package defpackage;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import com.google.protobuf.ExtensionRegistryLite;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;
import javax.crypto.KeyGenerator;

/* compiled from: PG */
/* loaded from: classes3.dex */
public final class ceml {
    public ceih b;
    private ceii c = null;
    private ceij d = null;
    private String e = null;
    private cehm f = null;
    public ceid a = null;

    private final cehm d() throws GeneralSecurityException {
        String str = cemm.a;
        cemo cemoVar = new cemo();
        boolean c = cemoVar.c(this.e);
        if (!c) {
            try {
                String str2 = this.e;
                if (new cemo().c(str2)) {
                    throw new IllegalArgumentException(String.format("cannot generate a new key %s because it already exists; please delete it with deleteKey() and try again", str2));
                }
                String d = ceym.d(str2);
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                keyGenerator.init(new KeyGenParameterSpec.Builder(d, 3).setKeySize(256).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
                keyGenerator.generateKey();
            } catch (GeneralSecurityException | ProviderException e) {
                Log.w(cemm.a, "cannot use Android Keystore, it'll be disabled", e);
                return null;
            }
        }
        try {
            return cemoVar.a(this.e);
        } catch (GeneralSecurityException | ProviderException e2) {
            if (c) {
                throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.e), e2);
            }
            Log.w(cemm.a, "cannot use Android Keystore, it'll be disabled", e2);
            return null;
        }
    }

    private final ceih e() throws GeneralSecurityException, IOException {
        cehm cehmVar = this.f;
        if (cehmVar != null) {
            try {
                try {
                    byte[] bArr = new byte[0];
                    cerx cerxVar = (cerx) chpp.parseFrom(cerx.c, ((cemp) this.c).b(), ExtensionRegistryLite.a);
                    if (cerxVar == null || cerxVar.a.d() == 0) {
                        throw new GeneralSecurityException("empty keyset");
                    }
                    try {
                        cesz ceszVar = (cesz) chpp.parseFrom(cesz.c, cehmVar.a(cerxVar.a.J(), bArr), ExtensionRegistryLite.a);
                        ceig.g(ceszVar);
                        return ceih.b(new ceig(ceszVar));
                    } catch (chql e) {
                        throw new GeneralSecurityException("invalid keyset, corrupted key material");
                    }
                } catch (GeneralSecurityException e2) {
                    e = e2;
                    Log.w(cemm.a, "cannot decrypt keyset: ", e);
                    return ceih.b(cehp.a(this.c));
                }
            } catch (chql e3) {
                e = e3;
                Log.w(cemm.a, "cannot decrypt keyset: ", e);
                return ceih.b(cehp.a(this.c));
            }
        }
        return ceih.b(cehp.a(this.c));
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final synchronized cemm a() throws GeneralSecurityException, IOException {
        ceih ceihVar;
        if (this.e != null) {
            this.f = d();
        }
        try {
            ceihVar = e();
        } catch (FileNotFoundException e) {
            if (Log.isLoggable(cemm.a, 4)) {
                Log.i(cemm.a, String.format("keyset not found, will generate a new one. %s", e.getMessage()));
            }
            if (this.a == null) {
                throw new GeneralSecurityException("cannot read or generate keyset");
            }
            ceihVar = new ceih((cesw) cesz.c.createBuilder());
            ceihVar.c(this.a);
            ceihVar.e(((cetc) ceihVar.a().e().b.get(0)).c);
            if (this.f != null) {
                ceig a = ceihVar.a();
                ceij ceijVar = this.d;
                cehm cehmVar = this.f;
                byte[] bArr = new byte[0];
                cesz ceszVar = a.a;
                byte[] b = cehmVar.b(ceszVar.toByteArray(), bArr);
                try {
                    if (!((cesz) chpp.parseFrom(cesz.c, cehmVar.a(b, bArr), ExtensionRegistryLite.a)).equals(ceszVar)) {
                        throw new GeneralSecurityException("cannot encrypt keyset");
                    }
                    cerw cerwVar = (cerw) cerx.c.createBuilder();
                    chnt y = chnt.y(b);
                    if (!cerwVar.b.isMutable()) {
                        cerwVar.x();
                    }
                    ((cerx) cerwVar.b).a = y;
                    cetd a2 = ceja.a(ceszVar);
                    if (!cerwVar.b.isMutable()) {
                        cerwVar.x();
                    }
                    cerx cerxVar = (cerx) cerwVar.b;
                    a2.getClass();
                    cerxVar.b = a2;
                    if (!((cemq) ceijVar).a.putString(((cemq) ceijVar).b, cexs.a(((cerx) cerwVar.v()).toByteArray())).commit()) {
                        throw new IOException("Failed to write to SharedPreferences");
                    }
                } catch (chql e2) {
                    throw new GeneralSecurityException("invalid keyset, corrupted key material");
                }
            } else {
                ceig a3 = ceihVar.a();
                ceij ceijVar2 = this.d;
                if (!((cemq) ceijVar2).a.putString(((cemq) ceijVar2).b, cexs.a(a3.a.toByteArray())).commit()) {
                    throw new IOException("Failed to write to SharedPreferences");
                }
            }
        }
        this.b = ceihVar;
        return new cemm(this);
    }

    public final void b(String str) {
        if (!str.startsWith("android-keystore://")) {
            throw new IllegalArgumentException("key URI must start with android-keystore://");
        }
        this.e = str;
    }

    public final void c(Context context, String str, String str2) throws IOException {
        if (context == null) {
            throw new IllegalArgumentException("need an Android context");
        }
        this.c = new cemp(context, str, str2);
        this.d = new cemq(context, str, str2);
    }
}
