package slack.crypto.security;

import android.content.Context;
import androidx.appcompat.view.SupportMenuInflater$$ExternalSyntheticOutline0;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.aead.AeadConfig;
import com.google.crypto.tink.integration.android.AndroidKeysetManager;
import com.slack.data.clog.Core;
import com.slack.data.slog.Chat;
import haxe.root.Std;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import kotlin.NoWhenBranchMatchedException;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.text.Charsets;
import slack.crypto.security.AeadPrimitiveFactory;
import slack.crypto.security.VerifyAeadResult;
import slack.model.AllNotificationPrefs;
import slack.model.blockkit.ContextItem;
import slack.telemetry.metric.Counter;
import slack.telemetry.metric.Metrics;
import slack.telemetry.metric.MetricsProviderImpl;
import timber.log.Timber;

/* compiled from: AeadPrimitiveFactory.kt */
/* loaded from: classes7.dex */
public final class AeadPrimitiveFactoryImpl implements AeadPrimitiveFactory {
    public final AeadKeyInfoChangeDetector aeadKeyInfoChangeDetector;
    public final Context context;
    public final Metrics metrics;
    public final boolean retryTinkInitOnKeystoreError;

    /* compiled from: AeadPrimitiveFactory.kt */
    /* loaded from: classes7.dex */
    public abstract class CreateKeysetManagerResult {
        public final AndroidKeysetManager keysetManager;

        /* compiled from: AeadPrimitiveFactory.kt */
        /* loaded from: classes7.dex */
        public final class CreateSuccess extends CreateKeysetManagerResult {
            public CreateSuccess(AndroidKeysetManager androidKeysetManager) {
                super(androidKeysetManager, null);
            }
        }

        /* compiled from: AeadPrimitiveFactory.kt */
        /* loaded from: classes7.dex */
        public final class RecoverableFailure extends CreateKeysetManagerResult {
            public static final RecoverableFailure INSTANCE = new RecoverableFailure();

            public RecoverableFailure() {
                super(null, null);
            }
        }

        /* compiled from: AeadPrimitiveFactory.kt */
        /* loaded from: classes7.dex */
        public final class UnrecoverableFailure extends CreateKeysetManagerResult {
            public static final UnrecoverableFailure INSTANCE = new UnrecoverableFailure();

            public UnrecoverableFailure() {
                super(null, null);
            }
        }

        public CreateKeysetManagerResult(AndroidKeysetManager androidKeysetManager, DefaultConstructorMarker defaultConstructorMarker) {
            this.keysetManager = androidKeysetManager;
        }
    }

    public AeadPrimitiveFactoryImpl(Context context, AeadKeyInfoChangeDetector aeadKeyInfoChangeDetector, Metrics metrics, boolean z) {
        Std.checkNotNullParameter(context, ContextItem.TYPE);
        Std.checkNotNullParameter(aeadKeyInfoChangeDetector, "aeadKeyInfoChangeDetector");
        this.context = context;
        this.aeadKeyInfoChangeDetector = aeadKeyInfoChangeDetector;
        this.metrics = metrics;
        this.retryTinkInitOnKeystoreError = z;
    }

    public final CreateKeysetManagerResult attemptCreateKeysetManager(AeadPrimitiveFactory.Storage storage) {
        try {
            AeadConfig.register();
            AndroidKeysetManager.Builder builder = new AndroidKeysetManager.Builder();
            builder.keyTemplate = Core.AnonymousClass1.get("AES256_GCM");
            int ordinal = storage.ordinal();
            if (ordinal == 0) {
                builder.withSharedPref(this.context, "slack_security_android_keyset", "slack_security_android_pref");
                builder.withMasterKeyUri("android-keystore://slack_android_master_key");
            } else if (ordinal == 1) {
                builder.withSharedPref(this.context, "slack_security_android_secondary_keyset", "slack_security_android_pref");
                builder.withMasterKeyUri("android-keystore://slack_android_master_secondary_key");
            }
            AndroidKeysetManager build = builder.build();
            Std.checkNotNullExpressionValue(build, "keysetBuilder.build()");
            return new CreateKeysetManagerResult.CreateSuccess(build);
        } catch (IOException e) {
            logCreateKeysetManagerFailure(storage, e);
            return CreateKeysetManagerResult.UnrecoverableFailure.INSTANCE;
        } catch (KeyStoreException e2) {
            logCreateKeysetManagerFailure(storage, e2);
            return CreateKeysetManagerResult.RecoverableFailure.INSTANCE;
        } catch (GeneralSecurityException e3) {
            logCreateKeysetManagerFailure(storage, e3);
            return CreateKeysetManagerResult.UnrecoverableFailure.INSTANCE;
        }
    }

