package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.content.SharedPreferences;
import com.annimon.stream.Collectors;
import com.annimon.stream.IntStream$3;
import com.google.android.gms.fido.fido2.zzc;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.Util;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.ProviderException;
import kotlin.TuplesKt;

/* loaded from: classes.dex */
public final class AndroidKeysetManager {
    public IntStream$3 keysetManager;

    /* loaded from: classes.dex */
    public final class Builder {
        public zzc reader = null;
        public zzc writer = null;
        public String masterKeyUri = null;
        public AndroidKeystoreAesGcm masterKey = null;
        public KeyTemplate keyTemplate = null;

        /* JADX WARN: Type inference failed for: r1v0, types: [com.google.crypto.tink.integration.android.AndroidKeysetManager, java.lang.Object] */
        public final synchronized AndroidKeysetManager build() {
            ?? obj;
            try {
                if (this.masterKeyUri != null) {
                    this.masterKey = readOrGenerateNewMasterKey();
                }
                IntStream$3 readOrGenerateNewKeyset = readOrGenerateNewKeyset();
                obj = new Object();
                obj.keysetManager = readOrGenerateNewKeyset;
            } catch (Throwable th) {
                throw th;
            }
            return obj;
        }

        public final IntStream$3 readOrGenerateNewKeyset() {
            try {
                AndroidKeystoreAesGcm androidKeystoreAesGcm = this.masterKey;
                if (androidKeystoreAesGcm != null) {
                    try {
                        Keyset keyset = (Keyset) Collectors.AnonymousClass35.read(this.reader, androidKeystoreAesGcm).val$downstreamFinisher;
                        keyset.getClass();
                        GeneratedMessageLite.Builder builder = (GeneratedMessageLite.Builder) keyset.dynamicMethod(GeneratedMessageLite.MethodToInvoke.NEW_BUILDER);
                        builder.copyOnWrite();
                        GeneratedMessageLite.Builder.mergeFromInstance(builder.instance, keyset);
                        return new IntStream$3(28, (Keyset.Builder) builder);
                    } catch (InvalidProtocolBufferException | GeneralSecurityException unused) {
                    }
                }
                Keyset parseFrom = Keyset.parseFrom(this.reader.readPref(), ExtensionRegistryLite.getEmptyRegistry());
                if (parseFrom.getKeyCount() <= 0) {
                    throw new GeneralSecurityException("empty keyset");
                }
                GeneratedMessageLite.Builder builder2 = (GeneratedMessageLite.Builder) parseFrom.dynamicMethod(GeneratedMessageLite.MethodToInvoke.NEW_BUILDER);
                builder2.copyOnWrite();
                GeneratedMessageLite.Builder.mergeFromInstance(builder2.instance, parseFrom);
                return new IntStream$3(28, (Keyset.Builder) builder2);
            } catch (FileNotFoundException unused2) {
                if (this.keyTemplate == null) {
                    throw new GeneralSecurityException("cannot read or generate keyset");
                }
                IntStream$3 intStream$3 = new IntStream$3(28, Keyset.newBuilder());
                KeyTemplate keyTemplate = this.keyTemplate;
                synchronized (intStream$3) {
                    intStream$3.addNewKey(keyTemplate.kt);
                    int keyId = Util.getKeysetInfo((Keyset) intStream$3.getKeysetHandle().val$downstreamFinisher).getKeyInfo().getKeyId();
                    synchronized (intStream$3) {
                        for (int i = 0; i < ((Keyset) ((Keyset.Builder) intStream$3.this$0).instance).getKeyCount(); i++) {
                            try {
                                Keyset.Key key = ((Keyset) ((Keyset.Builder) intStream$3.this$0).instance).getKey(i);
                                if (key.getKeyId() == keyId) {
                                    if (!key.getStatus().equals(KeyStatusType.ENABLED)) {
                                        throw new GeneralSecurityException("cannot set key as primary because it's not enabled: " + keyId);
                                    }
                                    Keyset.Builder builder3 = (Keyset.Builder) intStream$3.this$0;
                                    builder3.copyOnWrite();
                                    ((Keyset) builder3.instance).primaryKeyId_ = keyId;
