package com.google.crypto.tink.integration.android;

import android.content.Context;
import androidx.security.crypto.MasterKeys;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.Util;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import com.google.crypto.tink.subtle.Hex;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;

/* loaded from: classes.dex */
public final class AndroidKeysetManager {
    public KeysetManager keysetManager;
    public final Aead masterKey;

    /* loaded from: classes.dex */
    public static final class Builder {
        public KeysetManager keysetManager;
        public SharedPrefKeysetReader reader = null;
        public SharedPrefKeysetWriter writer = null;
        public String masterKeyUri = null;
        public AndroidKeystoreAesGcm masterKey = null;
        public KeyTemplate keyTemplate = null;

        public final synchronized AndroidKeysetManager build() throws GeneralSecurityException, IOException {
            if (this.masterKeyUri != null) {
                this.masterKey = readOrGenerateNewMasterKey();
            }
            this.keysetManager = readOrGenerateNewKeyset();
            return new AndroidKeysetManager(this);
        }

        public final KeysetManager readOrGenerateNewKeyset() throws GeneralSecurityException, IOException {
            GeneratedMessageLite.MethodToInvoke methodToInvoke = GeneratedMessageLite.MethodToInvoke.NEW_BUILDER;
            try {
                AndroidKeystoreAesGcm androidKeystoreAesGcm = this.masterKey;
                if (androidKeystoreAesGcm != null) {
                    try {
                        Keyset keyset = KeysetHandle.read(this.reader, androidKeystoreAesGcm).keyset;
                        GeneratedMessageLite.Builder builder = (GeneratedMessageLite.Builder) keyset.dynamicMethod(methodToInvoke);
                        builder.copyOnWrite();
                        GeneratedMessageLite.Builder.mergeFromInstance(builder.instance, keyset);
                        return new KeysetManager((Keyset.Builder) builder);
                    } catch (InvalidProtocolBufferException | GeneralSecurityException unused) {
                    }
                }
                Keyset parseFrom = Keyset.parseFrom(this.reader.readPref(), ExtensionRegistryLite.getEmptyRegistry());
                if (parseFrom.getKeyCount() <= 0) {
                    throw new GeneralSecurityException("empty keyset");
                }
                GeneratedMessageLite.Builder builder2 = (GeneratedMessageLite.Builder) parseFrom.dynamicMethod(methodToInvoke);
                builder2.copyOnWrite();
                GeneratedMessageLite.Builder.mergeFromInstance(builder2.instance, parseFrom);
                return new KeysetManager((Keyset.Builder) builder2);
            } catch (FileNotFoundException unused2) {
                if (this.keyTemplate == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                Keyset.Builder newBuilder = Keyset.newBuilder();
                KeysetManager keysetManager = new KeysetManager(newBuilder);
                KeyTemplate keyTemplate = this.keyTemplate;
                synchronized (keysetManager) {
                    com.google.crypto.tink.proto.KeyTemplate keyTemplate2 = keyTemplate.kt;
                    synchronized (keysetManager) {
                        Keyset.Key newKey = keysetManager.newKey(keyTemplate2);
                        newBuilder.copyOnWrite();
                        Keyset.access$1700((Keyset) newBuilder.instance, newKey);
                        int keyId = Util.getKeysetInfo(keysetManager.getKeysetHandle().keyset).getKeyInfo().getKeyId();
                        synchronized (keysetManager) {
                            for (int i = 0; i < ((Keyset) keysetManager.keysetBuilder.instance).getKeyCount(); i++) {
                                Keyset.Key key = ((Keyset) keysetManager.keysetBuilder.instance).getKey(i);
                                if (key.getKeyId() == keyId) {
                                    if (!key.getStatus().equals(KeyStatusType.ENABLED)) {
                                        throw new GeneralSecurityException("cannot set key as primary because it's not enabled: " + keyId);
                                    }
                                    Keyset.Builder builder3 = keysetManager.keysetBuilder;
                                    builder3.copyOnWrite();
                                    ((Keyset) builder3.instance).primaryKeyId_ = keyId;
                                    if (this.masterKey != null) {
                                        KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
                                        SharedPrefKeysetWriter sharedPrefKeysetWriter = this.writer;
                                        AndroidKeystoreAesGcm androidKeystoreAesGcm2 = this.masterKey;
                                        Keyset keyset2 = keysetHandle.keyset;
                                        byte[] encrypt = androidKeystoreAesGcm2.encrypt(keyset2.toByteArray(), new byte[0]);
                                        try {
                                            if (!Keyset.parseFrom(androidKeystoreAesGcm2.decrypt(encrypt, new byte[0]), ExtensionRegistryLite.getEmptyRegistry()).equals(keyset2)) {
                                                throw new GeneralSecurityException("cannot encrypt keyset");
                                            }
                                            EncryptedKeyset.Builder newBuilder2 = EncryptedKeyset.newBuilder();
                                            ByteString.LiteralByteString copyFrom = ByteString.copyFrom(0, encrypt.length, encrypt);
                                            newBuilder2.copyOnWrite();
                                            EncryptedKeyset.access$100((EncryptedKeyset) newBuilder2.instance, copyFrom);
                                            KeysetInfo keysetInfo = Util.getKeysetInfo(keyset2);
                                            newBuilder2.copyOnWrite();
                                            EncryptedKeyset.access$300((EncryptedKeyset) newBuilder2.instance, keysetInfo);
                                            if (!sharedPrefKeysetWriter.editor.putString(sharedPrefKeysetWriter.keysetName, Hex.encode(newBuilder2.build().toByteArray())).commit()) {
                                                throw new IOException("Failed to write to SharedPreferences");
                                            }
                                        } catch (InvalidProtocolBufferException unused3) {
                                            throw new GeneralSecurityException("invalid keyset, corrupted key material");
                                        }
                                    } else {
                                        KeysetHandle keysetHandle2 = keysetManager.getKeysetHandle();
                                        SharedPrefKeysetWriter sharedPrefKeysetWriter2 = this.writer;
                                        if (!sharedPrefKeysetWriter2.editor.putString(sharedPrefKeysetWriter2.keysetName, Hex.encode(keysetHandle2.keyset.toByteArray())).commit()) {
                                            throw new IOException("Failed to write to SharedPreferences");
                                        }
                                    }
                                    return keysetManager;
                                }
                            }
                            throw new GeneralSecurityException("key not found: " + keyId);
                        }
                    }
                }
            }
        }

