package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetManager;
import com.google.crypto.tink.proto.KeyTemplate;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.subtle.Hex;
import com.google.crypto.tink.subtle.Validators;
import com.google.protobuf.AbstractProtobufList;
import com.google.protobuf.GeneratedMessageLite;
import com.google.protobuf.Internal;
import com.google.protobuf.InvalidProtocolBufferException;
import com.microsoft.identity.common.java.crypto.key.AES256KeyLoader;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.crypto.KeyGenerator;

/* loaded from: classes2.dex */
public final class AndroidKeysetManager {
    public final KeyTemplate keyTemplate;
    public final KeysetManager keysetManager;
    public final AndroidKeystoreAesGcm masterKey;
    public final SharedPrefKeysetReader reader;
    public final boolean useKeystore;
    public final SharedPrefKeysetWriter writer;

    /* loaded from: classes2.dex */
    public static final class Builder {
        public SharedPrefKeysetReader reader = null;
        public SharedPrefKeysetWriter writer = null;
        public String masterKeyUri = null;
        public KeyTemplate keyTemplate = null;

        public final void withSharedPref(Context context, String str) throws IOException {
            if (context == null) {
                throw new IllegalArgumentException("need an Android context");
            }
            this.reader = new SharedPrefKeysetReader(context, str);
            this.writer = new SharedPrefKeysetWriter(context, str);
        }
    }

    public AndroidKeysetManager(Builder builder) throws GeneralSecurityException, IOException {
        KeysetManager keysetManager;
        SharedPrefKeysetReader sharedPrefKeysetReader = builder.reader;
        this.reader = sharedPrefKeysetReader;
        if (sharedPrefKeysetReader == null) {
            throw new IllegalArgumentException("need to specify where to read the keyset from with Builder#withSharedPref");
        }
        SharedPrefKeysetWriter sharedPrefKeysetWriter = builder.writer;
        this.writer = sharedPrefKeysetWriter;
        if (sharedPrefKeysetWriter == null) {
            throw new IllegalArgumentException("need to specify where to write the keyset to with Builder#withSharedPref");
        }
        this.useKeystore = true;
        String str = builder.masterKeyUri;
        if (str == null) {
            throw new IllegalArgumentException("need a master key URI, please set it with Builder#masterKeyUri");
        }
        String validateKmsKeyUriAndRemovePrefix = Validators.validateKmsKeyUriAndRemovePrefix(str);
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (!keyStore.containsAlias(validateKmsKeyUriAndRemovePrefix)) {
            String validateKmsKeyUriAndRemovePrefix2 = Validators.validateKmsKeyUriAndRemovePrefix(str);
            KeyGenerator keyGenerator = KeyGenerator.getInstance(AES256KeyLoader.AES_ALGORITHM, "AndroidKeyStore");
            keyGenerator.init(new KeyGenParameterSpec.Builder(validateKmsKeyUriAndRemovePrefix2, 3).setKeySize(256).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
            keyGenerator.generateKey();
        }
        try {
            this.masterKey = new AndroidKeystoreAesGcm(Validators.validateKmsKeyUriAndRemovePrefix(str));
            this.keyTemplate = builder.keyTemplate;
            try {
                keysetManager = read();
            } catch (IOException e) {
                Log.i("com.google.crypto.tink.integration.android.AndroidKeysetManager", "cannot read keyset: " + e.toString());
                if (this.keyTemplate == null) {
                    throw new GeneralSecurityException("cannot obtain keyset handle");
                }
                Keyset.Builder builder2 = Keyset.DEFAULT_INSTANCE.toBuilder();
                keysetManager = new KeysetManager(builder2);
                KeyTemplate keyTemplate = this.keyTemplate;
                synchronized (keysetManager) {
                    Keyset.Key newKey = keysetManager.newKey(keyTemplate);
                    builder2.copyOnWrite();
                    Keyset keyset = (Keyset) builder2.instance;
                    keyset.getClass();
                    Internal.ProtobufList<Keyset.Key> protobufList = keyset.key_;
                    if (!((AbstractProtobufList) protobufList).isMutable) {
                        keyset.key_ = GeneratedMessageLite.mutableCopy(protobufList);
                    }
                    keyset.key_.add(newKey);
                    int i = newKey.keyId_;
                    builder2.copyOnWrite();
                    ((Keyset) builder2.instance).primaryKeyId_ = i;
                    try {
                        boolean z = this.useKeystore;
                        SharedPrefKeysetWriter sharedPrefKeysetWriter2 = this.writer;
                        if (z) {
                            keysetManager.getKeysetHandle().write(sharedPrefKeysetWriter2, this.masterKey);
                        } else {
                            Keyset keyset2 = keysetManager.getKeysetHandle().keyset;
                            sharedPrefKeysetWriter2.getClass();
                            sharedPrefKeysetWriter2.editor.putString(sharedPrefKeysetWriter2.keysetName, Hex.encode(keyset2.toByteArray())).apply();
                        }
                    } catch (IOException e2) {
                        throw new GeneralSecurityException(e2);
                    }
                }
            }
            this.keysetManager = keysetManager;
        } catch (IOException e3) {
            throw new GeneralSecurityException(e3);
        }
    }

    public final KeysetManager read() throws GeneralSecurityException, IOException {
        AndroidKeystoreAesGcm androidKeystoreAesGcm = this.masterKey;
        SharedPrefKeysetReader sharedPrefKeysetReader = this.reader;
        boolean z = this.useKeystore;
        if (z) {
            try {
                return new KeysetManager(KeysetHandle.read(sharedPrefKeysetReader, androidKeystoreAesGcm).keyset.toBuilder());
            } catch (InvalidProtocolBufferException | GeneralSecurityException e) {
                Log.i("com.google.crypto.tink.integration.android.AndroidKeysetManager", "cannot decrypt keyset: " + e.toString());
            }
        }
        Keyset keyset = (Keyset) GeneratedMessageLite.parseFrom(Keyset.DEFAULT_INSTANCE, sharedPrefKeysetReader.readPref());
        if (keyset == null || keyset.key_.size() <= 0) {
            throw new GeneralSecurityException("empty keyset");
        }
        KeysetHandle keysetHandle = new KeysetHandle(keyset);
        if (z) {
            keysetHandle.write(this.writer, androidKeystoreAesGcm);
        }
        return new KeysetManager(keysetHandle.keyset.toBuilder());
    }
}