                                    if (this.masterKey != null) {
                                        Collectors.AnonymousClass35 keysetHandle = intStream$3.getKeysetHandle();
                                        zzc zzcVar = this.writer;
                                        AndroidKeystoreAesGcm androidKeystoreAesGcm2 = this.masterKey;
                                        Keyset keyset2 = (Keyset) keysetHandle.val$downstreamFinisher;
                                        byte[] encrypt = androidKeystoreAesGcm2.encrypt(keyset2.toByteArray(), new byte[0]);
                                        try {
                                            if (!Keyset.parseFrom(androidKeystoreAesGcm2.decrypt(encrypt, new byte[0]), ExtensionRegistryLite.getEmptyRegistry()).equals(keyset2)) {
                                                throw new GeneralSecurityException("cannot encrypt keyset");
                                            }
                                            EncryptedKeyset.Builder newBuilder = EncryptedKeyset.newBuilder();
                                            ByteString.LiteralByteString copyFrom = ByteString.copyFrom(encrypt, 0, encrypt.length);
                                            newBuilder.copyOnWrite();
                                            EncryptedKeyset.access$100((EncryptedKeyset) newBuilder.instance, copyFrom);
                                            KeysetInfo keysetInfo = Util.getKeysetInfo(keyset2);
                                            newBuilder.copyOnWrite();
                                            EncryptedKeyset.access$300((EncryptedKeyset) newBuilder.instance, keysetInfo);
                                            if (!((SharedPreferences.Editor) zzcVar.zza).putString((String) zzcVar.zzb, TuplesKt.encode(((EncryptedKeyset) newBuilder.build()).toByteArray())).commit()) {
                                                throw new IOException("Failed to write to SharedPreferences");
                                            }
                                        } catch (InvalidProtocolBufferException unused3) {
                                            throw new GeneralSecurityException("invalid keyset, corrupted key material");
                                        }
                                    } else {
                                        Collectors.AnonymousClass35 keysetHandle2 = intStream$3.getKeysetHandle();
                                        zzc zzcVar2 = this.writer;
                                        if (!((SharedPreferences.Editor) zzcVar2.zza).putString((String) zzcVar2.zzb, TuplesKt.encode(((Keyset) keysetHandle2.val$downstreamFinisher).toByteArray())).commit()) {
                                            throw new IOException("Failed to write to SharedPreferences");
                                        }
                                    }
                                    return intStream$3;
                                }
                            } catch (Throwable th) {
                                throw th;
                            }
                        }
                        throw new GeneralSecurityException("key not found: " + keyId);
                    }
                }
            }
        }

        public final AndroidKeystoreAesGcm readOrGenerateNewMasterKey() {
            AndroidKeystoreKmsClient androidKeystoreKmsClient = new AndroidKeystoreKmsClient();
            boolean hasKey = androidKeystoreKmsClient.hasKey(this.masterKeyUri);
            if (!hasKey) {
                try {
                    AndroidKeystoreKmsClient.generateNewAeadKey(this.masterKeyUri);
                } catch (GeneralSecurityException | ProviderException unused) {
                    return null;
                }
            }
            try {
                return androidKeystoreKmsClient.getAead(this.masterKeyUri);
            } catch (GeneralSecurityException | ProviderException e) {
                if (hasKey) {
                    throw new KeyStoreException(String.format("the master key %s exists but is unusable", this.masterKeyUri), e);
                }
                return null;
            }
        }

        public final void withSharedPref(Context context, String str, String str2) {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            this.reader = new zzc(context, str, str2, 26);
            this.writer = new zzc(context, str, str2, 27);
        }
    }
}
