package defpackage;

import android.content.Context;
import android.security.keystore.recovery.DecryptionFailedException;
import android.security.keystore.recovery.InternalRecoveryServiceException;
import android.security.keystore.recovery.KeyChainProtectionParams;
import android.security.keystore.recovery.KeyDerivationParams;
import android.security.keystore.recovery.RecoveryController;
import android.security.keystore.recovery.RecoverySession;
import android.security.keystore.recovery.SessionExpiredException;
import android.security.keystore.recovery.WrappedApplicationKey;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

/* compiled from: :com.google.android.gms@203915065@20.39.15 (110700-335085812) */
/* loaded from: classes.dex */
public final class ioc implements AutoCloseable {
    private static final qeo a = iqc.a("KeyRecoveryController");
    private final ioe b;
    private final Context c;
    private bmtd d;
    private RecoverySession e;

    public ioc(Context context, ioe ioeVar) {
        this.b = ioeVar;
        this.c = context;
    }

    private final bmtd c() {
        bmtd bmtdVar = this.d;
        if (bmtdVar != null) {
            return bmtdVar;
        }
        throw new iof("Please first call startRecovery().", 15);
    }

    public final bmsx a() {
        final bmsw bmswVar;
        KeyChainProtectionParams build = new KeyChainProtectionParams.Builder().setUserSecretType(100).setLockScreenUiFormat(2).setKeyDerivationParams(KeyDerivationParams.createSha256Params(new byte[0])).setSecret(this.b.b.k()).build();
        ArrayList arrayList = new ArrayList();
        arrayList.add(build);
        byte[] array = ByteBuffer.allocate(94).order(ByteOrder.LITTLE_ENDIAN).put(this.b.e.k()).putLong(this.b.g).putInt(this.b.f).put(this.b.h.k()).array();
        qeo qeoVar = a;
        qeoVar.c("Vault params have length %d", Integer.valueOf(array.length));
        qeoVar.c("Starting a recovery session", new Object[0]);
        RecoverySession createRecoverySession = RecoveryController.getInstance(this.c).createRecoverySession();
        this.e = createRecoverySession;
        try {
            String p = bysp.p();
            ioe ioeVar = this.b;
            byte[] start = createRecoverySession.start(p, ioeVar.d, array, ioeVar.c.k(), arrayList);
            if (start == null) {
                qeoVar.e("Recovery claim is null", new Object[0]);
                throw new iof("Failed to recover snapshot", 17);
            }
            qeoVar.c("Recovery claim has length %d", Integer.valueOf(start.length));
            ByteBuffer order = ByteBuffer.wrap(this.b.h.k()).order(ByteOrder.LITTLE_ENDIAN);
            order.get();
            order.getLong();
            qeoVar.b("Opening vault for device %d with challenge '%s' ... ", Long.valueOf(order.getLong()), qrh.a(this.b.c.k()));
            bukd a2 = bukd.a(start);
            ioe ioeVar2 = this.b;
            bukd bukdVar = ioeVar2.h;
            bukd bukdVar2 = ioeVar2.c;
            if (byss.d()) {
                bulg ef = bmsw.e.ef();
                if (ef.c) {
                    ef.e();
                    ef.c = false;
                }
                bmsw bmswVar2 = (bmsw) ef.b;
                bukdVar2.getClass();
                bmswVar2.c = bukdVar2;
                a2.getClass();
                bmswVar2.b = a2;
                bukdVar.getClass();
                bmswVar2.a = bukdVar;
                bmswVar2.d = 1;
                bmswVar = (bmsw) ef.k();
            } else {
                bulg ef2 = bmsw.e.ef();
                if (ef2.c) {
                    ef2.e();
                    ef2.c = false;
                }
                bmsw bmswVar3 = (bmsw) ef2.b;
                bukdVar2.getClass();
                bmswVar3.c = bukdVar2;
                a2.getClass();
                bmswVar3.b = a2;
                bukdVar.getClass();
                bmswVar3.a = bukdVar;
                bmswVar = (bmsw) ef2.k();
            }
            qeoVar.c("Using vault service for account '%s'", qeo.a(this.b.a.name));
            bmsx bmsxVar = (bmsx) new ion(this.c, this.b.a).a(new iom(bmswVar) { // from class: ioi
                private final bmsw a;

                {
                    this.a = bmswVar;
                }

                @Override // defpackage.iom
                public final Object a(bmtg bmtgVar) {
                    bmsw bmswVar4 = this.a;
                    int i = ion.a;
                    cdwj cdwjVar = bmtgVar.a;
                    cdzp cdzpVar = bmth.b;
                    if (cdzpVar == null) {
                        synchronized (bmth.class) {
                            cdzpVar = bmth.b;
                            if (cdzpVar == null) {
                                cdzm a3 = cdzp.a();
                                a3.c = cdzo.UNARY;
                                a3.d = cdzp.a("google.cryptauth.vault.v1.VaultService", "OpenVault");
                                a3.b();
                                a3.a = cepd.a(bmsw.e);
                                a3.b = cepd.a(bmsx.d);
                                cdzpVar = a3.a();
                                bmth.b = cdzpVar;
                            }
                        }
                    }
                    return (bmsx) cepq.a(cdwjVar, cdzpVar, bmtgVar.b, bmswVar4);
                }
            });
            bmtd bmtdVar = bmsxVar.b;
            if (bmtdVar == null) {
                bmtdVar = bmtd.f;
            }
            this.d = bmtdVar;
            return bmsxVar;
        } catch (InternalRecoveryServiceException e) {
            a.e("Failed to call session.start", e, new Object[0]);
            throw new iof("Failed to recover snapshot", 17);
        } catch (CertificateException e2) {
            a.e("Failed to call session.start", e2, new Object[0]);
            throw new iof("Failed to recover snapshot", 13);
        }
    }

