package android.security;

import android.content.Context;
import android.provider.Settings;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.StrongBoxUnavailableException;
import android.util.Slog;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;

/* loaded from: classes.dex */
public class AccessControlKeystoreHelper {
    public static final String ALIAS_APP_LOCK = "alias_app_lock";
    public static final String ALIAS_PRIVACY_PASSWORD = "alias_privacy_password";
    private static final String KEYSTORE_TYPE = "AndroidKeyStore";
    private static final int KEY_SIZE = 128;
    private static final String TAG = "AccessControlKeystoreHelper";
    private KeyStore mKeystore;
    private final Map<String, Mac> mMacMap;

    public AccessControlKeystoreHelper() {
        initKeystore();
        this.mMacMap = new HashMap();
    }

    private KeyGenParameterSpec buildKeyGenParameterSpec(String str, boolean z) {
        Slog.i(TAG, "buildKeyGenParameterSpec " + z);
        return new KeyGenParameterSpec.Builder(str, getPurposes()).setKeySize(128).setIsStrongBoxBacked(z).build();
    }

    private SecretKey createSecretKey(String str, boolean z) {
        Slog.i(TAG, "createSecretKey " + str + " " + z);
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("HmacSHA256", KEYSTORE_TYPE);
            keyGenerator.init(buildKeyGenParameterSpec(str, z));
            return keyGenerator.generateKey();
        } catch (StrongBoxUnavailableException e) {
            return createSecretKey(str, false);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            Slog.e(TAG, "createSecretKey: " + e2);
            return null;
        } catch (Exception e3) {
            Slog.e(TAG, "createSecretKey: unknown exception " + e3);
            return null;
        }
    }

    private int getPurposes() {
        return 15;
    }

    private SecretKey getSecretKey(String str) {
        try {
            if (this.mKeystore == null || !this.mKeystore.containsAlias(str)) {
                return createSecretKey(str, true);
            }
            Slog.d(TAG, "getSecretKey " + str);
            return (SecretKey) this.mKeystore.getKey(str, null);
        } catch (java.security.KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            Slog.e(TAG, "getSecretKey: " + e);
            return null;
        } catch (Exception e2) {
            Slog.e(TAG, "getSecretKey throw unknown exception: ", e2);
            return null;
        }
    }

    private void initKeystore() {
        if (this.mKeystore == null) {
            try {
                this.mKeystore = KeyStore.getInstance(KEYSTORE_TYPE);
                this.mKeystore.load(null);
            } catch (IOException | java.security.KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                Slog.e(TAG, "init keystore exception: " + e);
            } catch (Exception e2) {
                Slog.e(TAG, "init keystore throw unknown exception: " + e2);
            }
        }
    }

    private void initMac(String str) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(getSecretKey(str));
            this.mMacMap.put(str, mac);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            Slog.e(TAG, "initMac: ", e);
        } catch (Exception e2) {
            Slog.e(TAG, "initMac throw unknown exception: ", e2);
        }
        Slog.d(TAG, "initMac " + str);
    }

    public boolean disableEncryptByKeystore(Context context) {
        return Settings.Global.getInt(context.getContentResolver(), "encrypt_by_keystore", 1) == 0;
    }

    public byte[] encrypt(String str, String str2) {
        Slog.d(TAG, "encrypt " + str);
        if (!this.mMacMap.containsKey(str)) {
            initMac(str);
        }
        Mac mac = this.mMacMap.get(str);
        if (mac == null) {
            return null;
        }
        try {
            return mac.doFinal(str2.getBytes());
        } catch (Exception e) {
            Slog.e(TAG, "encrypt throw unknown exception: " + e);
            return null;
        }
    }

    public byte[] resetPassword(String str) {
        Slog.d(TAG, "resetPassword " + str);
        try {
            if (this.mKeystore != null) {
                this.mKeystore.deleteEntry(str);
            }
            this.mMacMap.remove(str);
            return null;
        } catch (java.security.KeyStoreException e) {
            Slog.e(TAG, "resetPassword " + e);
            return null;
        } catch (Exception e2) {
            Slog.e(TAG, "resetPassword throw unknown exception: " + e2);
            return null;
        }
    }
}
