package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.util.Log;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.CleartextKeysetHandle;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.KeysetReader;
import com.google.crypto.tink.KeysetWriter;
import com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.ProviderException;
import javax.annotation.concurrent.GuardedBy;

/* loaded from: classes5.dex */
public final class AndroidKeysetManager {

    /* renamed from: d, reason: collision with root package name */
    private static final String f48804d = "AndroidKeysetManager";

    /* renamed from: a, reason: collision with root package name */
    private final KeysetWriter f48805a;

    /* renamed from: b, reason: collision with root package name */
    private final Aead f48806b;

    /* renamed from: c, reason: collision with root package name */
    @GuardedBy("this")
    private KeysetManager f48807c;

    /* loaded from: classes5.dex */
    public static final class Builder {

        /* renamed from: a, reason: collision with root package name */
        private KeysetReader f48808a = null;

        /* renamed from: b, reason: collision with root package name */
        private KeysetWriter f48809b = null;

        /* renamed from: c, reason: collision with root package name */
        private String f48810c = null;

        /* renamed from: d, reason: collision with root package name */
        private Aead f48811d = null;

        /* renamed from: e, reason: collision with root package name */
        private boolean f48812e = true;

        /* renamed from: f, reason: collision with root package name */
        private KeyTemplate f48813f = null;

        /* renamed from: g, reason: collision with root package name */
        private KeyStore f48814g = null;

        /* renamed from: h, reason: collision with root package name */
        @GuardedBy("this")
        private KeysetManager f48815h;

        private KeysetManager d() throws GeneralSecurityException, IOException {
            Aead aead = this.f48811d;
            if (aead != null) {
                try {
                    return KeysetManager.withKeysetHandle(KeysetHandle.read(this.f48808a, aead));
                } catch (InvalidProtocolBufferException | GeneralSecurityException e7) {
                    Log.w(AndroidKeysetManager.f48804d, "cannot decrypt keyset: ", e7);
                }
            }
            return KeysetManager.withKeysetHandle(CleartextKeysetHandle.read(this.f48808a));
        }

        private KeysetManager e() throws GeneralSecurityException, IOException {
            try {
                return d();
            } catch (FileNotFoundException e7) {
                Log.w(AndroidKeysetManager.f48804d, "keyset not found, will generate a new one", e7);
                if (this.f48813f == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                KeysetManager add = KeysetManager.withEmptyKeyset().add(this.f48813f);
                KeysetManager primary = add.setPrimary(add.getKeysetHandle().getKeysetInfo().getKeyInfo(0).getKeyId());
                if (this.f48811d != null) {
                    primary.getKeysetHandle().write(this.f48809b, this.f48811d);
                } else {
                    CleartextKeysetHandle.write(primary.getKeysetHandle(), this.f48809b);
                }
                return primary;
            }
        }

        private Aead f() throws GeneralSecurityException {
            if (!AndroidKeysetManager.b()) {
                Log.w(AndroidKeysetManager.f48804d, "Android Keystore requires at least Android M");
                return null;
            }
            AndroidKeystoreKmsClient build = this.f48814g != null ? new AndroidKeystoreKmsClient.Builder().setKeyStore(this.f48814g).build() : new AndroidKeystoreKmsClient();
            boolean b7 = build.b(this.f48810c);
            if (!b7) {
                try {
                    AndroidKeystoreKmsClient.generateNewAeadKey(this.f48810c);
                } catch (GeneralSecurityException | ProviderException e7) {
                    Log.w(AndroidKeysetManager.f48804d, "cannot use Android Keystore, it'll be disabled", e7);
                    return null;
                }
            }
            try {
                return build.getAead(this.f48810c);
            } catch (GeneralSecurityException | ProviderException e8) {
                if (b7) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.f48810c), e8);
                }
                Log.w(AndroidKeysetManager.f48804d, "cannot use Android Keystore, it'll be disabled", e8);
                return null;
            }
        }

        public synchronized AndroidKeysetManager build() throws GeneralSecurityException, IOException {
            if (this.f48810c != null) {
                this.f48811d = f();
            }
            this.f48815h = e();
            return new AndroidKeysetManager(this, null);
        }

        @Deprecated
        public Builder doNotUseKeystore() {
            this.f48810c = null;
            this.f48812e = false;
            return this;
        }

        public Builder withKeyTemplate(KeyTemplate keyTemplate) {
            this.f48813f = keyTemplate;
            return this;
        }

