package defpackage;

import android.content.Context;
import android.security.keystore.recovery.DecryptionFailedException;
import android.security.keystore.recovery.InternalRecoveryServiceException;
import android.security.keystore.recovery.KeyChainProtectionParams;
import android.security.keystore.recovery.KeyDerivationParams;
import android.security.keystore.recovery.RecoveryController;
import android.security.keystore.recovery.RecoverySession;
import android.security.keystore.recovery.SessionExpiredException;
import android.security.keystore.recovery.WrappedApplicationKey;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

/* compiled from: :com.google.android.gms@204713028@20.47.13 (100400-344095733) */
/* loaded from: classes.dex */
public final class izk implements AutoCloseable {
    private static final szj a = jbk.a("KeyRecoveryController");
    private final izm b;
    private final Context c;
    private bvch d;
    private RecoverySession e;

    public izk(Context context, izm izmVar) {
        this.b = izmVar;
        this.c = context;
    }

    private final bvch c() {
        bvch bvchVar = this.d;
        if (bvchVar != null) {
            return bvchVar;
        }
        throw new izn("Please first call startRecovery().", 15);
    }

    public final bvcb a() {
        final bvca bvcaVar;
        KeyChainProtectionParams build = new KeyChainProtectionParams.Builder().setUserSecretType(100).setLockScreenUiFormat(2).setKeyDerivationParams(KeyDerivationParams.createSha256Params(new byte[0])).setSecret(this.b.b.I()).build();
        ArrayList arrayList = new ArrayList();
        arrayList.add(build);
        byte[] array = ByteBuffer.allocate(94).order(ByteOrder.LITTLE_ENDIAN).put(this.b.e.I()).putLong(this.b.g).putInt(this.b.f).put(this.b.h.I()).array();
        szj szjVar = a;
        szjVar.f("Vault params have length %d", Integer.valueOf(array.length));
        szjVar.f("Starting a recovery session", new Object[0]);
        RecoverySession createRecoverySession = RecoveryController.getInstance(this.c).createRecoverySession();
        this.e = createRecoverySession;
        try {
            String p = cifg.p();
            izm izmVar = this.b;
            byte[] start = createRecoverySession.start(p, izmVar.d, array, izmVar.c.I(), arrayList);
            if (start == null) {
                szjVar.k("Recovery claim is null", new Object[0]);
                throw new izn("Failed to recover snapshot", 17);
            }
            szjVar.f("Recovery claim has length %d", Integer.valueOf(start.length));
            ByteBuffer order = ByteBuffer.wrap(this.b.h.I()).order(ByteOrder.LITTLE_ENDIAN);
            order.get();
            order.getLong();
            szjVar.d("Opening vault for device %d with challenge '%s' ... ", Long.valueOf(order.getLong()), tmi.a(this.b.c.I()));
            cdbs x = cdbs.x(start);
            izm izmVar2 = this.b;
            cdbs cdbsVar = izmVar2.h;
            cdbs cdbsVar2 = izmVar2.c;
            if (cifj.d()) {
                cdcy s = bvca.e.s();
                if (s.c) {
                    s.w();
                    s.c = false;
                }
                bvca bvcaVar2 = (bvca) s.b;
                cdbsVar2.getClass();
                bvcaVar2.c = cdbsVar2;
                x.getClass();
                bvcaVar2.b = x;
                cdbsVar.getClass();
                bvcaVar2.a = cdbsVar;
                bvcaVar2.d = 1;
                bvcaVar = (bvca) s.C();
            } else {
                cdcy s2 = bvca.e.s();
                if (s2.c) {
                    s2.w();
                    s2.c = false;
                }
                bvca bvcaVar3 = (bvca) s2.b;
                cdbsVar2.getClass();
                bvcaVar3.c = cdbsVar2;
                x.getClass();
                bvcaVar3.b = x;
                cdbsVar.getClass();
                bvcaVar3.a = cdbsVar;
                bvcaVar = (bvca) s2.C();
            }
            szjVar.f("Using vault service for account '%s'", szj.p(this.b.a.name));
            bvcb bvcbVar = (bvcb) new izv(this.c, this.b.a).b(new izu(bvcaVar) { // from class: izq
                private final bvca a;

                {
                    this.a = bvcaVar;
                }

                @Override // defpackage.izu
                public final Object a(bvck bvckVar) {
                    bvca bvcaVar4 = this.a;
                    int i = izv.a;
                    cofb cofbVar = bvckVar.a;
                    coih coihVar = bvcl.b;
                    if (coihVar == null) {
                        synchronized (bvcl.class) {
                            coihVar = bvcl.b;
                            if (coihVar == null) {
                                coie c = coih.c();
                                c.c = coig.UNARY;
                                c.d = coih.b("google.cryptauth.vault.v1.VaultService", "OpenVault");
                                c.b();
                                c.a = coxu.b(bvca.e);
                                c.b = coxu.b(bvcb.d);
                                coihVar = c.a();
                                bvcl.b = coihVar;
                            }
                        }
                    }
                    return (bvcb) coyh.c(cofbVar, coihVar, bvckVar.b, bvcaVar4);
                }
            });
            bvch bvchVar = bvcbVar.b;
            if (bvchVar == null) {
                bvchVar = bvch.f;
            }
            this.d = bvchVar;
            return bvcbVar;
        } catch (InternalRecoveryServiceException e) {
            a.l("Failed to call session.start", e, new Object[0]);
            throw new izn("Failed to recover snapshot", 17);
        } catch (CertificateException e2) {
            a.l("Failed to call session.start", e2, new Object[0]);
            throw new izn("Failed to recover snapshot", 13);
        }
    }

