package com.dashlane.cryptography;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import androidx.security.crypto.EncryptedFile;
import androidx.security.crypto.MasterKey;
import androidx.security.crypto.MasterKeys;
import com.dashlane.cryptography.CryptographyKey;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.StreamingAead;
import com.google.crypto.tink.integration.android.AndroidKeysetManager;
import com.google.crypto.tink.streamingaead.StreamingAeadConfig;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.ProviderException;
import java.util.Arrays;
import javax.crypto.KeyGenerator;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.ArraysKt___ArraysJvmKt;
import kotlin.io.ByteStreamsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import okio.ByteString;

@Metadata(d1 = {"\u0000\n\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\b\u0002\u0018\u00002\u00020\u0001¨\u0006\u0002"}, d2 = {"Lcom/dashlane/cryptography/CryptographyAppKeyStoreImpl;", "Lcom/dashlane/cryptography/CryptographyAppKeyStore;", "cryptography-android_release"}, k = 1, mv = {1, 9, 0})
@SourceDebugExtension({"SMAP\nCryptographyAppKeyStore.kt\nKotlin\n*S Kotlin\n*F\n+ 1 CryptographyAppKeyStore.kt\ncom/dashlane/cryptography/CryptographyAppKeyStoreImpl\n+ 2 AutoCloseableArrays.kt\ncom/dashlane/cryptography/AutoCloseableArraysKt\n*L\n1#1,92:1\n12#2,5:93\n12#2,5:98\n*S KotlinDebug\n*F\n+ 1 CryptographyAppKeyStore.kt\ncom/dashlane/cryptography/CryptographyAppKeyStoreImpl\n*L\n58#1:93,5\n71#1:98,5\n*E\n"})
/* loaded from: classes4.dex */
final class CryptographyAppKeyStoreImpl implements CryptographyAppKeyStore {

    /* renamed from: a, reason: collision with root package name */
    public final Context f19548a;
    public final File b;

    public CryptographyAppKeyStoreImpl(Context context, File directory) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(directory, "directory");
        this.f19548a = context;
        this.b = directory;
    }

    @Override // com.dashlane.cryptography.CryptographyAppKeyStore
    public final void a(CryptographyKey.Raw32 raw32) {
        Intrinsics.checkNotNullParameter("hermes_log_storage", "alias");
        File c = c();
        c.delete();
        if (raw32 != null) {
            FileOutputStream b = b(c).b();
            try {
                byte[] g = raw32.b.g();
                try {
                    b.write(g);
                    Unit unit = Unit.INSTANCE;
                    CloseableKt.closeFinally(b, null);
                } finally {
                    Intrinsics.checkNotNullParameter(g, "<this>");
                    ArraysKt___ArraysJvmKt.fill$default(g, (byte) 0, 0, 0, 6, (Object) null);
                }
            } catch (Throwable th) {
                try {
                    throw th;
                } catch (Throwable th2) {
                    CloseableKt.closeFinally(b, th);
                    throw th2;
                }
            }
        }
    }

