package com.google.crypto.tink.integration.android;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import com.google.crypto.tink.subtle.Random;
import com.google.crypto.tink.subtle.Validators;
import com.nimbusds.jose.jca.JCAContext;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Arrays;
import javax.crypto.KeyGenerator;

/* loaded from: classes8.dex */
public final class AndroidKeystoreKmsClient {
    public static final Object keyCreationLock = new Object();
    public KeyStore keyStore;
    public final String keyUri;

    public AndroidKeystoreKmsClient() {
        JCAContext jCAContext = new JCAContext(2);
        this.keyUri = (String) jCAContext.provider;
        this.keyStore = (KeyStore) jCAContext.randomGen;
    }

    public static boolean generateKeyIfNotExist(String str) {
        AndroidKeystoreKmsClient androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
        synchronized (keyCreationLock) {
            if (androidKeystoreKmsClient.hasKey(str)) {
                return false;
            }
            generateNewAesGcmKeyWithoutExistenceCheck(str);
            return true;
        }
    }

    public static void generateNewAesGcmKeyWithoutExistenceCheck(String str) {
        String validateKmsKeyUriAndRemovePrefix = Validators.validateKmsKeyUriAndRemovePrefix(str);
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(validateKmsKeyUriAndRemovePrefix, 3).setKeySize(256).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
        keyGenerator.generateKey();
    }

    public final synchronized AndroidKeystoreAesGcm getAead(String str) {
        AndroidKeystoreAesGcm androidKeystoreAesGcm;
        String str2 = this.keyUri;
        if (str2 != null && !str2.equals(str)) {
            throw new GeneralSecurityException(String.format("this client is bound to %s, cannot load keys bound to %s", this.keyUri, str));
        }
        androidKeystoreAesGcm = new AndroidKeystoreAesGcm(Validators.validateKmsKeyUriAndRemovePrefix(str), this.keyStore);
        byte[] randBytes = Random.randBytes(10);
        byte[] bArr = new byte[0];
        if (!Arrays.equals(randBytes, androidKeystoreAesGcm.decrypt(androidKeystoreAesGcm.encrypt(randBytes, bArr), bArr))) {
            throw new KeyStoreException("cannot use Android Keystore: encryption/decryption of non-empty message and empty aad returns an incorrect result");
        }
        return androidKeystoreAesGcm;
    }

    public final synchronized boolean hasKey(String str) {
        String validateKmsKeyUriAndRemovePrefix;
        validateKmsKeyUriAndRemovePrefix = Validators.validateKmsKeyUriAndRemovePrefix(str);
        try {
        } catch (NullPointerException unused) {
            Log.w("AndroidKeystoreKmsClient", "Keystore is temporarily unavailable, wait, reinitialize Keystore and try again.");
            try {
                try {
                    Thread.sleep((int) (Math.random() * 40.0d));
                } catch (InterruptedException unused2) {
                }
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                this.keyStore = keyStore;
                keyStore.load(null);
                return this.keyStore.containsAlias(validateKmsKeyUriAndRemovePrefix);
            } catch (IOException e) {
                throw new GeneralSecurityException(e);
            }
        }
        return this.keyStore.containsAlias(validateKmsKeyUriAndRemovePrefix);
    }
}
