package com.tapptic.gigya.storage;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import androidx.security.crypto.EncryptedFile;
import androidx.security.crypto.MasterKey;
import androidx.security.crypto.MasterKeys;
import com.android.tools.r8.GeneratedOutlineSupport;
import com.google.crypto.tink.CryptoFormat;
import com.google.crypto.tink.KeyManagerImpl;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.PrimitiveSet;
import com.google.crypto.tink.PrimitiveWrapper;
import com.google.crypto.tink.Registry;
import com.google.crypto.tink.StreamingAead;
import com.google.crypto.tink.Util;
import com.google.crypto.tink.integration.android.AndroidKeysetManager;
import com.google.crypto.tink.integration.android.SharedPrefKeysetReader;
import com.google.crypto.tink.integration.android.SharedPrefKeysetWriter;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.streamingaead.StreamingAeadConfig;
import com.squareup.moshi.JsonAdapter;
import com.squareup.moshi.Moshi;
import com.tapptic.gigya.adapter.AccountAdapter;
import com.tapptic.gigya.model.Account;
import io.reactivex.Completable;
import io.reactivex.Maybe;
import io.reactivex.functions.Action;
import io.reactivex.functions.Consumer;
import io.reactivex.internal.functions.Functions;
import io.reactivex.internal.operators.completable.CompletableFromAction;
import io.reactivex.internal.operators.maybe.MaybeFromCallable;
import io.reactivex.internal.operators.maybe.MaybeOnErrorComplete;
import io.reactivex.plugins.RxJavaPlugins;
import io.reactivex.schedulers.Schedulers;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.ProviderException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.logging.Logger;
import javax.crypto.KeyGenerator;
import kotlin.Lazy;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import okio.Okio;
import okio.RealBufferedSource;

/* compiled from: EncryptedFileAccountStorageRepository.kt */
/* loaded from: classes.dex */
public final class EncryptedFileAccountStorageRepository implements AccountStorageRepository {
    public final File accountFile;
    public final JsonAdapter<Account> adapter;
    public final Lazy encryptedFile$delegate;
    public final MasterKey masterKey;

    public EncryptedFileAccountStorageRepository(final Context context) {
        MasterKey masterKey;
        Intrinsics.checkNotNullParameter(context, "context");
        Moshi.Builder builder = new Moshi.Builder();
        builder.add(new AccountAdapter());
        JsonAdapter<Account> adapter = new Moshi(builder).adapter(Account.class);
        Intrinsics.checkNotNullExpressionValue(adapter, "Moshi.Builder()\n        …pter(Account::class.java)");
        this.adapter = adapter;
        context.getApplicationContext();
        if (Build.VERSION.SDK_INT >= 23) {
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("master_key_gigya_account", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build();
            Objects.requireNonNull(build, "KeyGenParameterSpec was null after build() check");
            int i = MasterKeys.$r8$clinit;
            if (build.getKeySize() != 256) {
                StringBuilder outline40 = GeneratedOutlineSupport.outline40("invalid key size, want 256 bits got ");
                outline40.append(build.getKeySize());
                outline40.append(" bits");
                throw new IllegalArgumentException(outline40.toString());
            }
            if (!Arrays.equals(build.getBlockModes(), new String[]{"GCM"})) {
                StringBuilder outline402 = GeneratedOutlineSupport.outline40("invalid block mode, want GCM got ");
                outline402.append(Arrays.toString(build.getBlockModes()));
                throw new IllegalArgumentException(outline402.toString());
            }
            if (build.getPurposes() != 3) {
                StringBuilder outline403 = GeneratedOutlineSupport.outline40("invalid purposes mode, want PURPOSE_ENCRYPT | PURPOSE_DECRYPT got ");
                outline403.append(build.getPurposes());
                throw new IllegalArgumentException(outline403.toString());
            }
            if (!Arrays.equals(build.getEncryptionPaddings(), new String[]{"NoPadding"})) {
                StringBuilder outline404 = GeneratedOutlineSupport.outline40("invalid padding mode, want NoPadding got ");
