package de.rki.coronawarnapp.util.security;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.keystore.KeyGenParameterSpec;
import androidx.security.crypto.EncryptedSharedPreferences;
import androidx.security.crypto.MasterKeys;
import com.android.tools.r8.GeneratedOutlineSupport;
import com.google.android.gms.common.internal.Preconditions;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.DeterministicAead;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.config.TinkConfig;
import com.google.crypto.tink.integration.android.AndroidKeysetManager;
import de.rki.coronawarnapp.util.RetryMechanism;
import java.security.KeyException;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.HashMap;
import javax.crypto.KeyGenerator;
import kotlin.Lazy;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import timber.log.Timber;

/* compiled from: EncryptedPreferencesFactory.kt */
/* loaded from: classes.dex */
public final class EncryptedPreferencesFactory {
    public final Context context;
    public final Lazy masterKeyAlias$delegate;

    public EncryptedPreferencesFactory(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        this.context = context;
        this.masterKeyAlias$delegate = Preconditions.lazy(new Function0<String>() { // from class: de.rki.coronawarnapp.util.security.EncryptedPreferencesFactory$masterKeyAlias$2
            @Override // kotlin.jvm.functions.Function0
            public String invoke() {
                KeyGenParameterSpec keyGenParameterSpec = MasterKeys.AES256_GCM_SPEC;
                if (keyGenParameterSpec.getKeySize() != 256) {
                    StringBuilder outline21 = GeneratedOutlineSupport.outline21("invalid key size, want 256 bits got ");
                    outline21.append(keyGenParameterSpec.getKeySize());
                    outline21.append(" bits");
                    throw new IllegalArgumentException(outline21.toString());
                }
                if (!Arrays.equals(keyGenParameterSpec.getBlockModes(), new String[]{"GCM"})) {
                    StringBuilder outline212 = GeneratedOutlineSupport.outline21("invalid block mode, want GCM got ");
                    outline212.append(Arrays.toString(keyGenParameterSpec.getBlockModes()));
                    throw new IllegalArgumentException(outline212.toString());
                }
                if (keyGenParameterSpec.getPurposes() != 3) {
                    StringBuilder outline213 = GeneratedOutlineSupport.outline21("invalid purposes mode, want PURPOSE_ENCRYPT | PURPOSE_DECRYPT got ");
                    outline213.append(keyGenParameterSpec.getPurposes());
                    throw new IllegalArgumentException(outline213.toString());
                }
                if (!Arrays.equals(keyGenParameterSpec.getEncryptionPaddings(), new String[]{"NoPadding"})) {
                    StringBuilder outline214 = GeneratedOutlineSupport.outline21("invalid padding mode, want NoPadding got ");
                    outline214.append(Arrays.toString(keyGenParameterSpec.getEncryptionPaddings()));
                    throw new IllegalArgumentException(outline214.toString());
                }
                if (keyGenParameterSpec.isUserAuthenticationRequired() && keyGenParameterSpec.getUserAuthenticationValidityDurationSeconds() < 1) {
                    throw new IllegalArgumentException("per-operation authentication is not supported (UserAuthenticationValidityDurationSeconds must be >0)");
                }
                String keystoreAlias = keyGenParameterSpec.getKeystoreAlias();
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                if (!keyStore.containsAlias(keystoreAlias)) {
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                    keyGenerator.init(keyGenParameterSpec);
                    keyGenerator.generateKey();
                }
                return keyGenParameterSpec.getKeystoreAlias();
            }
        });
    }

    public final SharedPreferences create(final String fileName) {
        Intrinsics.checkNotNullParameter(fileName, "fileName");
        try {
            return (SharedPreferences) RetryMechanism.retryWithBackOff$default(RetryMechanism.INSTANCE, null, null, null, new Function0<SharedPreferences>() { // from class: de.rki.coronawarnapp.util.security.EncryptedPreferencesFactory$create$1
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                @Override // kotlin.jvm.functions.Function0
                public SharedPreferences invoke() {
                    KeysetHandle keysetHandle;
                    KeysetHandle keysetHandle2;
                    Timber.TREE_OF_SOULS.d("Creating EncryptedSharedPreferences instance.", new Object[0]);
                    EncryptedPreferencesFactory encryptedPreferencesFactory = EncryptedPreferencesFactory.this;
                    String str = fileName;
                    String str2 = (String) encryptedPreferencesFactory.masterKeyAlias$delegate.getValue();
                    Context context = encryptedPreferencesFactory.context;
                    EncryptedSharedPreferences.PrefKeyEncryptionScheme prefKeyEncryptionScheme = EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV;
                    EncryptedSharedPreferences.PrefValueEncryptionScheme prefValueEncryptionScheme = EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM;
                    TinkConfig.register();
                    AndroidKeysetManager.Builder builder = new AndroidKeysetManager.Builder();
                    builder.keyTemplate = prefKeyEncryptionScheme.mDeterministicAeadKeyTemplate;
                    builder.withSharedPref(context, "__androidx_security_crypto_encrypted_prefs_key_keyset__", str);
                    builder.withMasterKeyUri("android-keystore://" + str2);
                    AndroidKeysetManager build = builder.build();
                    synchronized (build) {
                        keysetHandle = build.keysetManager.getKeysetHandle();
                    }
                    AndroidKeysetManager.Builder builder2 = new AndroidKeysetManager.Builder();
                    builder2.keyTemplate = prefValueEncryptionScheme.mAeadKeyTemplate;
                    builder2.withSharedPref(context, "__androidx_security_crypto_encrypted_prefs_value_keyset__", str);
                    builder2.withMasterKeyUri("android-keystore://" + str2);
                    AndroidKeysetManager build2 = builder2.build();
                    synchronized (build2) {
                        keysetHandle2 = build2.keysetManager.getKeysetHandle();
                    }
                    EncryptedSharedPreferences encryptedSharedPreferences = new EncryptedSharedPreferences(str, str2, context.getSharedPreferences(str, 0), (Aead) keysetHandle2.getPrimitive(Aead.class), (DeterministicAead) keysetHandle.getPrimitive(DeterministicAead.class));
                    Intrinsics.checkNotNullExpressionValue(encryptedSharedPreferences, "EncryptedSharedPreferenc…onScheme.AES256_GCM\n    )");
                    Timber.TREE_OF_SOULS.d("Instance created, %d entries.", Integer.valueOf(((HashMap) encryptedSharedPreferences.getAll()).size()));
                    return encryptedSharedPreferences;
                }
            }, 7);
        } catch (Exception e) {
            throw new KeyException("Permanently failed to instantiate encrypted preferences", e);
        }
    }
}
