package com.google.crypto.tink.integration.android;

import android.content.Context;
import com.google.android.gms.common.internal.safeparcel.SafeParcelWriter;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.KeysetWriter;
import com.google.crypto.tink.Util;
import com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import com.google.crypto.tink.subtle.Random;
import com.google.crypto.tink.subtle.Validators;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.ProviderException;
import java.util.Arrays;

/* loaded from: classes.dex */
public final class AndroidKeysetManager {
    public final Aead a;
    public KeysetManager b;

    /* loaded from: classes.dex */
    public static final class Builder {
        public SharedPrefKeysetReader a = null;
        public KeysetWriter b = null;

        /* renamed from: c, reason: collision with root package name */
        public String f4666c = null;
        public Aead d = null;
        public KeyTemplate e = null;
        public KeysetManager f;

        public synchronized AndroidKeysetManager a() {
            if (this.f4666c != null) {
                this.d = c();
            }
            this.f = b();
            return new AndroidKeysetManager(this, null);
        }

        public final KeysetManager b() {
            try {
                Aead aead = this.d;
                if (aead != null) {
                    try {
                        return KeysetManager.f(KeysetHandle.c(this.a, aead));
                    } catch (InvalidProtocolBufferException | GeneralSecurityException unused) {
                    }
                }
                return KeysetManager.f(KeysetHandle.a(Keyset.E(this.a.a(), ExtensionRegistryLite.a())));
            } catch (FileNotFoundException unused2) {
                if (this.e == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                KeysetManager keysetManager = new KeysetManager(Keyset.D());
                KeyTemplate keyTemplate = this.e;
                synchronized (keysetManager) {
                    keysetManager.a(keyTemplate.a, false);
                    int B = Util.a(keysetManager.b().a).z(0).B();
                    synchronized (keysetManager) {
                        for (int i2 = 0; i2 < ((Keyset) keysetManager.a.f4740i).A(); i2++) {
                            Keyset.Key z = ((Keyset) keysetManager.a.f4740i).z(i2);
                            if (z.C() == B) {
                                if (!z.E().equals(KeyStatusType.ENABLED)) {
                                    throw new GeneralSecurityException("cannot set key as primary because it's not enabled: " + B);
                                }
                                Keyset.Builder builder = keysetManager.a;
                                builder.k();
                                Keyset.x((Keyset) builder.f4740i, B);
                                if (this.d != null) {
                                    KeysetHandle b = keysetManager.b();
                                    KeysetWriter keysetWriter = this.b;
                                    Aead aead2 = this.d;
                                    Keyset keyset = b.a;
                                    byte[] a = aead2.a(keyset.e(), new byte[0]);
                                    try {
                                        if (!Keyset.E(aead2.b(a, new byte[0]), ExtensionRegistryLite.a()).equals(keyset)) {
                                            throw new GeneralSecurityException("cannot encrypt keyset");
                                        }
                                        EncryptedKeyset.Builder A = EncryptedKeyset.A();
                                        ByteString e = ByteString.e(a);
                                        A.k();
                                        EncryptedKeyset.x((EncryptedKeyset) A.f4740i, e);
                                        KeysetInfo a2 = Util.a(keyset);
                                        A.k();
                                        EncryptedKeyset.y((EncryptedKeyset) A.f4740i, a2);
                                        SharedPrefKeysetWriter sharedPrefKeysetWriter = (SharedPrefKeysetWriter) keysetWriter;
                                        if (!sharedPrefKeysetWriter.a.putString(sharedPrefKeysetWriter.b, SafeParcelWriter.e0(A.i().e())).commit()) {
                                            throw new IOException("Failed to write to SharedPreferences");
                                        }
                                    } catch (InvalidProtocolBufferException unused3) {
                                        throw new GeneralSecurityException("invalid keyset, corrupted key material");
                                    }
                                } else {
                                    KeysetHandle b2 = keysetManager.b();
                                    SharedPrefKeysetWriter sharedPrefKeysetWriter2 = (SharedPrefKeysetWriter) this.b;
                                    if (!sharedPrefKeysetWriter2.a.putString(sharedPrefKeysetWriter2.b, SafeParcelWriter.e0(b2.a.e())).commit()) {
                                        throw new IOException("Failed to write to SharedPreferences");
                                    }
                                }
                                return keysetManager;
                            }
                        }
                        throw new GeneralSecurityException("key not found: " + B);
                    }
                }
            }
        }

        public final Aead c() {
            KeyStore keyStore = new AndroidKeystoreKmsClient.Builder().a;
            boolean containsAlias = keyStore.containsAlias(Validators.b("android-keystore://", this.f4666c));
            if (!containsAlias) {
                try {
                    AndroidKeystoreKmsClient.c(this.f4666c);
                } catch (GeneralSecurityException unused) {
                    return null;
                }
            }
            try {
                AndroidKeystoreAesGcm androidKeystoreAesGcm = new AndroidKeystoreAesGcm(Validators.b("android-keystore://", this.f4666c), keyStore);
                byte[] a = Random.a(10);
                byte[] bArr = new byte[0];
                if (Arrays.equals(a, androidKeystoreAesGcm.b(androidKeystoreAesGcm.a(a, bArr), bArr))) {
                    return androidKeystoreAesGcm;
                }
                throw new KeyStoreException("cannot use Android Keystore: encryption/decryption of non-empty message and empty aad returns an incorrect result");
            } catch (GeneralSecurityException | ProviderException e) {
                if (containsAlias) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.f4666c), e);
                }
                return null;
            }
        }

        public Builder d(Context context, String str, String str2) {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            this.a = new SharedPrefKeysetReader(context, str, str2);
            this.b = new SharedPrefKeysetWriter(context, str, str2);
            return this;
        }
    }

    public AndroidKeysetManager(Builder builder, AnonymousClass1 anonymousClass1) {
        this.a = builder.d;
        this.b = builder.f;
    }
}
