package defpackage;

import android.content.Context;
import android.security.keystore.recovery.DecryptionFailedException;
import android.security.keystore.recovery.InternalRecoveryServiceException;
import android.security.keystore.recovery.KeyChainProtectionParams;
import android.security.keystore.recovery.KeyDerivationParams;
import android.security.keystore.recovery.RecoveryController;
import android.security.keystore.recovery.RecoverySession;
import android.security.keystore.recovery.SessionExpiredException;
import android.security.keystore.recovery.WrappedApplicationKey;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

/* compiled from: :com.google.android.gms@212457029@21.24.57 (100406-383636645) */
/* loaded from: classes.dex */
public final class ksq implements AutoCloseable {
    public static final /* synthetic */ int a = 0;
    private static final vpm b = kux.a("KeyRecoveryController");
    private final kss c;
    private final Context d;
    private ccmi e;
    private RecoverySession f;

    public ksq(Context context, kss kssVar) {
        this.c = kssVar;
        this.d = context;
    }

    private final ccmi c() {
        ccmi ccmiVar = this.e;
        if (ccmiVar != null) {
            return ccmiVar;
        }
        throw new kst("Please first call startRecovery().", 15);
    }

    public final ccmd a() {
        long j;
        final ccmc ccmcVar;
        KeyChainProtectionParams build = new KeyChainProtectionParams.Builder().setUserSecretType(100).setLockScreenUiFormat(2).setKeyDerivationParams(KeyDerivationParams.createSha256Params(new byte[0])).setSecret(this.c.b.Q()).build();
        ArrayList arrayList = new ArrayList();
        arrayList.add(build);
        byte[] Q = this.c.e.Q();
        byte[] Q2 = this.c.h.Q();
        byte[] array = ByteBuffer.allocate(Q.length + 12 + Q2.length).order(ByteOrder.LITTLE_ENDIAN).put(Q).putLong(this.c.g).putInt(this.c.f).put(Q2).array();
        vpm vpmVar = b;
        vpmVar.g("Vault params have length %d", Integer.valueOf(array.length));
        vpmVar.g("Starting a recovery session", new Object[0]);
        RecoverySession createRecoverySession = RecoveryController.getInstance(this.d).createRecoverySession();
        this.f = createRecoverySession;
        try {
            String j2 = cqny.j();
            kss kssVar = this.c;
            byte[] start = createRecoverySession.start(j2, kssVar.d, array, kssVar.c.Q(), arrayList);
            if (start == null) {
                vpmVar.e("Recovery claim is null", new Object[0]);
                throw new kst("Failed to recover snapshot", 17);
            }
            vpmVar.g("Recovery claim has length %d", Integer.valueOf(start.length));
            Object[] objArr = new Object[2];
            clmr clmrVar = this.c.h;
            if (clmrVar == null) {
                j = -1;
            } else {
                ByteBuffer order = ByteBuffer.wrap(clmrVar.Q()).order(ByteOrder.LITTLE_ENDIAN);
                order.get();
                order.getLong();
                j = order.getLong();
            }
            objArr[0] = Long.valueOf(j);
            objArr[1] = wdh.b(this.c.c.Q());
            vpmVar.c("Opening vault for device %d with challenge '%s' ... ", objArr);
            clmr B = clmr.B(start);
            kss kssVar2 = this.c;
            clmr clmrVar2 = kssVar2.h;
            clmr clmrVar3 = kssVar2.c;
            if (cqob.g()) {
                clny t = ccmc.e.t();
                if (t.c) {
                    t.C();
                    t.c = false;
                }
                ccmc ccmcVar2 = (ccmc) t.b;
                ccmcVar2.c = clmrVar3;
                ccmcVar2.b = B;
                clmrVar2.getClass();
                ccmcVar2.a = clmrVar2;
                ccmcVar2.d = 1;
                ccmcVar = (ccmc) t.y();
            } else {
                clny t2 = ccmc.e.t();
                if (t2.c) {
                    t2.C();
                    t2.c = false;
                }
                ccmc ccmcVar3 = (ccmc) t2.b;
                ccmcVar3.c = clmrVar3;
                ccmcVar3.b = B;
                clmrVar2.getClass();
                ccmcVar3.a = clmrVar2;
                ccmcVar = (ccmc) t2.y();
            }
            vpmVar.g("Using vault service for account '%s'", vpm.p(this.c.a.name));
            int i = ktb.a;
            ccmd ccmdVar = (ccmd) ktb.a(new kta() { // from class: ksy
                @Override // defpackage.kta
                public final Object a(ccml ccmlVar) {
                    ccmc ccmcVar4 = ccmc.this;
                    int i2 = ktb.a;
                    cwtq cwtqVar = ccmlVar.a;
                    cwww cwwwVar = ccmm.b;
                    if (cwwwVar == null) {
                        synchronized (ccmm.class) {
                            cwwwVar = ccmm.b;
                            if (cwwwVar == null) {
                                cwwt a2 = cwww.a();
                                a2.c = cwwv.UNARY;
                                a2.d = cwww.c("google.cryptauth.vault.v1.VaultService", "OpenVault");
                                a2.b();
                                a2.a = cxmm.b(ccmc.e);
                                a2.b = cxmm.b(ccmd.d);
                                cwwwVar = a2.a();
                                ccmm.b = cwwwVar;
                            }
                        }
                    }
                    return (ccmd) cxmz.b(cwtqVar, cwwwVar, ccmlVar.b, ccmcVar4);
                }
            }, this.d, this.c.a);
            ccmi ccmiVar = ccmdVar.b;
            if (ccmiVar == null) {
                ccmiVar = ccmi.f;
            }
            this.e = ccmiVar;
            return ccmdVar;
        } catch (CertificateException e) {
            b.f("Failed to call session.start", e, new Object[0]);
            throw new kst("Failed to recover snapshot", e, 13);
        } catch (InternalRecoveryServiceException e2) {
            b.f("Failed to call session.start", e2, new Object[0]);
            throw new kst("Failed to recover snapshot", e2, 17);
        }
    }

