package com.linecorp.android.security.encryption;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import java.security.KeyStore;
import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;

/* compiled from: StringAesCipher.kt */
@Metadata(d1 = {"\u0000F\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0010\u0002\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\u0018\u0000  2\u00020\u0001:\u0001 B\u0005¢\u0006\u0002\u0010\u0002J\b\u0010\u000b\u001a\u00020\fH\u0002J\b\u0010\r\u001a\u00020\fH\u0002J\u0018\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u000fH\u0016J\u0018\u0010\u0013\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0014\u001a\u00020\u000fH\u0016J\b\u0010\u0015\u001a\u00020\fH\u0002J\b\u0010\u0016\u001a\u00020\fH\u0002J\u0010\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0010\u001a\u00020\u0011H\u0016J\u001c\u0010\u0019\u001a\u00020\u001a*\u00020\u00042\u0006\u0010\u001b\u001a\u00020\u001a2\u0006\u0010\u001c\u001a\u00020\u001aH\u0002J\u0014\u0010\u001d\u001a\u00020\u0018*\u00020\u001e2\u0006\u0010\u001f\u001a\u00020\u0004H\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082.¢\u0006\u0002\n\u0000R\u001b\u0010\u0005\u001a\u00020\u00068BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\t\u0010\n\u001a\u0004\b\u0007\u0010\b¨\u0006!"}, d2 = {"Lcom/linecorp/android/security/encryption/StringAesCipher;", "Lcom/linecorp/android/security/encryption/StringCipher;", "()V", "hmac", "Ljavax/crypto/Mac;", "keyStore", "Ljava/security/KeyStore;", "getKeyStore", "()Ljava/security/KeyStore;", "keyStore$delegate", "Lkotlin/Lazy;", "createAesKey", "Ljavax/crypto/SecretKey;", "createIntegrityKey", "decrypt", "", "context", "Landroid/content/Context;", "cipherText", "encrypt", "plainText", "getAesSecretKey", "getIntegrityKey", "initialize", "", "calculateHmacValue", "", "encryptedData", "initialVector", "verifyHmacValue", "Lcom/linecorp/android/security/encryption/CipherData;", "mac", "Companion", "line-sdk_release"}, k = 1, mv = {1, 7, 1}, xi = 48)
/* loaded from: classes5.dex */
public final class StringAesCipher implements StringCipher {
    private static final String AES_KEY_ALIAS = "com.linecorp.android.security.encryption.StringAesCipher";
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String INTEGRITY_KEY_ALIAS = "com.linecorp.android.security.encryption.StringAesCipher.INTEGRITY_KEY";
    private static final int KEY_SIZE_IN_BIT = 256;
    private static final String TRANSFORMATION_FORMAT = "AES/CBC/PKCS7Padding";
    private Mac hmac;

    /* renamed from: keyStore$delegate, reason: from kotlin metadata */
    private final Lazy keyStore = LazyKt.lazy(new Function0<KeyStore>() { // from class: com.linecorp.android.security.encryption.StringAesCipher$keyStore$2
        @Override // kotlin.jvm.functions.Function0
        public final KeyStore invoke() {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        }
    });

    private final byte[] calculateHmacValue(Mac mac, byte[] bArr, byte[] bArr2) {
        byte[] doFinal = mac.doFinal(ArraysKt.plus(bArr, bArr2));
        Intrinsics.checkNotNullExpressionValue(doFinal, "doFinal(encryptedData + initialVector)");
        return doFinal;
    }

    private final SecretKey createAesKey() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEY_STORE);
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(AES_KEY_ALIAS, 3).setKeySize(256).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(\n            AES…CS7)\n            .build()");
        keyGenerator.init(build);
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "generateKey()");
        return generateKey;
    }

    private final SecretKey createIntegrityKey() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("HmacSHA256", ANDROID_KEY_STORE);
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(INTEGRITY_KEY_ALIAS, 12).build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(\n            INT…   )\n            .build()");
        keyGenerator.init(build);
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "generateKey()");
        return generateKey;
    }

    private final SecretKey getAesSecretKey() {
        if (!getKeyStore().containsAlias(AES_KEY_ALIAS)) {
            return createAesKey();
        }
        KeyStore.Entry entry = getKeyStore().getEntry(AES_KEY_ALIAS, null);
        Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.SecretKeyEntry");
        SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
        Intrinsics.checkNotNullExpressionValue(secretKey, "{\n            val secret…Entry.secretKey\n        }");
        return secretKey;
    }