    public final androidx.security.crypto.EncryptedFile b(File file) {
        AndroidKeysetManager a2;
        KeysetHandle c;
        MasterKey.Builder builder = new MasterKey.Builder(this.f19548a);
        MasterKey.KeyScheme keyScheme = MasterKey.KeyScheme.AES256_GCM;
        builder.a(keyScheme);
        MasterKey.KeyScheme keyScheme2 = builder.c;
        if (keyScheme2 == null && builder.b == null) {
            throw new IllegalArgumentException("build() called before setKeyGenParameterSpec or setKeyScheme.");
        }
        if (keyScheme2 == keyScheme) {
            builder.b = new KeyGenParameterSpec.Builder(builder.f13007a, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build();
        }
        KeyGenParameterSpec keyGenParameterSpec = builder.b;
        if (keyGenParameterSpec == null) {
            throw new NullPointerException("KeyGenParameterSpec was null after build() check");
        }
        Object obj = MasterKeys.f13008a;
        if (keyGenParameterSpec.getKeySize() != 256) {
            throw new IllegalArgumentException("invalid key size, want 256 bits got " + keyGenParameterSpec.getKeySize() + " bits");
        }
        if (!Arrays.equals(keyGenParameterSpec.getBlockModes(), new String[]{"GCM"})) {
            throw new IllegalArgumentException("invalid block mode, want GCM got " + Arrays.toString(keyGenParameterSpec.getBlockModes()));
        }
        if (keyGenParameterSpec.getPurposes() != 3) {
            throw new IllegalArgumentException("invalid purposes mode, want PURPOSE_ENCRYPT | PURPOSE_DECRYPT got " + keyGenParameterSpec.getPurposes());
        }
        if (!Arrays.equals(keyGenParameterSpec.getEncryptionPaddings(), new String[]{"NoPadding"})) {
            throw new IllegalArgumentException("invalid padding mode, want NoPadding got " + Arrays.toString(keyGenParameterSpec.getEncryptionPaddings()));
        }
        if (keyGenParameterSpec.isUserAuthenticationRequired() && keyGenParameterSpec.getUserAuthenticationValidityDurationSeconds() < 1) {
            throw new IllegalArgumentException("per-operation authentication is not supported (UserAuthenticationValidityDurationSeconds must be >0)");
        }
        synchronized (MasterKeys.f13008a) {
            String keystoreAlias = keyGenParameterSpec.getKeystoreAlias();
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (!keyStore.containsAlias(keystoreAlias)) {
                try {
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                    keyGenerator.init(keyGenParameterSpec);
                    keyGenerator.generateKey();
                } catch (ProviderException e2) {
                    throw new GeneralSecurityException(e2.getMessage(), e2);
                }
            }
        }
        MasterKey masterKey = new MasterKey(keyGenParameterSpec.getKeystoreAlias(), builder.b);
        Intrinsics.checkNotNullExpressionValue(masterKey, "build(...)");
        Context context = this.f19548a;
        EncryptedFile.FileEncryptionScheme fileEncryptionScheme = EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB;
        EncryptedFile.Builder builder2 = new EncryptedFile.Builder(context, file, masterKey, fileEncryptionScheme);
        StreamingAeadConfig.a();
        AndroidKeysetManager.Builder builder3 = new AndroidKeysetManager.Builder();
        builder3.f = fileEncryptionScheme.a();
        Context context2 = builder2.f13003a;
        if (context2 == null) {
            throw new IllegalArgumentException("need an Android context");
        }
        builder3.f33637a = context2;
        builder3.b = "__androidx_security_crypto_encrypted_file_keyset__";
        builder3.c = "__androidx_security_crypto_encrypted_file_pref__";
        String str = "android-keystore://" + builder2.b;
        if (!str.startsWith("android-keystore://")) {
            throw new IllegalArgumentException("key URI must start with android-keystore://");
        }
        builder3.f33638d = str;
        synchronized (EncryptedFile.Builder.c) {
            a2 = builder3.a();
        }
        synchronized (a2) {
            c = a2.b.c();
        }
        androidx.security.crypto.EncryptedFile encryptedFile = new androidx.security.crypto.EncryptedFile(file, (StreamingAead) c.c(StreamingAead.class));
        Intrinsics.checkNotNullExpressionValue(encryptedFile, "build(...)");
        return encryptedFile;
    }

    public final File c() {
        ByteString byteString = ByteString.f35936e;
        return new File(this.b, defpackage.a.B(ByteString.Companion.c("hermes_log_storage").b(), ".key.aes"));
    }

    @Override // com.dashlane.cryptography.CryptographyAppKeyStore
    public final CryptographyKey.Raw32 get() {
        Intrinsics.checkNotNullParameter("hermes_log_storage", "alias");
        File c = c();
        if (!c.exists()) {
            return null;
        }
        try {
            FileInputStream a2 = b(c).a();
            try {
                Intrinsics.checkNotNull(a2);
                byte[] readBytes = ByteStreamsKt.readBytes(a2);
                try {
                    CryptographyKey.Raw32 a3 = CryptographyKey.Companion.a(readBytes);
                    Intrinsics.checkNotNullParameter(readBytes, "<this>");
                    ArraysKt___ArraysJvmKt.fill$default(readBytes, (byte) 0, 0, 0, 6, (Object) null);
                    CloseableKt.closeFinally(a2, null);
                    return a3;
                } catch (Throwable th) {
                    AutoCloseableArraysKt.a(readBytes);
                    throw th;
                }
            } finally {
            }
        } catch (IOException unused) {
            return null;
        }
    }
}