    public final AndroidKeysetManager createKeysetManager(AeadPrimitiveFactory.Storage storage) {
        CreateKeysetManagerResult attemptCreateKeysetManager = attemptCreateKeysetManager(storage);
        if (this.retryTinkInitOnKeystoreError && (attemptCreateKeysetManager instanceof CreateKeysetManagerResult.RecoverableFailure)) {
            return attemptCreateKeysetManager(storage).keysetManager;
        }
        return attemptCreateKeysetManager.keysetManager;
    }

    public Aead getAeadPrimitive(AeadPrimitiveFactory.Storage storage) {
        Std.checkNotNullParameter(storage, "storage");
        try {
            AndroidKeysetManager createKeysetManager = createKeysetManager(storage);
            if (createKeysetManager == null) {
                return null;
            }
            return (Aead) createKeysetManager.getKeysetHandle().getPrimitive(Aead.class);
        } catch (Throwable th) {
            Timber.w(th, SupportMenuInflater$$ExternalSyntheticOutline0.m("Unable to initialize Aead and generate keys for ", storage.name()), new Object[0]);
            return null;
        }
    }

    public final void logCreateKeysetManagerFailure(AeadPrimitiveFactory.Storage storage, Throwable th) {
        Counter.increment$default(((MetricsProviderImpl) this.metrics).counter("aead_primitive_error", "create"), 0L, 1, null);
        Timber.w(th, SupportMenuInflater$$ExternalSyntheticOutline0.m("Unable to initialize AndroidKeysetManager needed to create Aead for ", storage.name()), new Object[0]);
    }

