package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.util.Log;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.KeysetReader;
import com.google.crypto.tink.KeysetWriter;
import com.google.crypto.tink.Util;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;
import javax.annotation.concurrent.GuardedBy;

/* loaded from: classes2.dex */
public final class AndroidKeysetManager {

    /* renamed from: a, reason: collision with root package name */
    public final KeysetWriter f19987a;

    /* renamed from: b, reason: collision with root package name */
    public final Aead f19988b;

    /* renamed from: c, reason: collision with root package name */
    @GuardedBy
    public KeysetManager f19989c;

    /* renamed from: com.google.crypto.tink.integration.android.AndroidKeysetManager$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f19990a;

        static {
            OutputPrefixType.values();
            int[] iArr = new int[6];
            f19990a = iArr;
            try {
                iArr[1] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f19990a[2] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f19990a[3] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f19990a[4] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    /* loaded from: classes2.dex */
    public static final class Builder {

        /* renamed from: a, reason: collision with root package name */
        public KeysetReader f19991a = null;

        /* renamed from: b, reason: collision with root package name */
        public KeysetWriter f19992b = null;

        /* renamed from: c, reason: collision with root package name */
        public String f19993c = null;

        /* renamed from: d, reason: collision with root package name */
        public Aead f19994d = null;

        /* renamed from: e, reason: collision with root package name */
        public KeyTemplate f19995e = null;

        @GuardedBy
        public KeysetManager f;

        public synchronized AndroidKeysetManager a() throws GeneralSecurityException, IOException {
            if (this.f19993c != null) {
                this.f19994d = c();
            }
            this.f = b();
            return new AndroidKeysetManager(this, null);
        }

        public final KeysetManager b() throws GeneralSecurityException, IOException {
            try {
                Aead aead = this.f19994d;
                if (aead != null) {
                    try {
                        return KeysetManager.e(KeysetHandle.c(this.f19991a, aead));
                    } catch (InvalidProtocolBufferException | GeneralSecurityException e2) {
                        Log.w("AndroidKeysetManager", "cannot decrypt keyset: ", e2);
                    }
                }
                return KeysetManager.e(KeysetHandle.a(this.f19991a.read()));
            } catch (FileNotFoundException e3) {
                Log.w("AndroidKeysetManager", "keyset not found, will generate a new one", e3);
                if (this.f19995e == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                Keyset.Builder A = Keyset.A();
                KeysetManager keysetManager = new KeysetManager(A);
                KeyTemplate keyTemplate = this.f19995e;
                synchronized (keysetManager) {
                    com.google.crypto.tink.proto.KeyTemplate keyTemplate2 = keyTemplate.f19916a;
                    synchronized (keysetManager) {
                        Keyset.Key b2 = keysetManager.b(keyTemplate2);
                        A.h();
                        Keyset.v((Keyset) A.f20218b, b2);
                        int y = Util.a(keysetManager.a().f19929a).x(0).y();
                        synchronized (keysetManager) {
                            for (int i = 0; i < ((Keyset) keysetManager.f19930a.f20218b).x(); i++) {
                                Keyset.Key w = ((Keyset) keysetManager.f19930a.f20218b).w(i);
                                if (w.z() == y) {
                                    if (!w.B().equals(KeyStatusType.ENABLED)) {
                                        throw new GeneralSecurityException("cannot set key as primary because it's not enabled: " + y);
                                    }
                                    Keyset.Builder builder = keysetManager.f19930a;
                                    builder.h();
                                    Keyset.u((Keyset) builder.f20218b, y);
                                    if (this.f19994d != null) {
                                        KeysetHandle a2 = keysetManager.a();
                                        KeysetWriter keysetWriter = this.f19992b;
                                        Aead aead2 = this.f19994d;
                                        Keyset keyset = a2.f19929a;
                                        byte[] a3 = aead2.a(keyset.c(), new byte[0]);
                                        try {
                                            if (!Keyset.D(aead2.b(a3, new byte[0]), ExtensionRegistryLite.a()).equals(keyset)) {
                                                throw new GeneralSecurityException("cannot encrypt keyset");
                                            }
                                            EncryptedKeyset.Builder y2 = EncryptedKeyset.y();
                                            ByteString k = ByteString.k(a3);
                                            y2.h();
                                            EncryptedKeyset.u((EncryptedKeyset) y2.f20218b, k);
                                            KeysetInfo a4 = Util.a(keyset);
                                            y2.h();
                                            EncryptedKeyset.v((EncryptedKeyset) y2.f20218b, a4);
                                            keysetWriter.b(y2.build());
                                        } catch (InvalidProtocolBufferException unused) {
                                            throw new GeneralSecurityException("invalid keyset, corrupted key material");
                                        }
                                    } else {
                                        this.f19992b.a(keysetManager.a().f19929a);
                                    }
                                    return keysetManager;
                                }
                            }
                            throw new GeneralSecurityException("key not found: " + y);
                        }
                    }
                }
            }
        }

        public final Aead c() throws GeneralSecurityException {
            AndroidKeystoreKmsClient androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
            boolean d2 = androidKeystoreKmsClient.d(this.f19993c);
            if (!d2) {
                try {
                    AndroidKeystoreKmsClient.c(this.f19993c);
                } catch (GeneralSecurityException | ProviderException e2) {
                    Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e2);
                    return null;
                }
            }
            try {
                return androidKeystoreKmsClient.b(this.f19993c);
            } catch (GeneralSecurityException | ProviderException e3) {
                if (d2) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.f19993c), e3);
                }
                Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e3);
                return null;
            }
        }

        public Builder d(Context context, String str, String str2) throws IOException {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            this.f19991a = new SharedPrefKeysetReader(context, str, str2);
            this.f19992b = new SharedPrefKeysetWriter(context, str, str2);
            return this;
        }
    }

    public AndroidKeysetManager(Builder builder, AnonymousClass1 anonymousClass1) throws GeneralSecurityException, IOException {
        this.f19987a = builder.f19992b;
        this.f19988b = builder.f19994d;
        this.f19989c = builder.f;
    }
}
