package com.google.crypto.tink.integration.android;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.RequiresApi;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KmsClient;
import com.google.crypto.tink.subtle.Random;
import com.google.crypto.tink.subtle.Validators;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Arrays;
import java.util.Locale;
import javax.annotation.concurrent.GuardedBy;
import javax.crypto.KeyGenerator;

/* loaded from: classes3.dex */
public final class AndroidKeystoreKmsClient implements KmsClient {
    public static final String PREFIX = "android-keystore://";
    private static final String c = "AndroidKeystoreKmsClient";
    private static final int d = 20;

    /* renamed from: a, reason: collision with root package name */
    private final String f6190a;

    @GuardedBy("this")
    private KeyStore b;

    /* loaded from: classes3.dex */
    public static final class Builder {

        /* renamed from: a, reason: collision with root package name */
        public String f6191a = null;
        public KeyStore b;

        /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
        @RequiresApi(23)
        public Builder() {
            this.b = null;
            if (!(Build.VERSION.SDK_INT >= 23)) {
                throw new IllegalStateException("need Android Keystore on Android M or newer");
            }
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                this.b = keyStore;
                keyStore.load(null);
            } catch (IOException | GeneralSecurityException e) {
                throw new IllegalStateException(e);
            }
        }

        public AndroidKeystoreKmsClient build() {
            return new AndroidKeystoreKmsClient(this);
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        @RequiresApi(23)
        public Builder setKeyStore(KeyStore keyStore) {
            if (keyStore == null) {
                throw new IllegalArgumentException("val cannot be null");
            }
            this.b = keyStore;
            return this;
        }

        /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
        @RequiresApi(23)
        public Builder setKeyUri(String str) {
            if (str == null || !str.toLowerCase(Locale.US).startsWith("android-keystore://")) {
                throw new IllegalArgumentException("val must start with android-keystore://");
            }
            this.f6191a = str;
            return this;
        }
    }

    @RequiresApi(23)
    public AndroidKeystoreKmsClient() throws GeneralSecurityException {
        this(new Builder());
    }

    public AndroidKeystoreKmsClient(Builder builder) {
        this.f6190a = builder.f6191a;
        this.b = builder.b;
    }

    @RequiresApi(23)
    @Deprecated
    public AndroidKeystoreKmsClient(String str) {
        this(new Builder().setKeyUri(str));
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @RequiresApi(23)
    public static void generateNewAeadKey(String str) throws GeneralSecurityException {
        if (new AndroidKeystoreKmsClient().a(str)) {
            throw new IllegalArgumentException(String.format("cannot generate a new key %s because it already exists; please delete it with deleteKey() and try again", str));
        }
        String validateKmsKeyUriAndRemovePrefix = Validators.validateKmsKeyUriAndRemovePrefix("android-keystore://", str);
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(validateKmsKeyUriAndRemovePrefix, 3).setKeySize(256).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
        keyGenerator.generateKey();
    }

    @RequiresApi(23)
    public static Aead getOrGenerateNewAeadKey(String str) throws GeneralSecurityException, IOException {
        AndroidKeystoreKmsClient androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
        if (!androidKeystoreKmsClient.a(str)) {
            String.format("key URI %s doesn't exist, generating a new one", str);
            generateNewAeadKey(str);
        }
        return androidKeystoreKmsClient.getAead(str);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public final synchronized boolean a(String str) {
        String validateKmsKeyUriAndRemovePrefix;
        try {
            validateKmsKeyUriAndRemovePrefix = Validators.validateKmsKeyUriAndRemovePrefix("android-keystore://", str);
            try {
            } catch (NullPointerException unused) {
                try {
                    Thread.sleep(20L);
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    this.b = keyStore;
                    keyStore.load(null);
                } catch (IOException e) {
                    throw new GeneralSecurityException(e);
                } catch (InterruptedException unused2) {
                }
                return this.b.containsAlias(validateKmsKeyUriAndRemovePrefix);
            }
        } catch (Throwable th) {
            throw th;
        }
        return this.b.containsAlias(validateKmsKeyUriAndRemovePrefix);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public synchronized void deleteKey(String str) throws GeneralSecurityException {
        try {
            this.b.deleteEntry(Validators.validateKmsKeyUriAndRemovePrefix("android-keystore://", str));
        } catch (Throwable th) {
            throw th;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.google.crypto.tink.KmsClient
    @RequiresApi(23)
    public synchronized boolean doesSupport(String str) {
        try {
            String str2 = this.f6190a;
            boolean z = true;
            if (str2 != null && str2.equals(str)) {
                return true;
            }
            if (this.f6190a == null) {
                if (str.toLowerCase(Locale.US).startsWith("android-keystore://")) {
                    return z;
                }
            }
            z = false;
            return z;
        } catch (Throwable th) {
            throw th;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    @Override // com.google.crypto.tink.KmsClient
    public synchronized Aead getAead(String str) throws GeneralSecurityException {
        AndroidKeystoreAesGcm androidKeystoreAesGcm;
        try {
            String str2 = this.f6190a;
            if (str2 != null && !str2.equals(str)) {
                throw new GeneralSecurityException(String.format("this client is bound to %s, cannot load keys bound to %s", this.f6190a, str));
            }
            androidKeystoreAesGcm = new AndroidKeystoreAesGcm(Validators.validateKmsKeyUriAndRemovePrefix("android-keystore://", str), this.b);
            byte[] randBytes = Random.randBytes(10);
            byte[] bArr = new byte[0];
            if (!Arrays.equals(randBytes, androidKeystoreAesGcm.decrypt(androidKeystoreAesGcm.encrypt(randBytes, bArr), bArr))) {
                throw new KeyStoreException("cannot use Android Keystore: encryption/decryption of non-empty message and empty aad returns an incorrect result");
            }
        } finally {
        }
        return androidKeystoreAesGcm;
    }

    @Override // com.google.crypto.tink.KmsClient
    @RequiresApi(23)
    public KmsClient withCredentials(String str) throws GeneralSecurityException {
        return new AndroidKeystoreKmsClient();
    }

    @Override // com.google.crypto.tink.KmsClient
    @RequiresApi(23)
    public KmsClient withDefaultCredentials() throws GeneralSecurityException {
        return new AndroidKeystoreKmsClient();
    }
}
