package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.content.SharedPreferences;
import android.util.Log;
import com.google.crypto.tink.KeyManagerImpl;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.Util;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.KeyTemplate;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import io.ktor.events.Events;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;
import kotlin.TuplesKt;

/* loaded from: classes.dex */
public final class AndroidKeysetManager {
    public KeysetManager keysetManager;

    /* loaded from: classes.dex */
    public final class Builder {
        public KeyManagerImpl reader = null;
        public KeyManagerImpl writer = null;
        public String masterKeyUri = null;
        public AndroidKeystoreAesGcm masterKey = null;
        public Events keyTemplate = null;

        /* JADX WARN: Type inference failed for: r1v0, types: [com.google.crypto.tink.integration.android.AndroidKeysetManager, java.lang.Object] */
        public final synchronized AndroidKeysetManager build() {
            ?? obj;
            try {
                if (this.masterKeyUri != null) {
                    this.masterKey = readOrGenerateNewMasterKey();
                }
                KeysetManager readOrGenerateNewKeyset = readOrGenerateNewKeyset();
                obj = new Object();
                obj.keysetManager = readOrGenerateNewKeyset;
            } catch (Throwable th) {
                throw th;
            }
            return obj;
        }

        public final KeysetManager readOrGenerateNewKeyset() {
            try {
                AndroidKeystoreAesGcm androidKeystoreAesGcm = this.masterKey;
                if (androidKeystoreAesGcm != null) {
                    try {
                        return new KeysetManager((Keyset.Builder) KeysetHandle.read(this.reader, androidKeystoreAesGcm).keyset.toBuilder());
                    } catch (InvalidProtocolBufferException | GeneralSecurityException e) {
                        Log.w("AndroidKeysetManager", "cannot decrypt keyset: ", e);
                    }
                }
                Keyset parseFrom = Keyset.parseFrom(this.reader.readPref(), ExtensionRegistryLite.getEmptyRegistry());
                if (parseFrom == null || parseFrom.getKeyCount() <= 0) {
                    throw new GeneralSecurityException("empty keyset");
                }
                return new KeysetManager((Keyset.Builder) parseFrom.toBuilder());
            } catch (FileNotFoundException e2) {
                Log.w("AndroidKeysetManager", "keyset not found, will generate a new one", e2);
                if (this.keyTemplate == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                KeysetManager keysetManager = new KeysetManager(Keyset.newBuilder());
                Events events = this.keyTemplate;
                synchronized (keysetManager) {
                    keysetManager.addNewKey((KeyTemplate) events.handlers);
                    keysetManager.setPrimary(Util.getKeysetInfo(keysetManager.getKeysetHandle().keyset).getKeyInfo(0).getKeyId());
                    if (this.masterKey != null) {
                        KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
                        KeyManagerImpl keyManagerImpl = this.writer;
                        AndroidKeystoreAesGcm androidKeystoreAesGcm2 = this.masterKey;
                        Keyset keyset = keysetHandle.keyset;
                        byte[] encrypt = androidKeystoreAesGcm2.encrypt(keyset.toByteArray(), new byte[0]);
                        try {
                            if (!Keyset.parseFrom(androidKeystoreAesGcm2.decrypt(encrypt, new byte[0]), ExtensionRegistryLite.getEmptyRegistry()).equals(keyset)) {
                                throw new GeneralSecurityException("cannot encrypt keyset");
                            }
                            EncryptedKeyset.Builder newBuilder = EncryptedKeyset.newBuilder();
                            ByteString.LiteralByteString copyFrom = ByteString.copyFrom(encrypt, 0, encrypt.length);
                            newBuilder.copyOnWrite();
                            ((EncryptedKeyset) newBuilder.instance).setEncryptedKeyset(copyFrom);
                            KeysetInfo keysetInfo = Util.getKeysetInfo(keyset);
                            newBuilder.copyOnWrite();
                            ((EncryptedKeyset) newBuilder.instance).setKeysetInfo(keysetInfo);
                            if (!((SharedPreferences.Editor) keyManagerImpl.keyTypeManager).putString((String) keyManagerImpl.primitiveClass, TuplesKt.encode(((EncryptedKeyset) newBuilder.build()).toByteArray())).commit()) {
                                throw new IOException("Failed to write to SharedPreferences");
                            }
                        } catch (InvalidProtocolBufferException unused) {
                            throw new GeneralSecurityException("invalid keyset, corrupted key material");
                        }
                    } else {
                        KeysetHandle keysetHandle2 = keysetManager.getKeysetHandle();
                        KeyManagerImpl keyManagerImpl2 = this.writer;
                        if (!((SharedPreferences.Editor) keyManagerImpl2.keyTypeManager).putString((String) keyManagerImpl2.primitiveClass, TuplesKt.encode(keysetHandle2.keyset.toByteArray())).commit()) {
                            throw new IOException("Failed to write to SharedPreferences");
                        }
                    }
                    return keysetManager;
                }
            }
        }

        public final AndroidKeystoreAesGcm readOrGenerateNewMasterKey() {
            AndroidKeystoreKmsClient androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
            boolean hasKey = androidKeystoreKmsClient.hasKey(this.masterKeyUri);
            if (!hasKey) {
                try {
                    AndroidKeystoreKmsClient.generateNewAeadKey(this.masterKeyUri);
                } catch (GeneralSecurityException | ProviderException e) {
                    Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e);
                    return null;
                }
            }
            try {
                return androidKeystoreKmsClient.getAead(this.masterKeyUri);
            } catch (GeneralSecurityException | ProviderException e2) {
                if (hasKey) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.masterKeyUri), e2);
                }
                Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e2);
                return null;
            }
        }

        public final void withSharedPref(Context context, String str) {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            this.reader = new KeyManagerImpl(12, context, str);
            this.writer = new KeyManagerImpl(13, context, str);
        }
    }

    public final synchronized KeysetHandle getKeysetHandle() {
        return this.keysetManager.getKeysetHandle();
    }
}
