package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.content.SharedPreferences;
import android.preference.PreferenceManager;
import android.util.Log;
import com.google.common.base.Splitter$1;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.Util;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import com.tom_roush.fontbox.afm.AFMParser;
import io.grpc.okhttp.OkHttpFrameLogger;
import java.io.ByteArrayInputStream;
import java.io.CharConversionException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;
import okio.Utf8;

/* loaded from: classes.dex */
public final class AndroidKeysetManager {
    public static final Object lock = new Object();
    public final Splitter$1 keysetManager;

    /* loaded from: classes.dex */
    public final class Builder {
        public Splitter$1 keysetManager;
        public Context context = null;
        public String keysetName = null;
        public String prefFileName = null;
        public String masterKeyUri = null;
        public AndroidKeystoreAesGcm masterAead = null;
        public KeyTemplate keyTemplate = null;

        public static byte[] readKeysetFromPrefs(Context context, String str, String str2) {
            if (str == null) {
                throw new IllegalArgumentException("keysetName cannot be null");
            }
            Context applicationContext = context.getApplicationContext();
            try {
                String string = (str2 == null ? PreferenceManager.getDefaultSharedPreferences(applicationContext) : applicationContext.getSharedPreferences(str2, 0)).getString(str, null);
                if (string == null) {
                    return null;
                }
                return Utf8.decode(string);
            } catch (ClassCastException | IllegalArgumentException unused) {
                throw new CharConversionException(String.format("can't read keyset; the pref value %s is not a valid hex string", str));
            }
        }

        public static Splitter$1 readKeysetInCleartext(byte[] bArr) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                Keyset parseFrom = Keyset.parseFrom(byteArrayInputStream, ExtensionRegistryLite.getEmptyRegistry());
                byteArrayInputStream.close();
                return new Splitter$1(25, (Keyset.Builder) KeysetHandle.fromKeyset(parseFrom).keyset.toBuilder$1());
            } catch (Throwable th) {
                byteArrayInputStream.close();
                throw th;
            }
        }

        public final synchronized AndroidKeysetManager build() {
            AndroidKeysetManager androidKeysetManager;
            if (this.keysetName == null) {
                throw new IllegalArgumentException("keysetName cannot be null");
            }
            synchronized (AndroidKeysetManager.lock) {
                try {
                    byte[] readKeysetFromPrefs = readKeysetFromPrefs(this.context, this.keysetName, this.prefFileName);
                    if (readKeysetFromPrefs == null) {
                        if (this.masterKeyUri != null) {
                            this.masterAead = readOrGenerateNewMasterKey();
                        }
                        this.keysetManager = generateKeysetAndWriteToPrefs();
                    } else if (this.masterKeyUri != null) {
                        this.keysetManager = readMasterkeyDecryptAndParseKeyset(readKeysetFromPrefs);
                    } else {
                        this.keysetManager = readKeysetInCleartext(readKeysetFromPrefs);
                    }
                    androidKeysetManager = new AndroidKeysetManager(this);
                } catch (Throwable th) {
                    throw th;
                }
            }
            return androidKeysetManager;
        }