    public final void b() {
        int i;
        if (this.f == null) {
            throw new kst("Cannot import application keys before starting session", 15);
        }
        byte[] Q = c().d.Q();
        clox<cclw> cloxVar = c().e;
        ArrayList arrayList = new ArrayList(cloxVar.size());
        Iterator it = cloxVar.iterator();
        while (true) {
            i = 4;
            if (!it.hasNext()) {
                break;
            }
            cclw cclwVar = (cclw) it.next();
            clmr clmrVar = cclwVar.a == 3 ? (clmr) cclwVar.b : clmr.b;
            if (!clmrVar.P()) {
                vpm vpmVar = b;
                String valueOf = String.valueOf(cclwVar.c);
                vpmVar.c(valueOf.length() != 0 ? "Recovering application key with alias: ".concat(valueOf) : new String("Recovering application key with alias: "), new Object[0]);
                arrayList.add(new WrappedApplicationKey.Builder().setAlias(cclwVar.c).setEncryptedKeyMaterial(clmrVar.Q()).build());
            } else if (cqob.g() && cclwVar.a == 4) {
                b.c("Recovering KeyPair", new Object[0]);
                arrayList.add(new WrappedApplicationKey.Builder().setAlias(cclwVar.c).setEncryptedKeyMaterial((cclwVar.a == 4 ? (ccly) cclwVar.b : ccly.e).c.Q()).build());
            }
        }
        vpm vpmVar2 = b;
        vpmVar2.g("Attempting to recover %d application keys", Integer.valueOf(arrayList.size()));
        try {
            Map recoverKeyChainSnapshot = this.f.recoverKeyChainSnapshot(Q, arrayList);
            vpmVar2.g("Got %d keys back from framework", Integer.valueOf(recoverKeyChainSnapshot.size()));
            byte[] bArr = null;
            this.e = null;
            if (cqob.g()) {
                for (cclw cclwVar2 : cloxVar) {
                    if (cclwVar2.a == i) {
                        ccly cclyVar = (ccly) cclwVar2.b;
                        Key key = (Key) recoverKeyChainSnapshot.get(cclwVar2.c);
                        if (key == null) {
                            b.e("Snapshot has key pair, but wrapping key was not recovered", new Object[0]);
                        } else {
                            try {
                                byte[] d = kuu.d(key, cclyVar.b);
                                clny t = ksn.f.t();
                                clmr B = clmr.B(d);
                                if (t.c) {
                                    t.C();
                                    t.c = false;
                                }
                                ksn ksnVar = (ksn) t.b;
                                ksnVar.b = B;
                                clmr clmrVar2 = cclyVar.a;
                                clmrVar2.getClass();
                                ksnVar.a = clmrVar2;
                                PrivateKey b2 = cesx.b(((ksn) t.y()).b.Q());
                                for (cclx cclxVar : cclyVar.d) {
                                    try {
                                        ktr ktrVar = (ktr) ktr.a.b();
                                        String str = this.c.a.name;
                                        String str2 = cclxVar.a;
                                        clox<ccmf> cloxVar2 = cclxVar.b;
                                        ArrayList arrayList2 = new ArrayList(cloxVar2.size());
                                        for (ccmf ccmfVar : cloxVar2) {
                                            byte[] g = cesx.g(b2, bArr, kuu.a, ccmfVar.b.Q());
                                            clny t2 = kso.c.t();
                                            int i2 = ccmfVar.a;
                                            if (t2.c) {
                                                t2.C();
                                                t2.c = false;
                                            }
                                            ((kso) t2.b).a = i2;
                                            clmr B2 = clmr.B(g);
                                            if (t2.c) {
                                                t2.C();
                                                t2.c = false;
                                            }
                                            ((kso) t2.b).b = B2;
                                            arrayList2.add((kso) t2.y());
                                            bArr = null;
                                        }
                                        ktrVar.g(str, str2, arrayList2);
                                        bArr = null;
                                    } catch (hmo | IOException e) {
                                        b.d("Shared keys failed to be saved locally.", e, new Object[0]);
                                        bArr = null;
                                    }
                                }
                                bArr = null;
                                i = 4;
                            } catch (InvalidKeyException e2) {
                                e = e2;
                                b.d("Could not decrypt key pair.", e, new Object[0]);
                                bArr = null;
                                i = 4;
