package defpackage;

import android.content.Context;
import android.security.keystore.recovery.DecryptionFailedException;
import android.security.keystore.recovery.InternalRecoveryServiceException;
import android.security.keystore.recovery.KeyChainProtectionParams;
import android.security.keystore.recovery.KeyDerivationParams;
import android.security.keystore.recovery.RecoveryController;
import android.security.keystore.recovery.RecoverySession;
import android.security.keystore.recovery.SessionExpiredException;
import android.security.keystore.recovery.WrappedApplicationKey;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

/* compiled from: :com.google.android.gms@213614023@21.36.14 (040800-395708125) */
/* loaded from: classes.dex */
public final class iug implements AutoCloseable {
    public static final /* synthetic */ int a = 0;
    private static final rdp b = ioy.i("KeyRecoveryController");
    private final iui c;
    private final Context d;
    private bkfp e;
    private RecoverySession f;

    public iug(Context context, iui iuiVar) {
        this.c = iuiVar;
        this.d = context;
    }

    private final bkfp c() {
        bkfp bkfpVar = this.e;
        if (bkfpVar != null) {
            return bkfpVar;
        }
        throw new iuj("Please first call startRecovery().", 15);
    }

    public final bkfm a() {
        long j;
        final bkfl bkflVar;
        KeyChainProtectionParams build = new KeyChainProtectionParams.Builder().setUserSecretType(100).setLockScreenUiFormat(2).setKeyDerivationParams(KeyDerivationParams.createSha256Params(new byte[0])).setSecret(this.c.b.Q()).build();
        ArrayList arrayList = new ArrayList();
        arrayList.add(build);
        byte[] Q = this.c.e.Q();
        byte[] Q2 = this.c.h.Q();
        byte[] array = ByteBuffer.allocate(Q.length + 12 + Q2.length).order(ByteOrder.LITTLE_ENDIAN).put(Q).putLong(this.c.g).putInt(this.c.f).put(Q2).array();
        rdp rdpVar = b;
        rdpVar.g("Vault params have length %d", Integer.valueOf(array.length));
        rdpVar.g("Starting a recovery session", new Object[0]);
        RecoverySession createRecoverySession = RecoveryController.getInstance(this.d).createRecoverySession();
        this.f = createRecoverySession;
        try {
            String j2 = bvhb.j();
            iui iuiVar = this.c;
            byte[] start = createRecoverySession.start(j2, iuiVar.d, array, iuiVar.c.Q(), arrayList);
            if (start == null) {
                rdpVar.e("Recovery claim is null", new Object[0]);
                throw new iuj("Failed to recover snapshot", 17);
            }
            rdpVar.g("Recovery claim has length %d", Integer.valueOf(start.length));
            Object[] objArr = new Object[2];
            brdc brdcVar = this.c.h;
            if (brdcVar == null) {
                j = -1;
            } else {
                ByteBuffer order = ByteBuffer.wrap(brdcVar.Q()).order(ByteOrder.LITTLE_ENDIAN);
                order.get();
                order.getLong();
                j = order.getLong();
            }
            objArr[0] = Long.valueOf(j);
            objArr[1] = rnv.b(this.c.c.Q());
            rdpVar.c("Opening vault for device %d with challenge '%s' ... ", objArr);
            brdc B = brdc.B(start);
            iui iuiVar2 = this.c;
            brdc brdcVar2 = iuiVar2.h;
            brdc brdcVar3 = iuiVar2.c;
            if (bvhe.g()) {
                breg t = bkfl.e.t();
                if (t.c) {
                    t.dd();
                    t.c = false;
                }
                bkfl bkflVar2 = (bkfl) t.b;
                bkflVar2.c = brdcVar3;
                bkflVar2.b = B;
                brdcVar2.getClass();
                bkflVar2.a = brdcVar2;
                bkflVar2.d = 1;
                bkflVar = (bkfl) t.cZ();
            } else {
                breg t2 = bkfl.e.t();
                if (t2.c) {
                    t2.dd();
                    t2.c = false;
                }
                bkfl bkflVar3 = (bkfl) t2.b;
                bkflVar3.c = brdcVar3;
                bkflVar3.b = B;
                brdcVar2.getClass();
                bkflVar3.a = brdcVar2;
                bkflVar = (bkfl) t2.cZ();
            }
            rdpVar.g("Using vault service for account '%s'", rdp.p(this.c.a.name));
            int i = iuq.a;
            bkfm bkfmVar = (bkfm) iuq.a(new iup() { // from class: iun
                @Override // defpackage.iup
                public final Object a(bkfr bkfrVar) {
                    bkfl bkflVar4 = bkfl.this;
                    int i2 = iuq.a;
                    cbid cbidVar = bkfrVar.a;
                    cbla cblaVar = bkfs.b;
                    if (cblaVar == null) {
                        synchronized (bkfs.class) {
                            cblaVar = bkfs.b;
                            if (cblaVar == null) {
                                cbkx a2 = cbla.a();
                                a2.c = cbkz.UNARY;
                                a2.d = cbla.d("google.cryptauth.vault.v1.VaultService", "OpenVault");
                                a2.b();
                                a2.a = cbzv.b(bkfl.e);
                                a2.b = cbzv.b(bkfm.d);
                                cblaVar = a2.a();
                                bkfs.b = cblaVar;
                            }
                        }
                    }
                    return (bkfm) ccai.b(cbidVar, cblaVar, bkfrVar.b, bkflVar4);
                }
            }, this.d, this.c.a);
            bkfp bkfpVar = bkfmVar.b;
            if (bkfpVar == null) {
                bkfpVar = bkfp.f;
            }
            this.e = bkfpVar;
            return bkfmVar;
        } catch (CertificateException e) {
            b.f("Failed to call session.start", e, new Object[0]);
            throw new iuj("Failed to recover snapshot", e, 13);
        } catch (InternalRecoveryServiceException e2) {
            b.f("Failed to call session.start", e2, new Object[0]);
            throw new iuj("Failed to recover snapshot", e2, 17);
        }
    }