    public final void b() {
        if (this.e == null) {
            throw new izn("Cannot import application keys before starting session", 15);
        }
        byte[] I = c().d.I();
        cddx<bvbr> cddxVar = c().e;
        ArrayList arrayList = new ArrayList(cddxVar.size());
        for (bvbr bvbrVar : cddxVar) {
            cdbs cdbsVar = bvbrVar.a == 3 ? (cdbs) bvbrVar.b : cdbs.b;
            if (!cdbsVar.u()) {
                arrayList.add(new WrappedApplicationKey.Builder().setAlias(bvbrVar.c).setEncryptedKeyMaterial(cdbsVar.I()).build());
            } else if (cifj.d() && bvbrVar.a == 4) {
                a.d("Recovering KeyPair", new Object[0]);
                arrayList.add(new WrappedApplicationKey.Builder().setAlias(bvbrVar.c).setEncryptedKeyMaterial((bvbrVar.a == 4 ? (bvbt) bvbrVar.b : bvbt.e).c.I()).build());
            }
        }
        szj szjVar = a;
        szjVar.f("Attempting to recover %d application keys", Integer.valueOf(arrayList.size()));
        try {
            Map recoverKeyChainSnapshot = this.e.recoverKeyChainSnapshot(I, arrayList);
            szjVar.f("Got %d keys back from framework", Integer.valueOf(recoverKeyChainSnapshot.size()));
            this.d = null;
            if (cifj.d()) {
                for (bvbr bvbrVar2 : cddxVar) {
                    if (bvbrVar2.a == 4) {
                        bvbt bvbtVar = (bvbt) bvbrVar2.b;
                        Key key = (Key) recoverKeyChainSnapshot.get(bvbrVar2.c);
                        if (key == null) {
                            a.k("Snapshot has key pair, but wrapping key was not recovered", new Object[0]);
                        } else {
                            try {
                                byte[] d = jbh.d(key, bvbtVar.b);
                                cdcy s = izh.e.s();
                                cdbs x = cdbs.x(d);
                                if (s.c) {
                                    s.w();
                                    s.c = false;
                                }
                                izh izhVar = (izh) s.b;
                                x.getClass();
                                izhVar.b = x;
                                cdbs cdbsVar2 = bvbtVar.a;
                                cdbsVar2.getClass();
                                izhVar.a = cdbsVar2;
                                PrivateKey h = bxcd.h(((izh) s.C()).b.I());
                                for (bvbs bvbsVar : bvbtVar.d) {
                                    try {
                                        jag jagVar = (jag) jag.a.b();
                                        String str = this.b.a.name;
                                        String str2 = bvbsVar.a;
                                        cddx<bvce> cddxVar2 = bvbsVar.b;
                                        ArrayList arrayList2 = new ArrayList(cddxVar2.size());
                                        for (bvce bvceVar : cddxVar2) {
                                            byte[] k = bxcd.k(h, jbh.a, bvceVar.b.I());
                                            cdcy s2 = izi.c.s();
                                            int i = bvceVar.a;
                                            if (s2.c) {
                                                s2.w();
                                                s2.c = false;
                                            }
                                            ((izi) s2.b).a = i;
                                            cdbs x2 = cdbs.x(k);
                                            if (s2.c) {
                                                s2.w();
                                                s2.c = false;
                                            }
                                            izi iziVar = (izi) s2.b;
                                            x2.getClass();
                                            iziVar.b = x2;
                                            arrayList2.add((izi) s2.C());
                                        }
                                        jagVar.f(str, str2, arrayList2);
                                    } catch (gbj | IOException e) {
                                        a.e("Shared keys failed to be saved locally.", e, new Object[0]);
                                    }
                                }
                            } catch (InvalidKeyException e2) {
                                e = e2;
                                a.e("Could not decrypt key pair.", e, new Object[0]);
                            } catch (NoSuchAlgorithmException e3) {
                                throw new IllegalStateException(e3);
                            } catch (BadPaddingException e4) {
                                e = e4;
                                a.e("Could not decrypt key pair.", e, new Object[0]);
                            } catch (IllegalBlockSizeException e5) {
                                e = e5;
                                a.e("Could not decrypt key pair.", e, new Object[0]);
                            }
                        }
                    }
                }
            }
        } catch (DecryptionFailedException e6) {
            throw new izn("Client crypto error", 13);
        } catch (InternalRecoveryServiceException e7) {
            throw new izn("Failed to recover snapshot", 16);
        } catch (SessionExpiredException e8) {
            throw new izn("Recovery session expired", 15);
        }
    }

    @Override // java.lang.AutoCloseable
    public final void close() {
        RecoverySession recoverySession = this.e;
        if (recoverySession != null) {
            recoverySession.close();
        }
    }
}