        @Deprecated
        public Builder withKeyTemplate(com.google.crypto.tink.proto.KeyTemplate keyTemplate) {
            this.f48813f = KeyTemplate.create(keyTemplate.getTypeUrl(), keyTemplate.getValue().toByteArray(), AndroidKeysetManager.d(keyTemplate.getOutputPrefixType()));
            return this;
        }

        public Builder withMasterKeyUri(String str) {
            if (!str.startsWith(AndroidKeystoreKmsClient.PREFIX)) {
                throw new IllegalArgumentException("key URI must start with android-keystore://");
            }
            if (!this.f48812e) {
                throw new IllegalArgumentException("cannot call withMasterKeyUri() after calling doNotUseKeystore()");
            }
            this.f48810c = str;
            return this;
        }

        public Builder withSharedPref(Context context, String str, String str2) throws IOException {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            if (str == null) {
                throw new IllegalArgumentException("need a keyset name");
            }
            this.f48808a = new SharedPrefKeysetReader(context, str, str2);
            this.f48809b = new SharedPrefKeysetWriter(context, str, str2);
            return this;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f48816a;

        static {
            int[] iArr = new int[OutputPrefixType.values().length];
            f48816a = iArr;
            try {
                iArr[OutputPrefixType.TINK.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f48816a[OutputPrefixType.LEGACY.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f48816a[OutputPrefixType.RAW.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f48816a[OutputPrefixType.CRUNCHY.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    private AndroidKeysetManager(Builder builder) throws GeneralSecurityException, IOException {
        this.f48805a = builder.f48809b;
        this.f48806b = builder.f48811d;
        this.f48807c = builder.f48815h;
    }

    /* synthetic */ AndroidKeysetManager(Builder builder, a aVar) throws GeneralSecurityException, IOException {
        this(builder);
    }

    static /* synthetic */ boolean b() {
        return e();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KeyTemplate.OutputPrefixType d(OutputPrefixType outputPrefixType) {
        int i7 = a.f48816a[outputPrefixType.ordinal()];
        if (i7 == 1) {
            return KeyTemplate.OutputPrefixType.TINK;
        }
        if (i7 == 2) {
            return KeyTemplate.OutputPrefixType.LEGACY;
        }
        if (i7 == 3) {
            return KeyTemplate.OutputPrefixType.RAW;
        }
        if (i7 == 4) {
            return KeyTemplate.OutputPrefixType.CRUNCHY;
        }
        throw new IllegalArgumentException("Unknown output prefix type");
    }

    private static boolean e() {
        return true;
    }

    private boolean f() {
        return this.f48806b != null && e();
    }

    private void g(KeysetManager keysetManager) throws GeneralSecurityException {
        try {
            if (f()) {
                keysetManager.getKeysetHandle().write(this.f48805a, this.f48806b);
            } else {
                CleartextKeysetHandle.write(keysetManager.getKeysetHandle(), this.f48805a);
            }
        } catch (IOException e7) {
            throw new GeneralSecurityException(e7);
        }
    }

    @GuardedBy("this")
    public synchronized AndroidKeysetManager add(KeyTemplate keyTemplate) throws GeneralSecurityException {
        KeysetManager add = this.f48807c.add(keyTemplate);
        this.f48807c = add;
        g(add);
        return this;
    }

    @GuardedBy("this")
    @Deprecated
    public synchronized AndroidKeysetManager add(com.google.crypto.tink.proto.KeyTemplate keyTemplate) throws GeneralSecurityException {
        KeysetManager add = this.f48807c.add(keyTemplate);
        this.f48807c = add;
        g(add);
        return this;
    }

    public synchronized AndroidKeysetManager delete(int i7) throws GeneralSecurityException {
        KeysetManager delete = this.f48807c.delete(i7);
        this.f48807c = delete;
        g(delete);
        return this;
    }

    public synchronized AndroidKeysetManager destroy(int i7) throws GeneralSecurityException {
        KeysetManager destroy = this.f48807c.destroy(i7);
        this.f48807c = destroy;
        g(destroy);
        return this;
    }

    public synchronized AndroidKeysetManager disable(int i7) throws GeneralSecurityException {
        KeysetManager disable = this.f48807c.disable(i7);
        this.f48807c = disable;
        g(disable);
        return this;
    }

    public synchronized AndroidKeysetManager enable(int i7) throws GeneralSecurityException {
        KeysetManager enable = this.f48807c.enable(i7);
        this.f48807c = enable;
        g(enable);
        return this;
    }

    public synchronized KeysetHandle getKeysetHandle() throws GeneralSecurityException {
        return this.f48807c.getKeysetHandle();
    }

    public synchronized boolean isUsingKeystore() {
        return f();
    }

    @Deprecated
    public synchronized AndroidKeysetManager promote(int i7) throws GeneralSecurityException {
        return setPrimary(i7);
    }

    @Deprecated
    public synchronized AndroidKeysetManager rotate(com.google.crypto.tink.proto.KeyTemplate keyTemplate) throws GeneralSecurityException {
        KeysetManager rotate = this.f48807c.rotate(keyTemplate);
        this.f48807c = rotate;
        g(rotate);
        return this;
    }

    public synchronized AndroidKeysetManager setPrimary(int i7) throws GeneralSecurityException {
        KeysetManager primary = this.f48807c.setPrimary(i7);
        this.f48807c = primary;
        g(primary);
        return this;
    }
}