    public final void logResetAeadAndroidKeyStoreError(AeadPrimitiveFactory.Storage storage, Throwable th) {
        Counter.increment$default(((MetricsProviderImpl) this.metrics).counter("aead_primitive_error", AllNotificationPrefs.PREF_NAME_RESET), 0L, 1, null);
        Timber.w(th, "Failed to reset the Aead primitive Android keystore entry for " + storage, new Object[0]);
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x003d  */
    /* JADX WARN: Removed duplicated region for block: B:22:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public slack.crypto.security.AeadPrimitiveFactory.RecoverAeadResult recoverAeadPrimitive(slack.crypto.security.VerifyAeadResult r7) {
        /*
            r6 = this;
            slack.crypto.security.AeadPrimitiveFactory$RecoverAeadResult r0 = slack.crypto.security.AeadPrimitiveFactory.RecoverAeadResult.FAILED
            slack.crypto.security.AeadPrimitiveFactory$Storage r1 = r7.storage
            boolean r7 = r7 instanceof slack.crypto.security.VerifyAeadResult.Invalid
            if (r7 == 0) goto L6c
            int r7 = r1.ordinal()
            r2 = 1
            if (r7 == 0) goto L1a
            if (r7 != r2) goto L14
            java.lang.String r7 = "android-keystore://slack_android_master_secondary_key"
            goto L1c
        L14:
            kotlin.NoWhenBranchMatchedException r7 = new kotlin.NoWhenBranchMatchedException
            r7.<init>()
            throw r7
        L1a:
            java.lang.String r7 = "android-keystore://slack_android_master_key"
        L1c:
            java.lang.String r3 = "android-keystore://"
            java.lang.String r7 = com.google.crypto.tink.subtle.Validators.validateKmsKeyUriAndRemovePrefix(r3, r7)
            r3 = 0
            r4 = 0
            java.lang.String r5 = "AndroidKeyStore"
            java.security.KeyStore r5 = java.security.KeyStore.getInstance(r5)     // Catch: java.io.IOException -> L31 java.security.GeneralSecurityException -> L36
            r5.load(r4)     // Catch: java.io.IOException -> L31 java.security.GeneralSecurityException -> L36
            r5.deleteEntry(r7)     // Catch: java.io.IOException -> L31 java.security.GeneralSecurityException -> L36
            goto L3b
        L31:
            r7 = move-exception
            r6.logResetAeadAndroidKeyStoreError(r1, r7)
            goto L3a
        L36:
            r7 = move-exception
            r6.logResetAeadAndroidKeyStoreError(r1, r7)
        L3a:
            r2 = r3
        L3b:
            if (r2 == 0) goto L6e
            com.google.crypto.tink.integration.android.AndroidKeysetManager r7 = r6.createKeysetManager(r1)
            if (r7 != 0) goto L44
            goto L4c
        L44:
            com.bumptech.glide.GlideExperiments r7 = r7.getKeysetHandle()
            com.google.crypto.tink.proto.KeysetInfo r4 = r7.getKeysetInfo()
        L4c:
            if (r4 == 0) goto L61
            slack.crypto.security.AeadKeyInfoChangeDetector r7 = r6.aeadKeyInfoChangeDetector
            slack.crypto.security.AeadKeyChanged r2 = new slack.crypto.security.AeadKeyChanged
            int r3 = r4.getPrimaryKeyId()
            r2.<init>(r1, r3)
            java.util.Objects.requireNonNull(r7)
            com.jakewharton.rxrelay3.Relay r7 = r7.aeadKeyStoreKeysetChanges
            r7.accept(r2)
        L61:
            slack.crypto.security.VerifyAeadResult r7 = r6.verifyAndroidKeystoreAead(r1)
            boolean r7 = r7 instanceof slack.crypto.security.VerifyAeadResult.Valid
            if (r7 == 0) goto L6e
            slack.crypto.security.AeadPrimitiveFactory$RecoverAeadResult r0 = slack.crypto.security.AeadPrimitiveFactory.RecoverAeadResult.SUCCESS
            goto L6e
        L6c:
            slack.crypto.security.AeadPrimitiveFactory$RecoverAeadResult r0 = slack.crypto.security.AeadPrimitiveFactory.RecoverAeadResult.NOT_NEEDED
        L6e:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: slack.crypto.security.AeadPrimitiveFactoryImpl.recoverAeadPrimitive(slack.crypto.security.VerifyAeadResult):slack.crypto.security.AeadPrimitiveFactory$RecoverAeadResult");
    }

    public VerifyAeadResult verifyAeadPrimitive(AeadPrimitiveFactory.Storage storage) {
        int ordinal = storage.ordinal();
        if (ordinal == 0 || ordinal == 1) {
            return verifyAndroidKeystoreAead(storage);
        }
        throw new NoWhenBranchMatchedException();
    }

    public final VerifyAeadResult verifyAndroidKeystoreAead(AeadPrimitiveFactory.Storage storage) {
        Aead aeadPrimitive = getAeadPrimitive(storage);
        Aead aeadPrimitive2 = getAeadPrimitive(storage);
        if (aeadPrimitive == null || aeadPrimitive2 == null) {
            return new VerifyAeadResult.Unsupported(storage);
        }
        try {
            byte[] bytes = "validation-abcdefghijkl-efghijklmno-jklmopqrstuvdummy-value-129417251asdfasdf0wef0we".getBytes(Charsets.UTF_8);
            Std.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
            byte[] bArr = AeadPrimitiveFactoryKt.VALIDATION_AAD_EMPTY;
            return Std.areEqual(Chat.AnonymousClass1.encode(bytes), Chat.AnonymousClass1.encode(aeadPrimitive2.decrypt(aeadPrimitive.encrypt(bytes, bArr), bArr))) ? new VerifyAeadResult.Valid(storage) : new VerifyAeadResult.Invalid(storage);
        } catch (GeneralSecurityException e) {
            Counter.increment$default(((MetricsProviderImpl) this.metrics).counter("aead_primitive_error", "verify"), 0L, 1, null);
            Timber.w(e, "Failed to check the reliability of the Tink Aead for storage " + storage, new Object[0]);
            return new VerifyAeadResult.Invalid(storage);
        }
    }
}
