package ep;

import android.annotation.TargetApi;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import ej.r;
import eu.az;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.crypto.KeyGenerator;

/* compiled from: AndroidKeystoreKmsClient.java */
@TargetApi(23)
/* loaded from: classes3.dex */
public final class c implements r {
    public static final String PREFIX = "android-keystore://";
    private String bvQ;

    public c() throws GeneralSecurityException {
        if (!Ho()) {
            throw new GeneralSecurityException("needs Android Keystore on Android M or newer");
        }
    }

    public c(String str) {
        if (!str.toLowerCase().startsWith(PREFIX)) {
            throw new IllegalArgumentException("key URI must starts with android-keystore://");
        }
        this.bvQ = str;
    }

    private boolean Ho() {
        return Build.VERSION.SDK_INT >= 23;
    }

    public static ej.a hM(String str) throws GeneralSecurityException, IOException {
        String aN = az.aN(PREFIX, str);
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (!keyStore.containsAlias(aN)) {
            hN(str);
        }
        return new c().hB(str);
    }

    public static void hN(String str) throws GeneralSecurityException {
        String aN = az.aN(PREFIX, str);
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(aN, 3).setKeySize(256).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
        keyGenerator.generateKey();
    }

    @Override // ej.r
    public r Ih() throws GeneralSecurityException {
        return new c();
    }

    @Override // ej.r
    public r hA(String str) throws GeneralSecurityException {
        return new c();
    }

    @Override // ej.r
    public ej.a hB(String str) throws GeneralSecurityException {
        String str2 = this.bvQ;
        if (str2 != null && !str2.equals(str)) {
            throw new GeneralSecurityException(String.format("this client is bound to %s, cannot load keys bound to %s", this.bvQ, str));
        }
        try {
            return new b(az.aN(PREFIX, str));
        } catch (IOException e2) {
            throw new GeneralSecurityException(e2);
        }
    }

    @Override // ej.r
    public boolean hz(String str) {
        String str2 = this.bvQ;
        if (str2 == null || !str2.equals(str)) {
            return this.bvQ == null && str.toLowerCase().startsWith(PREFIX);
        }
        return true;
    }
}