        public final AndroidKeystoreAesGcm readOrGenerateNewMasterKey() throws GeneralSecurityException {
            AndroidKeystoreKmsClient androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
            boolean hasKey = androidKeystoreKmsClient.hasKey(this.masterKeyUri);
            if (!hasKey) {
                try {
                    AndroidKeystoreKmsClient.generateNewAeadKey(this.masterKeyUri);
                } catch (GeneralSecurityException | ProviderException unused) {
                    return null;
                }
            }
            try {
                return androidKeystoreKmsClient.getAead(this.masterKeyUri);
            } catch (GeneralSecurityException | ProviderException e) {
                if (hasKey) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.masterKeyUri), e);
                }
                return null;
            }
        }

        public final void withMasterKeyUri(String str) {
            if (!str.startsWith(MasterKeys.KEYSTORE_PATH_URI)) {
                throw new IllegalArgumentException("key URI must start with android-keystore://");
            }
            this.masterKeyUri = str;
        }

        public final void withSharedPref(Context context, String str, String str2) throws IOException {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            if (str == null) {
                throw new IllegalArgumentException("need a keyset name");
            }
            this.reader = new SharedPrefKeysetReader(context, str, str2);
            this.writer = new SharedPrefKeysetWriter(context, str, str2);
        }
    }

    public AndroidKeysetManager(Builder builder) throws GeneralSecurityException, IOException {
        SharedPrefKeysetWriter sharedPrefKeysetWriter = builder.writer;
        this.masterKey = builder.masterKey;
        this.keysetManager = builder.keysetManager;
    }
}
