package com.microsoft.walletlibrary.did.sdk.crypto.keyStore;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.keystore.KeyGenParameterSpec;
import androidx.security.crypto.EncryptedSharedPreferences;
import androidx.security.crypto.MasterKeys;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.DeterministicAead;
import com.google.crypto.tink.KeyTemplates;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.Registry;
import com.google.crypto.tink.aead.AeadConfig;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.daead.AesSivKeyManager;
import com.google.crypto.tink.daead.DeterministicAeadConfig;
import com.google.crypto.tink.daead.DeterministicAeadWrapper;
import com.google.crypto.tink.integration.android.AndroidKeysetManager;
import com.microsoft.walletlibrary.did.sdk.util.controlflow.SdkException;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.shaded.json.JSONObject;
import com.nimbusds.jose.shaded.json.JSONValue;
import com.nimbusds.jose.util.JSONObjectUtils;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.ProviderException;
import java.util.Arrays;
import java.util.HashMap;
import javax.crypto.KeyGenerator;
import javax.inject.Inject;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.SynchronizedLazyImpl;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: EncryptedKeyStore.kt */
/* loaded from: classes6.dex */
public final class EncryptedKeyStore {
    public final SynchronizedLazyImpl encryptedSharedPreferences$delegate;

    /* compiled from: EncryptedKeyStore.kt */
    /* loaded from: classes6.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(int i) {
            this();
        }
    }

    static {
        new Companion(0);
    }

    @Inject
    public EncryptedKeyStore(final Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        this.encryptedSharedPreferences$delegate = LazyKt__LazyJVMKt.lazy(new Function0<SharedPreferences>() { // from class: com.microsoft.walletlibrary.did.sdk.crypto.keyStore.EncryptedKeyStore$encryptedSharedPreferences$2
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final SharedPreferences invoke() {
                KeysetHandle keysetHandle;
                KeysetHandle keysetHandle2;
                EncryptedKeyStore encryptedKeyStore = EncryptedKeyStore.this;
                Context context2 = context;
                encryptedKeyStore.getClass();
                KeyGenParameterSpec keyGenParameterSpec = MasterKeys.AES256_GCM_SPEC;
                if (keyGenParameterSpec.getKeySize() != 256) {
                    throw new IllegalArgumentException("invalid key size, want 256 bits got " + keyGenParameterSpec.getKeySize() + " bits");
                }
                if (!Arrays.equals(keyGenParameterSpec.getBlockModes(), new String[]{"GCM"})) {
                    throw new IllegalArgumentException("invalid block mode, want GCM got " + Arrays.toString(keyGenParameterSpec.getBlockModes()));
                }
                if (keyGenParameterSpec.getPurposes() != 3) {
                    throw new IllegalArgumentException("invalid purposes mode, want PURPOSE_ENCRYPT | PURPOSE_DECRYPT got " + keyGenParameterSpec.getPurposes());
                }
                if (!Arrays.equals(keyGenParameterSpec.getEncryptionPaddings(), new String[]{"NoPadding"})) {
                    throw new IllegalArgumentException("invalid padding mode, want NoPadding got " + Arrays.toString(keyGenParameterSpec.getEncryptionPaddings()));
                }
                if (keyGenParameterSpec.isUserAuthenticationRequired() && keyGenParameterSpec.getUserAuthenticationValidityDurationSeconds() < 1) {
                    throw new IllegalArgumentException("per-operation authentication is not supported (UserAuthenticationValidityDurationSeconds must be >0)");
                }
                synchronized (MasterKeys.sLock) {
                    String keystoreAlias = keyGenParameterSpec.getKeystoreAlias();
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    keyStore.load(null);
                    if (!keyStore.containsAlias(keystoreAlias)) {
                        try {
                            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                            keyGenerator.init(keyGenParameterSpec);
                            keyGenerator.generateKey();
                        } catch (ProviderException e) {
                            throw new GeneralSecurityException(e.getMessage(), e);
                        }
                    }
                }
                String keystoreAlias2 = keyGenParameterSpec.getKeystoreAlias();
                Intrinsics.checkNotNullExpressionValue(keystoreAlias2, "getOrCreate(MasterKeys.AES256_GCM_SPEC)");
                int i = DeterministicAeadConfig.$r8$clinit;
                Registry.registerPrimitiveWrapper(DeterministicAeadWrapper.WRAPPER);
                if (!TinkFipsUtil.isRestrictedToFips.get()) {
                    Registry.registerKeyManager(new AesSivKeyManager(), true);
                }
                AeadConfig.register();
                Context applicationContext = context2.getApplicationContext();
                AndroidKeysetManager.Builder builder = new AndroidKeysetManager.Builder();
                builder.keyTemplate = KeyTemplates.get("AES256_SIV");
                if (applicationContext == null) {
                    throw new IllegalArgumentException("need an Android context");
                }
                builder.context = applicationContext;
                builder.keysetName = "__androidx_security_crypto_encrypted_prefs_key_keyset__";
                builder.prefFileName = "DID_encrypted_keys";
                builder.withMasterKeyUri("android-keystore://".concat(keystoreAlias2));
                AndroidKeysetManager build = builder.build();
                synchronized (build) {
                    keysetHandle = build.keysetManager.getKeysetHandle();
                }
                AndroidKeysetManager.Builder builder2 = new AndroidKeysetManager.Builder();
                builder2.keyTemplate = KeyTemplates.get("AES256_GCM");
                builder2.context = applicationContext;
                builder2.keysetName = "__androidx_security_crypto_encrypted_prefs_value_keyset__";
                builder2.prefFileName = "DID_encrypted_keys";
                builder2.withMasterKeyUri("android-keystore://".concat(keystoreAlias2));
                AndroidKeysetManager build2 = builder2.build();
                synchronized (build2) {
                    keysetHandle2 = build2.keysetManager.getKeysetHandle();
                }
                return new EncryptedSharedPreferences(applicationContext.getSharedPreferences("DID_encrypted_keys", 0), (Aead) keysetHandle2.getPrimitive(Aead.class), (DeterministicAead) keysetHandle.getPrimitive(DeterministicAead.class));
            }
        });
    }

    public final JWK getKey(String keyId) {
        Intrinsics.checkNotNullParameter(keyId, "keyId");
        String string2 = ((SharedPreferences) this.encryptedSharedPreferences$delegate.getValue()).getString("DID_KEY_".concat(keyId), null);
        if (string2 != null) {
            return JWK.parse(JSONObjectUtils.parse(string2));
        }
        String message = "Key " + keyId + " not found";
        Intrinsics.checkNotNullParameter(message, "message");
        throw new SdkException(false, message, (Throwable) null);
    }

    public final void storeKey(String str, JWK jwk) {
        SharedPreferences.Editor edit = ((SharedPreferences) this.encryptedSharedPreferences$delegate.getValue()).edit();
        String concat = "DID_KEY_".concat(str);
        HashMap jSONObject = jwk.toJSONObject();
        int i = JSONObject.$r8$clinit;
        edit.putString(concat, JSONObject.toJSONString(jSONObject, JSONValue.COMPRESSION)).apply();
    }
}
