package defpackage;

import android.content.Context;
import android.security.keystore.recovery.DecryptionFailedException;
import android.security.keystore.recovery.InternalRecoveryServiceException;
import android.security.keystore.recovery.KeyChainProtectionParams;
import android.security.keystore.recovery.KeyDerivationParams;
import android.security.keystore.recovery.RecoveryController;
import android.security.keystore.recovery.RecoverySession;
import android.security.keystore.recovery.SessionExpiredException;
import android.security.keystore.recovery.WrappedApplicationKey;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

/* compiled from: :com.google.android.gms@204516065@20.45.16 (110700-344294571) */
/* loaded from: classes.dex */
public final class ive implements AutoCloseable {
    private static final qom a = ixe.a("KeyRecoveryController");
    private final ivg b;
    private final Context c;
    private bnxk d;
    private RecoverySession e;

    public ive(Context context, ivg ivgVar) {
        this.b = ivgVar;
        this.c = context;
    }

    private final bnxk c() {
        bnxk bnxkVar = this.d;
        if (bnxkVar != null) {
            return bnxkVar;
        }
        throw new ivh("Please first call startRecovery().", 15);
    }

    public final bnxe a() {
        final bnxd bnxdVar;
        KeyChainProtectionParams build = new KeyChainProtectionParams.Builder().setUserSecretType(100).setLockScreenUiFormat(2).setKeyDerivationParams(KeyDerivationParams.createSha256Params(new byte[0])).setSecret(this.b.b.H()).build();
        ArrayList arrayList = new ArrayList();
        arrayList.add(build);
        byte[] array = ByteBuffer.allocate(94).order(ByteOrder.LITTLE_ENDIAN).put(this.b.e.H()).putLong(this.b.g).putInt(this.b.f).put(this.b.h.H()).array();
        qom qomVar = a;
        qomVar.f("Vault params have length %d", Integer.valueOf(array.length));
        qomVar.f("Starting a recovery session", new Object[0]);
        RecoverySession createRecoverySession = RecoveryController.getInstance(this.c).createRecoverySession();
        this.e = createRecoverySession;
        try {
            String p = caky.p();
            ivg ivgVar = this.b;
            byte[] start = createRecoverySession.start(p, ivgVar.d, array, ivgVar.c.H(), arrayList);
            if (start == null) {
                qomVar.k("Recovery claim is null", new Object[0]);
                throw new ivh("Failed to recover snapshot", 17);
            }
            qomVar.f("Recovery claim has length %d", Integer.valueOf(start.length));
            ByteBuffer order = ByteBuffer.wrap(this.b.h.H()).order(ByteOrder.LITTLE_ENDIAN);
            order.get();
            order.getLong();
            qomVar.d("Opening vault for device %d with challenge '%s' ... ", Long.valueOf(order.getLong()), rbh.a(this.b.c.H()));
            bvsc x = bvsc.x(start);
            ivg ivgVar2 = this.b;
            bvsc bvscVar = ivgVar2.h;
            bvsc bvscVar2 = ivgVar2.c;
            if (calb.d()) {
                bvtf s = bnxd.e.s();
                if (s.c) {
                    s.x();
                    s.c = false;
                }
                bnxd bnxdVar2 = (bnxd) s.b;
                bvscVar2.getClass();
                bnxdVar2.c = bvscVar2;
                x.getClass();
                bnxdVar2.b = x;
                bvscVar.getClass();
                bnxdVar2.a = bvscVar;
                bnxdVar2.d = 1;
                bnxdVar = (bnxd) s.D();
            } else {
                bvtf s2 = bnxd.e.s();
                if (s2.c) {
                    s2.x();
                    s2.c = false;
                }
                bnxd bnxdVar3 = (bnxd) s2.b;
                bvscVar2.getClass();
                bnxdVar3.c = bvscVar2;
                x.getClass();
                bnxdVar3.b = x;
                bvscVar.getClass();
                bnxdVar3.a = bvscVar;
                bnxdVar = (bnxd) s2.D();
            }
            qomVar.f("Using vault service for account '%s'", qom.p(this.b.a.name));
            bnxe bnxeVar = (bnxe) new ivp(this.c, this.b.a).b(new ivo(bnxdVar) { // from class: ivk
                private final bnxd a;

                {
                    this.a = bnxdVar;
                }

                @Override // defpackage.ivo
                public final Object a(bnxn bnxnVar) {
                    bnxd bnxdVar4 = this.a;
                    int i = ivp.a;
                    cfsh cfshVar = bnxnVar.a;
                    cfvo cfvoVar = bnxo.b;
                    if (cfvoVar == null) {
                        synchronized (bnxo.class) {
                            cfvoVar = bnxo.b;
                            if (cfvoVar == null) {
                                cfvl c = cfvo.c();
                                c.c = cfvn.UNARY;
                                c.d = cfvo.b("google.cryptauth.vault.v1.VaultService", "OpenVault");
                                c.b();
                                c.a = cglb.b(bnxd.e);
                                c.b = cglb.b(bnxe.d);
                                cfvoVar = c.a();
                                bnxo.b = cfvoVar;
                            }
                        }
                    }
                    return (bnxe) cglo.c(cfshVar, cfvoVar, bnxnVar.b, bnxdVar4);
                }
            });
            bnxk bnxkVar = bnxeVar.b;
            if (bnxkVar == null) {
                bnxkVar = bnxk.f;
            }
            this.d = bnxkVar;
            return bnxeVar;
        } catch (InternalRecoveryServiceException e) {
            a.l("Failed to call session.start", e, new Object[0]);
            throw new ivh("Failed to recover snapshot", 17);
        } catch (CertificateException e2) {
            a.l("Failed to call session.start", e2, new Object[0]);
            throw new ivh("Failed to recover snapshot", 13);
        }
    }