                outline404.append(Arrays.toString(build.getEncryptionPaddings()));
                throw new IllegalArgumentException(outline404.toString());
            }
            if (build.isUserAuthenticationRequired() && build.getUserAuthenticationValidityDurationSeconds() < 1) {
                throw new IllegalArgumentException("per-operation authentication is not supported (UserAuthenticationValidityDurationSeconds must be >0)");
            }
            String keystoreAlias = build.getKeystoreAlias();
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (!keyStore.containsAlias(keystoreAlias)) {
                try {
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                    keyGenerator.init(build);
                    keyGenerator.generateKey();
                } catch (ProviderException e) {
                    throw new GeneralSecurityException(e.getMessage(), e);
                }
            }
            masterKey = new MasterKey(build.getKeystoreAlias(), build);
        } else {
            masterKey = new MasterKey("master_key_gigya_account", null);
        }
        Intrinsics.checkNotNullExpressionValue(masterKey, "MasterKey.Builder(contex…GCM)\n            .build()");
        this.masterKey = masterKey;
        this.accountFile = new File(context.getFilesDir(), "current_gigya_account.json");
        this.encryptedFile$delegate = RxJavaPlugins.lazy(new Function0<EncryptedFile>() { // from class: com.tapptic.gigya.storage.EncryptedFileAccountStorageRepository$encryptedFile$2
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public EncryptedFile invoke() {
                AndroidKeysetManager androidKeysetManager;
                KeysetHandle keysetHandle;
                byte[] outline64;
                Context context2 = context;
                EncryptedFileAccountStorageRepository encryptedFileAccountStorageRepository = EncryptedFileAccountStorageRepository.this;
                File file = encryptedFileAccountStorageRepository.accountFile;
                MasterKey masterKey2 = encryptedFileAccountStorageRepository.masterKey;
                EncryptedFile.FileEncryptionScheme fileEncryptionScheme = EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB;
                Context applicationContext = context2.getApplicationContext();
                String str = masterKey2.mKeyAlias;
                StreamingAeadConfig.register();
                AndroidKeysetManager.Builder builder2 = new AndroidKeysetManager.Builder();
                builder2.keyTemplate = fileEncryptionScheme.mStreamingAeadKeyTemplate;
                if (applicationContext == null) {
                    throw new IllegalArgumentException("need an Android context");
                }
                builder2.reader = new SharedPrefKeysetReader(applicationContext, "__androidx_security_crypto_encrypted_file_keyset__", "__androidx_security_crypto_encrypted_file_pref__");
                builder2.writer = new SharedPrefKeysetWriter(applicationContext, "__androidx_security_crypto_encrypted_file_keyset__", "__androidx_security_crypto_encrypted_file_pref__");
                String outline25 = GeneratedOutlineSupport.outline25("android-keystore://", str);
                if (!outline25.startsWith("android-keystore://")) {
                    throw new IllegalArgumentException("key URI must start with android-keystore://");
                }
                builder2.masterKeyUri = outline25;
                synchronized (builder2) {
                    if (builder2.masterKeyUri != null) {
                        builder2.masterKey = builder2.readOrGenerateNewMasterKey();
                    }
                    builder2.keysetManager = builder2.readOrGenerateNewKeyset();
                    androidKeysetManager = new AndroidKeysetManager(builder2, null);
                }
                synchronized (androidKeysetManager) {
                    keysetHandle = androidKeysetManager.keysetManager.getKeysetHandle();
                }
                PrimitiveWrapper<?, ?> primitiveWrapper = Registry.primitiveWrapperMap.get(StreamingAead.class);
                Class<?> inputPrimitiveClass = primitiveWrapper != null ? primitiveWrapper.getInputPrimitiveClass() : null;
                if (inputPrimitiveClass == null) {
