package com.google.crypto.tink.integration.android;

import android.security.keystore.KeyGenParameterSpec;
import coil.memory.MemoryCacheService;
import com.google.crypto.tink.internal.Random;
import com.google.crypto.tink.subtle.Validators;
import com.sun.jna.Function;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Arrays;
import javax.crypto.KeyGenerator;

/* loaded from: classes.dex */
public abstract class AndroidKeystore {
    public static final Object keystoreLock = new Object();

    public static boolean generateKeyIfNotExist(String str) {
        synchronized (keystoreLock) {
            try {
                String validateKmsKeyUriAndRemovePrefix = Validators.validateKmsKeyUriAndRemovePrefix(str);
                try {
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    keyStore.load(null);
                    if (keyStore.containsAlias(validateKmsKeyUriAndRemovePrefix)) {
                        return false;
                    }
                    generateNewAes256GcmKey(validateKmsKeyUriAndRemovePrefix);
                    return true;
                } catch (IOException e) {
                    throw new GeneralSecurityException(e);
                }
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    public static void generateNewAes256GcmKey(String str) {
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(str, 3).setKeySize(Function.MAX_NARGS).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(build);
        keyGenerator.generateKey();
    }

    public static MemoryCacheService getAead(String str) {
        MemoryCacheService memoryCacheService;
        try {
            synchronized (keystoreLock) {
                memoryCacheService = new MemoryCacheService(Validators.validateKmsKeyUriAndRemovePrefix(str));
                byte[] randBytes = Random.randBytes(10);
                byte[] bArr = new byte[0];
                if (!Arrays.equals(randBytes, memoryCacheService.decrypt(memoryCacheService.encrypt(randBytes, bArr), bArr))) {
                    throw new KeyStoreException("cannot use Android Keystore: encryption/decryption of non-empty message and empty aad returns an incorrect result");
                }
            }
            return memoryCacheService;
        } catch (IOException e) {
            throw new GeneralSecurityException(e);
        }
    }
}
