package k.e.b.a.s.a;

import android.content.Context;
import android.util.Log;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeysetReader;
import com.google.crypto.tink.KeysetWriter;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import java.io.FileNotFoundException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.ProviderException;
import java.util.Arrays;
import javax.annotation.concurrent.GuardedBy;
import k.e.b.a.f;
import k.e.b.a.n;
import k.e.b.a.s.a.c;
import k.e.b.a.v.n0;
import k.e.b.a.v.w0;
import k.e.b.a.w.a.v;
import k.e.b.a.z.j0;
import k.e.b.a.z.u0;

/* loaded from: classes.dex */
public final class a {

    /* renamed from: d, reason: collision with root package name */
    public static final String f4342d = "a";
    public final KeysetWriter a;
    public final Aead b;

    @GuardedBy("this")
    public f c;

    /* loaded from: classes.dex */
    public static final class b {
        public KeysetReader a = null;
        public KeysetWriter b = null;
        public String c = null;

        /* renamed from: d, reason: collision with root package name */
        public Aead f4343d = null;
        public k.e.b.a.c e = null;

        @GuardedBy("this")
        public f f;

        public synchronized a a() {
            if (this.c != null) {
                this.f4343d = c();
            }
            this.f = b();
            return new a(this, null);
        }

        public final f b() {
            try {
                Aead aead = this.f4343d;
                if (aead != null) {
                    try {
                        return f.f(k.e.b.a.e.c(this.a, aead));
                    } catch (GeneralSecurityException | v e) {
                        Log.w(a.f4342d, "cannot decrypt keyset: ", e);
                    }
                }
                return f.f(k.e.b.a.e.a(this.a.read()));
            } catch (FileNotFoundException e2) {
                Log.w(a.f4342d, "keyset not found, will generate a new one", e2);
                if (this.e == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                f fVar = new f(Keyset.s());
                k.e.b.a.c cVar = this.e;
                synchronized (fVar) {
                    fVar.a(cVar.a, false);
                    int keyId = n.a(fVar.b().a).getKeyInfo(0).getKeyId();
                    synchronized (fVar) {
                        for (int i2 = 0; i2 < ((Keyset) fVar.a.f).getKeyCount(); i2++) {
                            Keyset.c key = ((Keyset) fVar.a.f).getKey(i2);
                            if (key.getKeyId() == keyId) {
                                if (!key.getStatus().equals(w0.ENABLED)) {
                                    throw new GeneralSecurityException("cannot set key as primary because it's not enabled: " + keyId);
                                }
                                Keyset.b bVar = fVar.a;
                                bVar.e();
                                Keyset.q((Keyset) bVar.f, keyId);
                                if (this.f4343d != null) {
                                    k.e.b.a.e b = fVar.b();
                                    KeysetWriter keysetWriter = this.b;
                                    Aead aead2 = this.f4343d;
                                    Keyset keyset = b.a;
                                    byte[] encrypt = aead2.encrypt(keyset.toByteArray(), new byte[0]);
                                    try {
                                        if (!Keyset.t(aead2.decrypt(encrypt, new byte[0]), k.e.b.a.w.a.n.a()).equals(keyset)) {
                                            throw new GeneralSecurityException("cannot encrypt keyset");
                                        }
                                        n0.b s2 = n0.s();
                                        ByteString c = ByteString.c(encrypt);
                                        s2.e();
                                        n0.q((n0) s2.f, c);
                                        KeysetInfo a = n.a(keyset);
                                        s2.e();
                                        n0.r((n0) s2.f, a);
                                        keysetWriter.write(s2.build());
                                    } catch (v unused) {
                                        throw new GeneralSecurityException("invalid keyset, corrupted key material");
                                    }
                                } else {
                                    this.b.write(fVar.b().a);
                                }
                                return fVar;
                            }
                        }
                        throw new GeneralSecurityException("key not found: " + keyId);
                    }
                }
            }
        }

        public final Aead c() {
            String str = a.f4342d;
            KeyStore keyStore = new c.a().a;
            boolean containsAlias = keyStore.containsAlias(u0.b("android-keystore://", this.c));
            if (!containsAlias) {
                try {
                    c.a(this.c);
                } catch (GeneralSecurityException e) {
                    e = e;
                    Log.w(a.f4342d, "cannot use Android Keystore, it'll be disabled", e);
                    return null;
                }
            }
            try {
                k.e.b.a.s.a.b bVar = new k.e.b.a.s.a.b(u0.b("android-keystore://", this.c), keyStore);
                byte[] a = j0.a(10);
                byte[] bArr = new byte[0];
                if (Arrays.equals(a, bVar.decrypt(bVar.encrypt(a, bArr), bArr))) {
                    return bVar;
                }
                throw new KeyStoreException("cannot use Android Keystore: encryption/decryption of non-empty message and empty aad returns an incorrect result");
            } catch (GeneralSecurityException | ProviderException e2) {
                e = e2;
                if (containsAlias) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.c), e);
                }
                Log.w(a.f4342d, "cannot use Android Keystore, it'll be disabled", e);
                return null;
            }
        }

        public b d(Context context, String str, String str2) {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            this.a = new d(context, str, str2);
            this.b = new e(context, str, str2);
            return this;
        }
    }

    public a(b bVar, C0102a c0102a) {
        this.a = bVar.b;
        this.b = bVar.f4343d;
        this.c = bVar.f;
    }
}