                    throw new GeneralSecurityException(GeneratedOutlineSupport.outline15(StreamingAead.class, GeneratedOutlineSupport.outline40("No wrapper found for ")));
                }
                Logger logger = Registry.logger;
                KeyStatusType keyStatusType = KeyStatusType.ENABLED;
                Keyset keyset = keysetHandle.keyset;
                int i2 = Util.$r8$clinit;
                int primaryKeyId = keyset.getPrimaryKeyId();
                int i3 = 0;
                boolean z = false;
                boolean z2 = true;
                for (Keyset.Key key : keyset.getKeyList()) {
                    if (key.getStatus() == keyStatusType) {
                        if (!key.hasKeyData()) {
                            throw new GeneralSecurityException(String.format("key %d has no key data", Integer.valueOf(key.getKeyId())));
                        }
                        if (key.getOutputPrefixType() == OutputPrefixType.UNKNOWN_PREFIX) {
                            throw new GeneralSecurityException(String.format("key %d has unknown prefix", Integer.valueOf(key.getKeyId())));
                        }
                        if (key.getStatus() == KeyStatusType.UNKNOWN_STATUS) {
                            throw new GeneralSecurityException(String.format("key %d has unknown status", Integer.valueOf(key.getKeyId())));
                        }
                        if (key.getKeyId() == primaryKeyId) {
                            if (z) {
                                throw new GeneralSecurityException("keyset contains multiple primary keys");
                            }
                            z = true;
                        }
                        if (key.getKeyData().getKeyMaterialType() != KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC) {
                            z2 = false;
                        }
                        i3++;
                    }
                }
                byte b = 1;
                if (i3 == 0) {
                    throw new GeneralSecurityException("keyset must contain at least one ENABLED key");
                }
                if (!z && !z2) {
                    throw new GeneralSecurityException("keyset doesn't contain a valid primary key");
                }
                PrimitiveSet<?> primitiveSet = new PrimitiveSet<>(inputPrimitiveClass);
                for (Keyset.Key key2 : keysetHandle.keyset.getKeyList()) {
                    if (key2.getStatus() == keyStatusType) {
                        String typeUrl = key2.getKeyData().getTypeUrl();
                        ByteString value = key2.getKeyData().getValue();
                        Registry.KeyManagerContainer keyManagerContainerOrThrow = Registry.getKeyManagerContainerOrThrow(typeUrl);
                        if (!keyManagerContainerOrThrow.supportedPrimitives().contains(inputPrimitiveClass)) {
                            StringBuilder outline405 = GeneratedOutlineSupport.outline40("Primitive type ");
                            outline405.append(inputPrimitiveClass.getName());
                            outline405.append(" not supported by key manager of type ");
                            outline405.append(keyManagerContainerOrThrow.getImplementingClass());
                            outline405.append(", supported primitives: ");
                            Set<Class<?>> supportedPrimitives = keyManagerContainerOrThrow.supportedPrimitives();
                            StringBuilder sb = new StringBuilder();
                            boolean z3 = true;
                            for (Class<?> cls : supportedPrimitives) {
                                if (!z3) {
                                    sb.append(", ");
                                }
                                sb.append(cls.getCanonicalName());
                                z3 = false;
                            }
                            outline405.append(sb.toString());
                            throw new GeneralSecurityException(outline405.toString());
                        }
                        Object primitive = ((KeyManagerImpl) keyManagerContainerOrThrow.getKeyManager(inputPrimitiveClass)).getPrimitive(value);
                        if (key2.getStatus() != keyStatusType) {
