package slack.crypto.security;

import android.content.Context;
import com.android.tools.r8.GeneratedOutlineSupport;
import com.google.android.gms.common.util.zzc;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.aead.AeadConfig;
import com.google.crypto.tink.aead.AesGcmKeyManager;
import com.google.crypto.tink.integration.android.AndroidKeysetManager;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.subtle.Validators;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Objects;
import kotlin.NoWhenBranchMatchedException;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import slack.app.calls.ui.helpers.CallActivityIntentHelper;
import slack.crypto.security.VerifyAeadResult;
import slack.model.AllNotificationPrefs;
import slack.telemetry.metric.Counter;
import slack.telemetry.metric.Metrics;
import slack.telemetry.metric.MetricsProviderImpl;
import timber.log.Timber;

/* compiled from: AeadPrimitiveFactory.kt */
/* loaded from: classes.dex */
public final class AeadPrimitiveFactoryImpl {
    public final AeadKeyInfoChangeDetector aeadKeyInfoChangeDetector;
    public final Context context;
    public final Metrics metrics;
    public final boolean retryTinkInitOnKeystoreError;

    /* compiled from: AeadPrimitiveFactory.kt */
    /* loaded from: classes.dex */
    public abstract class CreateKeysetManagerResult {
        public final AndroidKeysetManager keysetManager;

        /* compiled from: AeadPrimitiveFactory.kt */
        /* loaded from: classes.dex */
        public final class CreateSuccess extends CreateKeysetManagerResult {
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            public CreateSuccess(AndroidKeysetManager keysetManager) {
                super(keysetManager, null);
                Intrinsics.checkNotNullParameter(keysetManager, "keysetManager");
            }
        }

        /* compiled from: AeadPrimitiveFactory.kt */
        /* loaded from: classes.dex */
        public final class RecoverableFailure extends CreateKeysetManagerResult {
            public static final RecoverableFailure INSTANCE = new RecoverableFailure();

            public RecoverableFailure() {
                super(null, null);
            }
        }

        /* compiled from: AeadPrimitiveFactory.kt */
        /* loaded from: classes.dex */
        public final class UnrecoverableFailure extends CreateKeysetManagerResult {
            public static final UnrecoverableFailure INSTANCE = new UnrecoverableFailure();

            public UnrecoverableFailure() {
                super(null, null);
            }
        }

        public CreateKeysetManagerResult(AndroidKeysetManager androidKeysetManager, DefaultConstructorMarker defaultConstructorMarker) {
            this.keysetManager = androidKeysetManager;
        }
    }

    public AeadPrimitiveFactoryImpl(Context context, AeadKeyInfoChangeDetector aeadKeyInfoChangeDetector, Metrics metrics, boolean z) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(aeadKeyInfoChangeDetector, "aeadKeyInfoChangeDetector");
        Intrinsics.checkNotNullParameter(metrics, "metrics");
        this.context = context;
        this.aeadKeyInfoChangeDetector = aeadKeyInfoChangeDetector;
        this.metrics = metrics;
        this.retryTinkInitOnKeystoreError = z;
    }

    public final CreateKeysetManagerResult attemptCreateKeysetManager(AeadPrimitiveFactory$Storage aeadPrimitiveFactory$Storage) {
        try {
            AeadConfig.register();
            AndroidKeysetManager.Builder builder = new AndroidKeysetManager.Builder();
            builder.keyTemplate = AesGcmKeyManager.aes256GcmTemplate();
            int ordinal = aeadPrimitiveFactory$Storage.ordinal();
            if (ordinal == 0) {
                builder.withSharedPref(this.context, "slack_security_android_keyset", "slack_security_android_pref");
                builder.withMasterKeyUri("android-keystore://slack_android_master_key");
            } else if (ordinal == 1) {
                builder.withSharedPref(this.context, "slack_security_android_secondary_keyset", "slack_security_android_pref");
                builder.withMasterKeyUri("android-keystore://slack_android_master_secondary_key");
            }
            AndroidKeysetManager build = builder.build();
            Intrinsics.checkNotNullExpressionValue(build, "keysetBuilder.build()");
            return new CreateKeysetManagerResult.CreateSuccess(build);
        } catch (IOException e) {
            logCreateKeysetManagerFailure(aeadPrimitiveFactory$Storage, e);
            return CreateKeysetManagerResult.UnrecoverableFailure.INSTANCE;
        } catch (KeyStoreException e2) {
            logCreateKeysetManagerFailure(aeadPrimitiveFactory$Storage, e2);
            return CreateKeysetManagerResult.RecoverableFailure.INSTANCE;
        } catch (GeneralSecurityException e3) {
            logCreateKeysetManagerFailure(aeadPrimitiveFactory$Storage, e3);
            return CreateKeysetManagerResult.UnrecoverableFailure.INSTANCE;
        }
    }

    public final AndroidKeysetManager createKeysetManager(AeadPrimitiveFactory$Storage aeadPrimitiveFactory$Storage) {
        CreateKeysetManagerResult attemptCreateKeysetManager = attemptCreateKeysetManager(aeadPrimitiveFactory$Storage);
        if (this.retryTinkInitOnKeystoreError && (attemptCreateKeysetManager instanceof CreateKeysetManagerResult.RecoverableFailure)) {
            return attemptCreateKeysetManager(aeadPrimitiveFactory$Storage).keysetManager;
        }
        return attemptCreateKeysetManager.keysetManager;
    }

