package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.util.Log;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.KeysetWriter;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;
import picku.qt4;

/* loaded from: classes3.dex */
public final class AndroidKeysetManager {
    public final KeysetWriter a;
    public final Aead b;

    /* renamed from: c, reason: collision with root package name */
    public final KeysetManager f2395c;

    /* loaded from: classes3.dex */
    public static final class Builder {
        public SharedPrefKeysetReader a = null;
        public SharedPrefKeysetWriter b = null;

        /* renamed from: c, reason: collision with root package name */
        public String f2396c = null;
        public AndroidKeystoreAesGcm d = null;
        public final boolean e = true;
        public KeyTemplate f = null;
        public KeysetManager g;

        public final synchronized AndroidKeysetManager a() throws GeneralSecurityException, IOException {
            if (this.f2396c != null) {
                this.d = c();
            }
            this.g = b();
            return new AndroidKeysetManager(this);
        }

        public final KeysetManager b() throws GeneralSecurityException, IOException {
            try {
                AndroidKeystoreAesGcm androidKeystoreAesGcm = this.d;
                if (androidKeystoreAesGcm != null) {
                    try {
                        KeysetHandle b = KeysetHandle.b(this.a, androidKeystoreAesGcm);
                        GeneratedMessageLite.MethodToInvoke methodToInvoke = GeneratedMessageLite.MethodToInvoke.NEW_BUILDER;
                        Keyset keyset = b.a;
                        GeneratedMessageLite.Builder builder = (GeneratedMessageLite.Builder) keyset.n(methodToInvoke);
                        builder.o(keyset);
                        return new KeysetManager((Keyset.Builder) builder);
                    } catch (InvalidProtocolBufferException | GeneralSecurityException e) {
                        Log.w("AndroidKeysetManager", "cannot decrypt keyset: ", e);
                    }
                }
                Keyset a = this.a.a();
                if (a.z() <= 0) {
                    throw new GeneralSecurityException("empty keyset");
                }
                GeneratedMessageLite.Builder builder2 = (GeneratedMessageLite.Builder) a.n(GeneratedMessageLite.MethodToInvoke.NEW_BUILDER);
                builder2.o(a);
                return new KeysetManager((Keyset.Builder) builder2);
            } catch (FileNotFoundException e2) {
                Log.w("AndroidKeysetManager", "keyset not found, will generate a new one", e2);
                if (this.f == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                KeysetManager keysetManager = new KeysetManager(Keyset.C());
                KeyTemplate keyTemplate = this.f;
                synchronized (keysetManager) {
                    keysetManager.a(keyTemplate.a);
                    keysetManager.g(qt4.a(keysetManager.b().a).y().A());
                    if (this.d != null) {
                        KeysetHandle b2 = keysetManager.b();
                        SharedPrefKeysetWriter sharedPrefKeysetWriter = this.b;
                        AndroidKeystoreAesGcm androidKeystoreAesGcm2 = this.d;
                        Keyset keyset2 = b2.a;
                        byte[] c2 = androidKeystoreAesGcm2.c(keyset2.k(), new byte[0]);
                        try {
                            if (!Keyset.D(androidKeystoreAesGcm2.a(c2, new byte[0]), ExtensionRegistryLite.a()).equals(keyset2)) {
                                throw new GeneralSecurityException("cannot encrypt keyset");
                            }
                            EncryptedKeyset.Builder z = EncryptedKeyset.z();
                            ByteString.f f = ByteString.f(c2, 0, c2.length);
                            z.m();
                            EncryptedKeyset.w((EncryptedKeyset) z.d, f);
                            KeysetInfo a2 = qt4.a(keyset2);
                            z.m();
                            EncryptedKeyset.x((EncryptedKeyset) z.d, a2);
                            sharedPrefKeysetWriter.a(z.k());
                        } catch (InvalidProtocolBufferException unused) {
                            throw new GeneralSecurityException("invalid keyset, corrupted key material");
                        }
                    } else {
                        this.b.b(keysetManager.b().a);
                    }
                    return keysetManager;
                }
            }
        }

        public final AndroidKeystoreAesGcm c() throws GeneralSecurityException {
            AndroidKeystoreKmsClient androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
            boolean d = androidKeystoreKmsClient.d(this.f2396c);
            if (!d) {
                try {
                    AndroidKeystoreKmsClient.c(this.f2396c);
                } catch (GeneralSecurityException | ProviderException e) {
                    Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e);
                    return null;
                }
            }
            try {
                return androidKeystoreKmsClient.b(this.f2396c);
            } catch (GeneralSecurityException | ProviderException e2) {
                if (d) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.f2396c), e2);
                }
                Log.w("AndroidKeysetManager", "cannot use Android Keystore, it'll be disabled", e2);
                return null;
            }
        }

        public final void d(String str) {
            if (!str.startsWith("android-keystore://")) {
                throw new IllegalArgumentException("key URI must start with android-keystore://");
            }
            if (!this.e) {
                throw new IllegalArgumentException("cannot call withMasterKeyUri() after calling doNotUseKeystore()");
            }
            this.f2396c = str;
        }

        public final void e(Context context) throws IOException {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            this.a = new SharedPrefKeysetReader(context);
            this.b = new SharedPrefKeysetWriter(context);
        }
    }

    public AndroidKeysetManager(Builder builder) throws GeneralSecurityException, IOException {
        this.a = builder.b;
        this.b = builder.d;
        this.f2395c = builder.g;
    }
}
