package slack.crypto.security;

import android.content.Context;
import androidx.camera.video.Recorder$$ExternalSyntheticOutline0;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.Key;
import com.google.crypto.tink.KeyStatus;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.aead.AeadConfig;
import com.google.crypto.tink.integration.android.AndroidKeysetManager;
import com.google.crypto.tink.subtle.Validators;
import com.slack.data.slog.Recommend;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import kotlin.NoWhenBranchMatchedException;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import slack.crypto.security.AeadPrimitiveFactory;
import slack.crypto.security.VerifyAeadResult;
import slack.guinness.GuinnessLoggerKt;
import slack.model.AllNotificationPrefs;
import slack.telemetry.metric.Metrics;
import timber.log.Timber;

/* loaded from: classes5.dex */
public final class AeadPrimitiveFactoryImpl implements AeadPrimitiveFactory {
    public final AeadKeyInfoChangeDetector aeadKeyInfoChangeDetector;
    public final Context context;
    public final Metrics metrics;

    public AeadPrimitiveFactoryImpl(Context context, AeadKeyInfoChangeDetector aeadKeyInfoChangeDetector, Metrics metrics) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(aeadKeyInfoChangeDetector, "aeadKeyInfoChangeDetector");
        Intrinsics.checkNotNullParameter(metrics, "metrics");
        this.context = context;
        this.aeadKeyInfoChangeDetector = aeadKeyInfoChangeDetector;
        this.metrics = metrics;
    }

    public final VerifyAeadResult attemptCreateKeysetManager(AeadPrimitiveFactory.Storage storage) {
        AeadPrimitiveFactoryImpl$CreateKeysetManagerResult$UnrecoverableFailure aeadPrimitiveFactoryImpl$CreateKeysetManagerResult$UnrecoverableFailure = AeadPrimitiveFactoryImpl$CreateKeysetManagerResult$UnrecoverableFailure.INSTANCE;
        try {
            AeadConfig.register();
            Recommend.Builder builder = new Recommend.Builder();
            builder.limit = Key.get("AES256_GCM");
            int ordinal = storage.ordinal();
            Context context = this.context;
            if (ordinal == 0) {
                builder.withSharedPref(context, "slack_security_android_keyset", "slack_security_android_pref");
                builder.withMasterKeyUri("android-keystore://slack_android_master_key");
            } else {
                if (ordinal != 1) {
                    throw new NoWhenBranchMatchedException();
                }
                builder.withSharedPref(context, "slack_security_android_secondary_keyset", "slack_security_android_pref");
                builder.withMasterKeyUri("android-keystore://slack_android_master_secondary_key");
            }
            return new VerifyAeadResult(builder.build());
        } catch (IOException e) {
            logCreateKeysetManagerFailure(storage, e);
            return aeadPrimitiveFactoryImpl$CreateKeysetManagerResult$UnrecoverableFailure;
        } catch (KeyStoreException e2) {
            logCreateKeysetManagerFailure(storage, e2);
            return AeadPrimitiveFactoryImpl$CreateKeysetManagerResult$RecoverableFailure.INSTANCE;
        } catch (GeneralSecurityException e3) {
            logCreateKeysetManagerFailure(storage, e3);
            return aeadPrimitiveFactoryImpl$CreateKeysetManagerResult$UnrecoverableFailure;
        }
    }

    public final Aead getAeadPrimitive(AeadPrimitiveFactory.Storage storage) {
        try {
            VerifyAeadResult attemptCreateKeysetManager = attemptCreateKeysetManager(storage);
            AndroidKeysetManager androidKeysetManager = attemptCreateKeysetManager instanceof AeadPrimitiveFactoryImpl$CreateKeysetManagerResult$RecoverableFailure ? (AndroidKeysetManager) attemptCreateKeysetManager(storage).storage : (AndroidKeysetManager) attemptCreateKeysetManager.storage;
            if (androidKeysetManager != null) {
                return (Aead) androidKeysetManager.getKeysetHandle().getPrimitive(Aead.class);
            }
            return null;
        } catch (Throwable th) {
            Timber.w(th, Recorder$$ExternalSyntheticOutline0.m("Unable to initialize Aead and generate keys for ", storage.name()), new Object[0]);
            return null;
        }
    }

    public final void logCreateKeysetManagerFailure(AeadPrimitiveFactory.Storage storage, Exception exc) {
        this.metrics.counter("aead_primitive_error", "create").increment(1L);
        Timber.w(exc, Recorder$$ExternalSyntheticOutline0.m("Unable to initialize AndroidKeysetManager needed to create Aead for ", storage.name()), new Object[0]);
    }

