package defpackage;

import android.accounts.Account;
import android.content.Context;
import com.google.android.gms.auth.folsom.SharedKey;
import com.google.android.gms.fido.credentialstore.KeyMetadata;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.ExecutionException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: :com.google.android.gms@230413109@23.04.13 (180406-505809224) */
/* loaded from: classes2.dex */
public final class tnq extends tnp {
    private final Context d;
    private final byte[] e;
    private final KeyMetadata f;
    private final Account g;
    private final byte[] h;
    private final boolean i;
    private final PublicKey j;
    private static final oqn k = new oqn("SyncedKeyCryptoObject");
    private static final byte[] b = "KeychainApplicationKey:gmscore_module:com.google.android.gms.fido".getBytes(StandardCharsets.US_ASCII);
    private static final byte[] c = new byte[0];

    public tnq(Context context, byte[] bArr, PublicKey publicKey, byte[] bArr2, KeyMetadata keyMetadata, Account account, boolean z) {
        super(null);
        this.d = context.getApplicationContext();
        this.e = bArr;
        this.j = publicKey;
        this.f = keyMetadata;
        this.g = account;
        this.h = bArr2;
        this.i = z;
    }

    private static PrivateKey n(byte[] bArr, byte[] bArr2) {
        int length = bArr2.length;
        if (length < 12) {
            throw ywt.a("Cyphertext is too short.", null, 8, bfqe.a);
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            byte[] copyOfRange = Arrays.copyOfRange(bArr2, 0, 12);
            byte[] copyOfRange2 = Arrays.copyOfRange(bArr2, 12, length);
            cipher.init(2, secretKeySpec, new GCMParameterSpec(128, copyOfRange));
            return KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(cipher.doFinal(copyOfRange2)));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            k.l("Failed to decrypt or decode private key.", e, new Object[0]);
            throw ywt.a("Failed to decrypt credential.", e, 8, bfqe.a);
        }
    }

    private static byte[] o(byte[] bArr) {
        if (bArr.length != 32) {
            throw ywt.a("Domain secret invalid length.", null, 8, bfqe.a);
        }
        try {
            return bqys.k(new SecretKeySpec(bArr, "AES"), c, b);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw ywt.a("Failed to derive domain secret.", e, 8, bfqe.a);
        }
    }

    @Override // defpackage.tnm
    public final bfsa a() {
        return bfsa.i(this.f);
    }

    @Override // defpackage.tnp, defpackage.tnm
    public final bfsa c() {
        return bfsa.i(this.g);
    }

    @Override // defpackage.tnm
    public final biqr d() {
        return biqk.i(0L);
    }

    @Override // defpackage.tnm
    public final PublicKey f() {
        PublicKey publicKey = this.j;
        if (publicKey != null) {
            return publicKey;
        }
        throw null;
    }

    @Override // defpackage.tnp, defpackage.tnm
    public final void g() {
        if (j()) {
            Context context = this.d;
            String str = this.g.name;
            lbl a = lbm.a();
            a.a = "hw_protected";
            try {
                List list = (List) ywr.c(lbj.a(context, a.a()).aG(str)).get();
                if (list.isEmpty()) {
                    throw ywt.a("No shared keys available.", null, 8, bfqe.a);
                }
                k.b("Got shared keys for %s", str);
                this.a = n(o(((SharedKey) bgcu.j(list)).b), this.h);
            } catch (InterruptedException | ExecutionException e) {
                throw ywt.a("Error getting shared keys.", e, 8, bfqe.a);
            }
        }
        super.g();
    }

    @Override // defpackage.tnm
    public final boolean h() {
        return false;
    }

    @Override // defpackage.tnm
    public final boolean i() {
        return true;
    }

    @Override // defpackage.tnp, defpackage.tnm
    public final boolean j() {
        return this.a == null;
    }

    @Override // defpackage.tnm
    public final boolean k() {
        return this.i;
    }

    @Override // defpackage.tnm
    public final boolean l() {
        return false;
    }

    @Override // defpackage.tnm
    public final byte[] m() {
        return this.e;
    }
}
