package defpackage;

import android.annotation.TargetApi;
import android.content.Context;
import android.security.keystore.recovery.InternalRecoveryServiceException;
import android.security.keystore.recovery.RecoveryController;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.SecretKey;

/* compiled from: :com.google.android.gms@14366006@14.3.66 (020300-213742215) */
@TargetApi(28)
/* loaded from: classes2.dex */
public final class lms {
    private static final kkf c = new kkf("FolsomSecondaryKeyManager");
    private boolean a = false;
    private final kkx b;
    private final RecoveryController d;
    private final SecureRandom e;

    private lms(RecoveryController recoveryController, kkx kkxVar, SecureRandom secureRandom) {
        this.d = recoveryController;
        this.e = secureRandom;
        this.b = kkxVar;
    }

    public static lms a(Context context) {
        try {
            return new lms(RecoveryController.getInstance(context), new kkx(KeyStore.getInstance("AndroidKeyStore")), new SecureRandom());
        } catch (KeyStoreException e) {
            throw new lmf("Impossible condition: JCE thinks it does not support AndroidKeyStore provider but this has been available since API 18", e);
        }
    }

    private final void b() {
        if (this.a) {
            return;
        }
        try {
            this.b.b();
            this.a = true;
        } catch (NoSuchAlgorithmException e) {
            throw new lmf("Impossible condition: JCE thinks it does not support AndroidKeyStore, but this has been supported since API level 23.", e);
        }
    }

    private final betv c(String str) {
        b();
        try {
            Key key = this.b.a.getKey(str, null);
            if (key == null) {
                return berr.a;
            }
            if (!(key instanceof SecretKey)) {
                String simpleName = key.getClass().getSimpleName();
                StringBuilder sb = new StringBuilder(String.valueOf(str).length() + 32 + String.valueOf(simpleName).length());
                sb.append("Expected SecretKey for ");
                sb.append(str);
                sb.append(" but was ");
                sb.append(simpleName);
                throw new lmf(sb.toString());
            }
            if ("AES".equals(key.getAlgorithm())) {
                return betv.b(new lmr(str, (SecretKey) key));
            }
            String algorithm = key.getAlgorithm();
            StringBuilder sb2 = new StringBuilder(String.valueOf(str).length() + 42 + String.valueOf(algorithm).length());
            sb2.append("Expected AES SecretKey for ");
            sb2.append(str);
            sb2.append(", but got ");
            sb2.append(algorithm);
            sb2.append(" key.");
            throw new lmf(sb2.toString());
        } catch (NoSuchAlgorithmException e) {
            StringBuilder sb3 = new StringBuilder(String.valueOf(str).length() + 51);
            sb3.append("Tried to load key ");
            sb3.append(str);
            sb3.append(" but it had unsupported alogrithm");
            throw new lmf(sb3.toString(), e);
        }
    }

    public final lmr a() {
        byte[] bArr = new byte[16];
        this.e.nextBytes(bArr);
        String valueOf = String.valueOf("com.google.android.gms.backup/folsom/");
        String valueOf2 = String.valueOf(bfvf.a.a(bArr, 16));
        String str = valueOf2.length() == 0 ? new String(valueOf) : valueOf.concat(valueOf2);
        this.d.generateKey(str);
        SecretKey secretKey = (SecretKey) this.d.getKey(str);
        if (secretKey == null) {
            throw new InternalRecoveryServiceException(String.format("Generated key %s but then could not get it back immediately afterwards.", str));
        }
        return new lmr(str, secretKey);
    }

    public final void a(String str) {
        b();
        this.b.a.deleteEntry(str);
        this.d.removeKey(str);
    }

    public final betv b(String str) {
        SecretKey secretKey = (SecretKey) this.d.getKey(str);
        if (secretKey != null) {
            return betv.b(new lmr(str, secretKey));
        }
        c.e("Key %s not in RecoveryController. Checking own KeyStore for legacy key.", str);
        try {
            return c(str);
        } catch (IOException | GeneralSecurityException e) {
            c.e("Error trying to get legacy key from keystore", e, new Object[0]);
            return berr.a;
        }
    }
}