                            throw new GeneralSecurityException("only ENABLED key is allowed");
                        }
                        int ordinal = key2.getOutputPrefixType().ordinal();
                        if (ordinal != b) {
                            if (ordinal != 2) {
                                if (ordinal == 3) {
                                    outline64 = CryptoFormat.RAW_PREFIX;
                                } else if (ordinal != 4) {
                                    throw new GeneralSecurityException("unknown output prefix type");
                                }
                            }
                            outline64 = GeneratedOutlineSupport.outline64(key2, ByteBuffer.allocate(5).put((byte) 0));
                        } else {
                            outline64 = GeneratedOutlineSupport.outline64(key2, ByteBuffer.allocate(5).put(b));
                        }
                        PrimitiveSet.Entry<P> entry = new PrimitiveSet.Entry<>(primitive, outline64, key2.getStatus(), key2.getOutputPrefixType(), key2.getKeyId());
                        ArrayList arrayList = new ArrayList();
                        arrayList.add(entry);
                        byte[] bArr = entry.identifier;
                        PrimitiveSet.Prefix prefix = new PrimitiveSet.Prefix(bArr == null ? null : Arrays.copyOf(bArr, bArr.length), null);
                        List<PrimitiveSet.Entry<?>> put = primitiveSet.primitives.put(prefix, Collections.unmodifiableList(arrayList));
                        if (put != null) {
                            ArrayList arrayList2 = new ArrayList();
                            arrayList2.addAll(put);
                            arrayList2.add(entry);
                            primitiveSet.primitives.put(prefix, Collections.unmodifiableList(arrayList2));
                        }
                        if (key2.getKeyId() == keysetHandle.keyset.getPrimaryKeyId()) {
                            if (entry.status != keyStatusType) {
                                throw new IllegalArgumentException("the primary entry has to be ENABLED");
                            }
                            byte[] bArr2 = entry.identifier;
                            if (primitiveSet.getPrimitive(bArr2 != null ? Arrays.copyOf(bArr2, bArr2.length) : null).isEmpty()) {
                                throw new IllegalArgumentException("the primary entry cannot be set to an entry which is not held by this primitive set");
                            }
                            primitiveSet.primary = entry;
                        }
                        b = 1;
                    }
                }
                PrimitiveWrapper<?, ?> primitiveWrapper2 = Registry.primitiveWrapperMap.get(StreamingAead.class);
                if (primitiveWrapper2 == null) {
                    throw new GeneralSecurityException(GeneratedOutlineSupport.outline15(primitiveSet.primitiveClass, GeneratedOutlineSupport.outline40("No wrapper found for ")));
                }
                if (primitiveWrapper2.getInputPrimitiveClass().equals(primitiveSet.primitiveClass)) {
                    EncryptedFile encryptedFile = new EncryptedFile(file, "__androidx_security_crypto_encrypted_file_keyset__", (StreamingAead) primitiveWrapper2.wrap(primitiveSet), applicationContext);
                    Intrinsics.checkNotNullExpressionValue(encryptedFile, "EncryptedFile.Builder(\n …KDF_4KB\n        ).build()");
                    return encryptedFile;
                }
                StringBuilder outline406 = GeneratedOutlineSupport.outline40("Wrong input primitive class, expected ");
                outline406.append(primitiveWrapper2.getInputPrimitiveClass());
                outline406.append(", got ");
                outline406.append(primitiveSet.primitiveClass);
                throw new GeneralSecurityException(outline406.toString());
            }
        });
    }

    @Override // com.tapptic.gigya.storage.AccountStorageRepository
    public void clear() {
        if (this.accountFile.exists()) {
            this.accountFile.delete();
        }
    }

    @Override // com.tapptic.gigya.storage.AccountStorageRepository
    public boolean getDoesCacheExist() {
        return this.accountFile.exists() && this.accountFile.canRead();
    }

