package com.google.crypto.tink.integration.android;

import android.content.Context;
import android.preference.PreferenceManager;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import androidx.appcompat.widget.TooltipPopup;
import androidx.compose.ui.node.Owner;
import com.google.crypto.tink.subtle.Random;
import com.google.crypto.tink.subtle.Validators;
import io.grpc.internal.SharedResourcePool;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.ProviderException;
import java.util.Arrays;
import javax.crypto.AEADBadTagException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import org.jsoup.nodes.Printer;

/* loaded from: classes3.dex */
public final class AndroidKeysetManager {
    public Object keysetManager;
    public static final Object lock = new Object();
    public static final Object keyCreationLock = new Object();

    public AndroidKeysetManager() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            this.keysetManager = keyStore;
        } catch (IOException | GeneralSecurityException e) {
            throw new IllegalStateException(e);
        }
    }

    public AndroidKeysetManager(TooltipPopup tooltipPopup) {
        Context context = (Context) tooltipPopup.mContext;
        String str = (String) tooltipPopup.mContentView;
        String str2 = (String) tooltipPopup.mMessageView;
        if (str == null) {
            throw new IllegalArgumentException("keysetName cannot be null");
        }
        Context applicationContext = context.getApplicationContext();
        if (str2 == null) {
            PreferenceManager.getDefaultSharedPreferences(applicationContext).edit();
        } else {
            applicationContext.getSharedPreferences(str2, 0).edit();
        }
        this.keysetManager = (SharedResourcePool) tooltipPopup.mTmpAppPos;
    }

    public static boolean generateKeyIfNotExist(String str) {
        AndroidKeysetManager androidKeysetManager = new AndroidKeysetManager();
        synchronized (keyCreationLock) {
            try {
                if (androidKeysetManager.hasKey(str)) {
                    return false;
                }
                generateNewAesGcmKeyWithoutExistenceCheck(str);
                return true;
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    public static void generateNewAesGcmKeyWithoutExistenceCheck(String str) {
        String validateKmsKeyUriAndRemovePrefix = Validators.validateKmsKeyUriAndRemovePrefix(str);
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(validateKmsKeyUriAndRemovePrefix, 3).setKeySize(256).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
        keyGenerator.generateKey();
    }

    public byte[] decrypt(byte[] bArr, byte[] bArr2) {
        if (bArr.length < 28) {
            throw new GeneralSecurityException("ciphertext too short");
        }
        try {
            return decryptInternal(bArr, bArr2);
        } catch (ProviderException e) {
            e = e;
            Log.w("AndroidKeystoreAesGcm", "encountered a potentially transient KeyStore error, will wait and retry", e);
            try {
                Thread.sleep((int) (Math.random() * 100.0d));
            } catch (InterruptedException unused) {
            }
            return decryptInternal(bArr, bArr2);
        } catch (AEADBadTagException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            e = e3;
            Log.w("AndroidKeystoreAesGcm", "encountered a potentially transient KeyStore error, will wait and retry", e);
            Thread.sleep((int) (Math.random() * 100.0d));
            return decryptInternal(bArr, bArr2);
        }
    }

    public byte[] decryptInternal(byte[] bArr, byte[] bArr2) {
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr, 0, 12);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, (SecretKey) this.keysetManager, gCMParameterSpec);
        cipher.updateAAD(bArr2);
        return cipher.doFinal(bArr, 12, bArr.length - 12);
    }

    public byte[] encrypt(byte[] bArr, byte[] bArr2) {
        try {
            return encryptInternal(bArr, bArr2);
        } catch (GeneralSecurityException | ProviderException e) {
            Log.w("AndroidKeystoreAesGcm", "encountered a potentially transient KeyStore error, will wait and retry", e);
            try {
                Thread.sleep((int) (Math.random() * 100.0d));
            } catch (InterruptedException unused) {
            }
            return encryptInternal(bArr, bArr2);
        }
    }

    public byte[] encryptInternal(byte[] bArr, byte[] bArr2) {
        if (bArr.length > 2147483619) {
            throw new GeneralSecurityException("plaintext too long");
        }
        byte[] bArr3 = new byte[bArr.length + 28];
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, (SecretKey) this.keysetManager);
        cipher.updateAAD(bArr2);
        cipher.doFinal(bArr, 0, bArr.length, bArr3, 12);
        System.arraycopy(cipher.getIV(), 0, bArr3, 0, 12);
        return bArr3;
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [com.google.crypto.tink.integration.android.AndroidKeysetManager, java.lang.Object] */
    public synchronized AndroidKeysetManager getAead(String str) {
        ?? obj;
        String validateKmsKeyUriAndRemovePrefix = Validators.validateKmsKeyUriAndRemovePrefix(str);
        KeyStore keyStore = (KeyStore) this.keysetManager;
        obj = new Object();
        SecretKey secretKey = (SecretKey) keyStore.getKey(validateKmsKeyUriAndRemovePrefix, null);
        obj.keysetManager = secretKey;
        if (secretKey == null) {
            throw new InvalidKeyException(Owner.CC.m("Keystore cannot load the key with ID: ", validateKmsKeyUriAndRemovePrefix));
        }
        byte[] randBytes = Random.randBytes(10);
        byte[] bArr = new byte[0];
        if (!Arrays.equals(randBytes, obj.decrypt(obj.encrypt(randBytes, bArr), bArr))) {
            throw new KeyStoreException("cannot use Android Keystore: encryption/decryption of non-empty message and empty aad returns an incorrect result");
        }
        return obj;
    }

    public synchronized Printer getKeysetHandle() {
        return ((SharedResourcePool) this.keysetManager).getKeysetHandle();
    }

    public synchronized boolean hasKey(String str) {
        String validateKmsKeyUriAndRemovePrefix;
        validateKmsKeyUriAndRemovePrefix = Validators.validateKmsKeyUriAndRemovePrefix(str);
        try {
        } catch (NullPointerException unused) {
            Log.w("AndroidKeystoreKmsClient", "Keystore is temporarily unavailable, wait, reinitialize Keystore and try again.");
            try {
                try {
                    Thread.sleep((int) (Math.random() * 40.0d));
                } catch (InterruptedException unused2) {
                }
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                this.keysetManager = keyStore;
                keyStore.load(null);
                return ((KeyStore) this.keysetManager).containsAlias(validateKmsKeyUriAndRemovePrefix);
            } catch (IOException e) {
                throw new GeneralSecurityException(e);
            }
        }
        return ((KeyStore) this.keysetManager).containsAlias(validateKmsKeyUriAndRemovePrefix);
    }
}