    public Aead getAeadPrimitive(AeadPrimitiveFactory$Storage storage) {
        Intrinsics.checkNotNullParameter(storage, "storage");
        try {
            AndroidKeysetManager createKeysetManager = createKeysetManager(storage);
            if (createKeysetManager != null) {
                return (Aead) createKeysetManager.getKeysetHandle().getPrimitive(Aead.class);
            }
            return null;
        } catch (Throwable th) {
            StringBuilder outline97 = GeneratedOutlineSupport.outline97("Unable to initialize Aead and generate keys for ");
            outline97.append(storage.name());
            Timber.TREE_OF_SOULS.w(th, outline97.toString(), new Object[0]);
            return null;
        }
    }

    public final void logCreateKeysetManagerFailure(AeadPrimitiveFactory$Storage aeadPrimitiveFactory$Storage, Throwable th) {
        Counter.CC.increment$default(((MetricsProviderImpl) this.metrics).counter("aead_primitive_error", CallActivityIntentHelper.ACTION_CREATE), 0L, 1, null);
        Timber.TREE_OF_SOULS.w(th, "Unable to initialize AndroidKeysetManager needed to create Aead for " + aeadPrimitiveFactory$Storage.name(), new Object[0]);
    }

    public final void logResetAeadAndroidKeyStoreError(AeadPrimitiveFactory$Storage aeadPrimitiveFactory$Storage, Throwable th) {
        Counter.CC.increment$default(((MetricsProviderImpl) this.metrics).counter("aead_primitive_error", AllNotificationPrefs.PREF_NAME_RESET), 0L, 1, null);
        Timber.TREE_OF_SOULS.w(th, "Failed to reset the Aead primitive Android keystore entry for " + aeadPrimitiveFactory$Storage, new Object[0]);
    }

    public int recoverAeadPrimitive$enumunboxing$(VerifyAeadResult verifyResult) {
        String str;
        Intrinsics.checkNotNullParameter(verifyResult, "verifyResult");
        AeadPrimitiveFactory$Storage storage = verifyResult.storage;
        if (!(verifyResult instanceof VerifyAeadResult.Invalid)) {
            return 3;
        }
        int ordinal = storage.ordinal();
        if (ordinal == 0) {
            str = "android-keystore://slack_android_master_key";
        } else {
            if (ordinal != 1) {
                throw new NoWhenBranchMatchedException();
            }
            str = "android-keystore://slack_android_master_secondary_key";
        }
        String validateKmsKeyUriAndRemovePrefix = Validators.validateKmsKeyUriAndRemovePrefix("android-keystore://", str);
        boolean z = false;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(validateKmsKeyUriAndRemovePrefix);
            z = true;
        } catch (IOException e) {
            logResetAeadAndroidKeyStoreError(storage, e);
        } catch (GeneralSecurityException e2) {
            logResetAeadAndroidKeyStoreError(storage, e2);
        }
        if (z) {
            AndroidKeysetManager createKeysetManager = createKeysetManager(storage);
            KeysetInfo keysetInfo = createKeysetManager != null ? createKeysetManager.getKeysetHandle().getKeysetInfo() : null;
            if (keysetInfo != null) {
                AeadKeyInfoChangeDetector aeadKeyInfoChangeDetector = this.aeadKeyInfoChangeDetector;
                Intrinsics.checkNotNullParameter(storage, "storage");
                Intrinsics.checkNotNullParameter(keysetInfo, "keysetInfo");
                AeadKeyChanged aeadKeyChanged = new AeadKeyChanged(storage, keysetInfo.getPrimaryKeyId());
                Objects.requireNonNull(aeadKeyInfoChangeDetector);
                Intrinsics.checkNotNullParameter(aeadKeyChanged, "aeadKeyChanged");
                aeadKeyInfoChangeDetector.aeadKeyStoreKeysetChanges.accept(aeadKeyChanged);
            }
            if (verifyAndroidKeystoreAead(storage) instanceof VerifyAeadResult.Valid) {
                return 1;
            }
        }
        return 2;
    }

    public VerifyAeadResult verifyAeadPrimitive(AeadPrimitiveFactory$Storage storage) {
        Intrinsics.checkNotNullParameter(storage, "storage");
        int ordinal = storage.ordinal();
        if (ordinal == 0 || ordinal == 1) {
            return verifyAndroidKeystoreAead(storage);
        }
        throw new NoWhenBranchMatchedException();
    }

    public final VerifyAeadResult verifyAndroidKeystoreAead(AeadPrimitiveFactory$Storage aeadPrimitiveFactory$Storage) {
        Aead aeadPrimitive = getAeadPrimitive(aeadPrimitiveFactory$Storage);
        Aead aeadPrimitive2 = getAeadPrimitive(aeadPrimitiveFactory$Storage);
        if (aeadPrimitive == null || aeadPrimitive2 == null) {
            return new VerifyAeadResult.Unsupported(aeadPrimitiveFactory$Storage);
        }
        try {
            byte[] bytes = "validation-abcdefghijkl-efghijklmno-jklmopqrstuvdummy-value-129417251asdfasdf0wef0we".getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
            byte[] bArr = AeadPrimitiveFactoryKt.VALIDATION_AAD_EMPTY;
            return Intrinsics.areEqual(zzc.encode(bytes), zzc.encode(aeadPrimitive2.decrypt(aeadPrimitive.encrypt(bytes, bArr), bArr))) ? new VerifyAeadResult.Valid(aeadPrimitiveFactory$Storage) : new VerifyAeadResult.Invalid(aeadPrimitiveFactory$Storage);
        } catch (GeneralSecurityException e) {
            Counter.CC.increment$default(((MetricsProviderImpl) this.metrics).counter("aead_primitive_error", "verify"), 0L, 1, null);
            Timber.TREE_OF_SOULS.w(e, "Failed to check the reliability of the Tink Aead for storage " + aeadPrimitiveFactory$Storage, new Object[0]);
            return new VerifyAeadResult.Invalid(aeadPrimitiveFactory$Storage);
        }
    }
}
