package ohos.security.deviceauth.sdk.utils;

import android.security.keystore.KeyGenParameterSpec;
import com.huawei.health.industry.service.c;
import com.huawei.health.industry.service.logmodel.logutil.impl.writer.common.a;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes6.dex */
public class KeyStoreHelper {
    public static final String AES_GCM_NOPADDING = "AES/GCM/NoPadding";
    public static final String ANDROID_KEYSTORE_PROVIDER = "AndroidKeyStore";
    public static final int DEFAULT_IV_SIZE = 12;
    public static final int DEFAULT_KEY_SIZE = 256;
    public static final int DEFAULT_TAG_SIZE = 128;
    public static final byte EMPTY_BYTE = 0;
    public static final String SUFFIX = "_for_hichain";
    public static final String TAG = "KeyStoreHelper";

    public static byte[] decrypt(byte[] bArr) {
        String str;
        if (bArr == null || bArr.length < 12) {
            str = "Invalid cipher.";
        } else {
            SecretKey loadAppSecretKey = loadAppSecretKey();
            if (loadAppSecretKey == null) {
                c.b(TAG, "secKey = null");
                return new byte[0];
            }
            try {
                Cipher cipher = Cipher.getInstance(AES_GCM_NOPADDING);
                byte[] bArr2 = new byte[12];
                System.arraycopy(bArr, 0, bArr2, 0, 12);
                cipher.init(2, loadAppSecretKey, new GCMParameterSpec(128, bArr2));
                int length = bArr.length - 12;
                byte[] bArr3 = new byte[length];
                System.arraycopy(bArr, 12, bArr3, 0, length);
                byte[] doFinal = cipher.doFinal(bArr3);
                if (doFinal != null && doFinal.length != 0) {
                    Arrays.fill(bArr3, (byte) 0);
                    Arrays.fill(bArr2, (byte) 0);
                    return doFinal;
                }
                c.b(TAG, "Decrypt failed.");
                return new byte[0];
            } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException unused) {
                str = "Error happens in decrypting.";
            }
        }
        c.a(TAG, str);
        return new byte[0];
    }

    public static byte[] encrypt(byte[] bArr) {
        String str;
        if (bArr == null || bArr.length <= 0) {
            str = "Invalid input data.";
        } else {
            SecretKey generateKey = generateKey();
            if (generateKey == null) {
                c.b(TAG, "Secret key is null.");
                return new byte[0];
            }
            try {
                Cipher cipher = Cipher.getInstance(AES_GCM_NOPADDING);
                cipher.init(1, generateKey);
                byte[] doFinal = cipher.doFinal(bArr);
                byte[] iv = cipher.getIV();
                if (doFinal != null && doFinal.length != 0 && iv != null && iv.length != 0) {
                    byte[] bArr2 = new byte[doFinal.length + iv.length];
                    System.arraycopy(iv, 0, bArr2, 0, iv.length);
                    System.arraycopy(doFinal, 0, bArr2, iv.length, doFinal.length);
                    Arrays.fill(doFinal, (byte) 0);
                    Arrays.fill(iv, (byte) 0);
                    return bArr2;
                }
                c.a(TAG, "Encrypt failed.");
                return new byte[0];
            } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException unused) {
                str = "Error happens in encryption.";
            }
        }
        c.a(TAG, str);
        return new byte[0];
    }

    public static SecretKey generateKey() {
        SecretKey loadAppSecretKey = loadAppSecretKey();
        if (loadAppSecretKey != null) {
            c.b(TAG, "Master key is already generated");
            return loadAppSecretKey;
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(new KeyGenParameterSpec.Builder(a.b.getPackageName() + SUFFIX, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build());
            return keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException unused) {
            c.a(TAG, "Error happens in generating key.");
            return loadAppSecretKey;
        }
    }

    public static SecretKey loadAppSecretKey() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Key key = keyStore.getKey(a.b.getPackageName() + SUFFIX, null);
            if (key instanceof SecretKey) {
                return (SecretKey) key;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException unused) {
            c.a(TAG, "Load app secret key failed");
        }
        return null;
    }
}