    private final SecretKey getIntegrityKey() {
        if (!getKeyStore().containsAlias(INTEGRITY_KEY_ALIAS)) {
            return createIntegrityKey();
        }
        KeyStore.Entry entry = getKeyStore().getEntry(INTEGRITY_KEY_ALIAS, null);
        Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.SecretKeyEntry");
        SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
        Intrinsics.checkNotNullExpressionValue(secretKey, "{\n            val secret…Entry.secretKey\n        }");
        return secretKey;
    }

    private final KeyStore getKeyStore() {
        Object value = this.keyStore.getValue();
        Intrinsics.checkNotNullExpressionValue(value, "<get-keyStore>(...)");
        return (KeyStore) value;
    }

    private final void verifyHmacValue(CipherData cipherData, Mac mac) {
        if (!MessageDigest.isEqual(calculateHmacValue(mac, cipherData.getEncryptedData(), cipherData.getInitialVector()), cipherData.getHmacValue())) {
            throw new SecurityException("Cipher text has been tampered with.");
        }
    }

    @Override // com.linecorp.android.security.encryption.StringCipher
    public String decrypt(Context context, String cipherText) {
        String str;
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(cipherText, "cipherText");
        synchronized (this) {
            try {
                SecretKey aesSecretKey = getAesSecretKey();
                CipherData decodeFromBase64String = CipherData.INSTANCE.decodeFromBase64String(cipherText);
                Mac mac = this.hmac;
                if (mac == null) {
                    Intrinsics.throwUninitializedPropertyAccessException("hmac");
                    mac = null;
                }
                verifyHmacValue(decodeFromBase64String, mac);
                IvParameterSpec ivParameterSpec = new IvParameterSpec(decodeFromBase64String.getInitialVector());
                Cipher cipher = Cipher.getInstance(TRANSFORMATION_FORMAT);
                cipher.init(2, aesSecretKey, ivParameterSpec);
                byte[] it = cipher.doFinal(decodeFromBase64String.getEncryptedData());
                Intrinsics.checkNotNullExpressionValue(it, "it");
                str = new String(it, Charsets.UTF_8);
            } catch (Exception e) {
                throw new EncryptionException("Failed to decrypt", e);
            }
        }
        return str;
    }

    @Override // com.linecorp.android.security.encryption.StringCipher
    public String encrypt(Context context, String plainText) {
        String encodeToBase64String;
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(plainText, "plainText");
        synchronized (this) {
            initialize(context);
            try {
                SecretKey aesSecretKey = getAesSecretKey();
                Cipher cipher = Cipher.getInstance(TRANSFORMATION_FORMAT);
                cipher.init(1, aesSecretKey);
                byte[] bytes = plainText.getBytes(Charsets.UTF_8);
                Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
                byte[] doFinal = cipher.doFinal(bytes);
                Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(plainText.toByteArray())");
                byte[] iv = cipher.getIV();
                Intrinsics.checkNotNullExpressionValue(iv, "cipher.iv");
                Mac mac = this.hmac;
                if (mac == null) {
                    Intrinsics.throwUninitializedPropertyAccessException("hmac");
                    mac = null;
                }
                byte[] iv2 = cipher.getIV();
                Intrinsics.checkNotNullExpressionValue(iv2, "cipher.iv");
                encodeToBase64String = new CipherData(doFinal, iv, calculateHmacValue(mac, doFinal, iv2)).encodeToBase64String();
            } catch (Exception e) {
                throw new EncryptionException("Failed to encrypt", e);
            }
        }
        return encodeToBase64String;
    }

    @Override // com.linecorp.android.security.encryption.StringCipher
    public void initialize(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        if (this.hmac != null) {
            return;
        }
        synchronized (this) {
            getAesSecretKey();
            SecretKey integrityKey = getIntegrityKey();
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(integrityKey);
            Intrinsics.checkNotNullExpressionValue(mac, "getInstance(KeyPropertie…tegrityKey)\n            }");
            this.hmac = mac;
            Unit unit = Unit.INSTANCE;
        }
    }
}
