package com.google.commerce.tapandpay.android.security;

import android.annotation.TargetApi;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.util.Pair;
import com.google.commerce.tapandpay.android.logging.CLog;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;

@TargetApi(23)
/* loaded from: classes.dex */
public class SecureHardwareEncryptionUtil {
    private static SecretKey checkInSecureHardware(SecretKey secretKey) throws GeneralSecurityException {
        if (((KeyInfo) SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(secretKey, KeyInfo.class)).isInsideSecureHardware()) {
            return secretKey;
        }
        return null;
    }

    public static byte[] decryptInSecureHardware(String str, byte[] bArr, byte[] bArr2) {
        SecretKey orCreateKeyInSecureHardware = getOrCreateKeyInSecureHardware(str);
        if (orCreateKeyInSecureHardware == null) {
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, orCreateKeyInSecureHardware, new GCMParameterSpec(128, bArr2));
            return cipher.doFinal(bArr);
        } catch (GeneralSecurityException e) {
            CLog.e("SecEncryptionUtil", "Decryption error", e);
            return null;
        }
    }

    public static Pair<byte[], byte[]> encryptInSecureHardware(String str, byte[] bArr) {
        SecretKey orCreateKeyInSecureHardware = getOrCreateKeyInSecureHardware(str);
        if (orCreateKeyInSecureHardware == null) {
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, orCreateKeyInSecureHardware);
            return Pair.create(cipher.doFinal(bArr), cipher.getIV());
        } catch (GeneralSecurityException e) {
            CLog.e("SecEncryptionUtil", "Encryption error", e);
            return null;
        }
    }

    private static SecretKey getOrCreateKeyInSecureHardware(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(str)) {
                return checkInSecureHardware((SecretKey) keyStore.getKey(str, null));
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
            return checkInSecureHardware(keyGenerator.generateKey());
        } catch (IOException | GeneralSecurityException e) {
            CLog.e("SecEncryptionUtil", "getOrCreateKeyInSecureHardware error", e);
            return null;
        }
    }
}