    public final void b() {
        int i;
        if (this.f == null) {
            throw new iuj("Cannot import application keys before starting session", 15);
        }
        byte[] Q = c().d.Q();
        brff<bkff> brffVar = c().e;
        ArrayList arrayList = new ArrayList(brffVar.size());
        Iterator it = brffVar.iterator();
        while (true) {
            i = 4;
            if (!it.hasNext()) {
                break;
            }
            bkff bkffVar = (bkff) it.next();
            brdc brdcVar = bkffVar.a == 3 ? (brdc) bkffVar.b : brdc.b;
            if (!brdcVar.P()) {
                rdp rdpVar = b;
                String valueOf = String.valueOf(bkffVar.c);
                rdpVar.c(valueOf.length() != 0 ? "Recovering application key with alias: ".concat(valueOf) : new String("Recovering application key with alias: "), new Object[0]);
                arrayList.add(new WrappedApplicationKey.Builder().setAlias(bkffVar.c).setEncryptedKeyMaterial(brdcVar.Q()).build());
            } else if (bvhe.g() && bkffVar.a == 4) {
                b.c("Recovering KeyPair", new Object[0]);
                arrayList.add(new WrappedApplicationKey.Builder().setAlias(bkffVar.c).setEncryptedKeyMaterial((bkffVar.a == 4 ? (bkfh) bkffVar.b : bkfh.e).c.Q()).build());
            }
        }
        rdp rdpVar2 = b;
        rdpVar2.g("Attempting to recover %d application keys", Integer.valueOf(arrayList.size()));
        try {
            Map recoverKeyChainSnapshot = this.f.recoverKeyChainSnapshot(Q, arrayList);
            rdpVar2.g("Got %d keys back from framework", Integer.valueOf(recoverKeyChainSnapshot.size()));
            byte[] bArr = null;
            this.e = null;
            if (bvhe.g()) {
                for (bkff bkffVar2 : brffVar) {
                    if (bkffVar2.a == i) {
                        bkfh bkfhVar = (bkfh) bkffVar2.b;
                        Key key = (Key) recoverKeyChainSnapshot.get(bkffVar2.c);
                        if (key == null) {
                            b.e("Snapshot has key pair, but wrapping key was not recovered", new Object[0]);
                        } else {
                            try {
                                byte[] d = ivu.d(key, bkfhVar.b);
                                breg t = iud.f.t();
                                brdc B = brdc.B(d);
                                if (t.c) {
                                    t.dd();
                                    t.c = false;
                                }
                                iud iudVar = (iud) t.b;
                                iudVar.b = B;
                                brdc brdcVar2 = bkfhVar.a;
                                brdcVar2.getClass();
                                iudVar.a = brdcVar2;
                                PrivateKey b2 = bmac.b(((iud) t.cZ()).b.Q());
                                for (bkfg bkfgVar : bkfhVar.d) {
                                    try {
                                        iuz iuzVar = (iuz) iuz.a.b();
                                        String str = this.c.a.name;
                                        String str2 = bkfgVar.a;
                                        brff<bkfn> brffVar2 = bkfgVar.b;
                                        ArrayList arrayList2 = new ArrayList(brffVar2.size());
                                        for (bkfn bkfnVar : brffVar2) {
                                            byte[] g = bmac.g(b2, bArr, ivu.a, bkfnVar.b.Q());
                                            breg t2 = iue.c.t();
                                            int i2 = bkfnVar.a;
                                            if (t2.c) {
                                                t2.dd();
                                                t2.c = false;
                                            }
                                            ((iue) t2.b).a = i2;
                                            brdc B2 = brdc.B(g);
                                            if (t2.c) {
                                                t2.dd();
                                                t2.c = false;
                                            }
                                            ((iue) t2.b).b = B2;
                                            arrayList2.add((iue) t2.cZ());
                                            bArr = null;
                                        }
                                        iuzVar.f(str, str2, arrayList2);
                                        bArr = null;
                                    } catch (ghb | IOException e) {
                                        b.d("Shared keys failed to be saved locally.", e, new Object[0]);
                                        bArr = null;
                                    }
                                }
                                bArr = null;
                                i = 4;
                            } catch (InvalidKeyException e2) {
                                e = e2;
                                b.d("Could not decrypt key pair.", e, new Object[0]);
                                bArr = null;
                                i = 4;
