package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.util.Log;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.KeysetReader;
import com.google.crypto.tink.KeysetWriter;
import com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.ProviderException;
import picku.k91;

/* loaded from: classes3.dex */
public final class AndroidKeysetManager {
    public KeysetManager a;

    /* loaded from: classes3.dex */
    public static final class Builder {
        public KeysetReader a = null;

        /* renamed from: b, reason: collision with root package name */
        public KeysetWriter f5262b = null;

        /* renamed from: c, reason: collision with root package name */
        public String f5263c = null;
        public Aead d = null;
        public boolean e = true;
        public KeyTemplate f = null;
        public KeyStore g = null;
        public KeysetManager h;

        public synchronized AndroidKeysetManager a() throws GeneralSecurityException, IOException {
            if (this.f5263c != null) {
                this.d = c();
            }
            this.h = b();
            return new AndroidKeysetManager(this, null);
        }

        public final KeysetManager b() throws GeneralSecurityException, IOException {
            try {
                Aead aead = this.d;
                if (aead != null) {
                    try {
                        return KeysetManager.e(KeysetHandle.c(this.a, aead));
                    } catch (InvalidProtocolBufferException | GeneralSecurityException e) {
                        Log.w("AndroidKeysetManager", "cannot decrypt keyset: ", e);
                    }
                }
                return KeysetManager.e(KeysetHandle.a(this.a.read()));
            } catch (FileNotFoundException e2) {
                Log.w("AndroidKeysetManager", "keyset not found, will generate a new one", e2);
                if (this.f == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                KeysetManager keysetManager = new KeysetManager(Keyset.y());
                KeyTemplate keyTemplate = this.f;
                synchronized (keysetManager) {
                    com.google.crypto.tink.proto.KeyTemplate keyTemplate2 = keyTemplate.a;
                    synchronized (keysetManager) {
                        Keyset.Key c2 = keysetManager.c(keyTemplate2);
                        Keyset.Builder builder = keysetManager.a;
                        builder.m();
                        Keyset.x((Keyset) builder.f5308c, c2);
                        int i = k91.a(keysetManager.a().a).keyInfo_.get(0).keyId_;
                        synchronized (keysetManager) {
                            for (int i2 = 0; i2 < ((Keyset) keysetManager.a.f5308c).key_.size(); i2++) {
                                Keyset.Key key = ((Keyset) keysetManager.a.f5308c).key_.get(i2);
                                if (key.keyId_ == i) {
                                    if (!key.C().equals(KeyStatusType.ENABLED)) {
                                        throw new GeneralSecurityException("cannot set key as primary because it's not enabled: " + i);
                                    }
                                    Keyset.Builder builder2 = keysetManager.a;
                                    builder2.m();
                                    ((Keyset) builder2.f5308c).primaryKeyId_ = i;
                                    if (this.d != null) {
                                        KeysetHandle a = keysetManager.a();
                                        KeysetWriter keysetWriter = this.f5262b;
                                        Aead aead2 = this.d;
                                        Keyset keyset = a.a;
                                        byte[] a2 = aead2.a(keyset.e(), new byte[0]);
                                        try {
                                            if (!Keyset.z(aead2.b(a2, new byte[0]), ExtensionRegistryLite.a()).equals(keyset)) {
                                                throw new GeneralSecurityException("cannot encrypt keyset");
                                            }
                                            EncryptedKeyset.Builder m = EncryptedKeyset.DEFAULT_INSTANCE.m();
                                            ByteString f = ByteString.f(a2);
                                            m.m();
                                            EncryptedKeyset encryptedKeyset = (EncryptedKeyset) m.f5308c;
                                            if (encryptedKeyset == null) {
                                                throw null;
                                            }
                                            f.getClass();
                                            encryptedKeyset.encryptedKeyset_ = f;
                                            KeysetInfo a3 = k91.a(keyset);
                                            m.m();
                                            EncryptedKeyset encryptedKeyset2 = (EncryptedKeyset) m.f5308c;
                                            if (encryptedKeyset2 == null) {
                                                throw null;
                                            }
                                            a3.getClass();
                                            encryptedKeyset2.keysetInfo_ = a3;
                                            keysetWriter.b(m.build());
                                        } catch (InvalidProtocolBufferException unused) {
                                            throw new GeneralSecurityException("invalid keyset, corrupted key material");
                                        }
                                    } else {
                                        this.f5262b.a(keysetManager.a().a);
                                    }
                                    return keysetManager;
                                }
                            }
                            throw new GeneralSecurityException("key not found: " + i);
                        }
                    }
                }
            }
        }

        public final Aead c() throws GeneralSecurityException {
            AndroidKeystoreKmsClient androidKeystoreKmsClient;
            if (this.g != null) {
                AndroidKeystoreKmsClient.Builder builder = new AndroidKeystoreKmsClient.Builder();
                KeyStore keyStore = this.g;
                if (keyStore == null) {
                    throw new IllegalArgumentException("val cannot be null");
                }
                builder.f5265b = keyStore;
                androidKeystoreKmsClient = new AndroidKeystoreKmsClient(builder, null);
            } else {
                androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
            }
            boolean d = androidKeystoreKmsClient.d(this.f5263c);
            if (!d) {
                try {
                    AndroidKeystoreKmsClient.c(this.f5263c);
                } catch (GeneralSecurityException | ProviderException e) {
                    Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e);
                    return null;
                }
            }
            try {
                return androidKeystoreKmsClient.b(this.f5263c);
            } catch (GeneralSecurityException | ProviderException e2) {
                if (d) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.f5263c), e2);
                }
                Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e2);
                return null;
            }
        }

        public Builder d(String str) {
            if (!str.startsWith("android-keystore://")) {
                throw new IllegalArgumentException("key URI must start with android-keystore://");
            }
            if (!this.e) {
                throw new IllegalArgumentException("cannot call withMasterKeyUri() after calling doNotUseKeystore()");
            }
            this.f5263c = str;
            return this;
        }

        public Builder e(Context context, String str, String str2) throws IOException {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            this.a = new SharedPrefKeysetReader(context, str, str2);
            this.f5262b = new SharedPrefKeysetWriter(context, str, str2);
            return this;
        }
    }

    public AndroidKeysetManager(Builder builder, a aVar) throws GeneralSecurityException, IOException {
        this.a = builder.h;
    }
}
