package com.silentcircle.keystore;

import android.annotation.TargetApi;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import com.silentcircle.logs.Log;
import com.silentcircle.silentphone2.util.Utilities;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class GenerateSecure {
    private static final byte[] SILENT_CIRCLE = {83, 105, 108, 101, 110, 116, 67, 105, 114, 99, 108, 101, 83, 101, 99, 117};
    private static boolean isInsideSecureHardware;

    @TargetApi(23)
    private static SecretKey createSecureKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(new KeyGenParameterSpec.Builder("spa_key_1", 1).setBlockModes("CBC").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
            SecretKey generateKey = keyGenerator.generateKey();
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.setKeyEntry("spa_key_1", generateKey, null, null);
            return generateKey;
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e) {
            Log.e("GenerateSecure", "Failed to create and store secure key in AndroidKeyStore", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static char[] generatePassword(String str) {
        byte[] digest;
        SecretKey loadSecureKey = loadSecureKey();
        if (loadSecureKey == null && (loadSecureKey = createSecureKey()) == null) {
            return null;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.reset();
            messageDigest.update(SILENT_CIRCLE);
            messageDigest.update(str.getBytes());
            digest = messageDigest.digest();
        } catch (NoSuchAlgorithmException unused) {
        }
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            if (digest.length % cipher.getBlockSize() != 0) {
                Log.e("GenerateSecure", "Wrong hash size for encryption mode.");
                return null;
            }
            isInsideSecureHardware = isSecureHardware(loadSecureKey);
            cipher.init(1, loadSecureKey, new IvParameterSpec(SILENT_CIRCLE));
            byte[] doFinal = cipher.doFinal(digest);
            char[] bytesToHexChars = Utilities.bytesToHexChars(doFinal);
            if (bytesToHexChars.length != 64) {
                Log.e("GenerateSecure", "Wrong key length size for encryption mode.");
                return null;
            }
            Arrays.fill(doFinal, (byte) 0);
            return bytesToHexChars;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            Log.e("GenerateSecure", "Failed to create secure key for key store", e);
            return null;
        }
    }

    public static boolean isKeyInsideSecureHardware() {
        return isInsideSecureHardware;
    }

    @TargetApi(23)
    private static boolean isSecureHardware(SecretKey secretKey) {
        if (Build.VERSION.SDK_INT < 23) {
            return false;
        }
        try {
            return ((KeyInfo) SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(secretKey, KeyInfo.class)).isInsideSecureHardware();
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException unused) {
            return false;
        }
    }

    private static SecretKey loadSecureKey() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return (SecretKey) keyStore.getKey("spa_key_1", null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            Log.e("GenerateSecure", "Failed to load secure key in AndroidKeystore", e);
            return null;
        }
    }
}
