package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.content.SharedPreferences;
import android.preference.PreferenceManager;
import android.util.Log;
import com.google.crypto.tink.BinaryKeysetReader;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.Util;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import io.ktor.events.Events;
import io.ktor.http.UrlKt;
import java.io.ByteArrayInputStream;
import java.io.CharConversionException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;

/* loaded from: classes.dex */
public final class AndroidKeysetManager {
    public static final Object lock = new Object();
    public final Events keysetManager;

    /* loaded from: classes.dex */
    public final class Builder {
        public Events keysetManager;
        public Context context = null;
        public String keysetName = null;
        public String prefFileName = null;
        public String masterKeyUri = null;
        public AndroidKeystoreAesGcm masterAead = null;
        public KeyTemplate keyTemplate = null;

        public static byte[] readKeysetFromPrefs(Context context, String str, String str2) {
            if (str == null) {
                throw new IllegalArgumentException("keysetName cannot be null");
            }
            Context applicationContext = context.getApplicationContext();
            try {
                String string = (str2 == null ? PreferenceManager.getDefaultSharedPreferences(applicationContext) : applicationContext.getSharedPreferences(str2, 0)).getString(str, null);
                if (string == null) {
                    return null;
                }
                return UrlKt.decode(string);
            } catch (ClassCastException | IllegalArgumentException unused) {
                throw new CharConversionException(String.format("can't read keyset; the pref value %s is not a valid hex string", str));
            }
        }

        public static Events readKeysetInCleartext(byte[] bArr) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                Keyset parseFrom = Keyset.parseFrom(byteArrayInputStream, ExtensionRegistryLite.getEmptyRegistry());
                byteArrayInputStream.close();
                return new Events(8, (Keyset.Builder) KeysetHandle.fromKeyset(parseFrom).keyset.toBuilder$1());
            } catch (Throwable th) {
                byteArrayInputStream.close();
                throw th;
            }
        }

        public final synchronized AndroidKeysetManager build() {
            Events readMasterkeyDecryptAndParseKeyset;
            AndroidKeysetManager androidKeysetManager;
            if (this.keysetName == null) {
                throw new IllegalArgumentException("keysetName cannot be null");
            }
            synchronized (AndroidKeysetManager.lock) {
                try {
                    byte[] readKeysetFromPrefs = readKeysetFromPrefs(this.context, this.keysetName, this.prefFileName);
                    if (readKeysetFromPrefs == null) {
                        if (this.masterKeyUri != null) {
                            this.masterAead = readOrGenerateNewMasterKey();
                        }
                        readMasterkeyDecryptAndParseKeyset = generateKeysetAndWriteToPrefs();
                    } else {
                        readMasterkeyDecryptAndParseKeyset = this.masterKeyUri != null ? readMasterkeyDecryptAndParseKeyset(readKeysetFromPrefs) : readKeysetInCleartext(readKeysetFromPrefs);
                    }
                    this.keysetManager = readMasterkeyDecryptAndParseKeyset;
                    androidKeysetManager = new AndroidKeysetManager(this);
                } catch (Throwable th) {
                    throw th;
                }
            }
            return androidKeysetManager;
        }

