package com.nike.mpe.capability.persistence.implementation.internal.repositories;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import androidx.compose.animation.Scale$$ExternalSyntheticOutline0;
import androidx.security.crypto.EncryptedFile;
import androidx.security.crypto.MasterKeys;
import com.google.android.gms.stats.CodePackage;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.Registry;
import com.google.crypto.tink.StreamingAead;
import com.google.crypto.tink.integration.android.AndroidKeysetManager;
import com.google.crypto.tink.integration.android.SharedPrefKeysetReader;
import com.google.crypto.tink.integration.android.SharedPrefKeysetWriter;
import com.google.crypto.tink.proto.RegistryConfig;
import com.google.crypto.tink.streamingaead.AesCtrHmacStreamingKeyManager;
import com.google.crypto.tink.streamingaead.AesGcmHkdfStreamingKeyManager;
import com.google.crypto.tink.streamingaead.StreamingAeadConfig;
import java.io.File;
import java.security.KeyStore;
import java.util.Arrays;
import javax.crypto.KeyGenerator;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;

@Metadata(d1 = {"\u0000\n\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\b\u0000\u0018\u00002\u00020\u0001¨\u0006\u0002"}, d2 = {"Lcom/nike/mpe/capability/persistence/implementation/internal/repositories/AndroidXSecureFileProvider;", "Lcom/nike/mpe/capability/persistence/implementation/internal/repositories/SecureFileProvider;", "persistence-implementation"}, k = 1, mv = {1, 9, 0})
/* loaded from: classes4.dex */
public final class AndroidXSecureFileProvider implements SecureFileProvider {
    public final Context applicationContext;
    public final String mainKey;

    public AndroidXSecureFileProvider(Context applicationContext) {
        KeyGenParameterSpec keyGenParameterSpec = MasterKeys.AES256_GCM_SPEC;
        if (keyGenParameterSpec.getKeySize() != 256) {
            throw new IllegalArgumentException("invalid key size, want 256 bits got " + keyGenParameterSpec.getKeySize() + " bits");
        }
        if (!Arrays.equals(keyGenParameterSpec.getBlockModes(), new String[]{CodePackage.GCM})) {
            throw new IllegalArgumentException("invalid block mode, want GCM got " + Arrays.toString(keyGenParameterSpec.getBlockModes()));
        }
        if (keyGenParameterSpec.getPurposes() != 3) {
            throw new IllegalArgumentException("invalid purposes mode, want PURPOSE_ENCRYPT | PURPOSE_DECRYPT got " + keyGenParameterSpec.getPurposes());
        }
        if (!Arrays.equals(keyGenParameterSpec.getEncryptionPaddings(), new String[]{"NoPadding"})) {
            throw new IllegalArgumentException("invalid padding mode, want NoPadding got " + Arrays.toString(keyGenParameterSpec.getEncryptionPaddings()));
        }
        if (keyGenParameterSpec.isUserAuthenticationRequired() && keyGenParameterSpec.getUserAuthenticationValidityDurationSeconds() < 1) {
            throw new IllegalArgumentException("per-operation authentication is not supported (UserAuthenticationValidityDurationSeconds must be >0)");
        }
        String keystoreAlias = keyGenParameterSpec.getKeystoreAlias();
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (!keyStore.containsAlias(keystoreAlias)) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(keyGenParameterSpec);
            keyGenerator.generateKey();
        }
        String mainKey = keyGenParameterSpec.getKeystoreAlias();
        Intrinsics.checkNotNullExpressionValue(mainKey, "getOrCreate(...)");
        Intrinsics.checkNotNullParameter(applicationContext, "applicationContext");
        Intrinsics.checkNotNullParameter(mainKey, "mainKey");
        this.applicationContext = applicationContext;
        this.mainKey = mainKey;
    }

    /* JADX WARN: Type inference failed for: r1v3, types: [com.google.crypto.tink.PrimitiveWrapper, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r1v4, types: [com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder, java.lang.Object] */
    @Override // com.nike.mpe.capability.persistence.implementation.internal.repositories.SecureFileProvider
    public final AndroidXSecureFile provide(File directory, String fileName, boolean z) {
        AndroidKeysetManager androidKeysetManager;
        KeysetHandle keysetHandle;
        Intrinsics.checkNotNullParameter(directory, "directory");
        Intrinsics.checkNotNullParameter(fileName, "fileName");
        File file = new File(directory, fileName);
        if (z && file.isFile()) {
            file.delete();
        }
        Context context = this.applicationContext;
        String str = this.mainKey;
        EncryptedFile.FileEncryptionScheme fileEncryptionScheme = EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB;
        RegistryConfig registryConfig = StreamingAeadConfig.TINK_1_1_0;
        Registry.registerKeyManager(new AesCtrHmacStreamingKeyManager(), true);
        Registry.registerKeyManager(new AesGcmHkdfStreamingKeyManager(), true);
        Registry.registerPrimitiveWrapper(new Object());
        ?? obj = new Object();
        obj.reader = null;
        obj.writer = null;
        obj.masterKeyUri = null;
        obj.masterKey = null;
        obj.keyTemplate = null;
        obj.keyTemplate = fileEncryptionScheme.getKeyTemplate();
        if (context == null) {
            throw new IllegalArgumentException("need an Android context");
        }
        obj.reader = new SharedPrefKeysetReader(context);
        obj.writer = new SharedPrefKeysetWriter(context);
        String m = Scale$$ExternalSyntheticOutline0.m("android-keystore://", str);
        if (!m.startsWith("android-keystore://")) {
            throw new IllegalArgumentException("key URI must start with android-keystore://");
        }
        obj.masterKeyUri = m;
        synchronized (obj) {
            try {
                if (obj.masterKeyUri != null) {
                    obj.masterKey = obj.readOrGenerateNewMasterKey();
                }
                obj.keysetManager = obj.readOrGenerateNewKeyset();
                androidKeysetManager = new AndroidKeysetManager(obj);
            } catch (Throwable th) {
                throw th;
            }
        }
        synchronized (androidKeysetManager) {
            keysetHandle = androidKeysetManager.keysetManager.getKeysetHandle();
        }
        EncryptedFile encryptedFile = new EncryptedFile(file, (StreamingAead) keysetHandle.getPrimitive());
        Intrinsics.checkNotNullExpressionValue(encryptedFile, "build(...)");
        String path = file.getPath();
        Intrinsics.checkNotNullExpressionValue(path, "getPath(...)");
        Intrinsics.checkNotNullParameter(encryptedFile, "<this>");
        Intrinsics.checkNotNullParameter(path, "path");
        return new AndroidXSecureFile(encryptedFile, path);
    }
}
