package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.os.Build;
import android.util.Log;
import com.google.android.gms.common.util.zzc;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.Util;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;

/* loaded from: classes.dex */
public final class AndroidKeysetManager {
    public KeysetManager keysetManager;

    /* loaded from: classes.dex */
    public final class Builder {
        public KeysetManager keysetManager;
        public SharedPrefKeysetReader reader = null;
        public SharedPrefKeysetWriter writer = null;
        public String masterKeyUri = null;
        public Aead masterKey = null;
        public KeyTemplate keyTemplate = null;

        public synchronized AndroidKeysetManager build() {
            if (this.masterKeyUri != null) {
                this.masterKey = readOrGenerateNewMasterKey();
            }
            this.keysetManager = readOrGenerateNewKeyset();
            return new AndroidKeysetManager(this, null);
        }

        public final KeysetManager read() {
            Aead aead = this.masterKey;
            if (aead != null) {
                try {
                    return new KeysetManager(KeysetHandle.read(this.reader, aead).keyset.toBuilder());
                } catch (InvalidProtocolBufferException | GeneralSecurityException e) {
                    Log.w("AndroidKeysetManager", "cannot decrypt keyset: ", e);
                }
            }
            return new KeysetManager(KeysetHandle.fromKeyset(Keyset.parseFrom(this.reader.readPref(), ExtensionRegistryLite.getEmptyRegistry())).keyset.toBuilder());
        }

        public final KeysetManager readOrGenerateNewKeyset() {
            try {
                return read();
            } catch (FileNotFoundException e) {
                Log.w("AndroidKeysetManager", "keyset not found, will generate a new one", e);
                if (this.keyTemplate == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                KeysetManager keysetManager = new KeysetManager(Keyset.newBuilder());
                KeyTemplate keyTemplate = this.keyTemplate;
                synchronized (keysetManager) {
                    keysetManager.addNewKey(keyTemplate.kt, false);
                    int keyId = keysetManager.getKeysetHandle().getKeysetInfo().getKeyInfo(0).getKeyId();
                    synchronized (keysetManager) {
                        for (int i = 0; i < ((Keyset) keysetManager.keysetBuilder.instance).getKeyCount(); i++) {
                            Keyset.Key key = ((Keyset) keysetManager.keysetBuilder.instance).getKey(i);
                            if (key.getKeyId() == keyId) {
                                if (!key.getStatus().equals(KeyStatusType.ENABLED)) {
                                    throw new GeneralSecurityException("cannot set key as primary because it's not enabled: " + keyId);
                                }
                                Keyset.Builder builder = keysetManager.keysetBuilder;
                                builder.copyOnWrite();
                                ((Keyset) builder.instance).setPrimaryKeyId(keyId);
                                if (this.masterKey != null) {
                                    KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
                                    SharedPrefKeysetWriter sharedPrefKeysetWriter = this.writer;
                                    Aead aead = this.masterKey;
                                    Keyset keyset = keysetHandle.keyset;
                                    byte[] encrypt = aead.encrypt(keyset.toByteArray(), new byte[0]);
                                    try {
                                        if (!Keyset.parseFrom(aead.decrypt(encrypt, new byte[0]), ExtensionRegistryLite.getEmptyRegistry()).equals(keyset)) {
                                            throw new GeneralSecurityException("cannot encrypt keyset");
                                        }
                                        EncryptedKeyset.Builder newBuilder = EncryptedKeyset.newBuilder();
                                        ByteString copyFrom = ByteString.copyFrom(encrypt);
                                        newBuilder.copyOnWrite();
                                        ((EncryptedKeyset) newBuilder.instance).setEncryptedKeyset(copyFrom);
                                        KeysetInfo keysetInfo = Util.getKeysetInfo(keyset);
                                        newBuilder.copyOnWrite();
                                        ((EncryptedKeyset) newBuilder.instance).setKeysetInfo(keysetInfo);
                                        if (!sharedPrefKeysetWriter.editor.putString(sharedPrefKeysetWriter.keysetName, zzc.encode(newBuilder.build().toByteArray())).commit()) {
                                            throw new IOException("Failed to write to SharedPreferences");
                                        }
                                    } catch (InvalidProtocolBufferException unused) {
                                        throw new GeneralSecurityException("invalid keyset, corrupted key material");
                                    }
                                } else {
                                    KeysetHandle keysetHandle2 = keysetManager.getKeysetHandle();
                                    SharedPrefKeysetWriter sharedPrefKeysetWriter2 = this.writer;
                                    if (!sharedPrefKeysetWriter2.editor.putString(sharedPrefKeysetWriter2.keysetName, zzc.encode(keysetHandle2.keyset.toByteArray())).commit()) {
                                        throw new IOException("Failed to write to SharedPreferences");
                                    }
                                }
                                return keysetManager;
                            }
                        }
                        throw new GeneralSecurityException("key not found: " + keyId);
                    }
                }
            }
        }

        public final Aead readOrGenerateNewMasterKey() {
            if (!(Build.VERSION.SDK_INT >= 23)) {
                Log.w("AndroidKeysetManager", "Android Keystore requires at least Android M");
                return null;
            }
            AndroidKeystoreKmsClient androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
            boolean hasKey = androidKeystoreKmsClient.hasKey(this.masterKeyUri);
            if (!hasKey) {
                try {
                    AndroidKeystoreKmsClient.generateNewAeadKey(this.masterKeyUri);
                } catch (GeneralSecurityException | ProviderException e) {
                    Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e);
                    return null;
                }
            }
            try {
                return androidKeystoreKmsClient.getAead(this.masterKeyUri);
            } catch (GeneralSecurityException | ProviderException e2) {
                if (hasKey) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.masterKeyUri), e2);
                }
                Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e2);
                return null;
            }
        }

        public Builder withMasterKeyUri(String str) {
            if (!str.startsWith("android-keystore://")) {
                throw new IllegalArgumentException("key URI must start with android-keystore://");
            }
            this.masterKeyUri = str;
            return this;
        }

        public Builder withSharedPref(Context context, String str, String str2) {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            this.reader = new SharedPrefKeysetReader(context, str, str2);
            this.writer = new SharedPrefKeysetWriter(context, str, str2);
            return this;
        }
    }

    public AndroidKeysetManager(Builder builder, AnonymousClass1 anonymousClass1) {
        this.keysetManager = builder.keysetManager;
    }

    public synchronized KeysetHandle getKeysetHandle() {
        return this.keysetManager.getKeysetHandle();
    }
}