        public final Events generateKeysetAndWriteToPrefs() {
            if (this.keyTemplate == null) {
                throw new GeneralSecurityException("cannot read or generate keyset");
            }
            Events events = new Events(8, Keyset.newBuilder());
            KeyTemplate keyTemplate = this.keyTemplate;
            synchronized (events) {
                events.addNewKey(keyTemplate.kt);
            }
            events.setPrimary(Util.getKeysetInfo(events.getKeysetHandle().keyset).getKeyInfo().getKeyId());
            Context context = this.context;
            String str = this.keysetName;
            String str2 = this.prefFileName;
            if (str == null) {
                throw new IllegalArgumentException("keysetName cannot be null");
            }
            Context applicationContext = context.getApplicationContext();
            SharedPreferences.Editor edit = (str2 == null ? PreferenceManager.getDefaultSharedPreferences(applicationContext) : applicationContext.getSharedPreferences(str2, 0)).edit();
            if (this.masterAead != null) {
                KeysetHandle keysetHandle = events.getKeysetHandle();
                AndroidKeystoreAesGcm androidKeystoreAesGcm = this.masterAead;
                byte[] bArr = new byte[0];
                Keyset keyset = keysetHandle.keyset;
                byte[] encrypt = androidKeystoreAesGcm.encrypt(keyset.toByteArray(), bArr);
                try {
                    if (!Keyset.parseFrom(androidKeystoreAesGcm.decrypt(encrypt, bArr), ExtensionRegistryLite.getEmptyRegistry()).equals(keyset)) {
                        throw new GeneralSecurityException("cannot encrypt keyset");
                    }
                    EncryptedKeyset.Builder newBuilder = EncryptedKeyset.newBuilder();
                    ByteString.LiteralByteString copyFrom = ByteString.copyFrom(encrypt, 0, encrypt.length);
                    newBuilder.copyOnWrite();
                    EncryptedKeyset.access$100((EncryptedKeyset) newBuilder.instance, copyFrom);
                    KeysetInfo keysetInfo = Util.getKeysetInfo(keyset);
                    newBuilder.copyOnWrite();
                    EncryptedKeyset.access$300((EncryptedKeyset) newBuilder.instance, keysetInfo);
                    if (!edit.putString(str, UrlKt.encode(((EncryptedKeyset) newBuilder.build()).toByteArray())).commit()) {
                        throw new IOException("Failed to write to SharedPreferences");
                    }
                } catch (InvalidProtocolBufferException unused) {
                    throw new GeneralSecurityException("invalid keyset, corrupted key material");
                }
            } else if (!edit.putString(str, UrlKt.encode(events.getKeysetHandle().keyset.toByteArray())).commit()) {
                throw new IOException("Failed to write to SharedPreferences");
            }
            return events;
        }

        public final Events readMasterkeyDecryptAndParseKeyset(byte[] bArr) {
            try {
                this.masterAead = new AndroidKeystoreKmsClient().getAead(this.masterKeyUri);
                try {
                    return new Events(8, (Keyset.Builder) KeysetHandle.read(new BinaryKeysetReader(new ByteArrayInputStream(bArr)), this.masterAead).keyset.toBuilder$1());
                } catch (IOException | GeneralSecurityException e) {
                    try {
                        return readKeysetInCleartext(bArr);
                    } catch (IOException unused) {
                        throw e;
                    }
                }
            } catch (GeneralSecurityException | ProviderException e2) {
                try {
                    Events readKeysetInCleartext = readKeysetInCleartext(bArr);
                    Object obj = AndroidKeysetManager.lock;
                    Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e2);
                    return readKeysetInCleartext;
                } catch (IOException unused2) {
                    throw e2;
                }
            }
        }

        public final AndroidKeystoreAesGcm readOrGenerateNewMasterKey() {
            Object obj = AndroidKeysetManager.lock;
            try {
                try {
                    return new AndroidKeystoreKmsClient().getAead(this.masterKeyUri);
                } catch (GeneralSecurityException | ProviderException e) {
                    e = e;
                    if (!AndroidKeystoreKmsClient.generateKeyIfNotExist(this.masterKeyUri)) {
                        throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.masterKeyUri), e);
                    }
                    Object obj2 = AndroidKeysetManager.lock;
                    Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e);
                    return null;
                }
            } catch (GeneralSecurityException e2) {
                e = e2;
            } catch (ProviderException e3) {
                e = e3;
            }
        }
    }

    public AndroidKeysetManager(Builder builder) {
        Context context = builder.context;
        String str = builder.keysetName;
        String str2 = builder.prefFileName;
        if (str == null) {
            throw new IllegalArgumentException("keysetName cannot be null");
        }
        Context applicationContext = context.getApplicationContext();
        (str2 == null ? PreferenceManager.getDefaultSharedPreferences(applicationContext) : applicationContext.getSharedPreferences(str2, 0)).edit();
        this.keysetManager = builder.keysetManager;
    }

    public final synchronized KeysetHandle getKeysetHandle() {
        return this.keysetManager.getKeysetHandle();
    }
}