    @Override // com.tapptic.gigya.storage.AccountStorageRepository
    public Maybe<Account> read() {
        Maybe subscribeOn = new MaybeOnErrorComplete(new MaybeFromCallable(new Callable<Account>() { // from class: com.tapptic.gigya.storage.EncryptedFileAccountStorageRepository$read$1
            @Override // java.util.concurrent.Callable
            public Account call() {
                EncryptedFile encryptedFile = (EncryptedFile) EncryptedFileAccountStorageRepository.this.encryptedFile$delegate.getValue();
                if (!encryptedFile.mFile.exists()) {
                    StringBuilder outline40 = GeneratedOutlineSupport.outline40("file doesn't exist: ");
                    outline40.append(encryptedFile.mFile.getName());
                    throw new IOException(outline40.toString());
                }
                FileInputStream fileInputStream = new FileInputStream(encryptedFile.mFile);
                EncryptedFile.EncryptedFileInputStream encryptedFileInputStream = new EncryptedFile.EncryptedFileInputStream(fileInputStream.getFD(), encryptedFile.mStreamingAead.newDecryptingStream(fileInputStream, encryptedFile.mFile.getName().getBytes(StandardCharsets.UTF_8)));
                Intrinsics.checkNotNullExpressionValue(encryptedFileInputStream, "encryptedFile.openFileInput()");
                return EncryptedFileAccountStorageRepository.this.adapter.fromJson(new RealBufferedSource(Okio.source(encryptedFileInputStream)));
            }
        }).doOnError(new Consumer<Throwable>() { // from class: com.tapptic.gigya.storage.EncryptedFileAccountStorageRepository$read$2
            @Override // io.reactivex.functions.Consumer
            public void accept(Throwable th) {
                EncryptedFileAccountStorageRepository.this.clear();
            }
        }), Functions.ALWAYS_TRUE).subscribeOn(Schedulers.IO);
        Intrinsics.checkNotNullExpressionValue(subscribeOn, "Maybe.fromCallable<Accou…scribeOn(Schedulers.io())");
        return subscribeOn;
    }

    @Override // com.tapptic.gigya.storage.AccountStorageRepository
    public Completable write(final Account account) {
        Intrinsics.checkNotNullParameter(account, "account");
        Completable subscribeOn = new CompletableFromAction(new Action() { // from class: com.tapptic.gigya.storage.EncryptedFileAccountStorageRepository$write$1
            @Override // io.reactivex.functions.Action
            public final void run() {
                String accountJson = EncryptedFileAccountStorageRepository.this.adapter.toJson(account);
                EncryptedFileAccountStorageRepository.this.clear();
                EncryptedFile encryptedFile = (EncryptedFile) EncryptedFileAccountStorageRepository.this.encryptedFile$delegate.getValue();
                if (encryptedFile.mFile.exists()) {
                    StringBuilder outline40 = GeneratedOutlineSupport.outline40("output file already exists, please use a new file: ");
                    outline40.append(encryptedFile.mFile.getName());
                    throw new IOException(outline40.toString());
                }
                FileOutputStream fileOutputStream = new FileOutputStream(encryptedFile.mFile);
                EncryptedFile.EncryptedFileOutputStream encryptedFileOutputStream = new EncryptedFile.EncryptedFileOutputStream(fileOutputStream.getFD(), encryptedFile.mStreamingAead.newEncryptingStream(fileOutputStream, encryptedFile.mFile.getName().getBytes(StandardCharsets.UTF_8)));
                try {
                    Intrinsics.checkNotNullExpressionValue(accountJson, "accountJson");
                    Charset charset = StandardCharsets.UTF_8;
                    Intrinsics.checkNotNullExpressionValue(charset, "StandardCharsets.UTF_8");
                    byte[] bytes = accountJson.getBytes(charset);
                    Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
                    encryptedFileOutputStream.mEncryptedOutputStream.write(bytes);
                    RxJavaPlugins.closeFinally(encryptedFileOutputStream, null);
                } finally {
                }
            }
        }).onErrorComplete().subscribeOn(Schedulers.IO);
        Intrinsics.checkNotNullExpressionValue(subscribeOn, "Completable.fromAction {…scribeOn(Schedulers.io())");
        return subscribeOn;
    }
}
