package com.amazon.tahoe.kinesis.crypto;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import com.amazon.tahoe.utils.log.FreeTimeLog;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.GregorianCalendar;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.security.auth.x500.X500Principal;

@Singleton
/* loaded from: classes.dex */
public final class SecretKeyWrapper {
    Cipher mCipher;
    private final Context mContext;
    KeyPair mPair;

    @Inject
    public SecretKeyWrapper(Context context) {
        this.mContext = context;
        initializeSecretKeyWrapper();
    }

    private void generateKeyPair(String str) throws GeneralSecurityException {
        if (Build.VERSION.SDK_INT < 23) {
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            gregorianCalendar2.add(1, 100);
            generateKeyPairWithSpec(new KeyPairGeneratorSpec.Builder(this.mContext).setAlias(str).setSubject(new X500Principal("CN=" + str)).setSerialNumber(BigInteger.ONE).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build());
            return;
        }
        GregorianCalendar gregorianCalendar3 = new GregorianCalendar();
        GregorianCalendar gregorianCalendar4 = new GregorianCalendar();
        gregorianCalendar4.add(1, 100);
        generateKeyPairWithSpec(new KeyGenParameterSpec.Builder(str, 7).setCertificateSubject(new X500Principal("CN=" + str)).setCertificateSerialNumber(BigInteger.ONE).setKeyValidityStart(gregorianCalendar3.getTime()).setKeyValidityEnd(gregorianCalendar4.getTime()).setEncryptionPaddings("PKCS1Padding").build());
    }

    private static void generateKeyPairWithSpec(AlgorithmParameterSpec algorithmParameterSpec) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(algorithmParameterSpec);
        keyPairGenerator.generateKeyPair();
    }

    private void initializeSecretKeyWrapper() {
        KeyStore.PrivateKeyEntry privateKeyEntry;
        try {
            this.mCipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (!keyStore.containsAlias("secretKey")) {
                generateKeyPair("secretKey");
            }
            try {
                privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("secretKey", null);
            } catch (Exception e) {
                FreeTimeLog.e().event("Encountered error trying to retrieve private key, clearing entry").throwable(e).log();
                keyStore.deleteEntry("secretKey");
                generateKeyPair("secretKey");
                privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("secretKey", null);
            }
            this.mPair = new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
        } catch (Exception e2) {
            FreeTimeLog.e("Could not instantiate secret key wrapper properly.", e2);
        }
    }

    public final SecretKey unwrap(byte[] bArr) throws GeneralSecurityException {
        try {
            this.mCipher.init(4, this.mPair.getPrivate());
            return (SecretKey) this.mCipher.unwrap(bArr, "AES", 3);
        } catch (GeneralSecurityException e) {
            FreeTimeLog.e("Error unwrapping existing data key. Hence, re-initializing", e);
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                if (keyStore.containsAlias("secretKey")) {
                    keyStore.deleteEntry("secretKey");
                }
            } catch (Exception e2) {
                FreeTimeLog.e("Error clearing secret key wrapper from Android key store.", e2);
            }
            initializeSecretKeyWrapper();
            throw e;
        }
    }
}
