package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.util.Log;
import androidx.security.crypto.MasterKeys;
import coil.d;
import com.google.crypto.tink.f;
import com.google.crypto.tink.h;
import com.google.crypto.tink.i;
import com.google.crypto.tink.j;
import com.google.crypto.tink.proto.f0;
import com.google.crypto.tink.proto.i0;
import com.google.crypto.tink.proto.j0;
import com.google.crypto.tink.proto.z;
import com.google.crypto.tink.shaded.protobuf.b0;
import com.google.crypto.tink.shaded.protobuf.q;
import com.google.crypto.tink.t;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;

/* compiled from: AndroidKeysetManager.java */
/* loaded from: classes2.dex */
public final class a {
    public static final String a = "a";
    public final com.google.crypto.tink.a b;
    public i c;

    /* compiled from: AndroidKeysetManager.java */
    /* loaded from: classes2.dex */
    public static final class b {
        public d a = null;
        public j b = null;
        public String c = null;
        public com.google.crypto.tink.a d = null;
        public f e = null;
        public i f;

        public synchronized a a() throws GeneralSecurityException, IOException {
            if (this.c != null) {
                this.d = c();
            }
            this.f = b();
            return new a(this, null);
        }

        public final i b() throws GeneralSecurityException, IOException {
            try {
                com.google.crypto.tink.a aVar = this.d;
                if (aVar != null) {
                    try {
                        return i.f(h.c(this.a, aVar));
                    } catch (b0 | GeneralSecurityException e) {
                        Log.w(a.a, "cannot decrypt keyset: ", e);
                    }
                }
                return i.f(h.a(i0.y(this.a.a(), q.a())));
            } catch (FileNotFoundException e2) {
                Log.w(a.a, "keyset not found, will generate a new one", e2);
                if (this.e == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                i iVar = new i(i0.x());
                f fVar = this.e;
                synchronized (iVar) {
                    iVar.a(fVar.a, false);
                    int v = t.a(iVar.b().a).t(0).v();
                    synchronized (iVar) {
                        for (int i = 0; i < ((i0) iVar.a.c).u(); i++) {
                            i0.c t = ((i0) iVar.a.c).t(i);
                            if (t.w() == v) {
                                if (!t.y().equals(f0.ENABLED)) {
                                    throw new GeneralSecurityException("cannot set key as primary because it's not enabled: " + v);
                                }
                                i0.b bVar = iVar.a;
                                bVar.f();
                                i0.r((i0) bVar.c, v);
                                if (this.d != null) {
                                    h b = iVar.b();
                                    j jVar = this.b;
                                    com.google.crypto.tink.a aVar2 = this.d;
                                    i0 i0Var = b.a;
                                    byte[] a = aVar2.a(i0Var.c(), new byte[0]);
                                    try {
                                        if (!i0.y(aVar2.b(a, new byte[0]), q.a()).equals(i0Var)) {
                                            throw new GeneralSecurityException("cannot encrypt keyset");
                                        }
                                        z.b u = z.u();
                                        com.google.crypto.tink.shaded.protobuf.i d = com.google.crypto.tink.shaded.protobuf.i.d(a);
                                        u.f();
                                        z.r((z) u.c, d);
                                        j0 a2 = t.a(i0Var);
                                        u.f();
                                        z.s((z) u.c, a2);
                                        e eVar = (e) jVar;
                                        if (!eVar.a.putString(eVar.b, d.b.A1(u.d().c())).commit()) {
                                            throw new IOException("Failed to write to SharedPreferences");
                                        }
                                    } catch (b0 unused) {
                                        throw new GeneralSecurityException("invalid keyset, corrupted key material");
                                    }
                                } else {
                                    h b2 = iVar.b();
                                    e eVar2 = (e) this.b;
                                    if (!eVar2.a.putString(eVar2.b, d.b.A1(b2.a.c())).commit()) {
                                        throw new IOException("Failed to write to SharedPreferences");
                                    }
                                }
                                return iVar;
                            }
                        }
                        throw new GeneralSecurityException("key not found: " + v);
                    }
                }
            }
        }

        public final com.google.crypto.tink.a c() throws GeneralSecurityException {
            String str = a.a;
            c cVar = new c();
            boolean d = cVar.d(this.c);
            if (!d) {
                try {
                    c.c(this.c);
                } catch (GeneralSecurityException | ProviderException e) {
                    Log.w(a.a, "cannot use Android Keystore, it'll be disabled", e);
                    return null;
                }
            }
            try {
                return cVar.b(this.c);
            } catch (GeneralSecurityException | ProviderException e2) {
                if (d) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.c), e2);
                }
                Log.w(a.a, "cannot use Android Keystore, it'll be disabled", e2);
                return null;
            }
        }

        public b d(String str) {
            if (!str.startsWith(MasterKeys.KEYSTORE_PATH_URI)) {
                throw new IllegalArgumentException("key URI must start with android-keystore://");
            }
            this.c = str;
            return this;
        }

        public b e(Context context, String str, String str2) throws IOException {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            if (str == null) {
                throw new IllegalArgumentException("need a keyset name");
            }
            this.a = new d(context, str, str2);
            this.b = new e(context, str, str2);
            return this;
        }
    }

    public a(b bVar, C0104a c0104a) throws GeneralSecurityException, IOException {
        this.b = bVar.d;
        this.c = bVar.f;
    }

    public synchronized h a() throws GeneralSecurityException {
        return this.c.b();
    }
}
