package com.google.crypto.tink.integration.android;

import android.content.Context;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.KeysetReader;
import com.google.crypto.tink.KeysetWriter;
import com.google.crypto.tink.Util;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import com.google.crypto.tink.subtle.Hex;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;
import javax.annotation.concurrent.GuardedBy;

/* loaded from: classes2.dex */
public final class AndroidKeysetManager {

    /* renamed from: a, reason: collision with root package name */
    public final Aead f34919a;

    /* renamed from: b, reason: collision with root package name */
    @GuardedBy("this")
    public KeysetManager f34920b;

    /* loaded from: classes2.dex */
    public static final class Builder {

        /* renamed from: a, reason: collision with root package name */
        public KeysetReader f34921a = null;

        /* renamed from: b, reason: collision with root package name */
        public KeysetWriter f34922b = null;

        /* renamed from: c, reason: collision with root package name */
        public String f34923c = null;

        /* renamed from: d, reason: collision with root package name */
        public Aead f34924d = null;

        /* renamed from: e, reason: collision with root package name */
        public boolean f34925e = true;

        /* renamed from: f, reason: collision with root package name */
        public KeyTemplate f34926f = null;

        /* renamed from: g, reason: collision with root package name */
        @GuardedBy("this")
        public KeysetManager f34927g;

        public synchronized AndroidKeysetManager a() throws GeneralSecurityException, IOException {
            if (this.f34923c != null) {
                this.f34924d = c();
            }
            this.f34927g = b();
            return new AndroidKeysetManager(this, null);
        }

        public final KeysetManager b() throws GeneralSecurityException, IOException {
            try {
                Aead aead = this.f34924d;
                if (aead != null) {
                    try {
                        return KeysetManager.f(KeysetHandle.c(this.f34921a, aead));
                    } catch (InvalidProtocolBufferException | GeneralSecurityException unused) {
                    }
                }
                return KeysetManager.f(KeysetHandle.a(Keyset.D(((SharedPrefKeysetReader) this.f34921a).a(), ExtensionRegistryLite.a())));
            } catch (FileNotFoundException unused2) {
                if (this.f34926f == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                KeysetManager keysetManager = new KeysetManager(Keyset.C());
                KeyTemplate keyTemplate = this.f34926f;
                synchronized (keysetManager) {
                    keysetManager.a(keyTemplate.f34872a, false);
                    int A = Util.a(keysetManager.b().f34881a).y(0).A();
                    synchronized (keysetManager) {
                        for (int i5 = 0; i5 < ((Keyset) keysetManager.f34882a.f35042b).z(); i5++) {
                            Keyset.Key y5 = ((Keyset) keysetManager.f34882a.f35042b).y(i5);
                            if (y5.B() == A) {
                                if (!y5.D().equals(KeyStatusType.ENABLED)) {
                                    throw new GeneralSecurityException("cannot set key as primary because it's not enabled: " + A);
                                }
                                Keyset.Builder builder = keysetManager.f34882a;
                                builder.m();
                                Keyset.w((Keyset) builder.f35042b, A);
                                if (this.f34924d != null) {
                                    KeysetHandle b6 = keysetManager.b();
                                    KeysetWriter keysetWriter = this.f34922b;
                                    Aead aead2 = this.f34924d;
                                    Keyset keyset = b6.f34881a;
                                    byte[] a6 = aead2.a(keyset.d(), new byte[0]);
                                    try {
                                        if (!Keyset.D(aead2.b(a6, new byte[0]), ExtensionRegistryLite.a()).equals(keyset)) {
                                            throw new GeneralSecurityException("cannot encrypt keyset");
                                        }
                                        EncryptedKeyset.Builder z5 = EncryptedKeyset.z();
                                        ByteString g5 = ByteString.g(a6);
                                        z5.m();
                                        EncryptedKeyset.w((EncryptedKeyset) z5.f35042b, g5);
                                        KeysetInfo a7 = Util.a(keyset);
                                        z5.m();
                                        EncryptedKeyset.x((EncryptedKeyset) z5.f35042b, a7);
                                        SharedPrefKeysetWriter sharedPrefKeysetWriter = (SharedPrefKeysetWriter) keysetWriter;
                                        if (!sharedPrefKeysetWriter.f34933a.putString(sharedPrefKeysetWriter.f34934b, Hex.b(z5.k().d())).commit()) {
                                            throw new IOException("Failed to write to SharedPreferences");
                                        }
                                    } catch (InvalidProtocolBufferException unused3) {
                                        throw new GeneralSecurityException("invalid keyset, corrupted key material");
                                    }
                                } else {
                                    KeysetHandle b7 = keysetManager.b();
                                    SharedPrefKeysetWriter sharedPrefKeysetWriter2 = (SharedPrefKeysetWriter) this.f34922b;
                                    if (!sharedPrefKeysetWriter2.f34933a.putString(sharedPrefKeysetWriter2.f34934b, Hex.b(b7.f34881a.d())).commit()) {
                                        throw new IOException("Failed to write to SharedPreferences");
                                    }
                                }
                                return keysetManager;
                            }
                        }
                        throw new GeneralSecurityException("key not found: " + A);
                    }
                }
            }
        }

        public final Aead c() throws GeneralSecurityException {
            AndroidKeystoreKmsClient androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
            boolean d6 = androidKeystoreKmsClient.d(this.f34923c);
            if (!d6) {
                try {
                    AndroidKeystoreKmsClient.c(this.f34923c);
                } catch (GeneralSecurityException | ProviderException unused) {
                    return null;
                }
            }
            try {
                return androidKeystoreKmsClient.b(this.f34923c);
            } catch (GeneralSecurityException | ProviderException e6) {
                if (d6) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.f34923c), e6);
                }
                return null;
            }
        }

        public Builder d(String str) {
            if (!str.startsWith("android-keystore://")) {
                throw new IllegalArgumentException("key URI must start with android-keystore://");
            }
            if (!this.f34925e) {
                throw new IllegalArgumentException("cannot call withMasterKeyUri() after calling doNotUseKeystore()");
            }
            this.f34923c = str;
            return this;
        }

        public Builder e(Context context, String str, String str2) throws IOException {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            this.f34921a = new SharedPrefKeysetReader(context, str, str2);
            this.f34922b = new SharedPrefKeysetWriter(context, str, str2);
            return this;
        }
    }

    public AndroidKeysetManager(Builder builder, AnonymousClass1 anonymousClass1) throws GeneralSecurityException, IOException {
        this.f34919a = builder.f34924d;
        this.f34920b = builder.f34927g;
    }

    public synchronized KeysetHandle a() throws GeneralSecurityException {
        return this.f34920b.b();
    }
}
