package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.os.Build;
import android.util.Log;
import androidx.security.crypto.MasterKey;
import coil.e;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.k;
import com.google.crypto.tink.monitoring.MonitoringAnnotations;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.b1;
import com.google.crypto.tink.proto.c1;
import com.google.crypto.tink.proto.g0;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import com.google.crypto.tink.u;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;

/* loaded from: classes5.dex */
public final class AndroidKeysetManager {

    /* renamed from: c, reason: collision with root package name */
    public static final /* synthetic */ int f21448c = 0;

    /* renamed from: a, reason: collision with root package name */
    public final com.google.crypto.tink.a f21449a;

    /* renamed from: b, reason: collision with root package name */
    public k f21450b;

    /* loaded from: classes5.dex */
    public static final class Builder {

        /* renamed from: a, reason: collision with root package name */
        public b f21451a = null;

        /* renamed from: b, reason: collision with root package name */
        public c f21452b = null;

        /* renamed from: c, reason: collision with root package name */
        public String f21453c = null;

        /* renamed from: d, reason: collision with root package name */
        public a f21454d = null;

        /* renamed from: e, reason: collision with root package name */
        public boolean f21455e = true;

        /* renamed from: f, reason: collision with root package name */
        public KeyTemplate f21456f = null;

        /* renamed from: g, reason: collision with root package name */
        public k f21457g;

        public final synchronized AndroidKeysetManager a() throws GeneralSecurityException, IOException {
            if (this.f21453c != null) {
                this.f21454d = c();
            }
            this.f21457g = b();
            return new AndroidKeysetManager(this);
        }

        public final k b() throws GeneralSecurityException, IOException {
            GeneratedMessageLite.MethodToInvoke methodToInvoke = GeneratedMessageLite.MethodToInvoke.NEW_BUILDER;
            try {
                a aVar = this.f21454d;
                if (aVar != null) {
                    try {
                        b1 b1Var = KeysetHandle.b(this.f21451a, aVar).f21396a;
                        GeneratedMessageLite.a aVar2 = (GeneratedMessageLite.a) b1Var.l(methodToInvoke);
                        aVar2.m(b1Var);
                        return new k((b1.a) aVar2);
                    } catch (InvalidProtocolBufferException | GeneralSecurityException e2) {
                        int i2 = AndroidKeysetManager.f21448c;
                        Log.w("AndroidKeysetManager", "cannot decrypt keyset: ", e2);
                    }
                }
                b1 B = b1.B(this.f21451a.a(), com.google.crypto.tink.shaded.protobuf.k.a());
                if (B.x() <= 0) {
                    throw new GeneralSecurityException("empty keyset");
                }
                MonitoringAnnotations monitoringAnnotations = MonitoringAnnotations.f21530b;
                GeneratedMessageLite.a aVar3 = (GeneratedMessageLite.a) B.l(methodToInvoke);
                aVar3.m(B);
                return new k((b1.a) aVar3);
            } catch (FileNotFoundException e3) {
                int i3 = AndroidKeysetManager.f21448c;
                if (Log.isLoggable("AndroidKeysetManager", 4)) {
                    String.format("keyset not found, will generate a new one. %s", e3.getMessage());
                }
                if (this.f21456f == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                k kVar = new k(b1.A());
                KeyTemplate keyTemplate = this.f21456f;
                synchronized (kVar) {
                    kVar.a(keyTemplate.f21392a);
                    int y = u.a(kVar.c().f21396a).w().y();
                    synchronized (kVar) {
                        for (int i4 = 0; i4 < ((b1) kVar.f21509a.f21679b).x(); i4++) {
                            b1.b w = ((b1) kVar.f21509a.f21679b).w(i4);
                            if (w.z() == y) {
                                if (!w.B().equals(KeyStatusType.ENABLED)) {
                                    throw new GeneralSecurityException("cannot set key as primary because it's not enabled: " + y);
                                }
                                b1.a aVar4 = kVar.f21509a;
                                aVar4.l();
                                b1.u((b1) aVar4.f21679b, y);
                                if (this.f21454d != null) {
                                    KeysetHandle c2 = kVar.c();
                                    c cVar = this.f21452b;
                                    a aVar5 = this.f21454d;
                                    byte[] bArr = new byte[0];
                                    b1 b1Var2 = c2.f21396a;
                                    byte[] a2 = aVar5.a(b1Var2.e(), bArr);
                                    try {
                                        if (!b1.B(aVar5.b(a2, bArr), com.google.crypto.tink.shaded.protobuf.k.a()).equals(b1Var2)) {
                                            throw new GeneralSecurityException("cannot encrypt keyset");
                                        }
                                        g0.a x = g0.x();
                                        ByteString l2 = ByteString.l(0, a2.length, a2);
                                        x.l();
                                        g0.u((g0) x.f21679b, l2);
                                        c1 a3 = u.a(b1Var2);
                                        x.l();
                                        g0.v((g0) x.f21679b, a3);
                                        if (!cVar.f21463a.putString(cVar.f21464b, e.d(x.j().e())).commit()) {
                                            throw new IOException("Failed to write to SharedPreferences");
                                        }
                                    } catch (InvalidProtocolBufferException unused) {
                                        throw new GeneralSecurityException("invalid keyset, corrupted key material");
                                    }
                                } else {
                                    KeysetHandle c3 = kVar.c();
                                    c cVar2 = this.f21452b;
                                    if (!cVar2.f21463a.putString(cVar2.f21464b, e.d(c3.f21396a.e())).commit()) {
                                        throw new IOException("Failed to write to SharedPreferences");
                                    }
                                }
                                return kVar;
                            }
                        }
                        throw new GeneralSecurityException("key not found: " + y);
                    }
                }
            }
        }

        public final a c() throws GeneralSecurityException {
            int i2 = AndroidKeysetManager.f21448c;
            if (!(Build.VERSION.SDK_INT >= 23)) {
                Log.w("AndroidKeysetManager", "Android Keystore requires at least Android M");
                return null;
            }
            AndroidKeystoreKmsClient androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
            boolean d2 = androidKeystoreKmsClient.d(this.f21453c);
            if (!d2) {
                try {
                    AndroidKeystoreKmsClient.c(this.f21453c);
                } catch (GeneralSecurityException | ProviderException e2) {
                    int i3 = AndroidKeysetManager.f21448c;
                    Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e2);
                    return null;
                }
            }
            try {
                return androidKeystoreKmsClient.b(this.f21453c);
            } catch (GeneralSecurityException | ProviderException e3) {
                if (d2) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.f21453c), e3);
                }
                int i4 = AndroidKeysetManager.f21448c;
                Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e3);
                return null;
            }
        }

        public final void d(String str) {
            if (!str.startsWith(MasterKey.KEYSTORE_PATH_URI)) {
                throw new IllegalArgumentException("key URI must start with android-keystore://");
            }
            if (!this.f21455e) {
                throw new IllegalArgumentException("cannot call withMasterKeyUri() after calling doNotUseKeystore()");
            }
            this.f21453c = str;
        }

        public final void e(Context context, String str, String str2) throws IOException {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            if (str == null) {
                throw new IllegalArgumentException("need a keyset name");
            }
            this.f21451a = new b(context, str, str2);
            this.f21452b = new c(context, str, str2);
        }
    }

    public AndroidKeysetManager(Builder builder) throws GeneralSecurityException, IOException {
        c cVar = builder.f21452b;
        this.f21449a = builder.f21454d;
        this.f21450b = builder.f21457g;
    }
}
