package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.content.SharedPreferences;
import android.preference.PreferenceManager;
import android.util.Log;
import androidx.camera.core.processing.OpenGlRenderer$$ExternalSyntheticOutline2;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.BinaryKeysetReader;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.Util;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import com.google.crypto.tink.subtle.Hex;
import java.io.ByteArrayInputStream;
import java.io.CharConversionException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;

/* loaded from: classes2.dex */
public final class AndroidKeysetManager {
    public static final Object lock = new Object();
    public final KeysetManager keysetManager;
    public final Aead masterAead;

    /* loaded from: classes2.dex */
    public static final class Builder {
        public KeysetManager keysetManager;
        public Context context = null;
        public String keysetName = null;
        public String prefFileName = null;
        public String masterKeyUri = null;
        public AndroidKeystoreAesGcm masterAead = null;
        public final boolean useKeystore = true;
        public KeyTemplate keyTemplate = null;

        public static byte[] readKeysetFromPrefs(Context context, String str, String str2) throws IOException {
            if (str == null) {
                throw new IllegalArgumentException("keysetName cannot be null");
            }
            Context applicationContext = context.getApplicationContext();
            try {
                String string2 = (str2 == null ? PreferenceManager.getDefaultSharedPreferences(applicationContext) : applicationContext.getSharedPreferences(str2, 0)).getString(str, null);
                if (string2 == null) {
                    return null;
                }
                return Hex.decode(string2);
            } catch (ClassCastException | IllegalArgumentException unused) {
                throw new CharConversionException(OpenGlRenderer$$ExternalSyntheticOutline2.m("can't read keyset; the pref value ", str, " is not a valid hex string"));
            }
        }

        public static KeysetManager readKeysetInCleartext(byte[] bArr) throws GeneralSecurityException, IOException {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                Keyset parseFrom = Keyset.parseFrom(byteArrayInputStream, ExtensionRegistryLite.getEmptyRegistry());
                byteArrayInputStream.close();
                return new KeysetManager(KeysetHandle.fromKeyset(parseFrom).keyset.toBuilder$1());
            } catch (Throwable th) {
                byteArrayInputStream.close();
                throw th;
            }
        }

        public final synchronized AndroidKeysetManager build() throws GeneralSecurityException, IOException {
            AndroidKeysetManager androidKeysetManager;
            try {
                if (this.keysetName == null) {
                    throw new IllegalArgumentException("keysetName cannot be null");
                }
                synchronized (AndroidKeysetManager.lock) {
                    try {
                        byte[] readKeysetFromPrefs = readKeysetFromPrefs(this.context, this.keysetName, this.prefFileName);
                        if (readKeysetFromPrefs == null) {
                            if (this.masterKeyUri != null) {
                                this.masterAead = readOrGenerateNewMasterKey();
                            }
                            this.keysetManager = generateKeysetAndWriteToPrefs();
                        } else if (this.masterKeyUri != null) {
                            this.keysetManager = readMasterkeyDecryptAndParseKeyset(readKeysetFromPrefs);
                        } else {
                            this.keysetManager = readKeysetInCleartext(readKeysetFromPrefs);
                        }
                        androidKeysetManager = new AndroidKeysetManager(this);
                    } finally {
                    }
                }
            } catch (Throwable th) {
                throw th;
            }
            return androidKeysetManager;
        }

