package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.os.Build;
import android.util.Log;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.CleartextKeysetHandle;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.KeysetReader;
import com.google.crypto.tink.KeysetWriter;
import com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.ProviderException;
import javax.annotation.concurrent.GuardedBy;

/* loaded from: classes.dex */
public final class AndroidKeysetManager {

    /* renamed from: d, reason: collision with root package name */
    private static final String f27019d = "AndroidKeysetManager";

    /* renamed from: a, reason: collision with root package name */
    private final KeysetWriter f27020a;

    /* renamed from: b, reason: collision with root package name */
    private final Aead f27021b;

    /* renamed from: c, reason: collision with root package name */
    @GuardedBy
    private KeysetManager f27022c;

    /* loaded from: classes.dex */
    public static final class Builder {

        /* renamed from: a, reason: collision with root package name */
        private KeysetReader f27023a = null;

        /* renamed from: b, reason: collision with root package name */
        private KeysetWriter f27024b = null;

        /* renamed from: c, reason: collision with root package name */
        private String f27025c = null;

        /* renamed from: d, reason: collision with root package name */
        private Aead f27026d = null;

        /* renamed from: e, reason: collision with root package name */
        private boolean f27027e = true;

        /* renamed from: f, reason: collision with root package name */
        private KeyTemplate f27028f = null;

        /* renamed from: g, reason: collision with root package name */
        private KeyStore f27029g = null;

        /* renamed from: h, reason: collision with root package name */
        @GuardedBy
        private KeysetManager f27030h;

        private KeysetManager e() throws GeneralSecurityException, IOException {
            Aead aead = this.f27026d;
            if (aead != null) {
                try {
                    return KeysetManager.j(KeysetHandle.j(this.f27023a, aead));
                } catch (InvalidProtocolBufferException | GeneralSecurityException e10) {
                    Log.w(AndroidKeysetManager.f27019d, "cannot decrypt keyset: ", e10);
                }
            }
            return KeysetManager.j(CleartextKeysetHandle.a(this.f27023a));
        }

        private KeysetManager f() throws GeneralSecurityException, IOException {
            try {
                return e();
            } catch (FileNotFoundException e10) {
                Log.w(AndroidKeysetManager.f27019d, "keyset not found, will generate a new one", e10);
                if (this.f27028f == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                KeysetManager a10 = KeysetManager.i().a(this.f27028f);
                KeysetManager h10 = a10.h(a10.c().g().P(0).O());
                if (this.f27026d != null) {
                    h10.c().k(this.f27024b, this.f27026d);
                } else {
                    CleartextKeysetHandle.b(h10.c(), this.f27024b);
                }
                return h10;
            }
        }

        private Aead g() throws GeneralSecurityException {
            if (!AndroidKeysetManager.a()) {
                Log.w(AndroidKeysetManager.f27019d, "Android Keystore requires at least Android M");
                return null;
            }
            AndroidKeystoreKmsClient a10 = this.f27029g != null ? new AndroidKeystoreKmsClient.Builder().b(this.f27029g).a() : new AndroidKeystoreKmsClient();
            boolean e10 = a10.e(this.f27025c);
            if (!e10) {
                try {
                    AndroidKeystoreKmsClient.d(this.f27025c);
                } catch (GeneralSecurityException | ProviderException e11) {
                    Log.w(AndroidKeysetManager.f27019d, "cannot use Android Keystore, it'll be disabled", e11);
                    return null;
                }
            }
            try {
                return a10.b(this.f27025c);
            } catch (GeneralSecurityException | ProviderException e12) {
                if (e10) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.f27025c), e12);
                }
                Log.w(AndroidKeysetManager.f27019d, "cannot use Android Keystore, it'll be disabled", e12);
                return null;
            }
        }

        public synchronized AndroidKeysetManager d() throws GeneralSecurityException, IOException {
            if (this.f27025c != null) {
                this.f27026d = g();
            }
            this.f27030h = f();
            return new AndroidKeysetManager(this);
        }

        public Builder h(KeyTemplate keyTemplate) {
            this.f27028f = keyTemplate;
            return this;
        }

        public Builder i(String str) {
            if (!str.startsWith("android-keystore://")) {
                throw new IllegalArgumentException("key URI must start with android-keystore://");
            }
            if (!this.f27027e) {
                throw new IllegalArgumentException("cannot call withMasterKeyUri() after calling doNotUseKeystore()");
            }
            this.f27025c = str;
            return this;
        }

        public Builder j(Context context, String str, String str2) throws IOException {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            if (str == null) {
                throw new IllegalArgumentException("need a keyset name");
            }
            this.f27023a = new SharedPrefKeysetReader(context, str, str2);
            this.f27024b = new SharedPrefKeysetWriter(context, str, str2);
            return this;
        }
    }

    private AndroidKeysetManager(Builder builder) throws GeneralSecurityException, IOException {
        this.f27020a = builder.f27024b;
        this.f27021b = builder.f27026d;
        this.f27022c = builder.f27030h;
    }

    static /* synthetic */ boolean a() {
        return d();
    }

    private static boolean d() {
        return Build.VERSION.SDK_INT >= 23;
    }

    public synchronized KeysetHandle c() throws GeneralSecurityException {
        return this.f27022c.c();
    }
}