    public final void logResetAeadAndroidKeyStoreError(AeadPrimitiveFactory.Storage storage, Exception exc) {
        this.metrics.counter("aead_primitive_error", AllNotificationPrefs.PREF_NAME_RESET).increment(1L);
        Timber.w(exc, "Failed to reset the Aead primitive Android keystore entry for " + storage, new Object[0]);
    }

    public final AeadPrimitiveFactory.RecoverAeadResult recoverAeadPrimitive(VerifyAeadResult verifyAeadResult) {
        String str;
        if (!(verifyAeadResult instanceof VerifyAeadResult.Invalid)) {
            return AeadPrimitiveFactory.RecoverAeadResult.NOT_NEEDED;
        }
        AeadPrimitiveFactory.Storage storage = (AeadPrimitiveFactory.Storage) verifyAeadResult.storage;
        int ordinal = storage.ordinal();
        if (ordinal == 0) {
            str = "android-keystore://slack_android_master_key";
        } else {
            if (ordinal != 1) {
                throw new NoWhenBranchMatchedException();
            }
            str = "android-keystore://slack_android_master_secondary_key";
        }
        String validateKmsKeyUriAndRemovePrefix = Validators.validateKmsKeyUriAndRemovePrefix(str);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(validateKmsKeyUriAndRemovePrefix);
            VerifyAeadResult attemptCreateKeysetManager = attemptCreateKeysetManager(storage);
            AndroidKeysetManager androidKeysetManager = attemptCreateKeysetManager instanceof AeadPrimitiveFactoryImpl$CreateKeysetManagerResult$RecoverableFailure ? (AndroidKeysetManager) attemptCreateKeysetManager(storage).storage : (AndroidKeysetManager) attemptCreateKeysetManager.storage;
            KeysetHandle keysetHandle = androidKeysetManager != null ? androidKeysetManager.getKeysetHandle() : null;
            if (keysetHandle != null) {
                for (KeysetHandle.Entry entry : keysetHandle.entries) {
                    if (entry != null && entry.isPrimary) {
                        if (entry.keyStatus != KeyStatus.ENABLED) {
                            throw new IllegalStateException("Keyset has primary which isn't enabled");
                        }
                        AeadKeyChanged aeadKeyChanged = new AeadKeyChanged(storage, entry.id);
                        AeadKeyInfoChangeDetector aeadKeyInfoChangeDetector = this.aeadKeyInfoChangeDetector;
                        aeadKeyInfoChangeDetector.getClass();
                        aeadKeyInfoChangeDetector.aeadKeyStoreKeysetChanges.accept(aeadKeyChanged);
                    }
                }
                throw new IllegalStateException("Keyset has no valid primary");
            }
            return verifyAndroidKeystoreAead(storage) instanceof VerifyAeadResult.Valid ? AeadPrimitiveFactory.RecoverAeadResult.SUCCESS : AeadPrimitiveFactory.RecoverAeadResult.FAILED;
        } catch (IOException e) {
            logResetAeadAndroidKeyStoreError(storage, e);
            return AeadPrimitiveFactory.RecoverAeadResult.FAILED;
        } catch (GeneralSecurityException e2) {
            logResetAeadAndroidKeyStoreError(storage, e2);
            return AeadPrimitiveFactory.RecoverAeadResult.FAILED;
        }
    }

    public final VerifyAeadResult verifyAndroidKeystoreAead(AeadPrimitiveFactory.Storage storage) {
        Aead aeadPrimitive = getAeadPrimitive(storage);
        Aead aeadPrimitive2 = getAeadPrimitive(storage);
        if (aeadPrimitive == null || aeadPrimitive2 == null) {
            return new VerifyAeadResult(storage);
        }
        try {
            byte[] bytes = "validation-abcdefghijkl-efghijklmno-jklmopqrstuvdummy-value-129417251asdfasdf0wef0we".getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
            byte[] bArr = DecryptionResult.VALIDATION_AAD_EMPTY;
            return Intrinsics.areEqual(GuinnessLoggerKt.encode(bytes), GuinnessLoggerKt.encode(aeadPrimitive2.decrypt(aeadPrimitive.encrypt(bytes, bArr), bArr))) ? new VerifyAeadResult(storage) : new VerifyAeadResult(storage);
        } catch (GeneralSecurityException e) {
            this.metrics.counter("aead_primitive_error", "verify").increment(1L);
            Timber.w(e, "Failed to check the reliability of the Tink Aead for storage " + storage, new Object[0]);
            return new VerifyAeadResult(storage);
        }
    }
}
