.e("PinnedMsgCrypto", "Encryption failed", e);
            return null;
        } catch (NoSuchAlgorithmException e5) {
            e = e5;
            Log.e("PinnedMsgCrypto", "Encryption failed", e);
            return null;
        } catch (NoSuchProviderException e6) {
            e = e6;
            Log.e("PinnedMsgCrypto", "Encryption failed", e);
            return null;
        } catch (UnrecoverableEntryException e7) {
            e = e7;
            Log.e("PinnedMsgCrypto", "Encryption failed", e);
            return null;
        } catch (CertificateException e8) {
            e = e8;
            Log.e("PinnedMsgCrypto", "Encryption failed", e);
            return null;
        } catch (BadPaddingException e9) {
            e = e9;
            Log.e("PinnedMsgCrypto", "Encryption failed", e);
            return null;
        } catch (IllegalBlockSizeException e10) {
            e = e10;
            Log.e("PinnedMsgCrypto", "Encryption failed", e);
            return null;
        } catch (NoSuchPaddingException e11) {
            e = e11;
            Log.e("PinnedMsgCrypto", "Encryption failed", e);
            return null;
        }
    }

    private static SecretKey getOrCreateSecretKey() {
        if (keyStoreInstance == null) {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStoreInstance = keyStore;
            keyStore.load(null);
            if (keyStoreInstance == null) {
                throw new KeyStoreException("Keystore could not be re-initialized.");
            }
        }
        if (keyStoreInstance.containsAlias("pinned_messages_encryption_key_v1")) {
            KeyStore.Entry entry = keyStoreInstance.getEntry("pinned_messages_encryption_key_v1", null);
            if (entry instanceof KeyStore.SecretKeyEntry) {
                return ((KeyStore.SecretKeyEntry) entry).getSecretKey();
            }
            Log.w("PinnedMsgCrypto", "Keystore alias found but not a SecretKeyEntry. Recreating.");
            keyStoreInstance.deleteEntry("pinned_messages_encryption_key_v1");
        }
        Log.i("PinnedMsgCrypto", "Generating new secret key for pinned messages.");
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder("pinned_messages_encryption_key_v1", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(PSKKeyManager.MAX_KEY_LENGTH_BYTES).build());
        return keyGenerator.generateKey();
    }
}