    public final void b() {
        if (this.e == null) {
            throw new iof("Cannot import application keys before starting session", 15);
        }
        byte[] k = c().d.k();
        bumf<bmsn> bumfVar = c().e;
        ArrayList arrayList = new ArrayList(bumfVar.size());
        for (bmsn bmsnVar : bumfVar) {
            bukd bukdVar = bmsnVar.a == 3 ? (bukd) bmsnVar.b : bukd.b;
            if (!bukdVar.j()) {
                arrayList.add(new WrappedApplicationKey.Builder().setAlias(bmsnVar.c).setEncryptedKeyMaterial(bukdVar.k()).build());
            } else if (byss.d() && bmsnVar.a == 4) {
                a.b("Recovering KeyPair", new Object[0]);
                arrayList.add(new WrappedApplicationKey.Builder().setAlias(bmsnVar.c).setEncryptedKeyMaterial((bmsnVar.a == 4 ? (bmsp) bmsnVar.b : bmsp.e).c.k()).build());
            }
        }
        qeo qeoVar = a;
        qeoVar.c("Attempting to recover %d application keys", Integer.valueOf(arrayList.size()));
        try {
            Map recoverKeyChainSnapshot = this.e.recoverKeyChainSnapshot(k, arrayList);
            qeoVar.c("Got %d keys back from framework", Integer.valueOf(recoverKeyChainSnapshot.size()));
            this.d = null;
            if (byss.d()) {
                for (bmsn bmsnVar2 : bumfVar) {
                    if (bmsnVar2.a == 4) {
                        bmsp bmspVar = (bmsp) bmsnVar2.b;
                        Key key = (Key) recoverKeyChainSnapshot.get(bmsnVar2.c);
                        if (key == null) {
                            a.e("Snapshot has key pair, but wrapping key was not recovered", new Object[0]);
                        } else {
                            try {
                                byte[] a2 = ipz.a(key, bmspVar.b);
                                bulg ef = inz.e.ef();
                                bukd a3 = bukd.a(a2);
                                if (ef.c) {
                                    ef.e();
                                    ef.c = false;
                                }
                                inz inzVar = (inz) ef.b;
                                a3.getClass();
                                inzVar.b = a3;
                                bukd bukdVar2 = bmspVar.a;
                                bukdVar2.getClass();
                                inzVar.a = bukdVar2;
                                PrivateKey b = boqw.b(((inz) ef.k()).b.k());
                                for (bmso bmsoVar : bmspVar.d) {
                                    try {
                                        ioy ioyVar = (ioy) ioy.a.b();
                                        String str = this.b.a.name;
                                        String str2 = bmsoVar.a;
                                        bumf<bmta> bumfVar2 = bmsoVar.b;
                                        ArrayList arrayList2 = new ArrayList(bumfVar2.size());
                                        for (bmta bmtaVar : bumfVar2) {
                                            byte[] a4 = boqw.a(b, ipz.a, bmtaVar.b.k());
                                            bulg ef2 = ioa.c.ef();
                                            int i = bmtaVar.a;
                                            if (ef2.c) {
                                                ef2.e();
                                                ef2.c = false;
                                            }
                                            ((ioa) ef2.b).a = i;
                                            bukd a5 = bukd.a(a4);
                                            if (ef2.c) {
                                                ef2.e();
                                                ef2.c = false;
                                            }
                                            ioa ioaVar = (ioa) ef2.b;
                                            a5.getClass();
                                            ioaVar.b = a5;
                                            arrayList2.add((ioa) ef2.k());
                                        }
                                        ioyVar.a(str, str2, arrayList2);
                                    } catch (fts | IOException e) {
                                        a.b("Shared keys failed to be saved locally.", e, new Object[0]);
                                    }
                                }
                            } catch (InvalidKeyException e2) {
                                e = e2;
                                a.b("Could not decrypt key pair.", e, new Object[0]);
                            } catch (NoSuchAlgorithmException e3) {
                                throw new IllegalStateException(e3);
                            } catch (BadPaddingException e4) {
                                e = e4;
                                a.b("Could not decrypt key pair.", e, new Object[0]);
                            } catch (IllegalBlockSizeException e5) {
                                e = e5;
                                a.b("Could not decrypt key pair.", e, new Object[0]);
                            }
                        }
                    }
                }
            }
        } catch (DecryptionFailedException e6) {
            throw new iof("Client crypto error", 13);
        } catch (InternalRecoveryServiceException e7) {
            throw new iof("Failed to recover snapshot", 16);
        } catch (SessionExpiredException e8) {
            throw new iof("Recovery session expired", 15);
        }
    }

    @Override // java.lang.AutoCloseable
    public final void close() {
        RecoverySession recoverySession = this.e;
        if (recoverySession != null) {
            recoverySession.close();
        }
    }
}
