package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.os.Build;
import android.util.Log;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.KeysetReader;
import com.google.crypto.tink.KeysetWriter;
import com.google.crypto.tink.Util;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import com.google.crypto.tink.subtle.Validators;
import java.io.FileNotFoundException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;
import javax.annotation.concurrent.GuardedBy;

/* loaded from: classes.dex */
public final class AndroidKeysetManager {
    public final KeysetWriter a;
    public final Aead b;

    @GuardedBy("this")
    public KeysetManager c;

    /* renamed from: com.google.crypto.tink.integration.android.AndroidKeysetManager$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        public static final /* synthetic */ int[] a;

        static {
            OutputPrefixType.values();
            int[] iArr = new int[6];
            a = iArr;
            try {
                OutputPrefixType outputPrefixType = OutputPrefixType.TINK;
                iArr[1] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                int[] iArr2 = a;
                OutputPrefixType outputPrefixType2 = OutputPrefixType.LEGACY;
                iArr2[2] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                int[] iArr3 = a;
                OutputPrefixType outputPrefixType3 = OutputPrefixType.RAW;
                iArr3[3] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                int[] iArr4 = a;
                OutputPrefixType outputPrefixType4 = OutputPrefixType.CRUNCHY;
                iArr4[4] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class Builder {
        public KeysetReader a = null;
        public KeysetWriter b = null;
        public String c = null;
        public Aead d = null;

        /* renamed from: e, reason: collision with root package name */
        public boolean f2399e = true;
        public KeyTemplate f = null;

        @GuardedBy("this")
        public KeysetManager g;

        public synchronized AndroidKeysetManager a() {
            if (this.c != null) {
                this.d = c();
            }
            this.g = b();
            return new AndroidKeysetManager(this, null);
        }

        public final KeysetManager b() {
            try {
                Aead aead = this.d;
                if (aead != null) {
                    try {
                        return KeysetManager.e(KeysetHandle.c(this.a, aead));
                    } catch (InvalidProtocolBufferException | GeneralSecurityException e2) {
                        Log.w("AndroidKeysetManager", "cannot decrypt keyset: ", e2);
                    }
                }
                return KeysetManager.e(KeysetHandle.a(this.a.read()));
            } catch (FileNotFoundException e3) {
                Log.w("AndroidKeysetManager", "keyset not found, will generate a new one", e3);
                if (this.f == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                KeysetManager keysetManager = new KeysetManager(Keyset.I());
                KeyTemplate keyTemplate = this.f;
                synchronized (keysetManager) {
                    com.google.crypto.tink.proto.KeyTemplate keyTemplate2 = keyTemplate.a;
                    synchronized (keysetManager) {
                        Keyset.Key c = keysetManager.c(keyTemplate2);
                        Keyset.Builder builder = keysetManager.a;
                        builder.r();
                        Keyset.C((Keyset) builder.f, c);
                        int F = Util.a(keysetManager.a().a).E(0).F();
                        synchronized (keysetManager) {
                            for (int i = 0; i < ((Keyset) keysetManager.a.f).E(); i++) {
                                Keyset.Key D = ((Keyset) keysetManager.a.f).D(i);
                                if (D.G() == F) {
                                    if (!D.J().equals(KeyStatusType.ENABLED)) {
                                        throw new GeneralSecurityException("cannot set key as primary because it's not enabled: " + F);
                                    }
                                    Keyset.Builder builder2 = keysetManager.a;
                                    builder2.r();
                                    Keyset.A((Keyset) builder2.f, F);
                                    if (this.d != null) {
                                        KeysetHandle a = keysetManager.a();
                                        KeysetWriter keysetWriter = this.b;
                                        Aead aead2 = this.d;
                                        Keyset keyset = a.a;
                                        byte[] a2 = aead2.a(keyset.f(), new byte[0]);
                                        try {
                                            if (!Keyset.K(aead2.b(a2, new byte[0]), ExtensionRegistryLite.a()).equals(keyset)) {
                                                throw new GeneralSecurityException("cannot encrypt keyset");
                                            }
                                            EncryptedKeyset.Builder F2 = EncryptedKeyset.F();
                                            ByteString i2 = ByteString.i(a2);
                                            F2.r();
                                            EncryptedKeyset.A((EncryptedKeyset) F2.f, i2);
                                            KeysetInfo a3 = Util.a(keyset);
                                            F2.r();
                                            EncryptedKeyset.C((EncryptedKeyset) F2.f, a3);
                                            keysetWriter.b(F2.build());
                                        } catch (InvalidProtocolBufferException unused) {
                                            throw new GeneralSecurityException("invalid keyset, corrupted key material");
                                        }
                                    } else {
                                        this.b.a(keysetManager.a().a);
                                    }
                                    return keysetManager;
                                }
                            }
                            throw new GeneralSecurityException("key not found: " + F);
                        }
                    }
                }
            }
        }

        public final Aead c() {
            if (!(Build.VERSION.SDK_INT >= 23)) {
                Log.w("AndroidKeysetManager", "Android Keystore requires at least Android M");
                return null;
            }
            AndroidKeystoreKmsClient androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
            boolean containsAlias = androidKeystoreKmsClient.a.containsAlias(Validators.b("android-keystore://", this.c));
            if (!containsAlias) {
                try {
                    AndroidKeystoreKmsClient.c(this.c);
                } catch (GeneralSecurityException e2) {
                    Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e2);
                    return null;
                }
            }
            try {
                return androidKeystoreKmsClient.a(this.c);
            } catch (GeneralSecurityException | ProviderException e3) {
                if (containsAlias) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.c), e3);
                }
                Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e3);
                return null;
            }
        }

        public Builder d(String str) {
            if (!str.startsWith("android-keystore://")) {
                throw new IllegalArgumentException("key URI must start with android-keystore://");
            }
            if (!this.f2399e) {
                throw new IllegalArgumentException("cannot call withMasterKeyUri() after calling doNotUseKeystore()");
            }
            this.c = str;
            return this;
        }

        public Builder e(Context context, String str, String str2) {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            this.a = new SharedPrefKeysetReader(context, str, str2);
            this.b = new SharedPrefKeysetWriter(context, str, str2);
            return this;
        }
    }

    public AndroidKeysetManager(Builder builder, AnonymousClass1 anonymousClass1) {
        this.a = builder.b;
        this.b = builder.d;
        this.c = builder.g;
    }
}
