package at.bitfire.davdroid.webdav;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import androidx.activity.ComponentActivity$$ExternalSyntheticOutline0;
import androidx.savedstate.R$id;
import androidx.security.crypto.EncryptedSharedPreferences;
import androidx.security.crypto.MasterKey;
import androidx.security.crypto.MasterKeys;
import at.bitfire.davdroid.model.Credentials;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.DeterministicAead;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.Registry;
import com.google.crypto.tink.aead.AeadConfig;
import com.google.crypto.tink.daead.AesSivKeyManager;
import com.google.crypto.tink.daead.DeterministicAeadConfig;
import com.google.crypto.tink.daead.DeterministicAeadWrapper;
import com.google.crypto.tink.integration.android.AndroidKeysetManager;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.ProviderException;
import java.util.Arrays;
import java.util.Objects;
import javax.crypto.KeyGenerator;
import kotlin.jvm.internal.DefaultConstructorMarker;

/* compiled from: CredentialsStore.kt */
/* loaded from: classes.dex */
public final class CredentialsStore {
    public static final String CERTIFICATE_ALIAS = "certificate_alias";
    public static final Companion Companion = new Companion(null);
    public static final String HAS_CREDENTIALS = "has_credentials";
    public static final String PASSWORD = "password";
    public static final String USER_NAME = "user_name";
    private final MasterKey masterKey;
    private final SharedPreferences prefs;

    /* compiled from: CredentialsStore.kt */
    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: CredentialsStore.kt */
    @Retention(RetentionPolicy.SOURCE)
    /* loaded from: classes.dex */
    public @interface KeyName {
    }

    public CredentialsStore(Context context) {
        MasterKey masterKey;
        KeysetHandle keysetHandle;
        KeysetHandle keysetHandle2;
        R$id.checkNotNullParameter(context, "context");
        context.getApplicationContext();
        if (Build.VERSION.SDK_INT >= 23) {
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("_androidx_security_master_key_", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build();
            Objects.requireNonNull(build, "KeyGenParameterSpec was null after build() check");
            int i = MasterKeys.$r8$clinit;
            if (build.getKeySize() != 256) {
                StringBuilder m = ComponentActivity$$ExternalSyntheticOutline0.m("invalid key size, want 256 bits got ");
                m.append(build.getKeySize());
                m.append(" bits");
                throw new IllegalArgumentException(m.toString());
            }
            if (!Arrays.equals(build.getBlockModes(), new String[]{"GCM"})) {
                StringBuilder m2 = ComponentActivity$$ExternalSyntheticOutline0.m("invalid block mode, want GCM got ");
                m2.append(Arrays.toString(build.getBlockModes()));
                throw new IllegalArgumentException(m2.toString());
            }
            if (build.getPurposes() != 3) {
                StringBuilder m3 = ComponentActivity$$ExternalSyntheticOutline0.m("invalid purposes mode, want PURPOSE_ENCRYPT | PURPOSE_DECRYPT got ");
                m3.append(build.getPurposes());
                throw new IllegalArgumentException(m3.toString());
            }
            if (!Arrays.equals(build.getEncryptionPaddings(), new String[]{"NoPadding"})) {
                StringBuilder m4 = ComponentActivity$$ExternalSyntheticOutline0.m("invalid padding mode, want NoPadding got ");
                m4.append(Arrays.toString(build.getEncryptionPaddings()));
                throw new IllegalArgumentException(m4.toString());
            }
            if (build.isUserAuthenticationRequired() && build.getUserAuthenticationValidityDurationSeconds() < 1) {
                throw new IllegalArgumentException("per-operation authentication is not supported (UserAuthenticationValidityDurationSeconds must be >0)");
            }
            String keystoreAlias = build.getKeystoreAlias();
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (!keyStore.containsAlias(keystoreAlias)) {
                try {
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                    keyGenerator.init(build);
                    keyGenerator.generateKey();
                } catch (ProviderException e) {
                    throw new GeneralSecurityException(e.getMessage(), e);
                }
            }
            masterKey = new MasterKey(build.getKeystoreAlias(), build);
        } else {
            masterKey = new MasterKey("_androidx_security_master_key_", null);
        }
        this.masterKey = masterKey;
        EncryptedSharedPreferences.PrefKeyEncryptionScheme prefKeyEncryptionScheme = EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV;
        EncryptedSharedPreferences.PrefValueEncryptionScheme prefValueEncryptionScheme = EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM;
        String str = masterKey.mKeyAlias;
        int i2 = DeterministicAeadConfig.$r8$clinit;
        Registry.registerKeyManager(new AesSivKeyManager(), true);
        Registry.registerPrimitiveWrapper(new DeterministicAeadWrapper());
        AeadConfig.register();
        Context applicationContext = context.getApplicationContext();
        AndroidKeysetManager.Builder builder = new AndroidKeysetManager.Builder();
        builder.keyTemplate = prefKeyEncryptionScheme.mDeterministicAeadKeyTemplate;
        builder.withSharedPref(applicationContext, "__androidx_security_crypto_encrypted_prefs_key_keyset__", "webdav_credentials");
        String str2 = "android-keystore://" + str;
        if (!str2.startsWith("android-keystore://")) {
            throw new IllegalArgumentException("key URI must start with android-keystore://");
        }
        builder.masterKeyUri = str2;
        AndroidKeysetManager build2 = builder.build();
        synchronized (build2) {
            keysetHandle = build2.keysetManager.getKeysetHandle();
        }
        AndroidKeysetManager.Builder builder2 = new AndroidKeysetManager.Builder();
        builder2.keyTemplate = prefValueEncryptionScheme.mAeadKeyTemplate;
        builder2.withSharedPref(applicationContext, "__androidx_security_crypto_encrypted_prefs_value_keyset__", "webdav_credentials");
        String str3 = "android-keystore://" + str;
        if (!str3.startsWith("android-keystore://")) {
            throw new IllegalArgumentException("key URI must start with android-keystore://");
        }
        builder2.masterKeyUri = str3;
        AndroidKeysetManager build3 = builder2.build();
        synchronized (build3) {
            keysetHandle2 = build3.keysetManager.getKeysetHandle();
        }
        this.prefs = new EncryptedSharedPreferences("webdav_credentials", str, applicationContext.getSharedPreferences("webdav_credentials", 0), (Aead) keysetHandle2.getPrimitive(Aead.class), (DeterministicAead) keysetHandle.getPrimitive(DeterministicAead.class));
    }

    private final String keyName(long j, String str) {
        return j + '.' + str;
    }

    public final Credentials getCredentials(long j) {
        if (this.prefs.getBoolean(keyName(j, HAS_CREDENTIALS), false)) {
            return new Credentials(this.prefs.getString(keyName(j, "user_name"), null), this.prefs.getString(keyName(j, "password"), null), this.prefs.getString(keyName(j, "certificate_alias"), null));
        }
        return null;
    }

    public final void setCredentials(long j, Credentials credentials) {
        SharedPreferences.Editor edit = this.prefs.edit();
        if (credentials != null) {
            edit.putBoolean(keyName(j, HAS_CREDENTIALS), true).putString(keyName(j, "user_name"), credentials.getUserName()).putString(keyName(j, "password"), credentials.getPassword()).putString(keyName(j, "certificate_alias"), credentials.getCertificateAlias());
        } else {
            edit.remove(keyName(j, HAS_CREDENTIALS)).remove(keyName(j, "user_name")).remove(keyName(j, "password")).remove(keyName(j, "certificate_alias"));
        }
        edit.apply();
    }
}
