package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import com.android.tools.r8.GeneratedOutlineSupport;
import com.google.android.material.shape.MaterialShapeUtils;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.proto.KeyTemplate;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.subtle.Validators;
import com.google.protobuf.ExtensionRegistryLite;
import com.google.protobuf.InvalidProtocolBufferException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.crypto.KeyGenerator;

/* loaded from: classes.dex */
public final class AndroidKeysetManager {
    public final KeyTemplate keyTemplate;
    public KeysetManager keysetManager;
    public final Aead masterKey;
    public final SharedPrefKeysetReader reader;
    public final boolean useKeystore;
    public final SharedPrefKeysetWriter writer;

    /* loaded from: classes.dex */
    public final class Builder {
        public SharedPrefKeysetReader reader = null;
        public SharedPrefKeysetWriter writer = null;
        public String masterKeyUri = null;
        public boolean useKeystore = true;
        public KeyTemplate keyTemplate = null;

        public AndroidKeysetManager build() {
            return new AndroidKeysetManager(this, null);
        }

        public Builder withMasterKeyUri(String str) {
            if (!str.startsWith("android-keystore://")) {
                throw new IllegalArgumentException("key URI must start with android-keystore://");
            }
            this.masterKeyUri = str;
            return this;
        }

        public Builder withSharedPref(Context context, String str, String str2) {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            this.reader = new SharedPrefKeysetReader(context, str, str2);
            this.writer = new SharedPrefKeysetWriter(context, str, str2);
            return this;
        }
    }

    public AndroidKeysetManager(Builder builder, AnonymousClass1 anonymousClass1) {
        KeysetManager keysetManager;
        SharedPrefKeysetReader sharedPrefKeysetReader = builder.reader;
        this.reader = sharedPrefKeysetReader;
        if (sharedPrefKeysetReader == null) {
            throw new IllegalArgumentException("need to specify where to read the keyset from with Builder#withSharedPref");
        }
        SharedPrefKeysetWriter sharedPrefKeysetWriter = builder.writer;
        this.writer = sharedPrefKeysetWriter;
        if (sharedPrefKeysetWriter == null) {
            throw new IllegalArgumentException("need to specify where to write the keyset to with Builder#withSharedPref");
        }
        boolean z = builder.useKeystore;
        this.useKeystore = z;
        if (z && builder.masterKeyUri == null) {
            throw new IllegalArgumentException("need a master key URI, please set it with Builder#masterKeyUri");
        }
        if (shouldUseKeystore()) {
            String str = builder.masterKeyUri;
            String validateKmsKeyUriAndRemovePrefix = Validators.validateKmsKeyUriAndRemovePrefix("android-keystore://", str);
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (!keyStore.containsAlias(validateKmsKeyUriAndRemovePrefix)) {
                String validateKmsKeyUriAndRemovePrefix2 = Validators.validateKmsKeyUriAndRemovePrefix("android-keystore://", str);
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                keyGenerator.init(new KeyGenParameterSpec.Builder(validateKmsKeyUriAndRemovePrefix2, 3).setKeySize(256).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
                keyGenerator.generateKey();
            }
            if (!(Build.VERSION.SDK_INT >= 23)) {
                throw new GeneralSecurityException("needs Android Keystore on Android M or newer");
            }
            try {
                this.masterKey = new AndroidKeystoreAesGcm(Validators.validateKmsKeyUriAndRemovePrefix("android-keystore://", str));
            } catch (IOException e) {
                throw new GeneralSecurityException(e);
            }
        } else {
            this.masterKey = null;
        }
        this.keyTemplate = builder.keyTemplate;
        try {
            keysetManager = read();
        } catch (IOException e2) {
            StringBuilder outline60 = GeneratedOutlineSupport.outline60("cannot read keyset: ");
            outline60.append(e2.toString());
            Log.i("AndroidKeysetManager", outline60.toString());
            if (this.keyTemplate == null) {
                throw new GeneralSecurityException("cannot obtain keyset handle");
            }
            keysetManager = new KeysetManager(Keyset.newBuilder());
            KeyTemplate keyTemplate = this.keyTemplate;
            synchronized (keysetManager) {
                keysetManager.addNewKey(keyTemplate, true);
                try {
                    if (shouldUseKeystore()) {
                        keysetManager.getKeysetHandle().write(this.writer, this.masterKey);
                    } else {
                        KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
                        SharedPrefKeysetWriter sharedPrefKeysetWriter2 = this.writer;
                        if (!sharedPrefKeysetWriter2.editor.putString(sharedPrefKeysetWriter2.keysetName, MaterialShapeUtils.encode(keysetHandle.keyset.toByteArray())).commit()) {
                            throw new IOException("Failed to write to SharedPreferences");
                        }
                    }
                } catch (IOException e3) {
                    throw new GeneralSecurityException(e3);
                }
            }
        }
        this.keysetManager = keysetManager;
    }

    public synchronized KeysetHandle getKeysetHandle() {
        return this.keysetManager.getKeysetHandle();
    }

    public final KeysetManager read() {
        if (shouldUseKeystore()) {
            try {
                return new KeysetManager(KeysetHandle.read(this.reader, this.masterKey).keyset.toBuilder());
            } catch (InvalidProtocolBufferException | GeneralSecurityException e) {
                StringBuilder outline60 = GeneratedOutlineSupport.outline60("cannot decrypt keyset: ");
                outline60.append(e.toString());
                Log.i("AndroidKeysetManager", outline60.toString());
            }
        }
        KeysetHandle fromKeyset = KeysetHandle.fromKeyset(Keyset.parseFrom(this.reader.readPref(), ExtensionRegistryLite.getEmptyRegistry()));
        if (shouldUseKeystore()) {
            fromKeyset.write(this.writer, this.masterKey);
        }
        return new KeysetManager(fromKeyset.keyset.toBuilder());
    }

    public final boolean shouldUseKeystore() {
        return this.useKeystore && Build.VERSION.SDK_INT >= 23;
    }
}
