package org.forgerock.android.auth;

import android.content.Context;
import android.util.Base64;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
class AndroidLEncryptor extends AbstractSymmetricEncryptor {
    private static final String AES = "AES";
    private final Context context;
    private final SecretKeyStore secretKeyStore;

    AndroidLEncryptor(Context context, String str, SecretKeyStore secretKeyStore) {
        super(str);
        if (str == null) {
            throw new NullPointerException("keyAlias is marked non-null but is null");
        }
        this.secretKeyStore = secretKeyStore;
        this.context = context;
    }

    @Override // org.forgerock.android.auth.AbstractSymmetricEncryptor
    protected SecretKey getSecretKey() throws GeneralSecurityException {
        String encryptedSecretKey = this.secretKeyStore.getEncryptedSecretKey();
        AsymmetricEncryptor asymmetricEncryptor = new AsymmetricEncryptor(this.context, this.keyAlias);
        if (encryptedSecretKey == null) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(AES);
            keyGenerator.init(256);
            SecretKey generateKey = keyGenerator.generateKey();
            this.secretKeyStore.persist(Base64.encodeToString(asymmetricEncryptor.encrypt(generateKey.getEncoded()), 0));
            return generateKey;
        }
        try {
            return new SecretKeySpec(asymmetricEncryptor.decrypt(Base64.decode(encryptedSecretKey, 0)), AES);
        } catch (EncryptionException e) {
            try {
                reset();
                throw e;
            } catch (Exception e2) {
                throw new EncryptionException(e2);
            }
        }
    }

    @Override // org.forgerock.android.auth.AbstractSymmetricEncryptor
    byte[] init(Cipher cipher) throws GeneralSecurityException {
        byte[] bArr = new byte[12];
        new SecureRandom().nextBytes(bArr);
        cipher.init(1, getSecretKey(), new GCMParameterSpec(128, bArr));
        return bArr;
    }

    @Override // org.forgerock.android.auth.Encryptor
    public void reset() throws GeneralSecurityException, IOException {
        this.secretKeyStore.remove();
        new AsymmetricEncryptor(this.context, this.keyAlias).reset();
    }
}
