package veeva.vault.mobile.coredataimpl.device;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.support.v4.media.d;
import android.util.Log;
import androidx.activity.i;
import androidx.security.crypto.EncryptedFile;
import androidx.security.crypto.MasterKey;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.crypto.tink.proto.a;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import f.p;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.ProviderException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Logger;
import javax.crypto.KeyGenerator;
import k7.b;
import k7.e;
import k7.g;
import k7.i;
import k7.j;
import k7.m;
import k7.n;
import k7.o;
import kh.a;
import kotlin.jvm.internal.m;
import kotlin.jvm.internal.q;
import kotlinx.coroutines.q0;
import n7.a;
import veeva.vault.mobile.common.Response;
import veeva.vault.mobile.coredataapi.device.c;
import veeva.vault.mobile.coredataapi.device.f;

/* loaded from: classes2.dex */
public final class VaultFileManagerImpl implements f {
    public static final a Companion = new a(null);

    /* renamed from: a, reason: collision with root package name */
    public final Context f20699a;

    /* renamed from: b, reason: collision with root package name */
    public final MasterKey f20700b;

    /* loaded from: classes2.dex */
    public static final class a {
        public a(m mVar) {
        }
    }

    public VaultFileManagerImpl(Context context) {
        this.f20699a = context;
        context.getApplicationContext();
        MasterKey.KeyScheme keyScheme = MasterKey.KeyScheme.AES256_GCM;
        if (MasterKey.a.f4221a[keyScheme.ordinal()] != 1) {
            throw new IllegalArgumentException("Unsupported scheme: " + keyScheme);
        }
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("_androidx_security_master_key_", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build();
        Objects.requireNonNull(build, "KeyGenParameterSpec was null after build() check");
        int i10 = androidx.security.crypto.a.f4222a;
        if (build.getKeySize() != 256) {
            StringBuilder a10 = d.a("invalid key size, want 256 bits got ");
            a10.append(build.getKeySize());
            a10.append(" bits");
            throw new IllegalArgumentException(a10.toString());
        }
        if (!Arrays.equals(build.getBlockModes(), new String[]{"GCM"})) {
            StringBuilder a11 = d.a("invalid block mode, want GCM got ");
            a11.append(Arrays.toString(build.getBlockModes()));
            throw new IllegalArgumentException(a11.toString());
        }
        if (build.getPurposes() != 3) {
            StringBuilder a12 = d.a("invalid purposes mode, want PURPOSE_ENCRYPT | PURPOSE_DECRYPT got ");
            a12.append(build.getPurposes());
            throw new IllegalArgumentException(a12.toString());
        }
        if (!Arrays.equals(build.getEncryptionPaddings(), new String[]{"NoPadding"})) {
            StringBuilder a13 = d.a("invalid padding mode, want NoPadding got ");
            a13.append(Arrays.toString(build.getEncryptionPaddings()));
            throw new IllegalArgumentException(a13.toString());
        }
        if (build.isUserAuthenticationRequired() && build.getUserAuthenticationValidityDurationSeconds() < 1) {
            throw new IllegalArgumentException("per-operation authentication is not supported (UserAuthenticationValidityDurationSeconds must be >0)");
        }
        String keystoreAlias = build.getKeystoreAlias();
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (!keyStore.containsAlias(keystoreAlias)) {
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                keyGenerator.init(build);
                keyGenerator.generateKey();
            } catch (ProviderException e10) {
                throw new GeneralSecurityException(e10.getMessage(), e10);
            }
        }
        this.f20700b = new MasterKey(build.getKeystoreAlias(), build);
    }

    @Override // veeva.vault.mobile.coredataapi.device.f
    public boolean a(c fileMetadata) {
        q.e(fileMetadata, "fileMetadata");
        File j10 = j(fileMetadata.a() ? new b(fileMetadata) : fileMetadata);
        return fileMetadata.b() ? kotlin.io.d.F(j10) : j10.delete();
    }

    @Override // veeva.vault.mobile.coredataapi.device.f
    public Object b(c cVar, byte[] bArr, kotlin.coroutines.c<? super Response<a.c.e, Integer>> cVar2) {
        return e.a.v(q0.f14759c, new VaultFileManagerImpl$readEncryptedFile$2(this, cVar, bArr, null), cVar2);
    }

    @Override // veeva.vault.mobile.coredataapi.device.f
    public Object c(c cVar, okio.f fVar, byte[] bArr, kotlin.coroutines.c<? super Response<? extends kh.a, Integer>> cVar2) {
        return e.a.v(q0.f14759c, new VaultFileManagerImpl$saveFile$4(this, cVar, fVar, bArr, null), cVar2);
    }

    @Override // veeva.vault.mobile.coredataapi.device.f
    public boolean d(c cVar) {
        if (cVar.a()) {
            cVar = new b(cVar);
        }
        return j(cVar).exists();
    }