    public final void b() {
        if (this.e == null) {
            throw new ivh("Cannot import application keys before starting session", 15);
        }
        byte[] H = c().d.H();
        bvue<bnwu> bvueVar = c().e;
        ArrayList arrayList = new ArrayList(bvueVar.size());
        for (bnwu bnwuVar : bvueVar) {
            bvsc bvscVar = bnwuVar.a == 3 ? (bvsc) bnwuVar.b : bvsc.b;
            if (!bvscVar.u()) {
                arrayList.add(new WrappedApplicationKey.Builder().setAlias(bnwuVar.c).setEncryptedKeyMaterial(bvscVar.H()).build());
            } else if (calb.d() && bnwuVar.a == 4) {
                a.d("Recovering KeyPair", new Object[0]);
                arrayList.add(new WrappedApplicationKey.Builder().setAlias(bnwuVar.c).setEncryptedKeyMaterial((bnwuVar.a == 4 ? (bnww) bnwuVar.b : bnww.e).c.H()).build());
            }
        }
        qom qomVar = a;
        qomVar.f("Attempting to recover %d application keys", Integer.valueOf(arrayList.size()));
        try {
            Map recoverKeyChainSnapshot = this.e.recoverKeyChainSnapshot(H, arrayList);
            qomVar.f("Got %d keys back from framework", Integer.valueOf(recoverKeyChainSnapshot.size()));
            this.d = null;
            if (calb.d()) {
                for (bnwu bnwuVar2 : bvueVar) {
                    if (bnwuVar2.a == 4) {
                        bnww bnwwVar = (bnww) bnwuVar2.b;
                        Key key = (Key) recoverKeyChainSnapshot.get(bnwuVar2.c);
                        if (key == null) {
                            a.k("Snapshot has key pair, but wrapping key was not recovered", new Object[0]);
                        } else {
                            try {
                                byte[] d = ixb.d(key, bnwwVar.b);
                                bvtf s = ivb.e.s();
                                bvsc x = bvsc.x(d);
                                if (s.c) {
                                    s.x();
                                    s.c = false;
                                }
                                ivb ivbVar = (ivb) s.b;
                                x.getClass();
                                ivbVar.b = x;
                                bvsc bvscVar2 = bnwwVar.a;
                                bvscVar2.getClass();
                                ivbVar.a = bvscVar2;
                                PrivateKey h = bpvu.h(((ivb) s.D()).b.H());
                                for (bnwv bnwvVar : bnwwVar.d) {
                                    try {
                                        iwa iwaVar = (iwa) iwa.a.b();
                                        String str = this.b.a.name;
                                        String str2 = bnwvVar.a;
                                        bvue<bnxh> bvueVar2 = bnwvVar.b;
                                        ArrayList arrayList2 = new ArrayList(bvueVar2.size());
                                        for (bnxh bnxhVar : bvueVar2) {
                                            byte[] k = bpvu.k(h, ixb.a, bnxhVar.b.H());
                                            bvtf s2 = ivc.c.s();
                                            int i = bnxhVar.a;
                                            if (s2.c) {
                                                s2.x();
                                                s2.c = false;
                                            }
                                            ((ivc) s2.b).a = i;
                                            bvsc x2 = bvsc.x(k);
                                            if (s2.c) {
                                                s2.x();
                                                s2.c = false;
                                            }
                                            ivc ivcVar = (ivc) s2.b;
                                            x2.getClass();
                                            ivcVar.b = x2;
                                            arrayList2.add((ivc) s2.D());
                                        }
                                        iwaVar.f(str, str2, arrayList2);
                                    } catch (fzp | IOException e) {
                                        a.e("Shared keys failed to be saved locally.", e, new Object[0]);
                                    }
                                }
                            } catch (InvalidKeyException e2) {
                                e = e2;
                                a.e("Could not decrypt key pair.", e, new Object[0]);
                            } catch (NoSuchAlgorithmException e3) {
                                throw new IllegalStateException(e3);
                            } catch (BadPaddingException e4) {
                                e = e4;
                                a.e("Could not decrypt key pair.", e, new Object[0]);
                            } catch (IllegalBlockSizeException e5) {
                                e = e5;
                                a.e("Could not decrypt key pair.", e, new Object[0]);
                            }
                        }
                    }
                }
            }
        } catch (DecryptionFailedException e6) {
            throw new ivh("Client crypto error", 13);
        } catch (InternalRecoveryServiceException e7) {
            throw new ivh("Failed to recover snapshot", 16);
        } catch (SessionExpiredException e8) {
            throw new ivh("Recovery session expired", 15);
        }
    }

    @Override // java.lang.AutoCloseable
    public final void close() {
        RecoverySession recoverySession = this.e;
        if (recoverySession != null) {
            recoverySession.close();
        }
    }
}
