package defpackage;

import android.annotation.TargetApi;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProtection;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: :com.google.android.gms@12688006@12.6.88 (020300-197970725) */
@TargetApi(26)
/* loaded from: classes2.dex */
public final class kow {
    private static final jny a = new jny("FolsomSecondaryKeyManager");
    private boolean b = false;
    private final kou c;
    private final SecureRandom d;
    private final kpc e;
    private final kpd f;

    private kow(kou kouVar, kpc kpcVar, kpd kpdVar, SecureRandom secureRandom) {
        this.c = kouVar;
        this.e = kpcVar;
        this.d = secureRandom;
        this.f = kpdVar;
    }

    public static kow a(Context context) {
        try {
            return new kow(kou.a(context), new kpc(KeyGenerator.getInstance("AES", "AndroidKeyStore")), new kpf(KeyStore.getInstance("AndroidKeyStore")), new SecureRandom());
        } catch (KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new kof("Impossible condition: JCE thinks it does not support AES key generation through AndroidKeyStore, but this has been supported since API level 23.", e);
        }
    }

    private final String b() {
        byte[] bArr = new byte[16];
        this.d.nextBytes(bArr);
        String valueOf = String.valueOf("com.google.android.gms.backup/folsom/");
        String valueOf2 = String.valueOf(bbun.c.a(bArr, 16));
        return valueOf2.length() != 0 ? valueOf.concat(valueOf2) : new String(valueOf);
    }

    private final kov c() {
        String b = b();
        try {
            this.e.a.init(new KeyGenParameterSpec.Builder(b, 3).setKeySize(256).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
            return new kov(b, this.e.a.generateKey());
        } catch (InvalidAlgorithmParameterException e) {
            throw new kof("Impossible condition: JCE thinks it does not support generating AES keys through AndroidKeyStore, but this has been supported since API level 23.", e);
        }
    }

    private final void d() {
        if (this.b) {
            return;
        }
        try {
            this.f.a();
            this.b = true;
        } catch (NoSuchAlgorithmException e) {
            throw new kof("Impossible condition: JCE thinks it does not support AndroidKeyStore, but this has been supported since API level 23.", e);
        }
    }

    public final kov a() {
        if (!((Boolean) kmw.aa.a()).booleanValue()) {
            a.f("Locally generating a key. This cannot be synced.", new Object[0]);
            return c();
        }
        String b = b();
        a.e("Generating key '%s' using Framework hidden APIs", b);
        try {
            byte[] a2 = this.c.a(b);
            a.d("Got %d bytes of key material from Framework api", Integer.valueOf(a2.length));
            this.f.a();
            this.f.a(b, new KeyStore.SecretKeyEntry(new SecretKeySpec(a2, "AES")), new KeyProtection.Builder(3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
            a.d("Loaded Framework key material into my keystore", new Object[0]);
            bawd b2 = b(b);
            if (b2.b()) {
                return (kov) b2.c();
            }
            throw new kof("Unexpected error - added key to AndroidKeyStore but then could not retrieve it immediately afterwards.");
        } catch (IOException | ReflectiveOperationException | GeneralSecurityException e) {
            throw new kof("Unexpected error proxying hidden framework API for generating recoverable keys", e);
        }
    }

    public final void a(String str) {
        d();
        this.f.c(str);
        if (((Boolean) kmw.aa.a()).booleanValue()) {
            this.c.b(str);
        }
    }

    public final bawd b(String str) {
        d();
        try {
            Key d = this.f.d(str);
            if (d == null) {
                return batz.a;
            }
            if (!(d instanceof SecretKey)) {
                String simpleName = d.getClass().getSimpleName();
                throw new kof(new StringBuilder(String.valueOf(str).length() + 32 + String.valueOf(simpleName).length()).append("Expected SecretKey for ").append(str).append(" but was ").append(simpleName).toString());
            }
            if ("AES".equals(d.getAlgorithm())) {
                return bawd.b(new kov(str, (SecretKey) d));
            }
            String algorithm = d.getAlgorithm();
            throw new kof(new StringBuilder(String.valueOf(str).length() + 42 + String.valueOf(algorithm).length()).append("Expected AES SecretKey for ").append(str).append(", but got ").append(algorithm).append(" key.").toString());
        } catch (NoSuchAlgorithmException e) {
            throw new kof(new StringBuilder(String.valueOf(str).length() + 51).append("Tried to load key ").append(str).append(" but it had unsupported alogrithm").toString(), e);
        }
    }
}