                            } catch (NoSuchAlgorithmException e3) {
                                throw new IllegalStateException(e3);
                            } catch (BadPaddingException e4) {
                                e = e4;
                                b.d("Could not decrypt key pair.", e, new Object[0]);
                                bArr = null;
                                i = 4;
                            } catch (IllegalBlockSizeException e5) {
                                e = e5;
                                b.d("Could not decrypt key pair.", e, new Object[0]);
                                bArr = null;
                                i = 4;
                            }
                        }
                    } else {
                        bArr = null;
                        i = 4;
                    }
                }
            }
            if (bvhe.a.a().m()) {
                for (bkff bkffVar3 : brffVar) {
                    String str3 = bkffVar3.c;
                    if (ivd.o(str3)) {
                        rdp rdpVar3 = b;
                        String valueOf2 = String.valueOf(str3);
                        rdpVar3.c(valueOf2.length() != 0 ? "Recovering single device snapshot key.".concat(valueOf2) : new String("Recovering single device snapshot key."), new Object[0]);
                        if (bkffVar3.d.P()) {
                            rdpVar3.l("Missing key metadata.", new Object[0]);
                        } else {
                            Key key2 = (Key) recoverKeyChainSnapshot.get(str3);
                            if (key2 == null) {
                                rdpVar3.l("Key from the snapshot was not recovered by the framework", new Object[0]);
                            } else {
                                try {
                                    byte[] d2 = ivu.d(key2, bkffVar3.d);
                                    breg t3 = iue.c.t();
                                    if (t3.c) {
                                        t3.dd();
                                        t3.c = false;
                                    }
                                    try {
                                        ((iue) t3.b).a = 1;
                                        brdc B3 = brdc.B(d2);
                                        if (t3.c) {
                                            t3.dd();
                                            t3.c = false;
                                        }
                                        ((iue) t3.b).b = B3;
                                        try {
                                            try {
                                                ((iuz) iuz.a.b()).f(this.c.a.name, str3, Arrays.asList((iue) t3.cZ()));
                                            } catch (ghb e6) {
                                                e = e6;
                                                b.m("Can't store shared key.", e, new Object[0]);
                                            } catch (IOException e7) {
                                                e = e7;
                                                b.m("Can't store shared key.", e, new Object[0]);
                                            }
                                        } catch (ghb | IOException e8) {
                                            e = e8;
                                        }
                                    } catch (InvalidKeyException e9) {
                                        e = e9;
                                        b.m("Could not decrypt shared key from metadata.", e, new Object[0]);
                                    } catch (BadPaddingException e10) {
                                        e = e10;
                                        b.m("Could not decrypt shared key from metadata.", e, new Object[0]);
                                    } catch (IllegalBlockSizeException e11) {
                                        e = e11;
                                        b.m("Could not decrypt shared key from metadata.", e, new Object[0]);
                                    }
                                } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e12) {
                                    e = e12;
                                }
                            }
                        }
                    }
                }
            }
        } catch (NullPointerException e13) {
            e = e13;
            throw new iuj("Failed to recover snapshot", e, 16);
        } catch (DecryptionFailedException e14) {
            throw new iuj("Client crypto error", e14, 13);
        } catch (InternalRecoveryServiceException e15) {
            e = e15;
            throw new iuj("Failed to recover snapshot", e, 16);
        } catch (SessionExpiredException e16) {
            throw new iuj("Recovery session expired", e16, 15);
        }
    }

    @Override // java.lang.AutoCloseable
    public final void close() {
        RecoverySession recoverySession = this.f;
        if (recoverySession != null) {
            recoverySession.close();
        }
    }
}
