package com.expressvpn.vpn.config.crypter;

import android.content.Context;
import com.expressvpn.utils.android.log.L;
import com.expressvpn.utils.android.log.Logger;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes.dex */
public class PiiCrypter extends Crypter {
    private static final L l = Logger.newLog(Logger.getLogTag(PiiCrypter.class));
    private KeyStore keystore = null;
    private SecretKey key = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PiiCrypter(Context context) {
        this.context = context;
    }

    private void generateKey() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyStoreException, IOException, CertificateException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(new SecureRandom());
        this.key = keyGenerator.generateKey();
        this.keystore.setEntry("protection", new KeyStore.SecretKeyEntry(this.key), new KeyStore.PasswordProtection(null));
        saveKeyStore();
    }

    private void loadKey() throws NoSuchProviderException, InvalidAlgorithmParameterException, CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, UnrecoverableKeyException {
        if (this.key != null) {
            return;
        }
        loadKeyStore();
        this.key = (SecretKey) this.keystore.getKey("protection", null);
        if (this.key == null) {
            generateKey();
        } else {
            l.d("Key is found");
        }
    }

    private void loadKeyStore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        if (this.keystore != null) {
            return;
        }
        l.d("load keystore ");
        this.keystore = KeyStore.getInstance("BKS");
        File file = new File(this.context.getFilesDir(), "protect.bks");
        if (file.exists()) {
            this.keystore.load(new FileInputStream(file), null);
        } else {
            this.keystore.load(null);
            saveKeyStore();
        }
    }

    private void saveKeyStore() throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException {
        this.keystore.store(new FileOutputStream(new File(this.context.getFilesDir(), "protect.bks")), null);
    }

    @Override // com.expressvpn.vpn.config.crypter.Crypter
    public byte[] decrypt(byte[] bArr) throws Exception {
        loadKey();
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
        byte[] bArr2 = new byte[16];
        System.arraycopy(bArr, 0, bArr2, 0, 16);
        cipher.init(2, this.key, new IvParameterSpec(bArr2));
        return cipher.doFinal(bArr, 16, bArr.length - 16);
    }

    @Override // com.expressvpn.vpn.config.crypter.Crypter
    public byte[] encrypt(byte[] bArr) throws Exception {
        loadKey();
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
        cipher.init(1, this.key);
        byte[] iv = cipher.getIV();
        l.d("iv len = " + iv.length);
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] bArr2 = new byte[iv.length + doFinal.length];
        System.arraycopy(iv, 0, bArr2, 0, iv.length);
        System.arraycopy(doFinal, 0, bArr2, iv.length, doFinal.length);
        return bArr2;
    }

    @Override // com.expressvpn.vpn.config.crypter.Crypter
    public String getMarker() {
        return "{EVPNPII}";
    }

    @Override // com.expressvpn.vpn.config.crypter.Crypter
    public boolean keyAvailable() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, UnrecoverableKeyException {
        loadKeyStore();
        this.key = (SecretKey) this.keystore.getKey("protection", null);
        return this.key != null;
    }
}