        public final Splitter$1 generateKeysetAndWriteToPrefs() {
            if (this.keyTemplate == null) {
                throw new GeneralSecurityException("cannot read or generate keyset");
            }
            Splitter$1 splitter$1 = new Splitter$1(25, Keyset.newBuilder());
            KeyTemplate keyTemplate = this.keyTemplate;
            synchronized (splitter$1) {
                splitter$1.addNewKey(keyTemplate.kt);
            }
            int keyId = Util.getKeysetInfo(splitter$1.getKeysetHandle().keyset).getKeyInfo().getKeyId();
            synchronized (splitter$1) {
                for (int i = 0; i < ((Keyset) ((Keyset.Builder) splitter$1.val$separatorMatcher).instance).getKeyCount(); i++) {
                    Keyset.Key key = ((Keyset) ((Keyset.Builder) splitter$1.val$separatorMatcher).instance).getKey(i);
                    if (key.getKeyId() == keyId) {
                        if (!key.getStatus().equals(KeyStatusType.ENABLED)) {
                            throw new GeneralSecurityException("cannot set key as primary because it's not enabled: " + keyId);
                        }
                        Keyset.Builder builder = (Keyset.Builder) splitter$1.val$separatorMatcher;
                        builder.copyOnWrite();
                        ((Keyset) builder.instance).primaryKeyId_ = keyId;
                    }
                }
                throw new GeneralSecurityException("key not found: " + keyId);
            }
            OkHttpFrameLogger okHttpFrameLogger = new OkHttpFrameLogger(this.context, this.keysetName, this.prefFileName);
            if (this.masterAead != null) {
                KeysetHandle keysetHandle = splitter$1.getKeysetHandle();
                AndroidKeystoreAesGcm androidKeystoreAesGcm = this.masterAead;
                byte[] bArr = new byte[0];
                Keyset keyset = keysetHandle.keyset;
                byte[] encrypt = androidKeystoreAesGcm.encrypt(keyset.toByteArray(), bArr);
                try {
                    if (!Keyset.parseFrom(androidKeystoreAesGcm.decrypt(encrypt, bArr), ExtensionRegistryLite.getEmptyRegistry()).equals(keyset)) {
                        throw new GeneralSecurityException("cannot encrypt keyset");
                    }
                    EncryptedKeyset.Builder newBuilder = EncryptedKeyset.newBuilder();
                    ByteString.LiteralByteString copyFrom = ByteString.copyFrom(encrypt, 0, encrypt.length);
                    newBuilder.copyOnWrite();
                    EncryptedKeyset.access$100((EncryptedKeyset) newBuilder.instance, copyFrom);
                    KeysetInfo keysetInfo = Util.getKeysetInfo(keyset);
                    newBuilder.copyOnWrite();
                    EncryptedKeyset.access$300((EncryptedKeyset) newBuilder.instance, keysetInfo);
                    if (!((SharedPreferences.Editor) okHttpFrameLogger.logger).putString((String) okHttpFrameLogger.level, Utf8.encode(((EncryptedKeyset) newBuilder.build()).toByteArray())).commit()) {
                        throw new IOException("Failed to write to SharedPreferences");
                    }
                } catch (InvalidProtocolBufferException unused) {
                    throw new GeneralSecurityException("invalid keyset, corrupted key material");
                }
            } else {
                if (!((SharedPreferences.Editor) okHttpFrameLogger.logger).putString((String) okHttpFrameLogger.level, Utf8.encode(splitter$1.getKeysetHandle().keyset.toByteArray())).commit()) {
                    throw new IOException("Failed to write to SharedPreferences");
                }
            }
            return splitter$1;
        }

        public final Splitter$1 readMasterkeyDecryptAndParseKeyset(byte[] bArr) {
            try {
                this.masterAead = new AndroidKeystoreKmsClient().getAead(this.masterKeyUri);
                try {
                    return new Splitter$1(25, (Keyset.Builder) KeysetHandle.read(new AFMParser(new ByteArrayInputStream(bArr)), this.masterAead).keyset.toBuilder$1());
                } catch (IOException | GeneralSecurityException e) {
                    try {
                        return readKeysetInCleartext(bArr);
                    } catch (IOException unused) {
                        throw e;
                    }
                }
            } catch (GeneralSecurityException | ProviderException e2) {
                try {
                    Splitter$1 readKeysetInCleartext = readKeysetInCleartext(bArr);
                    Object obj = AndroidKeysetManager.lock;
                    Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e2);
                    return readKeysetInCleartext;
                } catch (IOException unused2) {
                    throw e2;
                }
            }
        }

        public final AndroidKeystoreAesGcm readOrGenerateNewMasterKey() {
            Object obj = AndroidKeysetManager.lock;
            AndroidKeystoreKmsClient androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
            try {
                boolean generateKeyIfNotExist = AndroidKeystoreKmsClient.generateKeyIfNotExist(this.masterKeyUri);
                try {
                    return androidKeystoreKmsClient.getAead(this.masterKeyUri);
                } catch (GeneralSecurityException | ProviderException e) {
                    if (!generateKeyIfNotExist) {
                        throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.masterKeyUri), e);
                    }
                    Object obj2 = AndroidKeysetManager.lock;
                    Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e);
                    return null;
                }
            } catch (GeneralSecurityException | ProviderException e2) {
                Object obj3 = AndroidKeysetManager.lock;
                Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e2);
                return null;
            }
        }
    }

    public AndroidKeysetManager(Builder builder) {
        new OkHttpFrameLogger(builder.context, builder.keysetName, builder.prefFileName);
        this.keysetManager = builder.keysetManager;
    }
}
