package com.google.commerce.tapandpay.android.security;

import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.util.Pair;
import com.google.commerce.tapandpay.android.logging.CLog;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes.dex */
public final class SecureHardwareEncryptionUtil {
    private static SecretKey checkInSecureHardware(SecretKey secretKey) {
        if (((KeyInfo) SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(secretKey, KeyInfo.class)).isInsideSecureHardware()) {
            return secretKey;
        }
        return null;
    }

    public static final byte[] decryptInSecureHardware$ar$ds(byte[] bArr, byte[] bArr2) {
        SecretKey orCreateKeyInSecureHardware$ar$ds = getOrCreateKeyInSecureHardware$ar$ds();
        if (orCreateKeyInSecureHardware$ar$ds == null) {
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, orCreateKeyInSecureHardware$ar$ds, new GCMParameterSpec(128, bArr2));
            return cipher.doFinal(bArr);
        } catch (GeneralSecurityException e) {
            CLog.e("SecEncryptionUtil", "Decryption error", e);
            return null;
        }
    }

    public static final Pair<byte[], byte[]> encryptInSecureHardware$ar$ds(byte[] bArr) {
        SecretKey orCreateKeyInSecureHardware$ar$ds = getOrCreateKeyInSecureHardware$ar$ds();
        if (orCreateKeyInSecureHardware$ar$ds == null) {
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, orCreateKeyInSecureHardware$ar$ds);
            return Pair.create(cipher.doFinal(bArr), cipher.getIV());
        } catch (GeneralSecurityException e) {
            CLog.e("SecEncryptionUtil", "Encryption error", e);
            return null;
        }
    }

    private static SecretKey getOrCreateKeyInSecureHardware$ar$ds() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias("storage_key_alias")) {
                return checkInSecureHardware((SecretKey) keyStore.getKey("storage_key_alias", null));
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(new KeyGenParameterSpec.Builder("storage_key_alias", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
            return checkInSecureHardware(keyGenerator.generateKey());
        } catch (IOException | GeneralSecurityException e) {
            CLog.e("SecEncryptionUtil", "getOrCreateKeyInSecureHardware error", e);
            return null;
        }
    }
}
