package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.util.Log;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import com.google.crypto.tink.subtle.Hex;
import defpackage.s2;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;

/* loaded from: classes3.dex */
public final class AndroidKeysetManager {
    public final KeysetManager a;

    /* loaded from: classes3.dex */
    public static final class Builder {
        public SharedPrefKeysetReader a = null;
        public SharedPrefKeysetWriter b = null;
        public String c = null;
        public AndroidKeystoreAesGcm d = null;
        public KeyTemplate e = null;
        public KeysetManager f;

        public final synchronized AndroidKeysetManager a() throws GeneralSecurityException, IOException {
            try {
                if (this.c != null) {
                    this.d = c();
                }
                this.f = b();
            } catch (Throwable th) {
                throw th;
            }
            return new AndroidKeysetManager(this);
        }

        public final KeysetManager b() throws GeneralSecurityException, IOException {
            try {
                AndroidKeystoreAesGcm androidKeystoreAesGcm = this.d;
                if (androidKeystoreAesGcm != null) {
                    try {
                        Keyset keyset = KeysetHandle.c(this.a, androidKeystoreAesGcm).a;
                        GeneratedMessageLite.Builder builder = (GeneratedMessageLite.Builder) keyset.i(GeneratedMessageLite.MethodToInvoke.f);
                        builder.j(keyset);
                        return new KeysetManager((Keyset.Builder) builder);
                    } catch (InvalidProtocolBufferException | GeneralSecurityException e) {
                        Log.w("AndroidKeysetManager", "cannot decrypt keyset: ", e);
                    }
                }
                Keyset z = Keyset.z(this.a.a(), ExtensionRegistryLite.a());
                if (z.v() <= 0) {
                    throw new GeneralSecurityException("empty keyset");
                }
                GeneratedMessageLite.Builder builder2 = (GeneratedMessageLite.Builder) z.i(GeneratedMessageLite.MethodToInvoke.f);
                builder2.j(z);
                return new KeysetManager((Keyset.Builder) builder2);
            } catch (FileNotFoundException e2) {
                Log.w("AndroidKeysetManager", "keyset not found, will generate a new one", e2);
                if (this.e == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                Keyset.Builder y = Keyset.y();
                KeysetManager keysetManager = new KeysetManager(y);
                KeyTemplate keyTemplate = this.e;
                synchronized (keysetManager) {
                    com.google.crypto.tink.proto.KeyTemplate keyTemplate2 = keyTemplate.a;
                    synchronized (keysetManager) {
                        Keyset.Key c = keysetManager.c(keyTemplate2);
                        y.i();
                        Keyset.t((Keyset) y.c, c);
                        int w = keysetManager.a().a().u().w();
                        synchronized (keysetManager) {
                            for (int i = 0; i < ((Keyset) keysetManager.a.c).v(); i++) {
                                Keyset.Key u = ((Keyset) keysetManager.a.c).u(i);
                                if (u.x() == w) {
                                    if (!u.z().equals(KeyStatusType.ENABLED)) {
                                        throw new GeneralSecurityException("cannot set key as primary because it's not enabled: " + w);
                                    }
                                    Keyset.Builder builder3 = keysetManager.a;
                                    builder3.i();
                                    Keyset.s((Keyset) builder3.c, w);
                                    if (this.d != null) {
                                        keysetManager.a().d(this.b, this.d);
                                    } else {
                                        KeysetHandle a = keysetManager.a();
                                        SharedPrefKeysetWriter sharedPrefKeysetWriter = this.b;
                                        Keyset keyset2 = a.a;
                                        sharedPrefKeysetWriter.getClass();
                                        if (!sharedPrefKeysetWriter.a.putString(sharedPrefKeysetWriter.b, Hex.b(keyset2.toByteArray())).commit()) {
                                            throw new IOException("Failed to write to SharedPreferences");
                                        }
                                    }
                                    return keysetManager;
                                }
                            }
                            throw new GeneralSecurityException("key not found: " + w);
                        }
                    }
                }
            }
        }

        public final AndroidKeystoreAesGcm c() throws GeneralSecurityException {
            AndroidKeystoreKmsClient androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
            boolean d = androidKeystoreKmsClient.d(this.c);
            if (!d) {
                try {
                    AndroidKeystoreKmsClient.c(this.c);
                } catch (GeneralSecurityException | ProviderException e) {
                    Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e);
                    return null;
                }
            }
            try {
                return androidKeystoreKmsClient.b(this.c);
            } catch (GeneralSecurityException | ProviderException e2) {
                if (d) {
                    throw new KeyStoreException(s2.i("the master key ", this.c, " exists but is unusable"), e2);
                }
                Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e2);
                return null;
            }
        }

        public final void d(String str) {
            if (!str.startsWith("android-keystore://")) {
                throw new IllegalArgumentException("key URI must start with android-keystore://");
            }
            this.c = str;
        }

        public final void e(Context context, String str, String str2) throws IOException {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            if (str == null) {
                throw new IllegalArgumentException("need a keyset name");
            }
            this.a = new SharedPrefKeysetReader(context, str, str2);
            this.b = new SharedPrefKeysetWriter(context, str, str2);
        }
    }

    public AndroidKeysetManager(Builder builder) throws GeneralSecurityException, IOException {
        SharedPrefKeysetWriter sharedPrefKeysetWriter = builder.b;
        this.a = builder.f;
    }
}
