package com.microsoft.intune.fencing.util;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.microsoft.omadm.utils.CryptoUtils;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes2.dex */
public class DataEncryptionUtil {
    protected static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS7Padding";
    private static final int IV_BYTES = 16;
    protected static final String KEY_ALIAS = "FencingSecretKey";
    private static final Logger LOGGER = Logger.getLogger(DataEncryptionUtil.class.getName());
    private final Context context;

    public DataEncryptionUtil(Context context) {
        this.context = context;
    }

    private SecretKey getSecretKey(Context context) {
        LOGGER.info("Get fencing secret key.");
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(KEY_ALIAS)) {
                LOGGER.info("Get existing fencing secret key.");
                return (SecretKey) keyStore.getKey(KEY_ALIAS, null);
            }
            LOGGER.info("Generate a new fencing secret key.");
            KeyGenerator keyGenerator = KeyGenerator.getInstance(CryptoUtils.KEY_ALGORITHM_AES, "AndroidKeyStore");
            keyGenerator.init(new KeyGenParameterSpec.Builder(KEY_ALIAS, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").build());
            return keyGenerator.generateKey();
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "Can't get fencing secret key.", (Throwable) e);
            return null;
        }
    }

    public synchronized String decryptData(String str) {
        LOGGER.info("Decrypt fencing data.");
        if (str != null && str.length() != 0) {
            SecretKey secretKey = getSecretKey(this.context);
            if (secretKey != null) {
                try {
                    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                    byte[] decode = Base64.decode(str, 0);
                    cipher.init(2, secretKey, new IvParameterSpec(decode, 0, 16));
                    return new String(cipher.doFinal(decode, 16, decode.length - 16), StandardCharsets.US_ASCII);
                } catch (Exception e) {
                    LOGGER.log(Level.SEVERE, "Can't decrypt fencing data.", (Throwable) e);
                }
            }
            return null;
        }
        LOGGER.info("Null or empty string will not be decrypted.");
        return str;
    }

    public synchronized String encryptData(String str) {
        LOGGER.info("Encrypt fencing data.");
        if (str != null && str.length() != 0) {
            SecretKey secretKey = getSecretKey(this.context);
            if (secretKey != null && str != null) {
                try {
                    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                    cipher.init(1, secretKey);
                    IvParameterSpec ivParameterSpec = (IvParameterSpec) cipher.getParameters().getParameterSpec(IvParameterSpec.class);
                    byte[] doFinal = cipher.doFinal(str.getBytes(StandardCharsets.US_ASCII));
                    byte[] iv = ivParameterSpec.getIV();
                    byte[] bArr = new byte[doFinal.length + 16];
                    System.arraycopy(iv, 0, bArr, 0, 16);
                    System.arraycopy(doFinal, 0, bArr, 16, doFinal.length);
                    return Base64.encodeToString(bArr, 0);
                } catch (Exception e) {
                    LOGGER.log(Level.SEVERE, "Can't encrypt fencing data.", (Throwable) e);
                }
            }
            return null;
        }
        LOGGER.info("Null or empty string will not be encrypted.");
        return str;
    }
}
