package com.samsung.android.wear.shealth.data.security;

import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import com.samsung.android.wear.shealth.base.log.LOG;
import com.samsung.android.wear.shealth.base.sharedpreferences.SharedPreferencesHelper;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes2.dex */
public final class KeyManager {
    public static final String TAG = "SHW - Data." + KeyManager.class.getSimpleName();
    public static KeyManager sInstance = null;
    public Key mKey;

    /* loaded from: classes2.dex */
    public static final class KeyManagerPreferences {
        public static /* synthetic */ boolean access$100() {
            return isInitialized();
        }

        public static /* synthetic */ int access$500() {
            return getMode();
        }

        public static /* synthetic */ String access$700() {
            return getDatabaseKey();
        }

        public static void clearAll() {
            SharedPreferencesHelper.removeKey("init.status");
            SharedPreferencesHelper.removeKey("init.mode");
            SharedPreferencesHelper.removeKey("key.database");
        }

        public static String getDatabaseKey() {
            return SharedPreferencesHelper.getString("key.database");
        }

        public static int getMode() {
            return SharedPreferencesHelper.getInt("init.mode", -1);
        }

        public static boolean isInitialized() {
            return SharedPreferencesHelper.getBoolean("init.status", false);
        }

        public static void setDatabaseKey(String str) {
            SharedPreferencesHelper.putString("key.database", str);
        }

        public static void setInitialized() {
            SharedPreferencesHelper.putBoolean("init.status", Boolean.TRUE);
        }

        public static void setMode(int i) {
            SharedPreferencesHelper.putInt("init.mode", i);
        }
    }

    public static String getDatabaseKey() {
        return getInstance().decryptString(KeyManagerPreferences.access$700());
    }

    public static synchronized KeyManager getInstance() {
        synchronized (KeyManager.class) {
            if (sInstance != null) {
                return sInstance;
            }
            KeyManager keyManager = new KeyManager();
            keyManager.initialize();
            sInstance = keyManager;
            return keyManager;
        }
    }

    public final boolean createDatabaseKey() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        try {
            KeyManagerPreferences.setDatabaseKey(encryptString(Base64.encodeToString(bArr, 2)));
            return true;
        } catch (SecurityException e) {
            LOG.e(TAG, "fail to encrypt database key: " + e.getClass().getSimpleName());
            return false;
        }
    }

    public final byte[] decryptByte(int i, byte[] bArr, byte[] bArr2, byte[] bArr3) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, this.mKey, new GCMParameterSpec(i, bArr));
        cipher.updateAAD(bArr2);
        return cipher.doFinal(bArr3);
    }

    public synchronized String decryptString(String str) throws IllegalArgumentException, SecurityException {
        byte[] bArr;
        if (str.isEmpty()) {
            throw new IllegalArgumentException("input cipher string is empty");
        }
        String[] split = str.split("#");
        if (split.length != 4) {
            throw new IllegalArgumentException("input cipher string is invalid format");
        }
        boolean z = false;
        try {
            int parseInt = Integer.parseInt(split[0]);
            byte[] decode = Base64.decode(split[1], 2);
            byte[] decode2 = Base64.decode(split[2], 2);
            byte[] decode3 = Base64.decode(split[3], 2);
            bArr = null;
            try {
                try {
                    bArr = decryptByte(128, decode, decode2, decode3);
                } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | IllegalBlockSizeException | NoSuchPaddingException e) {
                    LOG.e(TAG, "fail to decrypt, string: " + e.getClass().getSimpleName());
                    throw new SecurityException(e.getClass().getSimpleName());
                }
            } catch (BadPaddingException e2) {
                LOG.e(TAG, "fail to decrypt, string: " + e2.getClass().getSimpleName());
                if (parseInt <= 0) {
                    throw new SecurityException(e2.getClass().getSimpleName());
                }
                z = true;
            }
            if (z) {
                try {
                    bArr = decryptByte(parseInt, decode, decode2, decode3);
                } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e3) {
                    LOG.e(TAG, "fail to re-decrypt, string: " + e3.getClass().getSimpleName());
                    throw new SecurityException(e3.getClass().getSimpleName());
                }
            }
            try {
            } catch (UnsupportedEncodingException unused) {
                throw new SecurityException("fail to convert to the string");
            }
        } catch (IllegalArgumentException unused2) {
            throw new IllegalArgumentException("fail to parse input cipher string");
        }
        return new String(bArr, "utf-8");
    }

    public synchronized String encryptString(String str) throws SecurityException {
        String encodeToString;
        byte[] bytes;
        byte[] doFinal;
        byte[] iv;
        if (TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException("input plain string is empty");
        }
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        encodeToString = Base64.encodeToString(bArr, 2);
        try {
            bytes = str.getBytes("utf-8");
            try {
                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                cipher.init(1, this.mKey);
                cipher.updateAAD(bArr);
                doFinal = cipher.doFinal(bytes);
                iv = cipher.getIV();
            } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                LOG.e(TAG, "fail to encrypt, string:  " + e.getClass().getSimpleName());
                throw new SecurityException(e.getClass().getSimpleName());
            }
        } catch (UnsupportedEncodingException e2) {
            throw new SecurityException(e2.getClass().getSimpleName());
        }
        return Integer.toString((doFinal.length - bytes.length) * 8) + "#" + Base64.encodeToString(iv, 2) + "#" + encodeToString + "#" + Base64.encodeToString(doFinal, 2);
    }

    public final void initialize() {
        if (KeyManagerPreferences.access$100()) {
            loadKey();
        } else {
            setupNewKey();
        }
    }

    public final Key loadAesKey() {
        LOG.i(TAG, "try to load existing AES key from android keystore");
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Key key = keyStore.getKey("com.samsung.android.wear.shealth_aeskey", null);
            if (key != null) {
                return key;
            }
            LOG.e(TAG, "fail to get AES key");
            throw new SecurityException("fail to get AES key, mode: " + KeyManagerPreferences.access$500());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            throw new SecurityException(e.getClass().getSimpleName());
        }
    }

    public final void loadKey() {
        LOG.i(TAG, "try to load existing key");
        this.mKey = loadAesKey();
        LOG.i(TAG, "key is loaded successfully, mode: " + KeyManagerPreferences.access$500());
    }

    public final Key setupNewAesKey() {
        LOG.i(TAG, "try to generate AES key in android keystore");
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(new KeyGenParameterSpec.Builder("com.samsung.android.wear.shealth_aeskey", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build());
            return keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new SecurityException(e.getClass().getSimpleName());
        }
    }

    public final void setupNewKey() {
        LOG.i(TAG, "try to setup a new key");
        Key key = setupNewAesKey();
        this.mKey = key;
        if (key == null) {
            LOG.e(TAG, "failed to create AES (encryption) key");
            throw new SecurityException("failed to create AES (encryption) key");
        }
        if (!createDatabaseKey()) {
            LOG.e(TAG, "failed to create database key");
            KeyManagerPreferences.clearAll();
            this.mKey = null;
            throw new SecurityException("failed to create database key");
        }
        KeyManagerPreferences.setMode(20);
        KeyManagerPreferences.setInitialized();
        LOG.i(TAG, "new key setup is completed, mode: 20");
    }
}
