package com.google.crypto.tink.integration.android;

import a3.a;
import android.content.Context;
import android.os.Build;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.KeysetWriter;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;
import javax.annotation.concurrent.GuardedBy;

/* loaded from: classes2.dex */
public final class AndroidKeysetManager {

    /* renamed from: a, reason: collision with root package name */
    public final KeysetWriter f6953a;

    /* renamed from: b, reason: collision with root package name */
    public final Aead f6954b;

    /* renamed from: c, reason: collision with root package name */
    @GuardedBy
    public final KeysetManager f6955c;

    /* loaded from: classes2.dex */
    public static final class Builder {

        /* renamed from: a, reason: collision with root package name */
        public SharedPrefKeysetReader f6956a = null;

        /* renamed from: b, reason: collision with root package name */
        public SharedPrefKeysetWriter f6957b = null;

        /* renamed from: c, reason: collision with root package name */
        public String f6958c = null;

        /* renamed from: d, reason: collision with root package name */
        public AndroidKeystoreAesGcm f6959d = null;
        public final boolean e = true;

        /* renamed from: f, reason: collision with root package name */
        public KeyTemplate f6960f = null;

        /* renamed from: g, reason: collision with root package name */
        @GuardedBy
        public KeysetManager f6961g;

        public final synchronized AndroidKeysetManager a() throws GeneralSecurityException, IOException {
            if (this.f6958c != null) {
                this.f6959d = c();
            }
            this.f6961g = b();
            return new AndroidKeysetManager(this);
        }

        public final KeysetManager b() throws GeneralSecurityException, IOException {
            try {
                AndroidKeystoreAesGcm androidKeystoreAesGcm = this.f6959d;
                if (androidKeystoreAesGcm != null) {
                    try {
                        Keyset keyset = KeysetHandle.b(this.f6956a, androidKeystoreAesGcm).f6906a;
                        keyset.getClass();
                        GeneratedMessageLite.Builder builder = (GeneratedMessageLite.Builder) keyset.n(GeneratedMessageLite.MethodToInvoke.NEW_BUILDER);
                        builder.o(keyset);
                        return new KeysetManager((Keyset.Builder) builder);
                    } catch (InvalidProtocolBufferException | GeneralSecurityException unused) {
                    }
                }
                Keyset a10 = this.f6956a.a();
                if (a10.y() <= 0) {
                    throw new GeneralSecurityException("empty keyset");
                }
                GeneratedMessageLite.Builder builder2 = (GeneratedMessageLite.Builder) a10.n(GeneratedMessageLite.MethodToInvoke.NEW_BUILDER);
                builder2.o(a10);
                return new KeysetManager((Keyset.Builder) builder2);
            } catch (FileNotFoundException unused2) {
                if (this.f6960f == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                KeysetManager keysetManager = new KeysetManager(Keyset.B());
                KeyTemplate keyTemplate = this.f6960f;
                synchronized (keysetManager) {
                    keysetManager.a(keyTemplate.f6898a);
                    keysetManager.g(a.a(keysetManager.b().f6906a).x().z());
                    if (this.f6959d != null) {
                        KeysetHandle b10 = keysetManager.b();
                        SharedPrefKeysetWriter sharedPrefKeysetWriter = this.f6957b;
                        AndroidKeystoreAesGcm androidKeystoreAesGcm2 = this.f6959d;
                        Keyset keyset2 = b10.f6906a;
                        byte[] a11 = androidKeystoreAesGcm2.a(keyset2.c(), new byte[0]);
                        try {
                            if (!Keyset.C(androidKeystoreAesGcm2.b(a11, new byte[0]), ExtensionRegistryLite.a()).equals(keyset2)) {
                                throw new GeneralSecurityException("cannot encrypt keyset");
                            }
                            EncryptedKeyset.Builder y10 = EncryptedKeyset.y();
                            ByteString.g e = ByteString.e(0, a11.length, a11);
                            y10.m();
                            EncryptedKeyset.v((EncryptedKeyset) y10.f7090b, e);
                            KeysetInfo a12 = a.a(keyset2);
                            y10.m();
                            EncryptedKeyset.w((EncryptedKeyset) y10.f7090b, a12);
                            sharedPrefKeysetWriter.a(y10.k());
                        } catch (InvalidProtocolBufferException unused3) {
                            throw new GeneralSecurityException("invalid keyset, corrupted key material");
                        }
                    } else {
                        this.f6957b.b(keysetManager.b().f6906a);
                    }
                    return keysetManager;
                }
            }
        }

        public final AndroidKeystoreAesGcm c() throws GeneralSecurityException {
            if (!(Build.VERSION.SDK_INT >= 23)) {
                return null;
            }
            AndroidKeystoreKmsClient androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
            boolean d10 = androidKeystoreKmsClient.d(this.f6958c);
            if (!d10) {
                try {
                    AndroidKeystoreKmsClient.c(this.f6958c);
                } catch (GeneralSecurityException | ProviderException unused) {
                    return null;
                }
            }
            try {
                return androidKeystoreKmsClient.b(this.f6958c);
            } catch (GeneralSecurityException | ProviderException e) {
                if (d10) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.f6958c), e);
                }
                return null;
            }
        }

        public final void d(String str) {
            if (!str.startsWith("android-keystore://")) {
                throw new IllegalArgumentException("key URI must start with android-keystore://");
            }
            if (!this.e) {
                throw new IllegalArgumentException("cannot call withMasterKeyUri() after calling doNotUseKeystore()");
            }
            this.f6958c = str;
        }

        public final void e(Context context, String str) throws IOException {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            this.f6956a = new SharedPrefKeysetReader(context, str);
            this.f6957b = new SharedPrefKeysetWriter(context, str);
        }
    }

    public AndroidKeysetManager(Builder builder) throws GeneralSecurityException, IOException {
        this.f6953a = builder.f6957b;
        this.f6954b = builder.f6959d;
        this.f6955c = builder.f6961g;
    }

    public final synchronized KeysetHandle a() throws GeneralSecurityException {
        return this.f6955c.b();
    }
}
