package com.surfeasy.sdk.secretkeeper;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import com.google.android.gms.stats.CodePackage;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.ProviderException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import javax.crypto.KeyGenerator;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
class AesGcmKeyGenerator {
    static final String KEYSTORE_PROVIDER_ANDROID = "AndroidKeyStore";
    static final int KEY_SIZE = 256;
    static final String TRANSFORMATION_AES_GCM_NOPADDING = "AES/GCM/NoPadding";
    static final String TYPE_AES = "AES";
    private String keyAlias;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AesGcmKeyGenerator(String str) {
        this.keyAlias = str;
    }

    private void createKeys() throws Exception {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 25);
        KeyGenerator keyGenerator = KeyGenerator.getInstance(TYPE_AES, KEYSTORE_PROVIDER_ANDROID);
        KeyGenParameterSpec.Builder keyGenParameterSpec = getKeyGenParameterSpec(calendar, calendar2);
        if (Build.VERSION.SDK_INT >= 28) {
            keyGenParameterSpec.setIsStrongBoxBacked(true);
        }
        try {
            generateKey(keyGenerator, keyGenParameterSpec.build());
        } catch (ProviderException unused) {
            generateKey(keyGenerator, getKeyGenParameterSpec(calendar, calendar2).build());
        }
    }

    private void generateKey(KeyGenerator keyGenerator, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        keyGenerator.init(algorithmParameterSpec);
        keyGenerator.generateKey();
    }

    private KeyGenParameterSpec.Builder getKeyGenParameterSpec(Calendar calendar, Calendar calendar2) {
        return new KeyGenParameterSpec.Builder(this.keyAlias, 3).setCertificateSubject(new X500Principal("CN=" + this.keyAlias)).setDigests("SHA-256").setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).setCertificateSerialNumber(BigInteger.valueOf(1L)).setCertificateNotBefore(calendar.getTime()).setKeySize(256).setCertificateNotAfter(calendar2.getTime());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void createKeysIfNeeded() throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER_ANDROID);
        keyStore.load(null);
        if (keyStore.getEntry(this.keyAlias, null) == null) {
            createKeys();
        }
    }
}