                            } catch (NoSuchAlgorithmException e3) {
                                throw new IllegalStateException(e3);
                            } catch (BadPaddingException e4) {
                                e = e4;
                                b.d("Could not decrypt key pair.", e, new Object[0]);
                                bArr = null;
                                i = 4;
                            } catch (IllegalBlockSizeException e5) {
                                e = e5;
                                b.d("Could not decrypt key pair.", e, new Object[0]);
                                bArr = null;
                                i = 4;
                            }
                        }
                    } else {
                        bArr = null;
                        i = 4;
                    }
                }
            }
            if (cqob.a.a().j()) {
                for (cclw cclwVar3 : cloxVar) {
                    String str3 = cclwVar3.c;
                    if (kty.m(str3)) {
                        vpm vpmVar3 = b;
                        String valueOf2 = String.valueOf(str3);
                        vpmVar3.c(valueOf2.length() != 0 ? "Recovering single device snapshot key.".concat(valueOf2) : new String("Recovering single device snapshot key."), new Object[0]);
                        if (cclwVar3.d.P()) {
                            vpmVar3.l("Missing key metadata.", new Object[0]);
                        } else {
                            Key key2 = (Key) recoverKeyChainSnapshot.get(str3);
                            if (key2 == null) {
                                vpmVar3.l("Key from the snapshot was not recovered by the framework", new Object[0]);
                            } else {
                                try {
                                    byte[] d2 = kuu.d(key2, cclwVar3.d);
                                    clny t3 = kso.c.t();
                                    if (t3.c) {
                                        t3.C();
                                        t3.c = false;
                                    }
                                    try {
                                        ((kso) t3.b).a = 1;
                                        clmr B3 = clmr.B(d2);
                                        if (t3.c) {
                                            t3.C();
                                            t3.c = false;
                                        }
                                        ((kso) t3.b).b = B3;
                                        try {
                                            try {
                                                ((ktr) ktr.a.b()).g(this.c.a.name, str3, Arrays.asList((kso) t3.y()));
                                            } catch (hmo e6) {
                                                e = e6;
                                                b.m("Can't store shared key.", e, new Object[0]);
                                            } catch (IOException e7) {
                                                e = e7;
                                                b.m("Can't store shared key.", e, new Object[0]);
                                            }
                                        } catch (hmo | IOException e8) {
                                            e = e8;
                                        }
                                    } catch (InvalidKeyException e9) {
                                        e = e9;
                                        b.m("Could not decrypt shared key from metadata.", e, new Object[0]);
                                    } catch (BadPaddingException e10) {
                                        e = e10;
                                        b.m("Could not decrypt shared key from metadata.", e, new Object[0]);
                                    } catch (IllegalBlockSizeException e11) {
                                        e = e11;
                                        b.m("Could not decrypt shared key from metadata.", e, new Object[0]);
                                    }
                                } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e12) {
                                    e = e12;
                                }
                            }
                        }
                    }
                }
            }
        } catch (NullPointerException e13) {
            e = e13;
            throw new kst("Failed to recover snapshot", e, 16);
        } catch (DecryptionFailedException e14) {
            throw new kst("Client crypto error", e14, 13);
        } catch (InternalRecoveryServiceException e15) {
            e = e15;
            throw new kst("Failed to recover snapshot", e, 16);
        } catch (SessionExpiredException e16) {
            throw new kst("Recovery session expired", e16, 15);
        }
    }

    @Override // java.lang.AutoCloseable
    public final void close() {
        RecoverySession recoverySession = this.f;
        if (recoverySession != null) {
            recoverySession.close();
        }
    }
}