        public final KeysetManager generateKeysetAndWriteToPrefs() throws GeneralSecurityException, IOException {
            if (this.keyTemplate == null) {
                throw new GeneralSecurityException("cannot read or generate keyset");
            }
            KeysetManager keysetManager = new KeysetManager(Keyset.newBuilder());
            KeyTemplate keyTemplate = this.keyTemplate;
            synchronized (keysetManager) {
                keysetManager.addNewKey(keyTemplate.kt);
            }
            int keyId = Util.getKeysetInfo(keysetManager.getKeysetHandle().keyset).getKeyInfo().getKeyId();
            synchronized (keysetManager) {
                for (int i = 0; i < ((Keyset) keysetManager.keysetBuilder.instance).getKeyCount(); i++) {
                    Keyset.Key key = ((Keyset) keysetManager.keysetBuilder.instance).getKey(i);
                    if (key.getKeyId() == keyId) {
                        if (!key.getStatus().equals(KeyStatusType.ENABLED)) {
                            throw new GeneralSecurityException("cannot set key as primary because it's not enabled: " + keyId);
                        }
                        Keyset.Builder builder = keysetManager.keysetBuilder;
                        builder.copyOnWrite();
                        ((Keyset) builder.instance).primaryKeyId_ = keyId;
                    }
                }
                throw new GeneralSecurityException("key not found: " + keyId);
            }
            Context context = this.context;
            String str = this.keysetName;
            String str2 = this.prefFileName;
            if (str == null) {
                throw new IllegalArgumentException("keysetName cannot be null");
            }
            Context applicationContext = context.getApplicationContext();
            SharedPreferences.Editor edit = str2 == null ? PreferenceManager.getDefaultSharedPreferences(applicationContext).edit() : applicationContext.getSharedPreferences(str2, 0).edit();
            if (this.masterAead != null) {
                KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
                AndroidKeystoreAesGcm androidKeystoreAesGcm = this.masterAead;
                byte[] bArr = new byte[0];
                Keyset keyset = keysetHandle.keyset;
                byte[] encrypt = androidKeystoreAesGcm.encrypt(keyset.toByteArray(), bArr);
                try {
                    if (!Keyset.parseFrom(androidKeystoreAesGcm.decrypt(encrypt, bArr), ExtensionRegistryLite.getEmptyRegistry()).equals(keyset)) {
                        throw new GeneralSecurityException("cannot encrypt keyset");
                    }
                    EncryptedKeyset.Builder newBuilder = EncryptedKeyset.newBuilder();
                    ByteString.LiteralByteString copyFrom = ByteString.copyFrom(0, encrypt.length, encrypt);
                    newBuilder.copyOnWrite();
                    EncryptedKeyset.access$100((EncryptedKeyset) newBuilder.instance, copyFrom);
                    KeysetInfo keysetInfo = Util.getKeysetInfo(keyset);
                    newBuilder.copyOnWrite();
                    EncryptedKeyset.access$300((EncryptedKeyset) newBuilder.instance, keysetInfo);
                    if (!edit.putString(str, Hex.encode(newBuilder.build$1().toByteArray())).commit()) {
                        throw new IOException("Failed to write to SharedPreferences");
                    }
                } catch (InvalidProtocolBufferException unused) {
                    throw new GeneralSecurityException("invalid keyset, corrupted key material");
                }
            } else if (!edit.putString(str, Hex.encode(keysetManager.getKeysetHandle().keyset.toByteArray())).commit()) {
                throw new IOException("Failed to write to SharedPreferences");
            }
            return keysetManager;
        }

        public final KeysetManager readMasterkeyDecryptAndParseKeyset(byte[] bArr) throws GeneralSecurityException, IOException {
            try {
                this.masterAead = new AndroidKeystoreKmsClient().getAead(this.masterKeyUri);
                try {
                    return new KeysetManager(KeysetHandle.read(new BinaryKeysetReader(new ByteArrayInputStream(bArr)), this.masterAead).keyset.toBuilder$1());
                } catch (IOException | GeneralSecurityException e) {
                    try {
                        return readKeysetInCleartext(bArr);
                    } catch (IOException unused) {
                        throw e;
                    }
                }
            } catch (GeneralSecurityException | ProviderException e2) {
                try {
                    KeysetManager readKeysetInCleartext = readKeysetInCleartext(bArr);
                    Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e2);
                    return readKeysetInCleartext;
                } catch (IOException unused2) {
                    throw e2;
                }
            }
        }

        public final AndroidKeystoreAesGcm readOrGenerateNewMasterKey() throws GeneralSecurityException {
            AndroidKeystoreKmsClient androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
            try {
                boolean generateKeyIfNotExist = AndroidKeystoreKmsClient.generateKeyIfNotExist(this.masterKeyUri);
                try {
                    return androidKeystoreKmsClient.getAead(this.masterKeyUri);
                } catch (GeneralSecurityException | ProviderException e) {
                    if (!generateKeyIfNotExist) {
                        throw new KeyStoreException(OpenGlRenderer$$ExternalSyntheticOutline2.m("the master key ", this.masterKeyUri, " exists but is unusable"), e);
                    }
                    Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e);
                    return null;
                }
            } catch (GeneralSecurityException | ProviderException e2) {
                Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e2);
                return null;
            }
        }

        public final void withMasterKeyUri(String str) {
            if (!str.startsWith("android-keystore://")) {
                throw new IllegalArgumentException("key URI must start with android-keystore://");
            }
            if (!this.useKeystore) {
                throw new IllegalArgumentException("cannot call withMasterKeyUri() after calling doNotUseKeystore()");
            }
            this.masterKeyUri = str;
        }
    }

    public AndroidKeysetManager(Builder builder) {
        Context context = builder.context;
        String str = builder.keysetName;
        String str2 = builder.prefFileName;
        if (str == null) {
            throw new IllegalArgumentException("keysetName cannot be null");
        }
        Context applicationContext = context.getApplicationContext();
        if (str2 == null) {
            PreferenceManager.getDefaultSharedPreferences(applicationContext).edit();
        } else {
            applicationContext.getSharedPreferences(str2, 0).edit();
        }
        AndroidKeystoreAesGcm androidKeystoreAesGcm = builder.masterAead;
        this.keysetManager = builder.keysetManager;
    }
}