    @Override // veeva.vault.mobile.coredataapi.device.f
    public <T extends Serializable> void e(c cVar, T t10) {
        h(cVar);
        try {
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(l(cVar));
            try {
                objectOutputStream.writeObject(t10);
                i.e(objectOutputStream, null);
            } finally {
            }
        } catch (Exception e10) {
            Log.d("VaultFileManager", j9.b.P(e10));
        }
    }

    @Override // veeva.vault.mobile.coredataapi.device.f
    public <T> T f(c cVar) {
        try {
            ObjectInputStream objectInputStream = new ObjectInputStream(k(cVar));
            try {
                T t10 = (T) objectInputStream.readObject();
                i.e(objectInputStream, null);
                return t10;
            } finally {
            }
        } catch (Exception e10) {
            Log.d("VaultFileManager", j9.b.P(e10));
            return null;
        }
    }

    @Override // veeva.vault.mobile.coredataapi.device.f
    public void g() {
        File cacheDir = this.f20699a.getCacheDir();
        q.d(cacheDir, "context.cacheDir");
        kotlin.io.d.F(cacheDir);
    }

    public final boolean h(c cVar) {
        return new File(cVar.f() ? this.f20699a.getCacheDir() : this.f20699a.getFilesDir(), cVar.c()).mkdirs();
    }

    public final EncryptedFile i(c cVar) {
        n7.a aVar;
        g b10;
        byte[] array;
        Context context = this.f20699a;
        File j10 = j(new b(cVar));
        MasterKey masterKey = this.f20700b;
        EncryptedFile.FileEncryptionScheme fileEncryptionScheme = EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB;
        Context applicationContext = context.getApplicationContext();
        String str = masterKey.f4220a;
        p7.d.a();
        a.b bVar = new a.b();
        bVar.f16461e = fileEncryptionScheme.getKeyTemplate();
        if (applicationContext == null) {
            throw new IllegalArgumentException("need an Android context");
        }
        bVar.f16457a = new androidx.appcompat.widget.m(applicationContext, "__androidx_security_crypto_encrypted_file_keyset__", "__androidx_security_crypto_encrypted_file_pref__");
        bVar.f16458b = new n7.d(applicationContext, "__androidx_security_crypto_encrypted_file_keyset__", "__androidx_security_crypto_encrypted_file_pref__");
        String a10 = p.a("android-keystore://", str);
        if (!a10.startsWith("android-keystore://")) {
            throw new IllegalArgumentException("key URI must start with android-keystore://");
        }
        bVar.f16459c = a10;
        synchronized (bVar) {
            if (bVar.f16459c != null) {
                bVar.f16460d = bVar.b();
            }
            bVar.f16462f = bVar.a();
            aVar = new n7.a(bVar, null);
        }
        synchronized (aVar) {
            b10 = aVar.f16456b.b();
        }
        j jVar = (j) ((ConcurrentHashMap) k7.m.f14106e).get(n.class);
        Class a11 = jVar != null ? jVar.a() : null;
        if (a11 == null) {
            StringBuilder a12 = d.a("No wrapper found for ");
            a12.append(n.class.getName());
            throw new GeneralSecurityException(a12.toString());
        }
        Logger logger = k7.m.f14102a;
        com.google.crypto.tink.proto.a aVar2 = b10.f14093a;
        int i10 = o.f14107a;
        int D = aVar2.D();
        byte b11 = 1;
        int i11 = 0;
        boolean z10 = false;
        boolean z11 = true;
        for (a.c cVar2 : aVar2.C()) {
            if (cVar2.F() == KeyStatusType.ENABLED) {
                if (!cVar2.G()) {
                    throw new GeneralSecurityException(String.format("key %d has no key data", Integer.valueOf(cVar2.D())));
                }
                if (cVar2.E() == OutputPrefixType.UNKNOWN_PREFIX) {
                    throw new GeneralSecurityException(String.format("key %d has unknown prefix", Integer.valueOf(cVar2.D())));
                }
                if (cVar2.F() == KeyStatusType.UNKNOWN_STATUS) {
                    throw new GeneralSecurityException(String.format("key %d has unknown status", Integer.valueOf(cVar2.D())));
                }
                if (cVar2.D() == D) {
                    if (z10) {
                        throw new GeneralSecurityException("keyset contains multiple primary keys");
                    }
                    z10 = true;
                }
                if (cVar2.C().C() != KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC) {
                    z11 = false;
                }
                i11++;
            }
        }
        if (i11 == 0) {
            throw new GeneralSecurityException("keyset must contain at least one ENABLED key");
        }
        if (!z10 && !z11) {
            throw new GeneralSecurityException("keyset doesn't contain a valid primary key");
        }
        k7.i iVar = new k7.i(a11);
        for (a.c cVar3 : b10.f14093a.C()) {
            KeyStatusType F = cVar3.F();
            KeyStatusType keyStatusType = KeyStatusType.ENABLED;
            if (F == keyStatusType) {
                String D2 = cVar3.C().D();
                ByteString E = cVar3.C().E();
                m.a b12 = k7.m.b(D2);
                if (!b12.d().contains(a11)) {
                    StringBuilder a13 = d.a("Primitive type ");
                    a13.append(a11.getName());
                    a13.append(" not supported by key manager of type ");
                    a13.append(b12.c());
                    a13.append(", supported primitives: ");
                    Set<Class<?>> d10 = b12.d();
                    StringBuilder sb2 = new StringBuilder();
                    boolean z12 = true;
                    for (Class<?> cls : d10) {
                        if (!z12) {
                            sb2.append(", ");
                        }
                        sb2.append(cls.getCanonicalName());
                        z12 = false;
                    }
                    a13.append(sb2.toString());
                    throw new GeneralSecurityException(a13.toString());
                }
                Object a14 = ((e) b12.a(a11)).a(E);
                if (cVar3.F() != keyStatusType) {
                    throw new GeneralSecurityException("only ENABLED key is allowed");
                }
                int i12 = b.a.f14086a[cVar3.E().ordinal()];
                if (i12 == b11 || i12 == 2) {
                    array = ByteBuffer.allocate(5).put((byte) 0).putInt(cVar3.D()).array();
                } else if (i12 == 3) {
                    array = ByteBuffer.allocate(5).put(b11).putInt(cVar3.D()).array();
                } else {
                    if (i12 != 4) {
                        throw new GeneralSecurityException("unknown output prefix type");
                    }
                    array = k7.b.f14085a;
                }
                i.b<P> bVar2 = new i.b<>(a14, array, cVar3.F(), cVar3.E(), cVar3.D());
                ArrayList arrayList = new ArrayList();
                arrayList.add(bVar2);
                byte[] bArr = bVar2.f14098b;
                i.c cVar4 = new i.c(bArr == null ? null : Arrays.copyOf(bArr, bArr.length), null);
                List list = (List) iVar.f14094a.put(cVar4, Collections.unmodifiableList(arrayList));
                if (list != null) {
                    ArrayList arrayList2 = new ArrayList();
                    arrayList2.addAll(list);
                    arrayList2.add(bVar2);
                    iVar.f14094a.put(cVar4, Collections.unmodifiableList(arrayList2));
                }
                if (cVar3.D() == b10.f14093a.D()) {
                    if (bVar2.f14099c != keyStatusType) {
                        throw new IllegalArgumentException("the primary entry has to be ENABLED");
                    }
                    byte[] bArr2 = bVar2.f14098b;
                    if (iVar.a(bArr2 != null ? Arrays.copyOf(bArr2, bArr2.length) : null).isEmpty()) {
                        throw new IllegalArgumentException("the primary entry cannot be set to an entry which is not held by this primitive set");
                    }
                    iVar.f14095b = bVar2;
                }
                b11 = 1;
            }
        }
        j jVar2 = (j) ((ConcurrentHashMap) k7.m.f14106e).get(n.class);
        if (jVar2 == null) {
            StringBuilder a15 = d.a("No wrapper found for ");
            a15.append(iVar.f14096c.getName());
            throw new GeneralSecurityException(a15.toString());
        }
        if (jVar2.a().equals(iVar.f14096c)) {
            return new EncryptedFile(j10, "__androidx_security_crypto_encrypted_file_keyset__", (n) jVar2.b(iVar), applicationContext);
        }
        StringBuilder a16 = d.a("Wrong input primitive class, expected ");
        a16.append(jVar2.a());
        a16.append(", got ");
        a16.append(iVar.f14096c);
        throw new GeneralSecurityException(a16.toString());
    }

