package org.briarproject.briar.android;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import org.briarproject.bramble.api.crypto.KeyStrengthener;
import org.briarproject.bramble.util.LogUtils;

/* loaded from: classes.dex */
class AndroidKeyStrengthener implements KeyStrengthener {
    private static final String KEY_ALIAS = "db";
    private static final int KEY_BITS = 256;
    private static final String KEY_STORE_TYPE = "AndroidKeyStore";
    private static final Logger LOG = Logger.getLogger(AndroidKeyStrengthener.class.getName());
    private static final String PROVIDER_NAME = "AndroidKeyStore";
    private final List<AlgorithmParameterSpec> specs;
    private SecretKey storedKey = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AndroidKeyStrengthener() {
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(KEY_ALIAS, 4).setKeySize(KEY_BITS).build();
        if (Build.VERSION.SDK_INT >= 28) {
            this.specs = Arrays.asList(new KeyGenParameterSpec.Builder(KEY_ALIAS, 4).setIsStrongBoxBacked(true).setKeySize(KEY_BITS).build(), build);
        } else {
            this.specs = Collections.singletonList(build);
        }
    }

    private synchronized void initialise() throws GeneralSecurityException {
        for (AlgorithmParameterSpec algorithmParameterSpec : this.specs) {
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("HmacSHA256", "AndroidKeyStore");
                keyGenerator.init(algorithmParameterSpec);
                this.storedKey = keyGenerator.generateKey();
                LOG.info("Stored key in keystore");
            } catch (Exception e) {
                Logger logger = LOG;
                if (logger.isLoggable(Level.INFO)) {
                    logger.info("Could not generate key: " + e);
                }
            }
        }
        throw new GeneralSecurityException("Could not generate key");
    }

    @Override // org.briarproject.bramble.api.crypto.KeyStrengthener
    public synchronized boolean isInitialised() {
        if (this.storedKey != null) {
            return true;
        }
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                KeyStore.Entry entry = keyStore.getEntry(KEY_ALIAS, null);
                if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                    return false;
                }
                this.storedKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
                LOG.info("Loaded key from keystore");
                return true;
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        } catch (GeneralSecurityException e2) {
            LogUtils.logException(LOG, Level.WARNING, e2);
            return false;
        }
    }

    @Override // org.briarproject.bramble.api.crypto.KeyStrengthener
    public synchronized org.briarproject.bramble.api.crypto.SecretKey strengthenKey(org.briarproject.bramble.api.crypto.SecretKey secretKey) {
        Mac mac;
        try {
            if (!isInitialised()) {
                initialise();
            }
            mac = Mac.getInstance("HmacSHA256");
            mac.init(this.storedKey);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
        return new org.briarproject.bramble.api.crypto.SecretKey(mac.doFinal(secretKey.getBytes()));
    }
}
