package androidx.security.crypto;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Objects;
import javax.crypto.KeyGenerator;

/* loaded from: classes.dex */
public final class MasterKey {

    /* renamed from: a, reason: collision with root package name */
    public final String f4825a;

    /* loaded from: classes.dex */
    public enum KeyScheme {
        AES256_GCM
    }

    /* loaded from: classes.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f4826a;

        static {
            int[] iArr = new int[KeyScheme.values().length];
            f4826a = iArr;
            try {
                iArr[KeyScheme.AES256_GCM.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class b {

        /* renamed from: a, reason: collision with root package name */
        public final String f4827a;

        /* renamed from: b, reason: collision with root package name */
        public KeyGenParameterSpec f4828b;

        /* renamed from: c, reason: collision with root package name */
        public KeyScheme f4829c;

        public b(Context context) {
            context.getApplicationContext();
            this.f4827a = "_androidx_security_master_key_";
        }

        public final MasterKey a() {
            if (Build.VERSION.SDK_INT < 23) {
                return new MasterKey(this.f4827a, null);
            }
            KeyScheme keyScheme = this.f4829c;
            if (keyScheme == null && this.f4828b == null) {
                throw new IllegalArgumentException("build() called before setKeyGenParameterSpec or setKeyScheme.");
            }
            if (keyScheme == KeyScheme.AES256_GCM) {
                this.f4828b = new KeyGenParameterSpec.Builder(this.f4827a, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build();
            }
            KeyGenParameterSpec keyGenParameterSpec = this.f4828b;
            Objects.requireNonNull(keyGenParameterSpec, "KeyGenParameterSpec was null after build() check");
            int i12 = androidx.security.crypto.a.f4830a;
            if (keyGenParameterSpec.getKeySize() != 256) {
                StringBuilder i13 = defpackage.b.i("invalid key size, want 256 bits got ");
                i13.append(keyGenParameterSpec.getKeySize());
                i13.append(" bits");
                throw new IllegalArgumentException(i13.toString());
            }
            if (!Arrays.equals(keyGenParameterSpec.getBlockModes(), new String[]{"GCM"})) {
                StringBuilder i14 = defpackage.b.i("invalid block mode, want GCM got ");
                i14.append(Arrays.toString(keyGenParameterSpec.getBlockModes()));
                throw new IllegalArgumentException(i14.toString());
            }
            if (keyGenParameterSpec.getPurposes() != 3) {
                StringBuilder i15 = defpackage.b.i("invalid purposes mode, want PURPOSE_ENCRYPT | PURPOSE_DECRYPT got ");
                i15.append(keyGenParameterSpec.getPurposes());
                throw new IllegalArgumentException(i15.toString());
            }
            if (!Arrays.equals(keyGenParameterSpec.getEncryptionPaddings(), new String[]{"NoPadding"})) {
                StringBuilder i16 = defpackage.b.i("invalid padding mode, want NoPadding got ");
                i16.append(Arrays.toString(keyGenParameterSpec.getEncryptionPaddings()));
                throw new IllegalArgumentException(i16.toString());
            }
            if (keyGenParameterSpec.isUserAuthenticationRequired() && keyGenParameterSpec.getUserAuthenticationValidityDurationSeconds() < 1) {
                throw new IllegalArgumentException("per-operation authentication is not supported (UserAuthenticationValidityDurationSeconds must be >0)");
            }
            String keystoreAlias = keyGenParameterSpec.getKeystoreAlias();
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (!keyStore.containsAlias(keystoreAlias)) {
                try {
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                    keyGenerator.init(keyGenParameterSpec);
                    keyGenerator.generateKey();
                } catch (ProviderException e12) {
                    throw new GeneralSecurityException(e12.getMessage(), e12);
                }
            }
            return new MasterKey(keyGenParameterSpec.getKeystoreAlias(), this.f4828b);
        }

        public final b b(KeyScheme keyScheme) {
            if (a.f4826a[keyScheme.ordinal()] != 1) {
                throw new IllegalArgumentException("Unsupported scheme: " + keyScheme);
            }
            if (Build.VERSION.SDK_INT >= 23 && this.f4828b != null) {
                throw new IllegalArgumentException("KeyScheme set after setting a KeyGenParamSpec");
            }
            this.f4829c = keyScheme;
            return this;
        }
    }

    public MasterKey(String str, Object obj) {
        this.f4825a = str;
        if (Build.VERSION.SDK_INT >= 23) {
        }
    }

    public final String toString() {
        StringBuilder i12 = defpackage.b.i("MasterKey{keyAlias=");
        i12.append(this.f4825a);
        i12.append(", isKeyStoreBacked=");
        boolean z12 = false;
        if (Build.VERSION.SDK_INT >= 23) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                z12 = keyStore.containsAlias(this.f4825a);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException unused) {
            }
        }
        return ag0.a.g(i12, z12, "}");
    }
}