    public final File j(c cVar) {
        return new File(cVar.f() ? this.f20699a.getCacheDir() : this.f20699a.getFilesDir(), cVar.d());
    }

    public final FileInputStream k(c cVar) {
        if (!cVar.a()) {
            return new FileInputStream(j(cVar));
        }
        EncryptedFile i10 = i(cVar);
        if (i10.f4216a.exists()) {
            FileInputStream fileInputStream = new FileInputStream(i10.f4216a);
            return new EncryptedFile.a(fileInputStream.getFD(), i10.f4217b.b(fileInputStream, i10.f4216a.getName().getBytes(StandardCharsets.UTF_8)));
        }
        StringBuilder a10 = d.a("file doesn't exist: ");
        a10.append(i10.f4216a.getName());
        throw new IOException(a10.toString());
    }

    public final FileOutputStream l(c cVar) {
        if (!cVar.a()) {
            return new FileOutputStream(j(cVar));
        }
        EncryptedFile i10 = i(cVar);
        if (i10.f4216a.exists()) {
            StringBuilder a10 = d.a("output file already exists, please use a new file: ");
            a10.append(i10.f4216a.getName());
            throw new IOException(a10.toString());
        }
        FileOutputStream fileOutputStream = new FileOutputStream(i10.f4216a);
        return new EncryptedFile.b(fileOutputStream.getFD(), i10.f4217b.a(fileOutputStream, i10.f4216a.getName().getBytes(StandardCharsets.UTF_8)));
    }
}
